Google employees discovered how to hack a corporate network just by sending an email

fireye exploit email network hacked dis
What if, with a single email, an attacker could monitor all traffic on a supposedly protected network?

Researchers from Google’s Project Zero found, and silently reported, a bug in FireEye security software that allowed attackers to do just that. No, it’s a not a phishing scam. No one had to actually open the email. Just sending it was enough.

FireEye offers devices that scan all traffic flowing through a company’s network. If malware is detected in any transfer, the device intercepts the file and removes the malware.

Project Zero demonstrated they could use this constant screening process against the software, turning it from a security feature into a bug that monitors all Internet traffic inside the company. Google employee Tavis Ormandy outlined the process in a blog post.

“For networks with deployed FireEye devices, a vulnerability that can be exploited via the passive monitoring interface would be a nightmare scenario,” wrote Ormandy, adding that such an exploit could let hackers passively monitor all traffic on a company’s network. He then outlined an exploit that does exactly that.

Read the entire post if you’re technically inclined — everything is laid out in detail. But don’t worry, FireEye has been notified of the problem, and given a chance to fix it before Google published the exploit for the entire world to read.

Google’s Project Zero team is charged with discovering, documenting, and silently reporting zero day exploits before malicious hackers do. The team researches not only potential security issues in Google services, but any software used by large groups of people.

When the team discovers a flaw in another company’s software, they report it silently so that patches can be developed and released. It’s only after everything is fixed that they make their discoveries public — or 90 days, whichever comes first. The team caused controversy in 2014, when Microsoft did not fix an exploit in Windows 8 within the 90-day Window.

Computing

Just when you thought spam was dead, it’s back and worse than ever

Spam emails might seem like an outdated way to spread malware, but in 2018 they are proving to be the most effective attack vector thanks to new techniques and tricks.
Computing

The Andromeda botnet still lingers as nations struggle to clean infected PCs

A report by Fortinet suggests that although the FBI and Europe ended the Andromeda botnet’s reign in late 2017, there are still infected PCs. Cleaning up these PCs isn’t progressing at the same pace across various regions.
Smart Home

White-hat Chinese hackers turn Alexa into a spy, briefly

A team of Chinese researchers revealed this week that they were able to use a cracked Amazon Echo to exploit a series of Alexa interface flaws to take control over an unteuched Echo running on the same network.
Computing

A brand-new Mac can be hacked remotely during its first Wi-Fi connection

Researchers discovered a security flaw affecting versions of MacOS prior to 10.13.6 that allows hackers to take control of a Mac during first-time setup and device provisioning. Malicious code can then be injected into the Mac.
Deals

For work or for play, these are the 5 best laptop deals for college students

Whether you're getting ready for a new school year, shopping for a special student, or just need a new computer, we've got you covered: These are the five best laptop deals going right now, from discounted MacBooks to an on-the-go gaming…
Computing

The browser-based Monero miner Coinhive generates around $250,000 each month

Despite a fall in cryptocurrency mining, the Coinhive Monero miner is still highly active, generating around $250,000 each month. Coinhive also contributes 1.18 percent of the total mining power behind the Monero blockchain.
Computing

Steam survey shows PC gamers are still mostly playing in 1080p and lower

Valve Software’s latest hardware and software survey for July 2reveals that 63.72 percent of Steam’s registered members still play games with a 1080p resolution. Even more, only 1.14 percent are playing at a 4K resolution.
Photography

8 easy ways for you to transfer photos from an Android phone to a PC

If you haven't already, you should back up your photos to a computer. Here's how to transfer photos from an Android phone to a PC using third-party services and a wealth of storage devices.
Computing

Windows 10 can split and resize windows with ease. Here's how to do it

Windows 10 is a great desktop operating system, and its many window management features are part of the reason why. Here's how to divvy up windows using Snap Assist and other native tools.
Computing

Apple AR glasses will launch in 2020, says respected industry analyst

Apple AR glasses may be closer to reality than we thought. Here is everything we know so far about the augmented reality system, including the rumored specifications of Apple's Project Mirrorshades.
Social Media

How to use Adobe Spark Post to spice up your social media images

Images are proven to get more likes than plain text -- but only if those images are good. Adobe Spark post is an AI-powered design program for non-designers. Here's how to use it to take your social media feeds to the next level.
Mobile

Google One subscriptions offer more cloud storage for low prices, other perks

Can't get enough storage on Google Drive, Photos, or Gmail? Google One is the new way to boost your cloud storage. But it's not just about more space -- Google One comes with a loads of benefits.
Photography

A turn for the better: Loupedeck+ adds custom dials, more to Lightroom console

The Loupedeck+ improves on the original Lightroom console by adding welcome customization options and introducing support for Skylum Aurora HDR. What's even better is that it does this all at an even lower price.
Computing

Intel serves up ‘Bean Canyon’ NUCs revved with ‘Coffee Lake’ CPUs

Looking for a super-compact PC for streaming media that doesn’t break the bank? Intel updated its NUC family with its new “Bean Canyon” kits. Currently, there are five with a starting price of $300 packing eighth-generation Intel Core…