Free Republic

On Thursday’s broadcast of CNN’s “Situation Room,” CNN Chief National Correspondent John King reacted to 2024 Republican presidential candidate former President Donald Trump attending the wake of a slain NYPD officer by stating that “there’s a disconnect between the crime statistics” and while property crimes and vehicle thefts have gone up, “most violent crimes are down” nationally and “the statistics tell you crime is in better shape now than it was a few years back. However, some of these crimes are so shocking, Wolf, that they stir people, they stir anxiety, and Trump wants to turn that into votes.” Host...

New York City’s Mayor Eric Adams wants $1 billion from other Americans to subsidize the city’s economic strategy of importing penniless immigrants for use by New York’s business leaders. “We need help — and we need to now,” Democratic Mayor Eric Adams said in a Friday press conference, adding:

Summary New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats. On January 14, 2020, Microsoft released software fixes to address 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among the vulnerabilities patched were critical weaknesses in Windows CryptoAPI and Windows Remote Desktop Protocol (RDP) server and client. An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections: CryptoAPI...

After being a staple on PCs for so many years, last month it was discovered that WinRAR, software used to open .zip archive files, has been vulnerable for the last 19 years to a bug that’s easily exploited by hackers and malware distributors. Fortunately, the software has been patched with the recent release of version 5.70, but after being unchecked for so long and installed by so many people, a new wave of malware is taking advantage. Check Point, the security researchers that revealed the WinRAR bug, explain that the software is exploited by giving malicious files a RAR extension,...

Easily swapped hashed passwords gives Domain Admin rights via API call. Fix may land next month Microsoft Exchange appears to be currently vulnerable to a privilege escalation attack that allows any user with a mailbox to become a Domain Admin.On Thursday, Dirk-jan Mollema, a security researcher with Fox-IT in the Netherlands, published proof-of-concept code and an explanation of the attack, which involves the interplay of three separate issues.According to Mollema, the primary problem is that Exchange has high privileges by default in the Active Directory domain."The Exchange Windows Permissions group has WriteDacl access on the Domain object in Active Directory,...

U.S. Senator Patrick Leahy appeared to be trying to support abortion during his questioning of U.S. Supreme Court nominee Neil Gorsuch on Wednesday. It may not have been intentional, but the Vermont Democrat’s testimony actually reinforced a pro-life point about how abortion often is used to exploit women. Leahy brought up a personal experience he had before Roe v. Wade with an abortionist who botched a young woman’s abortion and nearly killed her, along with her unborn child. That abortionist, he said, was Nazi-trained. The Washington Examiner reports: He discussed a case in which he, as a state’s attorney in...

We reported back in October on an iOS exploit that caused iPhones to repeatedly dial 911 without user intervention. It was said then that the volume of calls meant one 911 center was in ‘immediate danger’ of losing service, while two other centers had been at risk – but a full investigation has now concluded that the incident was much more serious than it appeared at the time.It was initially thought that a few hundred calls were generated in a short time, but investigators now believe that one tweeted link that activated the exploit was clicked on 117,502 times, each...

Microsoft has patched today a critical security vulnerability in the Print Spooler service that allows attackers to take over devices via a simple mechanism. The vulnerability affects all Windows versions ever released. Security firm Vectra discovered the vulnerability (CVE-2016-3238), which Microsoft fixed in MS16-087. At its core, the issue resides in how Windows handles printer driver installations and how end users connect to printers. Exploit executes payload under SYSTEM user By default, in corporate networks, network admins allow printers to deliver the necessary drivers to workstations connected to the network. These drivers are silently installed without any user interaction and...

Cybersecurity specialist Check Point has been tracking the malware called HummingBad since its discovery in February and claim there has been a spike in infected devices. In a new report, Check Point said the malware was a multistage attack chain with two main components, which first infected Androids when people visited certain websites. “The first component attempts to gain root access on a device with a rootkit [software] that exploits multiple vulnerabilities. If successful, attackers gain full access to a device,” the report read. “If rooting fails, a second component uses a fake system update notification, tricking users into granting...

A Windows zero day vulnerability granting hackers deeper access to compromised machines is being sold for US$90,000. The local privilege escalation vulnerability is being sold on crime forum exploit.in and promises to help attackers who already have access to hacked machines. Seller BuggiCorp claims in a sales thread and proof-of-concept videos that the local privilege escalation works on Windows systems from version 2000 to the considerably more secure 10. It works in the presence of Microsoft's lauded enhanced mitigation toolkit which introduces many security features baked into Windows 10 to older platforms. Researchers from Trustwave's Spiderlabs team, who found the...

Shmoocon Foxglove Security bod Stephen Breen has strung together dusty unpatched Windows vulnerabilities to gain local system-level access on Windows versions up to 8.1. The unholy zero-day concoction, reported to Microsoft in September and still unpatched, is a reliable way of p0wning Windows for attackers that have managed to pop user machines. Breen released exploit code for his attack dubbed Hot Potato following his talk at the Shmoocon conference in Washington over the weekend. "Hot Potato takes advantage of known issues in Windows to gain local privilege escalation in default configurations, namely NTLM relay -\- specifically HTTP-SMB relay - and...

A security researcher in the US has said his Netgear router was hacked after attackers exploited a flaw in the machine. Joe Giron told the BBC that he discovered altered admin settings on his personal router on 28 September. The compromised router was hacked to send web browsing data to a malicious internet address. Netgear says the vulnerability is "serious" but affects fewer than 5,000 devices. Mr Giron found that the Domain Name System (DNS) settings on his router had been changed to a suspicious IP address. "Normally I set mine to Google's [IP address] and it wasn't that, it...

At an event marking the end of the Ramadan fast on Sunday, President Reuven Rivlin spoke with Arabic language mediaand discussed a number of issues, chief among them the relations between Arabs and Jews in Israel. At the outset, Rivlin noted that both Jews and Muslims had fasted on Sunday – the latter for Ramadan, and the former for the Seventeenth Day of Tammuz, commemorating the events leading up to the destruction of the Holy Temples in Jerusalem. A common fast, said Rivlin, could help build a bridge to understanding to both communities. “I am aware of the distress and...

HP researchers have published details and proof-of-concept exploit code for a number of zero-day vulnerabilities in Microsoft's Internet Explorer web browser which allow attackers to bypass a key exploit mitigation. The researchers - part of HP's zero-day initiative team - have a policy to only disclose details of bugs reported to vendors after patches are issued. But the team decided to go public after being informed by Microsoft that it did not intend to fix the bugs as the company feels the vulnerabilities don't affect enough users. The flaws were serious enough, however, for Microsoft to earlier award the HP...

A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271 and has been given the name Shellshock by some. This affects Debian as well as other Linux distributions. You will need to patch ASAP. Bash supports exporting shell variables as well as shell functions to other bash instances. This is accomplished through the process environment to a child process.  The major attack vectors that have been identified in this case are HTTP requests and CGI scripts.  From Akamai:  Akamai has validated the existence of the vulnerability...

This thumbdrive hacks computers. “BadUSB” exploit makes devices turn “evil” Per FR posting rules, ars technica can not be posted, so a link to the article referring to USB thumbdrives hacking computers is listed instead. Ignore the "source url", it just points back to the FR website. Article here: http://arstechnica.com/security/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/

Microsoft has issued a patch for a security vulnerability in Internet Explorer to all versions of Windows, including Windows XP, despite claiming it would release no more patches for the outdated operating system after 8 April 2014. Earlier this week, both the UK and US governments advised citizens to consider using alternatives to Microsoft’s Internet Explorer browser, after the company discovered a vulnerability that could allow hackers to gain access to users' computers and steal their data. The vulnerability made headlines because it coincided with the end of support for Windows XP, meaning that anyone still running the 13-year-old operating...

FireEye Labs has identified a new Windows local privilege escalation vulnerability in the wild. The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel. Currently, the exploit appears to only work in Windows XP. This local privilege escalation vulnerability is used in-the-wild in conjunction with an Adobe Reader exploit that appears to target a patched vulnerability. The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit. Post exploitation, the...

Innocent lives mean Nothing to Obama, Pelosi, Reed, Schumer, Franken & Wasserman Schultz. They are lovers of death and have the blood of 50 million innocent babies on their hands. Their blood lust is insatiable and they rejoice inside when these murders occur. They may not directly cause them but they probably would as often as possible if they were certain they would get away with it... (Video)

Some troubling observations & "Jonesian" similarities. (video)