Tag Archive for: multiple

Fortinet Security Researcher Discovers Multiple Vulnerabilities in Adobe Illustrator

/in


FortiGuard Labs Threat Research Report

Affected platforms: Windows
Impacted parties: Users of Adobe Illustrator 2021, versions 25.4.1 and earlier
Impact: Multiple Vulnerabilities leading to Arbitrary Code Execution, Memory Leak and Application Denial of Service
Severity level: Critical

In August of 2021, I discovered and reported multiple zero-day vulnerabilities in Adobe Illustrator to Adobe, Inc. On Tuesday, October 26, 2021, Adobe released several security patches that fixed these vulnerabilities. They are identified as CVE-2021-40718, CVE-2021-40746, CVE-2021-40747, CVE-2021-40748 and CVE-2021-40749. All these vulnerabilities have similar root causes related to a single Illustrator Plugin. We suggest users apply the Adobe patches as soon as possible.

Following are some details on these vulnerabilities. More information can be found on the related Fortinet Zero Day Advisory pages by clicking on the CVE links, below:

CVE-2021-40718:

This is a Memory Leak vulnerability that exists in the decoding of AutoCAD Drawing ‘DWG’ files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed DWG file, which causes an Out of Bounds Read memory access due to an improper bounds check.

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak.

Fortinet previously released IPS signature Adobe.Illustrator.CVE-2021-40718.Memory.Leak for this specific vulnerability to proactively protect our customers.

CVE-2021-40746:

This is an Arbitrary Code Execution vulnerability that exists in the decoding of AutoCAD Drawing ‘DWG’ files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed DWG file, which causes an Out of Bounds memory access due to an improper bounds check.

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted DWG file.

Fortinet previously released IPS signature…

Source…

What we know about Alaska’s cybersecurity after hackers broke through multiple state agencies this year

/in


A screenshot shows how the Alaska Department of Health and Social Services’ website remains offline a month after hackers first targeted the agency’s networks.

For weeks this spring, hackers forced officials to shut down Alaska’s Courtview system, making state court records inaccessible to attorneys, people charged with crimes, and residents seeking to run background checks on their prospective dates or tenants.

Then, cyberattackers targeted the state health department, whose website has remained offline since the hackers were first discovered in mid-May.

State officials have revealed few specifics about the attacks — particularly about the one that targeted the health department. They’ve also declined to release many details about the cyberdefenses they use to protect Alaska’s computer systems, and how they plan to adapt them to ensure that future attacks are less disruptive.

While there are still many unanswered questions, here’s what we know — and what we don’t.

Who broke into the computer systems of Alaska’s court system and health department, and how did they do it?

These are the most obvious questions about the cyberattacks — and we don’t have answers to them. The health department, in a statement from spokesman Clinton Bennett, said it’s not releasing information “regarding the type of cyberattack, how the cyberattack occurred or other specific information.”

The court system’s top spokesman, Chief Justice Joel Bolger, has said a half-dozen computers were infected with malware that was trying to allow “outside actors” to move around the agency’s network. But in an interview Wednesday, he said those actors were never identified.

“We did not receive any direct communication from them,” he said.

Bolger said the unusual activity on the agency’s network was detected in late April by “cybersecurity notification software,” and that it was identified at an “early stage, before any of our computers had been taken over, locked up, encrypted — none of that stuff happened.” Two days after the discovery, the court system took its computer networks offline, to cut off the attackers’ access.

Bolger declined to say exactly how the…

Source…

Man charged with breaking into computers in multiple states

/in


Between June 2017 and April 2018, Purbeck is accused of buying the usernames and passwords to computer servers belonging to multiple Georgia victims and then using that information to access their computer to steal personal information.

Federal prosecutors say Purbeck stole medical records and other documents containing the names, addresses, birthdates and Social Security numbers of more than 43,000 people from a medical clinic in Griffin; the personal information of more than 7,000 people from a medical practice in Locust Grove; and police reports and other documents with personal information of more than 14,000 people from the city of Newnan.

Source…

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services — Krebs on Security

/in


Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name registrar, KrebsOnSecurity has learned.

The incident is the latest incursion at GoDaddy that relied on tricking employees into transferring ownership and/or control over targeted domains to fraudsters. In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com.

And in May of this year, GoDaddy disclosed that 28,000 of its customers’ web hosting accounts were compromised following a security incident in Oct. 2019 that wasn’t discovered until April 2020.

This latest campaign appears to have begun on or around Nov. 13, with an attack on cryptocurrency trading platform liquid.com.

“A domain hosting provider ‘GoDaddy’ that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor,” Liquid CEO Kayamori said in a blog post. “This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”

In the early morning hours of Nov. 18 Central European Time (CET), cyptocurrency mining service NiceHash disccovered that some of the settings for its domain registration records at GoDaddy were changed without authorization, briefly redirecting email and web traffic for the site. NiceHash froze all customer funds for roughly 24 hours until it was able to verify that its domain settings had been changed back to their original settings.

“At this moment in time, it looks like no emails, passwords, or any personal data were accessed, but we do suggest resetting your password and activate 2FA security,” the company wrote in a blog post.

NiceHash founder Matjaz Skorjanc said the unauthorized changes were made from an Internet address at GoDaddy, and that the attackers tried to use their…

Source…