Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Adobe. Show all posts

Corporate Accountability: Tech Titans Address the Menace of Misleading AI in Elections

 


In a report issued on Friday, 20 leading technology companies pledged to take proactive steps to prevent deceptive uses of artificial intelligence from interfering with global elections, including Google, Meta, Microsoft, OpenAI, TikTok, X, Amazon and Adobe. 

According to a press release issued by the 20 companies participating in the event, they are committed to “developing tools to detect and address online distributions of artificial intelligence content that is intended to deceive voters.” 

The companies are also committed to educating voters about the use of artificial intelligence and providing transparency in elections around the world. It was the head of the Munich Security Conference, which announced the accord, that lauded the agreement as a critical step towards improving election integrity, increasing social resilience, and creating trustworthy technology practices that would help advance the advancement of election integrity. 

It is expected that in 2024, over 4 billion people will be eligible to cast ballots in over 40 different countries. A growing number of experts are saying that easy-to-use generative AI tools could potentially be used by bad actors in those campaigns to sway votes and influence those elections. 

From simple text prompts, users can generate images, videos, and audio using tools that use generative artificial intelligence (AI). It can be said that some of these services do not have the necessary security measures in place to prevent users from creating content that suggests politicians or celebrities say things they have never said or do things they have never done. 

In a tech industry "agreement" intended to reduce voter deception regarding candidates, election officials, and the voting process, the technology industry aims at AI-generated images, video, and audio. It is important to note, however, that it does not call for an outright ban on such content in its entirety. 

It should be noted that while the agreement is intended to show unity among platforms with billions of users, it mostly outlines efforts that are already being implemented, such as those designed to identify and label artificial intelligence-generated content already in the pipeline. 

Especially in the upcoming election year, which is going to see millions of people head to the polls in countries all around the world, there is growing concern about how artificial intelligence software could mislead voters and maliciously misrepresent candidates. 

AI appears to have already impersonated President Biden in New Hampshire's January primary attempting to discourage Democrats from voting in the primary as well as purportedly showing a leading candidate claiming to have rigged the election in Slovakia last September by using obvious AI-generated audio. 

The agreement, endorsed by a consortium of 20 corporations, encompasses entities involved in the creation and dissemination of AI-generated content, such as OpenAI, Anthropic, and Adobe, among others. Notably, Eleven Labs, whose voice replication technology is suspected to have been utilized in fabricating the false Biden audio, is among the signatories. 

Social media platforms including Meta, TikTok, and X, formerly known as Twitter, have also joined the accord. Nick Clegg, Meta's President of Global Affairs, emphasized the imperative for collective action within the industry, citing the pervasive threat posed by AI. 

The accord delineates a comprehensive set of principles aimed at combating deceptive election-related content, advocating for transparent disclosure of origins and heightened public awareness. Specifically addressing AI-generated audio, video, and imagery, the accord targets content falsifying the appearance, voice, or conduct of political figures, as well as disseminating misinformation about electoral processes. 

Acknowledged as a pivotal stride in fortifying digital communities against detrimental AI content, the accord underscores a collaborative effort complementing individual corporate initiatives. As per the "Tech Accord to Combat Deceptive Use of AI in 2024 Elections," signatories commit to developing and deploying technologies to mitigate risks associated with deceptive AI election content, including the potential utilization of open-source solutions where applicable.

 Notably, Adobe, Amazon, Arm, Google, IBM, and Microsoft, alongside others, have lent their support to the accord, as confirmed in the latest statement.

ColdFusion's Close Call: A Peek into the Anatomy of a Failed Ransomware Strike

 


Several threat actors have recently used outdated Adobe software to exploit systems and deploy ransomware payloads, highlighting the ever-evolving tactics that they use to attack networks and deploy the ransomware payloads. It has been discovered that the attack took place during September and early October and was aimed at gaining access to Windows servers and releasing ransomware. However, it was a valuable learning experience, which served as a valuable learning opportunity despite the failure of the attack. 

In order to uncover the attack, Sophos researchers examined the threat actor's approach to the attack. The researchers discovered that the attacker intended to use leaked source code from the LockBit 3.0 ransomware family of a malware family known for its fast and effective execution. 

Other campaigns have also repurposed different ransomware variants in order to create new variants of the virus. Threat actors have always been interested in the servers as they are undoubtedly one of the most effective ways of attacking an organization, as they are one of the more efficient paths to penetrate it. 

Generally, server-related accounts have the highest privilege levels in the network, making it easy for their administrators to easily move from one machine to another in the network. There are a variety of threats being delivered to servers that have been observed by Sophos X-Ops, and the most common payloads are the Cobalt Strike Beacons, ransomware, fileless PowerShell backdoors, miners, and webshells, among others.  

Several efforts were made by an unknown actor in September and into the first half of October to exploit vulnerabilities in outdated, unsupported versions of Adobe’s ColdFusion Server software so that they could gain access to the Windows servers on which they were running, and eventually pivot to the exploitation of ransomware infections. 

Although no one of these attacks was successful, the telemetry that they provided allowed us to find out who was responsible, and to retrieve the payloads that were being deployed as part of those attacks. The researchers at Sophos who uncovered the attack found that the threat actor was attempting to deploy ransomware derived from a family of ransomware known as LockBit 3.0 that was created with the leaked source code. 

In other campaigns, Sophos researchers also noticed that a similar pattern was occurring. The attackers are likely to have chosen LockBit 3.0 ransomware as the most effective family and the fastest. A typical approach these threat actors take is aiming for holes in unpatched versions of software, and that is exactly what they did in this case. Rather than implementing new techniques, the attacker used old and unsupported ColdFusion version 11 software to target.

The Adobe ColdFusion service announced last week that three critical vulnerabilities had been discovered. First of all, on July 11, it announced patches for CVE-2023-29300, a deserialization issue that could result in arbitrary code execution, as well as CVE-2023-20298, an improper access control issue that could lead to a security feature bypass. 

On July 14, the company also released patches to fix another deserialization vulnerability, CVE-2023-38203, which may result in executing arbitrary code. Adobe made a mistake in sending notification emails to some customers in which it claimed it was aware of attacks targeting CVE-2023-29300.

However, no evidence has been presented that this flaw has been actually exploited.  Rapid7, a cybersecurity firm that has been following the CVE-2023-29298 and CVE-2023-38203 vulnerabilities that were patched last week, reported on Monday that none of them seem to have been exploited in the wild yet. 

As Accel7 discovered in its analysis, CVE-2023-38203 has been chained with another vulnerability, likely CVE-2023-38203, which is demonstrated in attacks observed by the firm that were undertaken by attackers who used PowerShell commands to create webshells that gave them access to the targeted system. 

A blog post detailing the findings of CVE-2023-38203 was published by researchers at ProjectDiscovery on July 12, just before Adobe announced its patch to address the issue. Rapid7 believes ProjectDiscovery initially thought that by posting the blog post, they were actually disclosing CVE-2023-29300, which had already been fixed by Adobe, but in fact, their blog post was in fact about CVE-2023-38203, which the vendor was still yet to issue a patch for. 

As it turned out, Adobe announced patches on July 14 as part of its announcement of patches for CVE-2023-38203, and it clarified that the company was making available a proof-of-concept (PoC) blog post to explain the security hole.  

The other important factor is investing in robust endpoint detection and response (EDR) systems, which can detect and prevent ransomware attacks. Effective EDR systems can prevent ransomware attacks from occurring. Using software that is supported by the organization, regularly updating the system, and leveraging security controls that can detect and mitigate evolving threats are important for organizations. 

Particularly, endpoint behavioural detection software can be effective in detecting suspicious activities on an endpoint as well as guarding against ransomware attacks by detecting suspicious activities. The recent failed hack on ColdFusion servers sheds great light on the evolving landscape of ransomware attacks and sheds new light on how ransomware attacks will evolve in the future.

Throughout the course of the year, threat actors continue to increase their tactics and find new vulnerabilities to exploit. There are however several ways in which organizations can effectively protect themselves from cyber threats. They can maintain a fully up-to-date software strategy, implement robust security controls, and use sophisticated endpoint monitoring and response systems. 

When it comes to mitigating the risks associated with ransomware, it is crucial to stay proactive and vigilant at all times. It was reported on March 12, 2023, that the U.S. National Security Agency (NSA) has added to its known exploited vulnerabilities list an Adobe ColdFusion vulnerability with a CVSS score of 8.6 which has been tracked as CVE-2023-26360, which is tracked as the CVE-2023-22132 in the Adobe ColdFusion patched by the vendor. 

A serious flaw in this software lies in the way it handles access control, which could allow a remote attacker to execute any code he chooses. As a result of this vulnerability, an arbitrary file system read could also occur, along with a memory leak.

Adobe Patches 30 Acrobat, Reader Vulnerabilities

Adobe

Adobe has recently released a large batch of security updates for its flagship Acrobat and Reader software, patching at least 30 vulnerabilities affecting Windows and MacOS installations. In this blog post, we’ll take a closer look at the details of these updates and what they mean for users.

The Details

On Tuesday, Adobe released a critical-level advisory listing the 30 security flaws that were patched in this update. The company cautioned that successful exploitation of these vulnerabilities could result in application denial-of-service attacks, arbitrary code execution, memory leaks, and feature bypasses. Among the affected programs are Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020.

The majority of the bugs were memory safety issues, according to Adobe. The company also claimed to be unaware of any public exploits of these vulnerabilities. In addition to these patches, Adobe also released a separate critical update addressing three security flaws.

What This Means for Users

For users of Adobe’s Acrobat and Reader software, this update is an important one to install. The vulnerabilities that have been patched could potentially allow attackers to execute arbitrary code on a user’s system or cause application denial-of-service attacks. By installing the updates, users can protect themselves from these potential threats.

It’s always important to keep software up-to-date with the latest security patches to ensure that your system is protected from known vulnerabilities. This is especially true for widely-used software like Adobe’s Acrobat and Reader programs.

What next?

Adobe’s recent release of security updates for its Acrobat and Reader software is an important step in protecting users from potential threats. By patching at least 30 vulnerabilities affecting Windows and MacOS installations, Adobe has taken proactive measures to ensure the safety and security of its users. As always, it’s important for users to install these updates as soon as possible to protect themselves from potential exploits.

50% of KEV Catalog Were Big Corporations

According to Grey Noise, almost 50% of the upgrades to the KEV catalog in 2022 were due to actively exploited vulnerabilities in Microsoft, Adobe, Cisco, and Apple products. The KEV catalog's earlier vulnerabilities from before 2022 made up 77% of the updates. 

In the initial year of the catalog's existence, CISA identified over 850 vulnerabilities, excluding   300 vulnerabilities reported in November and December 2021. As per CSW's Decoding of the CISA KEV study, "the fact they are a part of CISA KEV is rather significant as it suggests that many businesses are still using these outdated systems and therefore are ideal targets for attackers."

Based on a study by a team from Cyber Security Works, a handful of the vulnerabilities in the KEV catalog come from devices that have already reached End-of-Life (EOL) and End-of-Service-Life (EOSL). Despite the fact that Windows Server 2008 and Windows 7 are EOSL products, the KEV catalog identifies 127 Server 2008 vulnerabilities and 117 Windows 7 vulnerabilities.

The catalog has evolved into the official source for information on vulnerabilities by attackers, even though it was initially designed for vital infrastructure and public service firms. It is crucial since, by 2022, the National Vulnerability Database assigned Common Vulnerabilities and Exposures (CVE) identifiers to over 12,000 vulnerabilities.  Corporate teams can establish customized priority lists using the catalog's curated list of CVEs that are currently being attacked. 

In reality, CSW discovered there was a slight delay between the time a CVE Numbering Authority (CNA) like Mozilla or MITRE issued a CVE to a flaw and the time the vulnerability was posted to the NVD. For instance, the BitPaymer ransomware took advantage of a vulnerability in Apple WebKitGTK (CVE-2019-8720), which Red Hat assigned a CVE for in October 2019 but was added to the KEV catalog in March. As of the beginning of November, it has not been included in the NVD.  

According to CSW, 22% of the vulnerabilities in the catalog are privileging execution issues while 36% of the vulnerabilities are remote code execution problems. Whenever a vulnerability is actively being exploited, has a CVE assigned to it, and is supported by clear mitigation instructions, does CISA update the KEV catalog. 


Cybercriminals Use Google Ads to Deploy Malware

 

Hackers are utilizing the Google Ads service more consistently than ever before to transmit malware. As soon as the victims click the download link on the threat actors' fake versions of the official websites, trojanized software is distributed. 

Grammarly, MSI Afterburner, Slack, Dashlane, Malwarebytes, Audacity, Torrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave are some of the companies impersonated in these operations.

Raccoon Stealer, a modified variant of Vidar Stealer, and the IcedID loader are two examples of malware propagating to victims' systems. As a result, anyone looking for reliable software on a site with no active ad blocker will see commercials first and be more inclined to click on them because they closely resemble the search result.

Threat actors use a method in that phase to get beyond Google's automatic checks. If Google determines that the launch site is malicious, the operation is blocked and the advertisements are withdrawn. The trick, according to Guardio and Trend Micro, is to send users who click on the advertisement to a malicious site imitating the software project from a relevant but innocuous site made by the threat actor.

Vermux, a threat group, was discovered employing a significant number of masquerAds websites and domains, mainly operating out of Russia, to target GPUs and cryptocurrency wallets owned by Americans.

According to the researchers, in October they came across a malvertising operation where hackers, identified as DEV-0569, utilized Google Ads to send consumers to a malicious file download page. Microsoft claimed that it informed Google about the traffic distribution network abuse.

As per Microsoft, the techniques enable the group to reach more people and increase the number of victims. From August through October, Microsoft observed the threat actor distributing the BATLOADER malware using phishing emails that seemed to be genuine installers for various programs, including TeamViewer, Adobe Flash Player, Zoom, and AnyDesk. 

Use the necessary safety protocols such as an ad-blocker on your browser to block these campaigns by prohibiting Google Search sponsored results from appearing. Users should scroll down until they find the desired software project's official domain. Furthermore, a suspicious installer's unusually large file size is a red flag.  

Esca RAT Spyware Actively Employed Cybercriminals

Escanor is a new RAT (Remote Administration Tool) that was promoted on the Dark Web and Telegram, as per Resecurity, a cybersecurity firm based in Los Angeles that protects Fortune 500 companies globally. 

The threat actors provide versions of the RAT for Android and PC, as well as an HVNC module and an exploit builder to turn Microsoft Office and Adobe PDF files into weapons for spreading malicious code. 

The tool was first publicly available for purchase on January 26th of this year as a small HVNC implant that allowed for the establishment of a stealthy remote connection to the victim's machine. Later, the kit evolved into a full-scale, commercial RAT with a robust feature set. 

Over 28,000 people have joined Escanor's Telegram channel, which has a solid reputation on the Dark Web. Previous 'cracked' releases by the actor going by the same name included Venom RAT, 888 RAT, and Pandora HVNC, which were probably utilized to enhance Escanor's capability further.

According to reports, cybercriminals actively employ the malware known as Esca RAT, a mobile variant of Escanor, to attack users of online banks by intercepting one-time password (OTP) credentials.

The warning states that the tool "may be used to gather the victim's GPS locations, watch keystrokes, turn on hidden cameras, and browse files on the distant mobile devices to steal data."

Escanor Exploit Builder has been used to deliver the vast majority of samples that have lately been discovered. Decoy documents that look like bills and notices from well-known internet providers are utilized by hackers.

Resecurity also advised that the website address 'escanor[.]live' has earlier been linked to Arid Viper, a group that was active in the Middle East in 2015.

APT C-23 is also known as Arid Viper. Espionage and information theft are this threat actor's primary goals, which have been attributed to malevolent actors with political motivations for the freedom of Palestine. Although Arid Viper is not a particularly technologically advanced actor, it is known to target desktop and mobile platforms, including Apple iOS. 

Their primary malware, Micropsia, is surrounded by Delphi packers and compilers in their toolset. This implant has also been converted to various platforms, including an Android version and versions built on Python.

The majority of Escanor patients have been located in the United States, Canada, the United Arab Emirates, Saudi Arabia, Kuwait, Bahrain, Egypt, Israel, Mexico, and Singapore, with a few infections also occurring in South-East Asia.




Spyware Group ‘Knotweed’ Employs Windows and Adobe Bugs to Target Firms Worldwide

 

Microsoft has unearthed an Austrian “cyber mercenary” group employing Windows and Adobe exploits to target organizations with spyware since at least 2021. 

Security analysts at Microsoft’s Threat Intelligence Center and Security Response Center said the organization is a private-sector offensive actor (PSOA) called Decision Supporting Information Research Forensic (DSIRF), but dubbed by Microsoft with the codename Knotweed. 

A cyber-weapons broker has launched multiple attacks on law firms, banks, and strategic consultancies in countries across the globe via spyware — dubbed Subzero — that allows its users to remotely and silently infiltrate a victim’s computer, phone, network infrastructure, and internet-linked devices.

"DSIRF has been linked to the development and attempted sale of a malware toolset called Subzero, which enables customers to hack into their targets' computers, phones, network infrastructure, and internet-connected devices," Microsoft said in a blog post. 

DSIRF promotes Subzero as a “next generation cyber warfare” tool that can secure full control of a victim’s PC, steal passwords and disclose its real-time location, according to a copy of an internal presentation released by Netzpolitik, a German news website, in 2021. 

The report claims that DSIRF, which reportedly has links to the Russian state, promoted its tool for use during the 2016 U.S. presidential election. The German government was also considering the purchase and use of Subzero to enhance its cyber defense. 

Microsoft said it has issued a software update to mitigate the use of the identified vulnerabilities. The tech giant has also released signatures of the malware to shield Windows users from exploits Knotweed was employing to help deliver its malware. 

More action is needed on a broader level, given that DSIRF will not be the last PSOA to target organizations, as Microsoft researchers explained in a brief sent to Congress on Wednesday. 

"We are increasingly seeing PSOAs selling their tools to authoritarian governments that act inconsistently with the rule of law and human rights norms," researchers explained. "We welcome Congress's focus on the risks and abuses we all collectively face from the unscrupulous use of surveillance technologies and encourage regulation to limit their use both here in the United States and elsewhere around the world."

Zero-day Exploit Detected in Adobe Experience Manager

 

A zero-day vulnerability in a prominent content management solution used by high-profile firms such as Deloitte, Dell, and Microsoft has been found. 

The flaw in Adobe Experience Manager (AEM) was detected by two members of Detectify's ethical hacking community.

Adobe Experience Manager (AEM) is a popular content management system for developing digital customer experiences like websites, mobile apps, and forms. AEM has become the primary Content Management System (CMS) for many high-profile businesses due to its comprehensiveness and ease of use. 

The flaw allows hackers to bypass authentication and obtain access to CRX Package Manager, making applications vulnerable to Remote code execution attacks. It affects CR package endpoints and can be fixed by denying public access to the CRX consoles. 

Detectify spokesperson stated, "With access to the CRX Package Manager, an attacker could upload a malicious package in Adobe Experience Manager to leverage it to an RCE and gain full control of the application." 

Ai Ho and Bao Bui, members of Detectify Crowdsource, initially detected the vulnerability in an instance of AEM used by Sony Interactive Entertainment's PlayStation subsidiary in December 2020. Three months later, the AEM CRX bypass was discovered within various Mastercard subdomains. The issues were reported to Sony and Mastercard at the time. 

Mastercard, LinkedIn, PlayStation, and McAfee were among the prominent companies affected by the flaw, according to the members of Detectify. 

A Detectify spokesperson explained: "The CRX Package Manager is accessed by bypassing authentication in Dispatcher, Adobe Experience Manager’s caching and/or load balancing tool. Dispatcher checks user’s access permissions for a page before delivering the cached page and is an essential part of most – if not all – AEM installations. It can be bypassed by adding a lot of special characters in combination in the request." 

Bao Bui, a security researcher and former CTF player of the Meepwn CTF Team, began hunting bug bounties around a year ago. Ai Ho, a security engineer, and developer, has been involved in the bug bounty industry for two years, developing and releasing his own bug-catching tools on GitHub. 

Adobe was notified of the zero-day problem and quickly issued a patch. 

On Detectify's platform, the AEM CRX Bypass zero-day was then implemented as a security test module. "Since it went live in May 2021, around 30 instances of the AEM CRX Bypass vulnerability have been in customers’ web applications," added a Detectify spokesperson. 

So far, Detectify's scans for over 80 specific AEM vulnerabilities have produced over 160,000 hits.

RevengeRAT is Targeting the Aerospace and Travel Sectors with Spear-Phishing Emails

 

Microsoft has released a warning about a remote access tool (RAT) called RevengeRAT, which it claims has been used to send spear-phishing emails to the aerospace and travel industries.

RevengeRAT is a remote access trojan (RAT) that is classified as a high-risk computer infection. This malware aims to give cybercriminals remote access to infected computers so they can manipulate them. According to research, cybercriminals spread this infection through spam email campaigns (malicious MS Office attachments). Having a trojan-type infection on your device, such as RevengeRAT, can cause a slew of problems. 

They can use RevengeRAT to monitor system services/processes/files, edit the Windows Registry and hosts file, log keystrokes, steal account passwords, access hardware (such as a webcam), run shell commands, and so on. As a result, these individuals have the potential to cause serious harm. 

RevengeRAT, also known as AsyncRAT, is spread by carefully designed email messages that instruct recipients to open a file that appears to be an Adobe PDF attachment but actually installs a malicious visual basic (VB) file. 

The two RATs were recently identified by security company Morphisec as part of a sophisticated Crypter-as-a-Service that delivers multiple RAT families. The phishing emails, according to Microsoft, transmit a loader, which then delivers RevengeRAT or AsyncRAT. Morphisec claims it is also able to supply the RAT Agent Tesla. 

"The campaign uses emails that spoof legitimate organizations, with lures relevant to aviation, travel, or cargo. An image posing as a PDF file contains an embedded link (typically abusing legitimate web services) that downloads a malicious VBScript, which drops the RAT payloads," Microsoft said. 

Morphisec called the cryptor service "Snip3" after a username it discovered in earlier malware variants. If Snip3 detects that a RAT is being executed inside the Windows Sandbox – a virtual machine security feature Microsoft launched in 2018 – it will not load it. Advanced users can use the Windows Sandbox to run potentially malicious executables in a secure sandbox that won't harm the host operating system.

"If configured by [the attacker], the PowerShell implements functions that attempt to detect if the script is executed within Microsoft Sandbox, VMWare, VirtualBox, or Sandboxie environments," Morphisec notes. "If the script identifies one of those virtual machine environments, the script terminates without loading the RAT payload."

Hackers Take Advantage of Adobe Zero-Day Vulnerability Impacting Acrobat Reader

 

A patch for Adobe Acrobat, the world's most popular PDF reader, addresses a vulnerability that has been actively exploited and affects both Windows and macOS systems, allowing for arbitrary code execution. 

Adobe is advising customers about a crucial zero-day vulnerability in its widely used Adobe Acrobat PDF reader software that is being actively exploited in the wild. As part of Adobe's Tuesday roundup of 43 fixes for 12 of its products, including Adobe Creative Cloud Desktop Application, Illustrator, InDesign, and Magento, a patch is now available. 

According to Adobe, the CVE-2021-28550 zero-day vulnerability "has been exploited in the wild in selective attacks targeting Adobe Reader users on Windows. Adobe Reader users on Windows may be the only ones that are currently being targeted. The bug, however, affects eight different versions of the software, including those for Windows and Mac. The versions include:

1.Windows Acrobat DC & Reader DC (versions 2021.001.20150 and earlier) 
2.macOS Acrobat DC & Reader DC (versions 2021.001.20149 and earlier) 
3.Windows & macOS Acrobat 2020 & Acrobat Reader 2020 (2020.001.30020 and earlier versions)
4.Windows & macOS Acrobat 2017 & Acrobat Reader 2017 (2017.011.30194  and earlier versions)

Adobe did not have any technical details about the zero-day flaw. Those details are usually available after users have had a chance to apply the patch. Users can manually update their product installations by going to Help > Check for Updates, according to Adobe's May security bulletin, which was released on Tuesday. 

Several other important bugs were included in Tuesday's roundup of 43 fixes. Adobe Acrobat received a total of ten crucial and four significant vulnerability patches. A total of seven of the bugs were arbitrary code execution bugs. Three of the vulnerabilities patched on Tuesday (CVE-2021-21044, CVE-2021-21038, and CVE-2021-21086) expose systems to out-of-bounds write attacks. 

On Tuesday, Adobe Illustrator got the highest number of patches, with five critical code execution vulnerabilities patched. Three of the flaws (CVE-2021-21103, CVE-2021-21104, and CVE-2021-21105), according to Adobe's definition, are memory corruption bugs that enable hackers to execute arbitrary code on targeted systems. The three memory corruption bugs were discovered by Kushal Arvind Shah, a bug-hunter with Fortinet's FortiGuard Labs.

HACKED- Windows 10, macOS, Adobe, VMware, Apple and Oracle at The Pwn2Own 2020!


Pwn2Own is a well-known computer hacking contest which is held once every year at the CanSecWest security conference. In this contest, the contestants are tested on how well they could exploit commonly used software and mobile devices with formerly unheard of vulnerabilities.

An issue as grave as the Coronavirus pandemic has clearly not affected the spirits of the Pwn2Own 2020 hacking competition which got done with its first two days.

On Day 1, security researchers and participants bagged a handsome amount of over $180,000 for exploiting the Windows 10, Ubuntu Desktop and macOS, mention sources.

Reportedly, a “team from the Georgia Tech Systems Software and Security Lab succeeded in exploiting a kernel privilege escalation to execute code on macOS” by way of Safari. The attack mechanism that ended up winning for the team $70,000 was comprised of 6 vulnerabilities.

Per the event page (thezdi.com), Georgia Tech employed a “6 bug chain to pop calc and escalate to root”.

The team that has won several preceding editions of the hacking contest, Team Fluoroacetate, won themselves a victorious $40,000 after they employed a “local privilege escalation exploit” meant for the Windows 10.

Reports mention that one of the two members of the aforementioned team also won himself a smashing amount of $40,000 for yet another privilege escalation exploit pursuing Windows 10.

As per sources, the RedRocket CTF team got themselves a win, owing to it to one of their members, Mafred Paul, who bagged an attractive amount of $30,000 for a local privilege escalation exploit focused on Ubuntu Desktop. The hack was about the manipulation of the ‘Input validation bug’.

On Day 2, The Fluoroacetate successfully targeted the Adobe Reader with a local privilege escalation by employing a pair of UAFs, mentioned sources and grabbed an amount of $50,000.

Per reports, the Synacktiv team targeted the VMware Workstation but unfortunately to no avail in the given duration of time. There also were special demonstrations of the Zero Day Initiative against the Oracle VirtualBox.

This was the very first time the organizers allowed “conditional remote participation” in the Pwn2Own hacking contest, understandably because of the increased concerns of people about traveling due to the Coronavirus outbreak.



One of Today's Most Popular E-Commerce Platforms Hit By A Major Security Breach


Recently Magento Marketplace, a portal for purchasing, selling, and downloading plug-ins and themes for Magento-based online stores was hit by a major security breach revealed by Adobe, as Adobe acquired Magento for $1.68 billion in May 2018.

The impacted users incorporate both the regular ones who purchased themes and plugins as well as the theme developers who were utilizing the portal to sell their code and make money.

In an email sent to users, the company said it was the vulnerability in the Magento Marketplace website that permitted "an unauthorized third-party" to access the account data for the registered users. The vulnerability enabled access to user information, like name, email, store username (MageID), billing and shopping addresses, phone number, and limited commercial information like percentages for payments Adobe made to theme/plugin developers.

However, fortunately, any account's passwords or financial information were not exposed, according to Adobe.

Jason Woosley, Vice President of Commerce Product and Platform, Experience Business, at Adobe, says “We have notified impacted Magento Marketplace account holders directly and already took down the Magento as soon as we learned of the hack in order to address the vulnerability.”

The store is currently back online.

The Adobe VP although didn't share the exact number of affected accounts. A Magento representative when approached didn't comment past the company's official blog post.

Nonetheless Adobe executive said the hack didn't bring about any outages or disturbances to the company's core Magento products and services, and, at the hour of writing, there is no reason to accept that the hacker compromised Magento's core backend or plugins and themes facilitated on the 'marketplace'.