PDF Version: Comprehensive-Guide-To-Mobile-Data-Security
Category: Security Page 28 of 75
WinRAR is a commonly used software for creating and extracting archives on Windows and other supported OS. The main reason for the popularity of the software is that it is capable of supporting different types of packing formats. Thus, the software has over 500 million users. However, the software was found to be corrupted by a bug which was named ‘WinRAR Bug’.
1. When Was WinRAR Bug Discovered?
The bug was discovered in early 2019; however, the bug itself was 19-years old at the time of discovery. The bug was discovered by security research run by ‘Check Point Research’.
2. What Is WinRAR Bug?
It is a code execution vulnerability (CVE 2018-20250). The code was used to extract the ACE archive format (which is now rarely used). The library that is responsible for the vulnerability is UNACEV2.DLL. The library had not been updated since 2005. Also, it was a third-party library so, WinRAR did not have access to the source code. This made it troublesome to amend the vulnerability.
3. What Does It Do?
- The vulnerability can be exploited by pushing specially prepared archives to the user system.
- The hackers can manipulate WinRAR by renaming an ACE file with a ‘rar’ extension.
- The vulnerability now enables hackers to extract files to any folder instead of the default or user-selected folder.
Hackers extract malware loaded files to the Windows start-up folder. - The malware is executed at the next start of the system.
4. What Are The Examples Of Cyber Attack Campaigns Launched To Exploit WinRAR Bug?
- The vulnerability was exploited by hackers to launch more than 100 targetted attacks. Some of the examples are:
One such attack uses a bootlegged copy of Ariana Grande’s hit album ‘Thank you, Next’ with a file name ‘Ariana_Grande-thank_u,_next(2019)_[320].rar’ which contains a hidden malware code. Whenever a compromised version of WinRAR is used to extract the files, a list of harmless MP3 files is downloaded to the user’s selected folder, while the malware payload is extracted in the Windows Startup folder in the background without the user’s knowledge. When the user starts his system next time, the payload is run to launch the malware code. - Apart from general attacks, the hackers also used this vulnerability to target government agencies by embedding technical documents, law documents and other such archives with malicious code.
5. How To Get Rid Of The Bug?
WinRAR has launched a new version ‘5.70 beta 1’ with patched vulnerability. Since WinRAR did not have access to the source code of the culprit directory, the team has completely deleted this directory from the new version. Thus, ACE format support has been dropped from WinRAR in order to protect the users.
Also, all the WinRAR versions that were launched prior to ‘5.70 beta 1’ are prone to the vulnerability and WinRAR does not have an auto-update feature. So, it is advised to manually download the new version to avoid being a victim of exploits based on WinRAR bug.
For more information on computer and network security for businesses, call Centex Technologies at (254) 213 – 4740.
PDF Version: Necurs-Botnet
Continuous Deployment is the practice of releasing software on production servers continuously in an automated manner. Before a software is released, it needs to be thoroughly tested for ensuring that it is free from any bugs and errors. In the case of continuous deployment, the testing is done by using a testing software instead of manual testing. If the code is found to be free from errors, it is automatically deployed. The automation of the release of the software helps software development organizations in ensuring that the software updates reach the end-users as soon as possible with a minimum lag time.
One of the primary requirements for continuous deployment is to implement a series of other automated programs that can pull the software seamlessly through later stages of development into release. These stages of development include compiling and validation of source code, reviewing the code, unit testing, integration testing, packaging the application and user acceptance testing.
How Is Continuous Deployment Different From Continuous Integration And Continuous Delivery?
Continuous deployment takes continuous delivery a step further, which is generally perceived as furtherance of continuous integration. In order to understand the difference, it is important to understand the terms individually:
- Continuous Integration: It is a technique that continually merges the source code from different developers into a shared mainline. This helps in avoiding cataclysmic merge conflicts as new source code is regularly added by various developers.
- Continuous Delivery: This technique adds a step to continuous integration. It takes the merged code and conducts the necessary tests to ensure that the code is error-free. Thus, in this technique, the code is written, tested and pushed into a production-like environment. The software stays in the holding area until a developer manually pushes it for deployment.
Continuous Deployment reduces the hold time of continuous delivery by taking it a step further. Once the software code is created, tested and pushed into the production-like environment to see how it would perform in the real-time environment; the code is deployed automatically without any manual interference.
Stages Of Continuous Deployment Pipeline
- Deploy To Production: In this step, developers need to deploy the software in a production environment without releasing the functionality to end-users. Also, it is important to implement a system that allows you to toggle between the old & new versions.
- Verify: During this stage, various tests are performed including user acceptance, stress test, performance test, etc.
- Monitor: Monitor the deployed code as per your business metrics to gain insights for strategic business outcomes. Make sure that the code works as desired in the production environment and make the changes as required.
- Respond & Recover: After the software is released, it is important to keep a check for unforeseen issues. Manage a system for proactively detecting problems before they are detected by end-users and recover from these problems by providing fixes or patches.
For more information on continuous deployment, call Centex Technologies at (254) 213 – 4740.
Undoubtedly using location-based services like Google maps, taxi services, etc. has made our life easier, however, location tracking or geo-tracking poses some real privacy threats as well. In order to understand these threats, it is first important to understand how this data is collected.
How Is Your Location Tracked?
Location is tracked via your devices such as a laptop, mobile phones, tablets, smart-watches, smart jewelry, etc. In the case of a computer, your IP address can be used to track your location. If you are using a mobile device, the location is tracked via GPS, cellular tower data, Wi-Fi signals, and Bluetooth beacons.
A number of popular apps also track your location such as Google Maps, Facebook, Yelp, Uber, dating apps, etc. Some apps may track your location even after you have turned off location tracking in your mobile settings. A common example is Facebook. The app can track your location by your city mentioned in the profile or check-ins.
Additionally, information about your location is also revealed by the metadata attached to your photos. Most mobile phones and digital cameras embed information such as GPS coordinates or Geotags when you take a photo. When such photos are posted on a social media profile, the embedded information is also shared along.
What Kind Of Information Is Revealed By Location Tracking?
Location tracking can be used to disclose a variety of information:
- Where do you live
- Your financial status based on where you live
- Your place of work
- The regular route of travel
- Frequently visited stores
- Your real-time location
- If you are on a vacation and where are you staying
These are some common types of information that can be disclosed by location tracking.
Privacy Concerns Caused By Disclosure Of Such Information:
- Stalking & Harassment: Availability of detailed information about your location increases your risk of being stalked or harassed. If a stalker knows your frequently visited places, he can easily identify a place and the best time to confront you.
- Robbery: Burglars can get hold of sufficient information about you by eyeing your location tracks. This enables them to know when you won’t be home or if you follow a secluded path to your work. Discloser of such private information puts you in a danger.
- Contextual Advertizing: Contextual advertizing is a rising problem among social media users. Marketing professionals pay a high price for access to personal information such as location data of individuals. This helps them in understanding the user behavior to modify their advertizing campaign accordingly. This has led to a rise in the number of cyber-criminals trying to track the location of individuals for building databases that can be sold to organizations.
- Frauds: Fraudsters can gain access to your location data for building and studying your individual profile. This profile helps them to have a sneak-peak in your personal life to fabricate a fraud.
For more information on privacy concerns arising out of location tracking, call Centex Technologies at (254) 213 – 4740.