Cyber security news for all

More

    Stuxnet 2.0 is the security nightmare

    The computer virus Stuxnet successfully attacked control systems of industrial plants for many years. In order to infiltrate the system control, it took the detour via connected Windows systems and used an exploit chain of remote code execution and subsequent local privilege expansion.

    Researchers investigated the question of whether a Stuxnet 2.0 scenario would be conceivable, despite the long-term bug fixes. In a presentation at Black Hat 2020, they explained and showed why this question can be answered with a clear yes in their opinion. The researchers paid particular attention to the last link in the exploit chain – the Windows printer spooler, which Stuxnet used at the time for the final jump to the systems. In the process, they discovered two new vulnerabilities that they reported to Microsoft. One of the vulnerabilities CVE-2020-1048 is expected to be closed this month. The other did not find Microsoft relevant enough to close it.

    Stuxnet

    Old Exploit Chain Remains Dangerous

    Using Stuxnet’s original exploit chain, the researchers explained in the lecture how Microsoft closed the gaps at the time. Above all, they criticized very special placed fixes – narrow patches, which can sometimes be canceled out by modifying the original attack slightly. Alternatively, it is also easily possible to replace old gaps with equivalent gateways.As the researchers explained, the original Stuxnet strategy and its obvious reactivability is still highly relevant and problematic today, as it is still used over and over as a draft for a wide variety of malware campaigns.

    The Second Security Problem

    The second security problem discovered by the researchers is more than 20 years old and affects 32 and 64-bit Windows releases from version 2000. They discovered it through so called fuzzing, a variant of automated tests, within around 15 minutes. The bug can be exploited locally and could be misused by a local attacker to provoke a printer spooler crash. However, Microsoft does not classify the resulting risk as high enough to publish an update.

    Recent Articles

    Maze leaks data on its own platform

    The Maze ransomware has been up to almost a year and a half. This week, security experts warned about the actions of the cyber...

    Emotet to spread the malware behind email archives

    If you find an attached pack to an email these days, you should be particularly careful: the highly developed malware Emotet could be lurking...

    500,000 Activision accounts have been leaked

    Activision has taken a position on the alleged leak. According to the publisher, there has never been a data leak. In some cases it is...

    Judge issues injunction against WeChat

    The US government wanted to take action against the app WeChat. A judge stood sideways. The app should disappear from the platforms in the...

    Mail provider Tutanota becomes target of cyber attacks

    Over the weekend, ongoing DDoS attacks and an infrastructure problem resulted in downtime for hundreds of users. While some were able to mitigate most...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox