May 16, 2019

DHCP security in Windows 10: analyzing critical vulnerability CVE-2019-0726

Image credit: Pexels
When January updates for Windows got released, the public was alarmed by news of critical vulnerability CVE-2019-0547 in DHCP clients. A high CVSS score and the fact that Microsoft did not release an Exploitability Index assessment right away, which made it more difficult for users to decide whether they needed to update their systems immediately, stirred up the heat. Some publications even speculated that the absence of the Exploitability Index pointed to the appearance of a usable exploit in the near future.

Solutions such as MaxPatrol can identify which computers on a network are vulnerable to certain attacks. Other solutions detect such attacks. For these solutions to work, both the rules for identifying vulnerabilities in products and the rules for detecting attacks on those products need to be described. This, in turn, will be possible if for each separate vulnerability we figure out the vector, method, and conditions of exploitation. In other words, all the details and nuances related to exploitation. This requires a much more in-depth and full understanding compared to what can usually be found in descriptions on vendors' sites or in CVE, for example:

The reason for the vulnerability is that the operating system incorrectly handles objects in memory.

So, to update our products with rules for detecting attacks targeting the newly discovered vulnerability in DHCP and rules for identifying affected devices, we needed to dive into all the details. With binary vulnerabilities, one can often get to the faults lying at their root by using patch-diff, which compares and identifies the changes to the binary code of an app, a library, or an operating system's kernel made by a specific patch or update fixing the error. But Step 1 is always reconnaissance.

Note: To go directly to the vulnerability description, without reading the DHCP concepts it's based on, you can skip the first several pages and go straight to the section titled "DecodeDomainSearchListData function".

April 15, 2019

Protecting Money On The Internet. Five Tips To Secure Your Online Transactions

Image credit: Unsplash
According to Positive Technologies research data, security of financial applications keeps growing. Banks make serious investments into improving security of their products. In the end hackers find it easier not to attack the banks, but rather go after bank clients and people shopping online.

Here are some useful tips from Positive Technologies experts to help you protect your money online.

March 24, 2019

How Not To Help Hackers: 4 Common Security Mistakes Of Office Workers

Image credit: Unsplash

More and more often cybercriminals target office staff, knowing full well that people are the weakest link in the corporate protection systems. Today we'll discuss mistakes in information security made by office workers, and how to avoid becoming an unwitting accomplice to hackers in compromising company infrastructure.