Connect with us

Hi, what are you looking for?

Tech & Science

Networking flaw lets hackers attack companies by sending email

Ars Technica reports the vulnerability was unearthed by members of Google’s Project Zero security research team. Google privately reported it to FireEye so it could fix the issue before the details were made public.
FireEye’s products are essentially special computer hardware dedicated to running antivirus software. They are positioned on the outside edge of the network and offer live protection against incoming threats, before traffic reaches any important servers or desktop machines.
FireEye continually monitors all the data flowing in and out of the network, passively monitoring it for threats. For example, when it detects a file is being downloaded or an email received, it can scan the contents to confirm it’s safe before any embedded malware wreaks havoc behind the barrier.
This comes at a price though. The nature of the device means FireEye products are arguably the most privileged on any network as they get to see every piece of data that gets transmitted. This facilitates exploits like the one disclosed today.
The bug can render FireEye’s protection completely useless as it gives a hacker full access to the network behind the device. Google’s researchers reverse-engineered FireEye’s NX, EX, AX and FX series of products and found something concerning. It is possible to trick the device into executing code embedded in the data that passes through it.
A hacker could send an email to an address on the network and embed commands in it to bypass FireEye’s protection. When the device scans the contents of the message, it would be forced to run the malicious code within, exposing the devices it should protect. Because this monitoring is constant and passive, the exploit would occur as soon as the email was delivered. It would never need to be read or even opened.
Google’s Project Zero team said: “An attacker can send an email to a user or get them to click a link, and completely compromise one of the most privileged machines on the network. This allows exfiltration of confidential data, tampering with traffic, lateral movement around networks and even self-propagating internet worms.”
The vulnerability was uncovered by Tavis Ormandy and Natalie Silvanovich. Google thanked FireEye for responding positively to its findings and being “very cooperative”. The company has now released a software update, version 427.334, that fixes the issue. The patch was issued within two days of Google notifying FireEye of the vulnerability.

Written By

You may also like:

World

Calling for urgent action is the international medical humanitarian organization Doctors Without Borders/Médecins Sans Frontières (MSF)

Business

The cathedral is on track to reopen on December 8 - Copyright AFP Ludovic MARINParis’s Notre-Dame Cathedral, ravaged by fire in 2019, is on...

Business

Saudi Aramco President & CEO Amin Nasser speaks during the CERAWeek oil summit in Houston, Texas - Copyright AFP Mark FelixPointing to the still...

Business

Hyundai on Wednesday revealed plans to invest more than $50 billion in South Korea by 2026.