ngCERT Advisory 19-years-old WinRAR vulnerability leads to over 100 malware exploits
  • Advisory
  • February 10, 2020

OVERVIEW WinRAR is a trialware file archiver utility for Windows which can create and view archives in RAR or ZIP file formats and unpack numerous archive file formats. Description and Consequences According to the WinRAR website, over 500 million users worldwide make WinRAR the world’s most popular compression too. While a patched version, 5.70, was released on February 26, attackers are releasing exploits in an effort to reach vulnerable systems before they can be patched, when a vulnerable version of WinRAR is used to extract the contents of this archive, a malicious payload is created in the Startup folder behind the scenes. User Account Control (UAC) does not apply, so no alert is displayed to the user. The next time the system restarts, the malware is run.

ngCERT Advisory Microsoft Exchange 2013 and Newer are vulnerable to NTLM relay attacks
  • Advisory
  • February 10, 2020

OVERVIEW WinRAR is a trialware file archiver utility for Windows which can create and view archives in RAR or ZIP file formats and unpack numerous archive file formats. Description and Consequences According to the WinRAR website, over 500 million users worldwide make WinRAR the world’s most popular compression too. While a patched version, 5.70, was released on February 26, attackers are releasing exploits in an effort to reach vulnerable systems before they can be patched, when a vulnerable version of WinRAR is used to extract the contents of this archive, a malicious payload is created in the Startup folder behind the scenes. User Account Control (UAC) does not apply, so no alert is displayed to the user. The next time the system restarts, the malware is run.

ngCERT VMware Tools vulnerability
  • Advisory
  • January 16, 2020

The issue, classified as a race condition flaw that could be exploited by an attacker to access the guest virtual machine to escalate privileges.

ngCERT 2nd Advisory on WannaCry/WCry/WCrypt0 Ransomware Warm and Remote Desktop Protocol (RDP) & Server Message Block (SMB) Protocol Vulnerability
  • Advisory
  • May 15, 2017

RDP is a protocol on Windows Operating systems that allows remote access and control of the Windows Operating System. This protocol is usually used by systems administrators to control computers running windows operating systems remotely. While the SMB protocol is commonly used by servers to communicate with computers on a domain and also used by computers to share files, printers and so on, on a network.

Multiple Security Vulnerabilities on D-LINK Home Routers
  • Advisory
  • June 17, 2020

The vulnerabilities found in the DIR-865L model of D-Link routers increases the likelihood of a malicious attack to run arbitrary commands that could lead to a denial of service attack, sniff web traffic and use the session information to gain access to password-protected portions of the website without knowing the password, and conduct the CSRF attacks.

The following are the listed vulnerabilities that has been discovered in the D-LINK home routers.

  • Improper Neutralization of Special Elements used in a Command (Command Injection)             
  • Cross-Site Request Forgery (CSRF)                        
  • Inadequate Encryption Strength       
  • Predictable seed in Pseudo-Random Number Generator      
  • Cleartext Storage of Sensitive Information                 
  • Cleartext Transmission of Sensitive Information

Local Privilege Escalation Vulnerability for VMware
  • Advisory
  • June 16, 2020

Multiple security vulnerabilities in VMware ESXi, Workstation, Fusion, VMRC and Horizon Client were privately reported to VMware. VMware Fusion, VMRC, ESXi, and Horizon Client contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOC/TOU) bug that still makes it possible for an attacker with low permissions to execute arbitrary code with root privileges. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.3.

Latest Articles