close

Security news

Developer of Terrarium TV says he could hand over user info to authorities

Developer of Terrarium TV says he could hand over user info to authorities

Details of Terrarium TV users could be handed to authorities, developer says

Terrarium TV had recently announced that it would be shutting down its service at the end of September. Terrarium TV, a popular app for Android-powered devices, allowed users’ access to pirated copies of TV shows and movies pulled from file-hosting sites for free.

Also Read- Terrarium TV Down- Best Alternatives To Watch Free Movies In 2018

According to NitroXenon aka Peter Chan, the app’s developer who announced the shut down on September 10 in a notification to app users said, “It has always been a great pleasure to work on this project. However, it is time to say goodbye. I am going to shut down Terrarium TV, forever. I know this day will come eventually. I know it would be hard to let go. But it is really time for me to move on to other projects.”

The message continued: “Please note that you will not be able to open the Terrarium TV app after the end of September as the app will close itself automatically.”

While this news came as a huge blow for its users, the developer starting sending another notification to its users to immediately uninstall their app. Apparently, those users who did not uninstall the Terrarium TV app immediately after receiving the notification message of shut down are now receiving warning notification on their devices. It is asking the user to immediately uninstall the app or their data including IP addresses may be handed over to the authorities.

“Uninstall immediately!” one notification reads. “Your IP address and location are being tracked!”

“We can’t guarantee that details won’t be shared upon request,” advises another.

When TorrentFreak contacted NitroXenon and asked for an explanation for the warning notifications, he replied, “I’m just telling the truth. Almost every app tracks user’s IP [addresses]. And if I must [hand] the info to authorities then I’ll do it.”

While it isn’t clear why NitroXenon decided to shut down Terrarium TV, many are speculating that the developer may be under legal pressure to shut down due to the growing number of lawsuits targeting piracy apps.

Not only Terrarium TV, but pirate services like Morpheus TV and even paid services like Set TV have also shut down recently due to piracy lawsuit.

read more

iOS web attack crashes, causes iPhones or iPads to restart

iOS web attack crashes, causes iPhones or iPads to restart

This new CSS-based web attack can crash and restart iPhones or iPads and can cause a Mac computer to freeze

A security researcher has discovered a new iOS web attack that can cause an iPhone or iPad to restart and a Mac to freeze, if the device visits a webpage with specific CSS & HTML. However, this bug doesn’t affect users using Windows and Linux.

Sabri Haddouche, a security researcher at encrypted instant messaging app Wire, on Saturday tweeted the URL featuring the proof-of-concept (PoC) webpage that crashes iOS devices. The source code of the webpage containing the exploit that uses just 15 lines of specially crafted CSS & HTML code was posted by Haddouche on GitHub as well. This 15-line Web code snippet when visited on any iPhone or iPad, can cause the device to restart.

According to Haddouche’s PoC, the attack exploits the weakness in Apple’s web rendering engine WebKit. Further, the code, based on HTML and CSS, contains numerous <div> tags.

For those unaware, WebKit is the web browser engine used by Safari, Mail, App Store, and many other apps on macOS, iOS, and Linux.

“The attack uses a weakness in the -webkit-backdrop-filter CSS property. By using nested divs with that property, we can quickly consume all graphic resources and crash or freeze the OS. The attack does not require Javascript to be enabled therefore it also works in Mail. On macOS, the UI freeze. On iOS, the device restart”, Haddouche told Bleeping Computer.

Since Apple’s App Store rules doesn’t allow developers to bring their own rendering engine, all apps and browsers are required to use its WebKit. As a result, the code works on almost all the Apple devices making all iOS browsers susceptible to the attack.

On the other hand, the CSS/HTML attack in macOS only slows down the browser but adding JavaScript into the equation can brick the macOS.

“With the current attack (CSS/HTML only), it will just freeze Safari for a minute then slow it down,” Haddouche revealed.

“You will be able to close the tab afterward. To make it work on macOS, it requires a modified version containing JavaScript. The reason why I did not publish it is that it seems that Safari persists after a forced reboot and the browser is launched again, therefore bricking the user’s session as the malicious page is executed once again”, he added.

However, Haddouche notes the bug cannot be used to run any malicious software or to perform attacks that could steal a user’s data. But, if someone shares a link to a particular webpage disguised as some other URL and you click it, your iPhone will restart. This can be annoying for sure but with no major consequences.

The researcher claims he advised Apple about the issue before publishing the code on social media. Apple has confirmed it is aware of the glitch and they are investigating it.

Check out the video demonstration published by the researcher that shows the iPhone crash attack in action.

read more

Android Q will warn users for running apps made for older Android versions

Android Q will warn users for running apps made for older Android versions

Android Q will soon warn apps running on Android Lollipop or earlier

It’s only been a month since Google has released the latest version of Android 9.0 Pie, but it looks like the search giant has already started gearing up for Android Q. However, this time with Android Q, it plans to aggressively push developers to update their apps.

Last year, Google had released a new policy that imposed restrictions on the apps uploaded and updated on the Play Store. According to the policy, the new apps are required to target API (Application Programme Interface) level 26 (Android 8.0 Oreo) as of last month or later version and the same API level for updates to existing apps from November 2018 onwards.

Besides this, a new commit (spotted by XDA-Developers) on the Android Open Source Project (AOSP) shows Android Q will warn users attempting to install apps on the new platform that target Android Lollipop or lower.

An image quoted by XDA-Developers reads a warning message that says, “This app was built for an older version of Android and may not work properly. Try checking for updates, or contact the developer.”

Google will be setting the minimum allowed target version from API level 17 (Android 4.2 Jelly Bean) to level 23 (Android 6.0 Marshmallow), which means the warning will pop up each time users run an app that’s targeting Android 5.0 Lollipop or older. Although users will not be prevented from using the app, the pop-up will appear each time the app is opened until it is either deleted or updated.

By doing this, Google would apparently be shaming those developers who prefer not to update their API level in accordance with the new Android version so as to avoid implementing their runtime permissions.

Also, by targeting apps running Lollipop and older, Google wants to convey that these apps are not using the security and privacy features that were introduced in Marshmallow. Additionally, this will also help Google to find out whether an app is updated or not.

On the other hand, if the developers upgrade to the latest version API, it will, in turn, bring a host of new features for the app. For instance, the new Android 9.0 Pie brings features like the Adaptive battery, App slices, App actions, UI changes, and much more.

If you are an Android app developer, we recommend you to start updating the apps or make a new one that may run properly on Android 8.0 Oreo and above.

ALSO READ: Android 9.0 Pie is here: How to get it and what’s new

read more

SonarSnoop attack can steal your smartphone’s unlock patterns

SonarSnoop attack can steal your smartphones' unlock patterns

Smartphone unlock patterns can be hacked using SonarSnoop attack

Researchers from Lancaster and Linkoping University have come up with a new attack technique that uses your smartphone’s speaker and microphone to steal unlock patterns from Android devices, reports ZDNet.

Dubbed as ‘SonarSnoop’, this method transforms a smartphone’s speaker and microphone into a sonar and uses sound waves to track a user’s finger position across the screen. In other words, the attack technique depends on the basic echo principle of sonar systems.

Also Read- Android smartphones can be hacked with AT commands attacks

For those unaware, Sonar (Sound Navigation and Ranging) uses sound propagation normally in submarines for detecting objects on or under the surface of the water, such as other vessels.

The study has been published in the research paper titled “SonarSnoop: Active Acoustic Side-Channel Attacks” that has detailed testing information of SonarSnoop on a Samsung Galaxy S4 running Android 5.0.1.

How does the SonarSnoop attack work?

SonarSnoop uses FingerIO as the primary source of inspiration and is the malicious version of FingerIO. The attack uses a malicious app on the device that emits sound waves from the phone’s speakers generated at frequencies – 18 KHz to 20 KHz – that are inaudible to the human ear.

The malicious app uses the device’s microphone to pick up the sound waves and bounces it back to nearby objects, which in this case are the user’s fingerprints. Depending on the position of the speakers and microphones, a machine learning (ML) algorithm is employed in the malicious application to determine the possible unlock patterns.

“The received signals are represented by a so-called echo profile matrix which visualizes this shift and allows us to observe movement. Combining observed movement from multiple microphones allows us to estimate strokes and inflections,” the researchers explained.

Results of SonarSnoop attack

With the help of SonarSnoop, the researchers were able to reduce the number of possible unlock patterns by more than 70%. Thanks to the ML algorithms built into the attack. The research team used 12 unlock patterns with 15 unique strokes in their experiment.

SonarSnoop currently cannot unlock the devices with 100% accuracy, as the method is still in the experimental stage. However, the accuracy is expected to improve with the ML Algorithm becoming more efficient with time, thereby reducing false unlock patterns.

Researchers also point out that although their experiment focuses on smartphones, SonarSnoop is “is applicable to many other kinds of computing devices and physical environments where microphones and speakers are available.”

Also Read- Hackers can spy on your computer screens through the webcam microphone

read more

How Does a Spy Cell Phone Software Work? Protect Your Phone

The last years have demonstrated a powerful boost in modern inventions in the world of tracking and surveillance. Now with the use of mobile technologies, it became possible to keep an eye on someone`s device remotely.

The appearance of spyware is directly linked to the way modern technologies have changed our lives over the past few years. While before a smartphone was only a way to stay in touch with a family, now it is an integral part of our everyday life.

Many people live their lives on their devices, storing information and recording everything they do. For this reason, cell phones became the main target for spying apps.

Spyware for cell phones helps to make this task easier and available to everyone. Actually, even if you don`t have access to the target device, you still can check what the owner is up to, getting useful insights about the information stored on the phone.

What is Cell Phone Spyware?

Spyware is malicious software (or malware) that secretly intercepts and shares sensitive information without a user`s consent. It can be installed as a hidden component of the software or through fraudulent ads, websites, instant messengers, links, file-sharing connections, etc.

In most cases, malware is difficult to detect as it runs quietly on the background, capturing the user information and device activities.

This includes browsing history, keystrokes, authentication credentials, keystrokes, screenshots, emails, credit card numbers, passwords, and other personal information.

How to Get a Spyware for Cell Phone

Spyware can infect your device in the same ways any other type of malware does. For instance, by means of a Trojan, exploit worm-like viruses, etc. Here is the list of the most common techniques to infect your computer or cell phone:

  • Security vulnerabilities: You may infect your computer by following suspicious links or opening attachments know as they may contain viruses and spyware. More than this, it is also possible to infect your device with spyware just visiting a malicious website or clicking a fraudulent pop-up.
  • Deceptive marketing: Quite often, spyware authors introduce their malicious programs as a must-have tool, which may improve the device performance and provide a range of benefits.
  • Software bundles: All people like cost-free applications. But very often they are only a host program that hides malicious add-ons, plugins or extensions. The worst thing is that even if you uninstall the host app, the spyware will still be on your device.
  • Misc: In addition to the primary malicious intent, Trojans, worms and other viruses also distribute spyware.

What Harm Can Spyware Do?

Spyware tracks all your activities, including Web browsing and movements having a direct effect on your information.

A thing to worry about is spyware for cell-phones. These programs are aimed at gathering device information for nefarious purposes. For instance, identity theft, corporate espionage, spying on camera or recording someone`s surroundings.

The spyware for cell phones is a kind of malware, which is about to become more prevalent in the future as mobile devices get more like computers.

What Can Spyware for Cell Phones Do?

Whatever app you choose, all major spyware manufacturers offer a similar number of features:

  • Text messages: all text messages, both sent and received are available for tracking. Some companies even allow the deleted messages monitoring.
  • Web history: Internet browsing history, bookmarks, and cookies are also visible for checking.
  • GPS: current GPS location, as well as the recent movements, are available for tracking.
  • Downloads: photos, videos, calendar entries, contacts, and other data are also available for monitoring.
  • Email: sent and received emails can be viewed, including the other information like sender, recipient, date and time.

All these features are considered as basic ones provided by all spyware manufacturers. But some of them offer advanced features for the extra cost. The advanced features include:

  • Call recording: all target phone incoming or outgoing voice calls can be recorded, download and played back later on.
  • Instant messengers:  WhatsApp, Facebook Messenger, Viber, Snapchat and other platforms can be monitored.
  • Phone surroundings: target device surroundings can be recorded with the activated microphone.
  • Remote controls: this feature allows getting full control over the target device, blocking and unlocking it. If needed it is possible even to wipe all the data from the target device.
  • Installed apps: all the installed apps can be tracked, helping to restrict the unwanted ones.
  • Alerts: using this feature it is possible to set up a list of trigger words and be informed when they appear on the target device. The same can be done with phone numbers.

Facts About Spyware for Cell Phones-

  • The spyware for cell phones can be installed from suspicious websites, Bluetooth, MMS or PC connection. Its way directly depends on the target device compatibility.
  • Spyware for cell phones which is claimed to be installed remotely via Bluetooth connection, need to be paired with a target device first.
  • Spyware for cell phones remote installation is possible, but it is needed to trick a person into downloading and installing it on their device.
  • The easiest way to trick a target into the installation of spyware for a cell phone is to send bogus MMS with a hazardous link. Sending messages with fake links can easily trick the owner into the spyware download.
  • Spyware for phones can spy the following activities: calls, texts, installed apps, browsing history, GPS location, multimedia, and any other information.
  • Some individuals claim that it is possible to extract voice from target phone without installation and spy the phone only having a phone number. But it is absolutely impossible.
  • Spyware for cell phone can be used as a bug to record the target device surroundings and play it back later.

There is a great number of spyware for cell phones available on the market these days. We do hope that in this article, we’ve shed some light on the spyware functionality and possibilities.

read more

Hackers can spy on your computer screens through the webcam microphone

Hackers can spy on your computer screens through the webcam microphone

Hackers can snoop on your computer screen just by listening to your webcam’s microphone

While covering your webcam could be a definite strategy to keep away webcam hackers, but what would you do if come to know that someone may be watching your every move or listening to your every word while you are using a webcam microphone. Scary, isn’t it?

A team of researchers has discovered that hackers can remotely spy on a computer screen by listening in with a microphone.

The hacker can listen to acoustic noises coming from within computer screens and can be used to detect the content displayed on the screens.

In other words, anyone with good technical knowledge knows-how can easily snoop on someone’s computer activities.

The side-channel attack dubbed as “Synesthesia” by the researchers can reveal the contents of a remote screen, providing access to potentially sensitive information based only on “content-dependent acoustic leakage from LCD screens.” LCD screens with both CCFL and LED backlighting are affected.

Also Read- Hackers Can Hack Your Computer If It Has Blinking LED Lights

According to the researchers, the subtle acoustic noises can be picked up by ordinary microphones built into webcams or screens, or even by a smartphone or “smart speaker” placed on a desk next to the screen, or from as far as 10 meters away using a parabolic microphone, or over an attached webcam microphone during a Skype, Google Hangouts, or other streaming audio chat, or through recordings from a nearby device, such as a Google Home or Amazon Echo.

“The pertinent sounds are so faint and high-pitched that they are well-nigh inaudible to the human ear, and thus (unlike with mechanical peripherals) users have no reason to suspect that these emanations exist and that information about their screen content is being conveyed to anyone who receives the audio stream, or even a retroactive recording,” according to the study.

“In fact, users often make an effort to place their webcam (and thus, microphone) in close proximity to the screen, in order to maintain eye contact during the video conference, thereby offering high-quality measurements to would-be attackers.”

The researchers created an experimental setup that attempted to recognize simple, repetitive patterns. “We created a simple program that displays patterns of alternating horizontal black and white stripes of equal thickness (in pixels), which we shall refer to as Zebras.

The period of a Zebra is the distance, in pixels, between two adjacent black stripes,” the researchers recounted in their paper.

As the program ran, the team recorded the sound emitted by a Soyo DYLM2086 screen while displaying different such Zebras. With each different period of stripes, the frequency of the ultrasonic noise shifted in a predictable manner. With the help of specially-trained machine learning algorithm, the researchers were able to then translate the recordings.

Also Read- Researchers hack air-gapped computer using electromagnetic pulses

The team was also able to identify which of the 10 most popular websites were displayed on a monitor with 96.5 percent accuracy.

The study was carried out by researchers from the University of Michigan, University of Pennsylvania and Tel Aviv University. You can read all the details about the study here.

read more

Google’s Titan Security Key Is Now Available For $50

Google's Titan Security Key Is Now Available For $50

This $50 Titan Security Key from Google secures your online accounts

Google’s Titan Security Key is finally available for customers in the U.S. for $50 from the Google Play Store. The in-house security key was first publicly announced in July, and since then it has been available to Google Cloud customers.

For those unaware, Google’s Titan Security Key is a physical device that is built on the FIDO (Fast Identity Online) specification. This device can be used to add an extra layer of security to protect data on the sites and services against phishing attacks. Just like other security keys, it can be used over Bluetooth or USB. The Titan Security Key can not only be used to secure the host of services offered by Google, but also with other non-Google services.

According to Google, the production process of the Titan Security Key makes it more resilient to supply chain attacks. “This firmware is sealed permanently into a secure element hardware chip at production time in the chip production factory,” Cloud product manager Christian Braand said in a post. “The secure element hardware chip that we use is designed to resist physical attacks aimed at extracting firmware and secret key material.”

In 2017, Google had started giving out physical security keys to all 85,000 employees to login accounts. Following this implementation, no employee has experienced any account hacks and phishing attacks since then. With the use of physical security keys, Google has removed the need for its employees to remember passwords or use one-time access codes.

For those unaware, Physical Security Keys are simple USB-based devices that work as an alternate approach to the now universal two-factor authentication (2FA). They work on an open-authentication standard known as ‘Universal 2nd Factor (U2F)’ that removes the need to remember multiple passwords for various sites.

The $50 kit comes with a USB key, a Bluetooth Low Energy key, and an adapter for devices with USB Type-C ports. You can enable security keys in your Google account from the two-step verification page.

Made in China?

While Google’s Titan Security Key is certainly an interesting device to keep users’ online accounts safe from phishing attacks, the search giant has however come under fire for manufacturing the key in China in partnership with manufacturer Feitian, according to a report from CNBC.

The product is labeled as “Produced in China,” indicating that the security key is manufactured there. Adam Meyers, a security expert at the security firm CloudStrike, is of the opinion that producing security keys overseas will make Google vulnerable not only to infiltration by hackers but also by the Chinese government during the assembly process.

However, Google said that the hardware that provides the keys’ security is sealed before it heads to the manufacturer to guard against supply chain attacks. The company declined to comment further.

read more

Google is secretly tracking what you buy offline using Mastercard cards

Google is secretly tracking what you buy offline using Mastercard cards

Google and Mastercard have a secret deal to track user shopping details offline

A partnership between Google and Mastercard allows the search giant to track offline sales data, says a Bloomberg report who cited four people “with knowledge of the deal”. In other words, Mastercard is basically selling customer data to Google.

“For the past year, select Google advertisers have had access to a potent new tool to track whether the ads they ran online led to a sale at a physical store in the U.S. That insight came thanks in part to a stockpile of Mastercard transactions that Google paid for.

“But most of the two billion Mastercard holders aren’t aware of this behind-the-scenes tracking. That’s because the companies never told the public about the arrangement,” Bloomberg mentions in its report.

The data is used for Google’s Store Sales Measurement tool, which allows the search giant to find a connection between clicks on digital ads and purchases in brick-and-mortar stores. A part of the solution matches clicks with purchases in offline stores, made with debit or credit cards. If there’s a match, Google shares the feedback with the advertisers and show them how their adverts on Google’s network led to purchases in retail locations.

It is important to note that this feature works only if a customer is logged into a Google account and has not switched off the Google Ad Tracking. Also, it works only if the customer makes a purchase within 30 days of the click. Currently, only select retailers can access the data.

“People don’t expect what they buy physically in a store to be linked to what they are buying online,” Christine Bannan, counsel with the advocacy group Electronic Privacy Information Center, told Bloomberg. “There’s just far too much burden that companies place on consumers and not enough responsibility being taken by companies to inform users what they’re doing and what rights they have.”

Although Google has not commented on the partnership with Mastercard, it has commented on the tool used to share the data to help calm fears about privacy.

Before we launched this beta product last year, we built a new, double-blind encryption technology that prevents both Google and our partners from viewing our respective users’ personally identifiable information. We do not have access to any personal information from our partners’ credit and debit cards, nor do we share any personal information with our partners. Google users can opt-out with their Web and App Activity controls, at any time,” a Google spokeswoman explained.

Although Mastercard couldn’t be reached for comment, a spokesperson sent a statement to Slate, which read, in part:

Regarding the [Bloomberg] article you cited, I’d quickly note that the premise of what was reported is false. The way our network operates, we do not know the individual items that a consumer purchases in any shopping card — physical or digital. No individual transactions or personal data is provided. That delivers on the expectation of privacy from both consumers and merchants around the world. In processing a transaction, we see the retailers name and the total amount of the consumer’s purchase, but not specific items.

According to Bloomberg, Google had once claimed that the company has access to “approximately 70 percent” of credit and debit card data in the U.S. However, earlier this year, Google made some tweaks to the settings that allow the user to opt out of ad tracking via its “Web and App Activity” console.

Also Read- Google tracks Android, iPhone users’ location even with location history turned off

read more

Android smartphones can be hacked with AT commands attacks

Android smartphones can be hacked with AT commands attacks

AT commands attack: Android devices from 11 vendors are vulnerable to this attack 

A group of security researchers has discovered that Android smartphones from 11 OEMs are vulnerable to hacking attacks from AT commands. This means that millions of Android devices out there are under the threat of AT commands attacks.

AT commands also known as Attention commands, were originally designed in the early 80s for controlling modems. However, this command is still in use in most modern smartphones to support telephony functions.

Although some AT commands have been standardized by regulatory and industry bodies, they have also been used by smartphone manufacturers and operating system designers to access and control device functionality in proprietary ways. According to the researchers, all the commands could allow an attacker to gain access to the device via the USB interface.

In order to find out the impact of AT command exploits, the researchers analyzed a range of smartphones from different vendors. They took over 2,000 Android smartphone firmware images across 11 vendors to build a database of 3,500 commands. They then executed these commands across 8 smartphones from 4 different manufacturers via USB connections.

The researchers found that there were different attacks using AT commands, including firmware flashing, Android security mechanism bypassing by making calls via USB, unlocking screens, injecting touch events, exfiltrating sensitive data, etc.

To exploit this vulnerability, all the attacker needs to do is hide the malicious content in any charging station, chargers or USB docks. Once the target phones are connected with the USB, the attacker can encroach the device and exploit the device AT commands for malicious activities.

Some of the OEMs vulnerable to AT command attacks are Samsung, Google, Motorola, LG, ASUS, Huawei, HTC, Sony, Lenovo, LineageOS, and ZTE.

The research team has notified the vendors about the security flaw and also have provided a list of phone models and firmware versions that are vulnerable to AT commands threat. “We have notified each vendor of any relevant findings and have worked with their security team to address the issues,” the researchers state in the paper.

In this study, the researchers have used Android smartphones as the subject to find out the impact of AT command attacks via USB interface on such devices. The researchers also have plans to carry out a similar study on Apple devices in the future and explore possibilities of AT command attacks through other modes of connection such as Bluetooth and Wi-Fi.

The study was carried out by researchers from the University of Florida, Stony Brook University, and Samsung Research America. The researchers presented details of their findings in a paper included in the Proceedings of the 27th USENIX Security Symposium.

Source: Usenix

read more

Microsoft Windows zero-day vulnerability exposed through Twitter

Microsoft Windows zero-day vulnerability exposed through Twitter

Unpatched Flaw In Microsoft Windows Task Manager Disclosed On Twitter

An angry Twitter user ‘SandboxEscaper’ exposed a local privilege escalation vulnerability in Microsoft Windows task manager that could allow an attacker get administrative access to a Windows system. The now deleted tweet included a link to the proof-of-concept (PoC) for the alleged zero-day vulnerability that was posted on GitHub. However, the exploit code has now been removed from GitHub.

The researcher, who claims to be tired of IT security work, seems frustrated with Microsoft’s bug bounty program:

Ps: Microsoft is stupid and I can’t wait to sell bugs in their software.

— SandboxEscaper (@SandboxEscaper) August 27, 2018

The vulnerability found resides in the task manager’s Advanced Local Procedure Call (ALPC) interface, which allows an attacker with local user access privileges to gain access to elevated (SYSTEM) privileges.

Researcher Will Dormann, a vulnerability analyst with the U.S. Computer Emergency Readiness Team (US-CERT) confirmed that the exploit code works in a fully patched 64-bit Windows 10 and Windows Server 2016 systems. He also said that the exploit code can be modified to run on other Windows versions.

Currently, there are no known patches or specific workarounds to address the vulnerability confirmed CERT.

Kevin Beaumont, a UK-based security architect, too confirmed the exploit code and also published the vulnerability code on GitHub for easy analysis.

On how can the vulnerability code be detected, Beaumont advised, “If you use Microsoft Sysmon, look for spoolsv.exe spawning abnormal processes — it’s a sure sign this exploit is being used (or another Spooler exploit). Similarly, if you use Sysmon, look for connhost.exe (Task Scheduler) spawning under abnormal processes (e.g. the Print Spooler).”

The actual fix needs to come from Microsoft. A Microsoft representative who acknowledged the flaw reportedly told The Register that the company will “proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule.”

The next scheduled Microsoft Patch Tuesday is likely to take place on September 11. In other words, this would allow ample time for the attackers to exploit the vulnerability code that is in the wild.

“With the latest Windows OS vulnerability made public, IT professionals need to be extra vigilant regarding their network users’ behaviors,” said Justin Jett, director of audit and compliance for Plixer. “The PoC released by ‘researcher’ SandboxEscaper on Twitter gives malicious actors leverage needed to break into organizations to steal valuable information.”

“Network traffic analytics should continue to be used to detect anomalous traffic going across the network and to spot where users are behaving in a way that they historically don’t,” Jett added. “Such behavior could be a strong indicator that the vulnerability, which allows hackers to escalate their privileges on a system, may be in use.

We’ll have to wait for Microsoft to respond, but if nothing is released until the scheduled September 11 Patch Tuesday, hackers will have a two-week window to take advantage of this vulnerability.”

Also Read– How to fix Windows 10 taskbar not working?

read more