2017’s Notable Vulnerabilities and Exploits

  • 0

2017’s Notable Vulnerabilities and Exploits

Category : Trend Micro

A hacker or cybercriminal’s toolbox would not be complete without vulnerabilities and exploits. They are what social engineering is to fraudsters and scammers. In the first half of 2017, Trend Micro’s Zero Day Initiative discovered and disclosed 382 new vulnerabilities. Zero-days in 2017 increased to 49 from a mere eight the previous year. Any one of these can allow an attacker into a vulnerable system or network, which is why it’s important to keep the systems and applications updated (or deploy virtual patching). As this year’s biggest cybersecurity incidents showed, it only takes one weak link to affect millions.


Divulged by Google’s Project Zero team in February, Cloudbleed is a security issue in Cloudflare’s proxy services. The bug allowed unauthorized access to sensitive data in the memory of programs run on the internet infrastructure provider’s web servers. These include credentials, website cookies/browsing sessions, Application Program Interface (API) keys, and private messages that search engines like Google’s cached.

Shadow Broker Exploit Dumps

In 2016, a hacker group named Shadow Brokers put several stolen hacking tools and exploits up for sale, but failed to make a profit. The group incrementally dumped the tools the following year, including the infamous EternalBlue exploit. The trove of leaked tools included more than 20 exploits and 30 information-stealing Trojans.


Another exploit included in the Shadow Brokers leakback in April, EternalBlue exploits a vulnerability (CVE-2017-0144) in the Server Message Block (SMB) protocol in Windows. It was shortly weaponized to deliver WannaCry, resulting in one of the most damaging ransomware outbreaks yet. Others followed suit—UIWIX and Petya/NotPetya ransomware, cryptocurrency miners, and the Retefe banking Trojan, among others.

Apache Struts

The open-source framework used for building Java web applications grabbed headlines this year when the attack vector for the Equifax data breach was confirmed to be a vulnerability in Apache Struts. The security flaw (CVE-2017-5638), which was patchedlast March, allowed attackers to gain unauthorized access to data via remote code execution. The impact was unprecedented, affecting 145 million U.S. and 400,000 U.K. customers, as well as 100,000Canadian consumers.

Toast Overlay

 At the last Black Hat conference, security researchers presented their findings on a vulnerability (CVE-2017-0752) in the Android mobile operating system. Dubbed Toast Overlay, it can deceive unwitting users into installing malware by superimposing benign images atop malicious apps. Toast Overlay abuses the alerts and notifications features in Android’s Accessibility Service. All versions of Android were susceptible except the latest, Oreo.


 BlueBorne is a set of security flaws affecting the implementation of Bluetooth in Android, Linux, iOS, and Windows operating systems.
BlueBorne are authentication, authorization, and information disclosure issues. BlueBorne can lead to man-in-the-middle attacks when successfully exploited, letting hackers hijack the Bluetooth-enabled device.

Key Reinstallation Attack (KRACK) is a proof of concept that exploits vulnerabilities in the Wi-Fi Protected Access 2 (WPA2) protocol. KRACK entails flaws in how handshakes (the communication between devices) are authenticated, letting an attacker eavesdrop on the network traffic between the device and Wi-Fi access point.

Controller Area Network (CAN)

 CAN is the network protocol connecting in-vehicle equipment and systems, enabling them to communicate. It’s been the standard in modern cars since it debuted in production vehicles in 1989. A collaborative research from Trend Micro Forward-Looking Threat Research Team, Politecnico di Milano, and Linklayer Labs uncovered a design flaw in CAN—how it handles error messages, to be exact.
Intel Management Engine

 On November 20, Intel released an advisory detailing several flaws in its Management Engine (ME). It’s a feature incorporated in Intel processor chips that lets system administrators remotely manage computers. The vulnerabilities reportedly also affect servers and internet-of-things (IoT) platforms. When successfully exploited, the flaws can provide access to ME and ME-related services, enabling them to execute arbitrary code and cause system crashes.
Source: https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/2017-notable-vulnerabilities-and-exploits?utm_source=trendlabs-socal&utm_medium=socal&utm_campaign=12-2017-notable-vulnerabilities-exploits

Leave a Reply