1. Computing

Google employees discovered how to hack a corporate network just by sending an email

By

fireye exploit email network hacked dis
What if, with a single email, an attacker could monitor all traffic on a supposedly protected network?

Researchers from Google’s Project Zero found, and silently reported, a bug in FireEye security software that allowed attackers to do just that. No, it’s a not a phishing scam. No one had to actually open the email. Just sending it was enough.

FireEye offers devices that scan all traffic flowing through a company’s network. If malware is detected in any transfer, the device intercepts the file and removes the malware.

Project Zero demonstrated they could use this constant screening process against the software, turning it from a security feature into a bug that monitors all Internet traffic inside the company. Google employee Tavis Ormandy outlined the process in a blog post.

“For networks with deployed FireEye devices, a vulnerability that can be exploited via the passive monitoring interface would be a nightmare scenario,” wrote Ormandy, adding that such an exploit could let hackers passively monitor all traffic on a company’s network. He then outlined an exploit that does exactly that.

Read the entire post if you’re technically inclined — everything is laid out in detail. But don’t worry, FireEye has been notified of the problem, and given a chance to fix it before Google published the exploit for the entire world to read.

Google’s Project Zero team is charged with discovering, documenting, and silently reporting zero day exploits before malicious hackers do. The team researches not only potential security issues in Google services, but any software used by large groups of people.

When the team discovers a flaw in another company’s software, they report it silently so that patches can be developed and released. It’s only after everything is fixed that they make their discoveries public — or 90 days, whichever comes first. The team caused controversy in 2014, when Microsoft did not fix an exploit in Windows 8 within the 90-day Window.

Editors' Recommendations

The 15 best tech jobs boast top salaries, high satisfaction, lots of openings

The Best Jobs in Tech

Windows 7 vs. Windows 10

ubuntu

Interpol warns of ‘alarming’ rate of cyberattacks during pandemic

adobe exploit scarcruft heartbleed bug hacker

Protect your privacy with the best cheap VPN deals for August 2020

best vpn for small business man holding phone app creation internet protocols protection network

The best laptops for 2020

dell xps 13 2020 review 01

Razer Blade 15 vs. MacBook Pro

Razer Blade (2018) back lifestyle

Need a cheap gaming laptop? Save $130 on the Dell G5 15 today

New Apple iMac has improved 5K display and more power, but no Apple Silicon

Windows Update not working for your latest upgrade? Here’s how to fix it

Want to browse the web privately? Here’s how to do it for real

3 Lenovo laptop deals you can’t afford to miss today

asus hp lenovo chromebook deals best buy summer sale 2020 laptop s340 14 feature 02

This 27-inch Lenovo 4K monitor is an absolute steal at $230

27 inch lenovo 4k desktop monitor deal q27q 10 best buy back to school sale 2020 featured

Need a cheap laptop for school? This Lenovo is down to $380 — save $50

lenovo ideapad 3 thinkpad l13 yoga c740 deals best buy back to school sale 2020

Apple’s new iMac still hasn’t fixed this one big problem

These are the best cheap GPU deals for August 2020