Trend Micro does a deep dive into Hacking Team’s Open Type Font exploit

hacking team helped malware hackingteam
The Italy-based, malware-making digital security company Hacking Team recently had to wipe a lot of egg from its face when its website was vandalized; its Twitter account hijacked; and hundreds of gigabytes of source code, emails, and internal documents made public following a hack of its servers. Part of what came out of the data dump was that it had been providing malware to many different governments around the world, some of which are criticized for their oppressive regimes and human rights abuses.

One of the pieces of nefarious software which Hacking Team created used an exploit in the open font type manager module — ATMFD.dll — provided by Adobe. As Trend Micro explains in its blog post, the reason this could be exploited is because, while the module is processing font data, there’s a buffer underflow, because of a signed number extending.

Since the font’s buffer can be prepared by an attacker, this allows it to send commands and content to the front of the input buffer, which ultimately gives them a foot in the door of the system they’re going after.

This is just one of many different exploits which Hacking Team took advantage of in the creation of its various tools and tricks, which it sold to governments such as Sudan, United Arab Emirates, and Singapore. Another popular one used a vulnerability in Adobe’s Flash Player version 9 or later and works on almost every browser, including Internet Explorer, Chrome, Firefox and Safari.

The bug has apparently been there for years and hasn’t been patched, since it’s still present in the latest version of Flash. However, we can rest easy to some extent, as this sort of attack hasn’t been tracked in the wild apart from one specific instance in the recent past.

Trend Micro was also keen to point out in its breakdown of these threats that its software should provide protection against them … though you would expect it to say that.

Apple

Rumors say Apple's AirPower wireless charger may finally be in production

At its September event in 2018, Apple unveiled the AirPower, a new wireless charging mat that will allow you to charge multiple devices at one time. It has not yet been released. Here's everything we know about the device so far.
Mobile

Samsung's advanced folding phone needed 'total reconfiguration' to make it real

Samsung has been showcasing bendable display tech for a few years and now a folding smartphone might finally arrive. The Galaxy X, or perhaps the Galaxy Fold, may be the company's first example. Here's everything we know about it.
Web

Shutdown makes dozens of .gov websites insecure due to expired TLS certificates

The US government shutdown is causing trouble in internet security. As the shutdown enters day 22, dozens of government websites have been rendered insecure or inaccessible due to expired transport layer security (TLS) certificates.
Mobile

Save the date: The Samsung Galaxy S10's reveal is set for February

Not long now; with 2019 underway, the Samsung Galaxy S10 is almost here. Before it arrives, here's absolutely everything you need to know about all three of Samsung's next flagships.
Computing

This ‘computer mouse’ sets the new size standard for portable computing

The Raspberry Pi is an amazingly capable little computer and it's small enough that it can fit just about anywhere. Even in a computer mouse — if you're willing to build a custom chassis for it.
Computing

Change your mouse cursor in Windows with these quick tips

The standard mouse cursor is boring, so change it! With this guide on how to change your mouse cursor in Windows, you can choose to use one of Microsoft's pre-installed cursors or download something a bit more extravagant.
Computing

Go hands-free in Windows 10 with speech-to-text support

Looking for the dictation, speech-to-text, and voice control options in Windows 10? Here's how to set up Speech Recognition in Windows 10 and use it to go hands-free in a variety of different tasks and applications within Windows.
Computing

Printing to PDF in Windows is easy, no matter which method you use

Microsoft's latest operating system makes it easier than ever to print to PDF in Windows, but there are alternative methods for doing so, even if you want to forgo Adobe Acrobat. Here's how.
Computing

Changing a PDF into an EPUB file is easier than you might think

If you like to read on a tablet or ebook reader, you'll find that ePUB files offer a number of advantages over PDFs. With this guide, we'll show you how to convert a PDF to EPUB in a few quick steps.
Computing

Need to combine a PDF? Here's how to get it done on both Windows and Mac

Sometimes juggling multiple files at once is more of a hassle than a convenience, especially when a single file would do. This quick guide will teach you how to combine PDF files on Windows, MacOS, or with online tools.
Computing

Don’t even bother with the rest. Here are the only laptop brands that matter

If you want to buy your next laptop based around a specific brand, it helps to know which the best brands of laptops are. This list will give you a good grounding in the most reliable, quality laptop manufacturers today.
Computing

Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.
Computing

Style up your MacBook Air with one of these great cases or sleeves

Whether you’re looking for added protection or a stylish flourish, you’re in the right place for the best MacBook Air cases. We have form-hugging cases, luxurious covers and padded sleeves priced from $10 to $130. Happy shopping!
Computing

Getting Windows 10 updated doesn't have to be so painful

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.