Inside the framework of the Beyond Security's SecuriTeam Secure Disclosure program, subtle elements were uncovered around two basic vulnerabilities in the vBulletin that were found by the masters of the Italian organisation TRUEL IT and an autonomous master who made a request to stay mysterious. No less than one of the issues enables a remote assailant to execute subjective code with regards to the vBulletin application server. 

In spite of the fact that the issues influence promptly the last five forms of vBulletin, there are no revisions for them yet. Beyond Security said that they are endeavoring to contact the engineers of vBulletin from the end of November 2017, however they didn't get a reaction from the organization. Delegates of vBulletin told the media that they didn't get any letters identified with the depicted issues, and are as of now dealing with making patches. 

The main issue is depicted as a bug identified with the consideration of documents (record incorporation). The helplessness reaches out to the vBulletin introduced on Windows servers. An unauthenticated assailant can abuse a bug by sending a uniquely arranged GET ask for to index.php. Thus, an assailant will have the capacity to infuse noxious PHP code into a document on the server (for instance, in access.log), and after that "incorporate" this record by controlling the parameter routestring = in the question. Therefore, the aggressor's code will be executed. 

The second issue is CVE-2017-17672. This issue is related with deserialization and can be utilized both for erasing self-assertive documents, and for executing self-assertive code "in specific situations". 

For the two issues, point by point specialized subtle elements were distributed, as well as verification of-idea abuses.

Google Project Zero pro and surely understood baghunter Tavis Ormandy uncovered a major issue in the outsider secret word director Keeper, which is incorporated into the OS since the arrival of Windows 10 Anniversary Update (variant 1607). The truth of the matter is that with the arrival of this adaptation, Microsoft has included the Content Delivery Manager capacity to the working framework, which can stow away different "suggested applications". 

"I've heard about Keeper before, and I remember how some time ago I found a bug related to how they implement a privileged UI on the page, " Ormandy writes . "I rechecked and found that they continue to do the same in the new version."

The expet clarifies that the issue he found is to a great degree hazardous, since he totally bargains the security of Keeper, enabling any site to take any client's passwords. As a proof-of-idea, the master made an special page where clients can see the abuse of the bug practically speaking in the event that they store a secret word from Twitter in Keeper. 

Engineers of Keeper Security completely perceived the rightness of the master, and in under 24 hours arranged a crisis remedy for their product. Clients of the program expansion are emphatically urged to move up to the protected adaptation 11.4. Additionally, engineers focused on that they don't think about any instances of misuse of this hole.

BitMain is one of the leading Bitcoin mining equipment manufacturers in the world. The company’s AntMiner range of specialized hardware mining equipment makes up for over 70 percent of all the mining hardware, which could be at risk following the discovery of Antbleed security flaw.

Antminer S9

An anonymous researcher raised a storm in mayningovom community spread through Twitter about backdoor Antbleed, detected in the equipment companies Bitmain, which is the world's largest supplier of equipment for mining cryptocurrency.

Why does @BitMainTech have the ability to selectively shut off any miner with their secret backdoor? Find out at https://t.co/uWqGpNsJoH.

— AntBleed (@antbleed) April 26, 2017

It turned out that the backdoor appeared in the firmware code in July 2016, and researchers have been trying to inform Bitmain about the issue in September 2016, through the GitHub repository company, however this application ignored up until an unknown well-wisher is not attracted to the problem of public and media attention .

The official website of Antbleed explained that Bitmain device, please contact auth.minerlink.com, once in 1-11 minutes, and the domain is owned by Bitmain . During each communication equipment transmits to the address provided a serial number, MAC-address and IP-address.

Bitmain can use the data to check the lists of sales and a report on the supply by identifying the device and associating it with a particular user. In turn, the piece of code above actually means that if the answer to the inquiry device will answer "False", the miner will cease its work and will be disabled.

An anonymous researcher notes that the device will be able to save not inbound-rules for the firewall, as Antbleed works through outbound-connections. It has been reported that the backdoor was discovered in the S9 Series devices and earlier versions S9s. Antbleed also likely present in the L3 models, T9 and R4, although this is only an assumption of an unknown researcher.


To find a job Antbleed check your device, the researcher proposed to modify the file / etc / hosts, add a line 139.59.36.141 auth.minerlink.com. This will cause the device to connect to the test server researcher, is running this code , other than the code Bitmain servers - if the device is vulnerable, mining will stop at 11 minutes.

Protect against Antbleed researcher offers a proven and simple way: once again change the / etc / hosts, auth.minerlink.com redirecting to localhost (127.0.0.1 auth.minerlink.com).

Needless to say that after the publication of this information, all the miners were indignant over the world. In fact, the backdoor allows the company to track Bitmain and disable their device and is analogous to a fairly rigid DRM-free. Worse, any attacker who carry out attacks man-in-the-middle or DNS, can also activate the backdoor, because no authentication mechanism Antbleed does not provide.

As a result, the company was forced to Bitmain justified and urgently to the official explanation. Yesterday, April 27, 2017, representatives of Bitmain published a detailed post in the blog, which explained that Antbleed - this is not the backdoor, and the company is not trying to control the user device. According to the company, this feature has been added to the code to device owners themselves can control the equipment remotely, and had a chance to disable a miner, if that is stolen or hacked. A similar function is now equipped with almost all modern smart phones. Antbleed also allows law enforcement agencies to provide more data if it is suddenly needed.

The developers admit that Antbleed never brought to mind: the development function was started with the release of Antminer S7 and should have been completed to the exit Antminer S9. However, due to some "technical problems," the plan was not implemented, and even test server was shut down in December 2016. The fact that the "backdoor" still is present in the firmware of devices - it is a bug and someone's oversight. The company reports that the problem affects the following models:

• Antminer S9 
• Antminer R4 
• Antminer T9 
• Antminer L3 
• Antminer L3 +

Experts Bitmain apologized to users and published a new firmware on their site for all of these devices, in which the "backdoor" no longer exists.

Samsung Smart TVs running Tizen OS are prone to a security vulnerability that allows an attacker to impersonate a trusted device to obtain unrestricted access without authentication when connected via Wi-Fi Direct.

Researchers at Neseso which is an independent security consulting company with more than 10 years of experience in security research and vulnerability assessment told about the problem . 

According to Researchers , the problem lies in the implementation of authentication with Wi-Fi Direct technology, which is used in Samsung TVs. This mechanism allows users to not to authenticate every time, instead the TV can be "paired" with any trusted device whose MAC-address eventually gets added to the white list. The user will be notified that the device is connected from the white list from the TV, but no further authentication is required.

Once connected the attacker have access to all the services provided by the TV, such as remote control service or DNLA screen mirroring. If any of the services provided by the Smart TV, once connected using WiFi-Direct, is vulnerable the attacker could gain control of the Smart TV or use it to pivot and gain access to the network where the Smart TV is connected to. 

Interestingly, the Samsung representatives did not see this as any threat, in fact, allows you to completely bypass the authentication, the developers of Samsung conducted an investigation and found no problems in this functionality. 

Neseso recommends to remove all the white listed devices and avoid using the WiFi-Direct feature for the time being.