Open letter to the research community

Dear all, In light of recent events, we have received many words of encouragement in comments on social media, through direct messages, and over the phone. We truly appreciate your support. It means a lot to us. Over the years, we have detected and helped fix a huge number of vulnerabilities in applications and hardware from almost all renowned vendors, such as Cisco, Citrix, Intel, … Continue reading Open letter to the research community

Positive Technologies\’ official statement following U.S. sanctions

As a company, we deny the groundless accusations made by the U.S. Department of the Treasury. In the almost 20 years we have been operating there has been no evidence of the results of Positive Technologies’ research being used in violation of the principles of business transparency and the ethical exchange of information with professional information security community. Our global mission is to create products … Continue reading Positive Technologies\’ official statement following U.S. sanctions

Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel

Author: Alexander Popov, Positive Technologies CVE-2021-26708 is assigned to five race condition bugs in the virtual socket implementation of the Linux kernel. I discovered and fixed them in January 2021. In this article I describe how to exploit them for local privilege escalation on Fedora 33 Server for x86_64, bypassing SMEP and SMAP. Today I gave a talk at Zer0Con 2021 on this topic (slides). I like this exploit. The race condition can be … Continue reading Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel

Linux kernel heap quarantine versus use-after-free exploits

It’s 2020. Quarantines are everywhere – and here I’m writing about one, too. But this quarantine is of a different kind. In this article I’ll describe the Linux Kernel Heap Quarantine that I developed for mitigating kernel use-after-free exploitation. I will also summarize the discussion about the prototype of this security feature on the Linux Kernel Mailing List (LKML). Use-after-free in the Linux kernel Use-after-free … Continue reading Linux kernel heap quarantine versus use-after-free exploits

Security of mobile phones and applications: five popular attack scenarios and methods of protection

Modern mobile devices are multifunctional and complex, which makes them vulnerable to cyberattacks. Attackers have a number of ways into your phone—from Wi-Fi and Bluetooth to the speaker and microphone. Positive Technologies analysts have published a research on the most common scenarios of attacks against mobile devices and applications. For more details, download the research, or read on to get a short overview. Attacks on … Continue reading Security of mobile phones and applications: five popular attack scenarios and methods of protection

Cobalt Hacking Group: Tactics and Tools Update

The PT Expert Security Center (PT ESC) has been monitoring the Cobalt group since 2016. Currently the group targets financial organizations around the world. Two years ago, for example, their attacks caused over $14 million in damage. Over the last four years, we have released several reports on attacks linked to the group. Over the last year, the group has not only modified its flagship … Continue reading Cobalt Hacking Group: Tactics and Tools Update

Watch out for cyberthreats during the “work from home” boom

Are you getting settled in your new home office? COVID-19 has changed people’s working habits drastically, but hackers are trying to take advantage, so how can organizations be prepared and why do companies need to analyze their network traffic? Due to COVID-19, almost all of the world’s major IT companies have moved most employees to work from home. These include Amazon, Apple, Facebook, Google, Instagram, … Continue reading Watch out for cyberthreats during the “work from home” boom

CVE-2019-18683: Exploiting a Linux kernel vulnerability in the V4L2 subsystem

This article discloses exploitation of CVE-2019-18683, which refers to multiple five-year-old race conditions in the V4L2 subsystem of the Linux kernel. I found and fixed them at the end of 2019. I gave a talk at OffensiveCon 2020 about it (slides). Here I’m going to describe a PoC exploit for x86_64 that gains local privilege escalation from the kernel thread context (where the userspace is not … Continue reading CVE-2019-18683: Exploiting a Linux kernel vulnerability in the V4L2 subsystem

Intel x86 Root of Trust: loss of trust

The scenario that Intel system architects, engineers, and security specialists perhaps feared most is now a reality. A vulnerability has been found in the ROM of the Intel Converged Security and Management Engine (CSME). This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms. The problem is not only that it is … Continue reading Intel x86 Root of Trust: loss of trust

How to avoid ATM fraud

ATMs and their users are an obvious target for criminal behavior. Thus, it is no big surprise that ATM-related cyberattacks and fraud often make headlines in the news. To successfully steal money, criminals don’t necessarily have to break into an ATM; they just have to trick the machine’s users. This article will tell you what you need to know to keep your money safe and … Continue reading How to avoid ATM fraud