ZERO-DAY VULNERABILITIES: AN INSIDE LOOK AT LUXOR2008

February 27, 2019 | 87 views

When it comes to breaches, we have seen this time and again: an exploited vulnerability that costs organizations millions of dollars, and consumers their private data. Zero-Day vulnerabilities are software flaws or bugs that are unknown to the software developers, and don’t yet have a patch, providing a perfect opportunity for an enterprising hacker to create an “exploit”–a type of malware specifically targeting these software vulnerabilities– costing organizations millions of dollars, and consumers their private data.

Spotlight

INAP

Internap Corporation (NASDAQ: INAP) is a global provider of high-performance data center and cloud solutions. Through our portfolio of high-density colocation, managed cloud hosting and powerful network services, we partner with customers worldwide to create secure and scalable IT infrastructure solutions designed for the results they need today and the growth they expect tomorrow.

OTHER ARTICLES
INNOVATION, SOFTWARE, FUTURE TECH

8 Epic App Innovations that Help Your Business Stand Out

Article | November 14, 2022

Contents 1. The Market for Mobile Application Development 2. Innovations in Mobile Application Development 2.1 In-App Paid Features: Android and iOS Development 2.2 Augmented and Virtual Reality 2.3 Beacon Technology 2.4 Al and Ml 2.5 Wearables 2.6 Predictive Analytics 2.7 Blockchain Technology 2.8 On-Demand Applications 3. Long-Term Benefits of Mobile App Development Innovations for Your Small Business: 4. Tying Everything Together Increased use of the internet and smartphones demands better mobile applications be developed. Innovation is the key driving force that can make or break the market regarding mobile app development. A fantastic team of mobile app developers and smart innovation employing the latest technology produce a huge hit app. Let us learn more about how the mobile app development market grows. 1. The Market for Mobile Application Development The mobile application development market is projected to grow at a 13.4% CAGR from 2023 to 2030, with a value of $187.58 billion recorded in 2021. This is due to the increased use of the internet and smartphone platforms, as well as artificial intelligence and machine learning. The app's algorithms learn and understand user interests to deliver refined results that generate better user engagement. As Ericsson and the Radicati Group forecasted, 6.64 billion people own a smartphone today, which is around 83.32% of the world population, and by 2025, 7.33 billion people will own a smartphone. As a result, there is a substantial rise in demand for better smartphone apps, for which creative and innovative mobile application development is the need of the hour. Innovation will give your business a competitive edge it's never had before. It will also open up new ways to grow your business. Discover the top innovations in mobile app development. 2. Innovations in Mobile Application Development Some of the technological breakthroughs in mobile app development will greatly improve the user experience in the future. These focus mainly on the implementation of the latest technological innovations to realize functionality that has never been seen or done before. Let us now delve into their specifics. 2.1 In-App Paid Features: Android and iOS Development While Android has a market share of 70%, iOS has grabbed a market share of around 28% in the mobile operating systems market as of 2022. In-app advertising and in-app purchases generate the major ROI from mobile applications on both mobile operating platforms. A great UI and UX go a long way toward boosting your app and business, and they also help you rank highly in the respective app markets, i.e., the Google Play Store and the App Store. Rolling out constant updates and adhering to the security standards of the marketplace keeps your business app ranking at the top. 2.2 Augmented and Virtual Reality With the AR kit, you can design and make 3D mobile apps for your customers that use virtual reality. AR and VR are constantly changing the business of making mobile apps. You can use these trends to give mobile users really great experiences. A few of the sectors making successful use of these technologies include gaming, e-commerce, retail, interior design, real estate, tourism and travel, education, training, healthcare, manufacturing and construction, advertising and marketing, and entertainment. Your AR and VR mobile apps are more valuable if you can meet your expectations for maximum ROI with a minimum budget. You can do this by making constant improvements to your minimum viable product. 2.3 Beacon Technology The beacon technology uses a smartphone's Bluetooth to identify any store, museum, or other business in the vicinity. As mobile devices get more powerful, IoT and edge sensors will be used more and more. Because of that, beacon technology will change the way we interact with the world. This technology sends notifications to your customer’s phone about your product when the customer passes by, sends content and descriptions about an ongoing event at your location to your customers, and more. Proximity marketing and indoor navigation notifications are the few ways retail is using this technology. With the help of beacon technology, your business can track assets, keep track of contacts, offer access to loyalty programs, gather advanced data, and send mobile tickets. 2.4 Al and ML The versatility and power of innovations in Al and ML keep them relevant. For example, they let you turn pictures into animations that look real. These animations provide real-time analytics and other valuable insights. As an AI learns from its own experience, providing a better customer experience based on the data you feed it helps create intelligent chatbots. Personalized shopping assistance, fraud prevention, task automation, smart content, voice assistants, and autonomous vehicles are a few of the examples where you will see AI implemented. An AI trains itself through machine learning, or ML. ML forecasts future data trends using available historical data. This invaluable addition to your existing apps transforms the way they interact with customers. We are one step closer to a super-personalized experience. 2.5 Wearables Wearables let you make calls, find your way to your destination, measure and analyze your vital signs in real time, and look at your own personal insights. So, app developers and businesspeople should focus on making apps that give people who use wearables a great digital experience. Getting better apps for wearable devices can greatly enhance their functionality and the user experience. From listening to your favorite music to tracking your fitness goals, taking notes, finding a parking spot, and adhering to your health and fitness regimen, a wearable device does it all. If developing your company’s wearable app delivers more value, this technology is not just a game changer but a lifesaver for many. 2.6 Predictive Analytics Predictive analytics is essential to e-commerce. When it comes to making mobile apps, predictive analysis can help improve both the process and the user experience. By putting together information from many developers, it can help predict problems and suggest solutions. Your predictive analytics will be better if you use artificial intelligence (AI), data mining, machine learning, modeling, and statistics. The data that your small and medium-scale businesses have gathered over a period of time becomes one of the most valuable sources of information that helps predict and forecast future market trends. Unexplained market rises and falls will now have an explanation, as will mobile apps that can precisely tell what, when, and where needs to be changed, replaced, or repaired. Using constants and variables that are already known, predictive analytics and data modeling can help make accurate predictions about the future. 2.7 Blockchain Technology The world of blockchain has innumerable possibilities. Applications backed by blockchain technology benefit from end-to-end encryption. This means no one but you can retain data ownership rights. Blockchain technology is used for a lot of important communication and financial transactions because it is safe and private. Blockchain holds promise for better efficiency, productivity, and performance, as well as for elevating the user experience. Blockchain is more secure and reliable, offers better transparency in financial transactions, makes you go password-free using an SSL certificate (Secure Sockets Layer), promotes simplicity, protects your identity, safeguards access to your digital data and information, and helps transmit and receive accurate data with the help of balanced data transfer using several nodes at once. 2.8 On-Demand Applications As lockdowns and quarantines went on for a long time, many delivery apps started to appear. There were apps for taxis, grocery stores, and even medicine delivery. The on-demand model is likely to grow as more service-based companies shift their focus towards on-demand apps. Technology is always changing, and every year, new versions of technology hit the market. That's why we need to keep up with the latest updates and use them to make applications that are both new and full of features. That's a must for a successful launch of a mobile app. Making the software development process easy for the developers reduces the time it takes to develop applications using the software. There are options like rapid application development software, no code, and low-code application development software. These can include mobile app development, SaaS (software as a service), cloud apps, on-premise standalone apps, desktop apps, and web-based apps for many devices, including IoT devices. Using AI to power the application development process speeds up development, testing, and deployment, which helps a lot with scaling from small to medium to large and beyond. 3. Long-Term Benefits of Mobile App Innovations for Your Small Business: Creating a winning product doesn’t have to be a long process. Improvements on the product offered by competitors and finding competitor product shortcomings, along with using innovative technologies, help add value to your mobile app as a product. Mobile app development innovations help in many ways, such as: Improve your brand's relationship with your customers Offer 24/7 access to your business Get excellent customer insights Efficiently market your product online Save on additional marketing costs Boost employee efficiency by increasing engagement Improve communication shreds down the busy work and Streamline the data Generate a new revenue stream from ads targeted at in-app purchases. As a result, you meet customer expectations efficiently, allowing you to expand your business and attract potential customers. Your customers and potential customers are always looking for something new and exciting to experience and adopt. Sooner or later, they make habits of seeing something, and then they start thinking of that mobile app as a standard benchmark to look up to. Talking about the scalability of a mobile application, there is a lot of scope to improve using innovative technologies, and all minor to major updates take you from where you are to where you want to be. Finding the right mix of technologies will help your business grow and expand. 4. Tying Everything Together Business growth for small-scale businesses starts with new inputs and strategic technological investments in mobile app development. Although they sound promising, striking the right balance to implement innovative technologies relies heavily on rigorous predictive analysis. Tools and technologies help meet customer expectations at scale and grow the business beyond imagination with the power of innovation.

Read More
SOFTWARE

Empowering Industry 4.0 with Artificial Intelligence

Article | July 13, 2022

The next step in industrial technology is about robotics, computers and equipment becoming connected to the Internet of Things (IoT) and enhanced by machine learning algorithms. Industry 4.0 has the potential to be a powerful driver of economic growth, predicted to add between $500 billion- $1.5 trillion in value to the global economy between 2018 and 2022, according to a report by Capgemini.

Read More
AI TECH

How Artificial Intelligence Is Transforming Businesses

Article | July 11, 2022

Whilst there are many people that associate AI with sci-fi novels and films, its reputation as an antagonist to fictional dystopic worlds is now becoming a thing of the past, as the technology becomes more and more integrated into our everyday lives. AI technologies have become increasingly more present in our daily lives, not just with Alexa’s in the home, but also throughout businesses everywhere, disrupting a variety of different industries with often tremendous results. The technology has helped to streamline even the most mundane of tasks whilst having a breath-taking impact on a company’s efficiency and productivity

Read More

The advances of AI in healthcare

Article | February 11, 2020

With the Government investing £250 million into the project, the Lab will consider how to use AI for the benefit of patients – whether this be the deployment of existing AI methods, the development of new technologies or the testing of their safety. Amongst other things, the initiative will aim to deliver earlier diagnoses of cancer. It is estimated that in excess of 50,000 extra patients could see their cancer being detected at an early stage, thus boosting survival rates. More specifically, a study has shown that AI is quicker in identifying brain tumour tissue than a pathologist.This would have a positive knock-on effect in other areas, such as enabling money to be saved (that otherwise would have been spent on further treatment) and reducing the workload of staff (at a time when there is a crisis in NHS workforce numbers).

Read More

Spotlight

INAP

Internap Corporation (NASDAQ: INAP) is a global provider of high-performance data center and cloud solutions. Through our portfolio of high-density colocation, managed cloud hosting and powerful network services, we partner with customers worldwide to create secure and scalable IT infrastructure solutions designed for the results they need today and the growth they expect tomorrow.

Related News

Windows Zero-Day Exploited by New 'SandCat' Group

SecurityWeek | December 12, 2018

Experts believe that the Windows kernel zero-day vulnerability fixed this week by Microsoft with its Patch Tuesday updates has been exploited by several threat actors, including a new group. The actively exploited vulnerability, tracked as CVE-2018-8611, has been described by Microsoft as a privilege escalation issue related to the failure of the Windows kernel to properly handle objects in memory. The flaw was reported to Microsoft by researchers at Kaspersky Lab. This was the third month in a row Microsoft patched a Windows zero-day reported by the cybersecurity firm – in October it fixed CVE-2018-8453, which had been exploited by FruityArmor, and in November it resolved CVE-2018-8589, which had been used by multiple threat groups in attacks mostly aimed at the Middle East. Kaspersky has described CVE-2018-8611 as a race condition in the Kernel Transaction Manager. The company says the vulnerability can be used not only to escalate privileges, but also to escape the sandbox of the Chrome and Edge web browsers. “This vulnerability successfully bypasses modern process mitigation policies, such as Win32k System call Filtering that is used, among others, in the Microsoft Edge Sandbox and the Win32k Lockdown Policy employed in the Google Chrome Sandbox. Combined with a compromised renderer process, for example, this vulnerability can lead to a full Remote Command Execution exploit chain in the latest state-of-the-art web-browsers,” Kaspersky explained. The security firm says it has found several builds of an exploit for this vulnerability, including one adapted for the latest versions of Windows.

Read More

Microsoft Patches Zero-Day Flaws in Windows, Internet Explorer

SecurityWeek | August 15, 2018

Microsoft’s Patch Tuesday updates for August 2018 address 60 vulnerabilities, including two zero-day flaws affecting Windows and Internet Explorer. One of the actively exploited vulnerabilities is CVE-2018-8414, which Microsoft learned of from Matt Nelson of SpecterOps. Nelson disclosed the details of the bug in June after Microsoft told him that “the severity of the issue is below the bar for servicing and that the case will be closed.” Proofpoint then revealed in July that a financially-motivated threat actor tracked by the company as TA505 had been exploiting the flaw to deliver the FlawedAmmyy RAT. Microsoft described the issue as a Windows Shell remote code execution vulnerability that can be exploited by getting the targeted user to open a specially crafted file. The company says the flaw impacts Windows 10 and Windows Server (versions 1709 and 1803). According to Trend Micro’s Zero Day Initiative (ZDI), the same vulnerability also impacts Adobe Acrobat Reader. ZDI researcher Abdul-Aziz Hariri reported the weakness to Adobe, which also released a patch for it on Tuesday. “The Acrobat patch blocks the embedding of certain files types – a tactic Microsoft has already done with Office 365 docs,” ZDI explained in a blog post published after the patches were released. “This [Microsoft] patch prevents the bypassing of traditional file execution restrictions within Windows. It’s fascinating to see exploit authors combine different products to evade detection and proliferate their malware.” The second zero-day vulnerability patched on Tuesday by Microsoft is CVE-2018-8373, a remote code execution flaw that exists due to how the scripting engine in Internet Explorer handles objects in memory.

Read More

Exploit Kits Target Recent Flash, Internet Explorer Zero-Days

SecurityWeek | June 13, 2018

Exploit kits (EKs) might not be as dominant as they were several years ago, but they continue to exist and most of them already adopted exploits for recently discovered Flash and Internet Explorer zero-day vulnerabilities. The first of the flaws is CVE-2018-4878, a security bug in Adobe’s Flash Player discovered in late January, when it was exploited by a North Korean hacker group in attacks aimed at individuals in South Korea. Adobe released a patch within a week after the bug became public, but it continued to be targeted in numerous other attacks. The second is CVE-2018-8174, a critical issue that allows attackers to remotely execute arbitrary code on all supported versions of Windows, and which was addressed with the May 2018 Patch Tuesday updates. The bug is an update to a 2-year-old VBScript vulnerability (CVE-2016-0189) that continues to be abused in attacks. The recently patched Flash Player zero-day tracked as CVE-2018-5002, which has been exploited in targeted attacks, has yet to be added to EKs. “Since both Flash and the VBScript engine are pieces of software that can be leveraged for web-based attacks, it was only natural to see their integration into exploit kits,” Malwarebytes points out. Within days after a proof of concept became publicly available, RIG adopted the exploit for the new VBScript engine flaw, becoming the first EK to do so. The toolkit also added an exploit for said Flash bug, and was observed pushing payloads such as Bunitu, Ursnif, and the SmokeLoader backdoor.

Read More

Windows Zero-Day Exploited by New 'SandCat' Group

SecurityWeek | December 12, 2018

Experts believe that the Windows kernel zero-day vulnerability fixed this week by Microsoft with its Patch Tuesday updates has been exploited by several threat actors, including a new group. The actively exploited vulnerability, tracked as CVE-2018-8611, has been described by Microsoft as a privilege escalation issue related to the failure of the Windows kernel to properly handle objects in memory. The flaw was reported to Microsoft by researchers at Kaspersky Lab. This was the third month in a row Microsoft patched a Windows zero-day reported by the cybersecurity firm – in October it fixed CVE-2018-8453, which had been exploited by FruityArmor, and in November it resolved CVE-2018-8589, which had been used by multiple threat groups in attacks mostly aimed at the Middle East. Kaspersky has described CVE-2018-8611 as a race condition in the Kernel Transaction Manager. The company says the vulnerability can be used not only to escalate privileges, but also to escape the sandbox of the Chrome and Edge web browsers. “This vulnerability successfully bypasses modern process mitigation policies, such as Win32k System call Filtering that is used, among others, in the Microsoft Edge Sandbox and the Win32k Lockdown Policy employed in the Google Chrome Sandbox. Combined with a compromised renderer process, for example, this vulnerability can lead to a full Remote Command Execution exploit chain in the latest state-of-the-art web-browsers,” Kaspersky explained. The security firm says it has found several builds of an exploit for this vulnerability, including one adapted for the latest versions of Windows.

Read More

Microsoft Patches Zero-Day Flaws in Windows, Internet Explorer

SecurityWeek | August 15, 2018

Microsoft’s Patch Tuesday updates for August 2018 address 60 vulnerabilities, including two zero-day flaws affecting Windows and Internet Explorer. One of the actively exploited vulnerabilities is CVE-2018-8414, which Microsoft learned of from Matt Nelson of SpecterOps. Nelson disclosed the details of the bug in June after Microsoft told him that “the severity of the issue is below the bar for servicing and that the case will be closed.” Proofpoint then revealed in July that a financially-motivated threat actor tracked by the company as TA505 had been exploiting the flaw to deliver the FlawedAmmyy RAT. Microsoft described the issue as a Windows Shell remote code execution vulnerability that can be exploited by getting the targeted user to open a specially crafted file. The company says the flaw impacts Windows 10 and Windows Server (versions 1709 and 1803). According to Trend Micro’s Zero Day Initiative (ZDI), the same vulnerability also impacts Adobe Acrobat Reader. ZDI researcher Abdul-Aziz Hariri reported the weakness to Adobe, which also released a patch for it on Tuesday. “The Acrobat patch blocks the embedding of certain files types – a tactic Microsoft has already done with Office 365 docs,” ZDI explained in a blog post published after the patches were released. “This [Microsoft] patch prevents the bypassing of traditional file execution restrictions within Windows. It’s fascinating to see exploit authors combine different products to evade detection and proliferate their malware.” The second zero-day vulnerability patched on Tuesday by Microsoft is CVE-2018-8373, a remote code execution flaw that exists due to how the scripting engine in Internet Explorer handles objects in memory.

Read More

Exploit Kits Target Recent Flash, Internet Explorer Zero-Days

SecurityWeek | June 13, 2018

Exploit kits (EKs) might not be as dominant as they were several years ago, but they continue to exist and most of them already adopted exploits for recently discovered Flash and Internet Explorer zero-day vulnerabilities. The first of the flaws is CVE-2018-4878, a security bug in Adobe’s Flash Player discovered in late January, when it was exploited by a North Korean hacker group in attacks aimed at individuals in South Korea. Adobe released a patch within a week after the bug became public, but it continued to be targeted in numerous other attacks. The second is CVE-2018-8174, a critical issue that allows attackers to remotely execute arbitrary code on all supported versions of Windows, and which was addressed with the May 2018 Patch Tuesday updates. The bug is an update to a 2-year-old VBScript vulnerability (CVE-2016-0189) that continues to be abused in attacks. The recently patched Flash Player zero-day tracked as CVE-2018-5002, which has been exploited in targeted attacks, has yet to be added to EKs. “Since both Flash and the VBScript engine are pieces of software that can be leveraged for web-based attacks, it was only natural to see their integration into exploit kits,” Malwarebytes points out. Within days after a proof of concept became publicly available, RIG adopted the exploit for the new VBScript engine flaw, becoming the first EK to do so. The toolkit also added an exploit for said Flash bug, and was observed pushing payloads such as Bunitu, Ursnif, and the SmokeLoader backdoor.

Read More

Events