The newly patched vulnerability is located in one such player called the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF). Special media players can also be installed alongside the clients when users attempt to play back meeting recordings. Users who attend WebEx meetings have to install a software client on their computers that’s offered by the WebEx server hosting the meeting. It has cloud-hosted solutions in the form of Cisco WebEx Business Suite (WBS) and Cisco WebEx Meetings and a self-hosted solution called the Cisco WebEx Meetings Server. Cisco Patches Another Critical Vulnerability in WebExĬisco Systems has patched another critical vulnerability in its WebEx client software that could be exploited to execute malicious code on computers.Ĭisco WebEx is one of the most widely used web conferencing software in business environments. The company has also provided a YARA signature that organizations can use to detect the agent on their computers and block its communications with malicious domains. The Netscout report contains file signatures for the rogue LoJack samples as well as domain names and other indicators of compromise. Finally, Lojack’s ‘small agent’ allows for memory reads and writes which grant it remote backdoor functionality when coupled with a rogue C2 server.” “The attacker simply needs to stand up a rogue C2 server that simulates the Lojack communication protocols. “With low AV detection, the attacker now has an executable hiding in plain sight, a double-agent,” the Netscout researchers said. LoJack users who willingly turned on the feature on their computers are also likely to have whitelisted the agent in their security products. The LoJack agent is whitelisted by default by many antivirus programs, and those that do detect it flag it as “not-a-virus” or “Risk Tool” instead of malware. It seems that four years later, cyberespionage groups are taking advantage of this powerful functionality that’s present on many devices and is both persistent and stealthy. “The protocol doesn’t use any encryption or authorization with the remote server, which creates numerous opportunities for remote attacks in a hostile network environment.” “The protocol used by the Small Agent provides the basic feature of remote code execution,” the researchers warned in a blog post at the time. They pointed out that its small Windows software agent could easily be modified to make it connect to a rogue server. In 2014, security researchers from Kaspersky Lab published a paper showing how Absolute’s Computrace technology could be abused to serve as a backdoor. Security researchers from Netscout’s Arbor division have come across five instances of the LoJack software agent that were communicating with four suspicious domain names, three of which have been associated in the past with Fancy Bear’s cyberespionage operations. This service then connects to a remote server controlled by Absolute Software and installs the theft recovery agent. The BIOS/UEFI component injects a small software agent into Windows and registers it as a system service. This means that it survives even OS reinstalls and hard disk drive replacements. LoJack for Mobile Devices costs from £29.95 for a one-year subscription.The technology stands apart because it has components embedded in BIOS/UEFI firmware through partnerships with computer manufacturers. Within ten minutes of the detective being at the suspect’s house, the thief handed the smartphone in and it was returned to its rightful owner.ĭerek Skinner, also from Absolute Software, said: 'We believe LoJack for Mobile Devices will act as an important deterrent in the fight against the rise of mobile phone crime.' The team then located the home address of the suspect and aided by the police, they visited the house the following day. Through the use of Absolute’s forensic tools, the team managed to analyse a number of texts, emails and screenshots which enabled them to identify the user. It was then reported to the local police station and to the software company. The Absolute Software customer had the expensive Samsung stolen in Minneapolis. The unique software was able to track down a thief who stole a brand new Samsung Galaxy S4 smartphone. 'With Absolute persistence technology, the owner can activate the "kill switch" and those responsible for theft can be identified or located and held accountable.' It is built into the firmware on Android phones including the Samsung Galaxy S4 and Tab 3, pictured ADVERTISEMENT Lojack will survive a factory reset and full erase.
0 Comments
Leave a Reply. |