Trend Micro does a deep dive into Hacking Team’s Open Type Font exploit

hacking team helped malware hackingteam
The Italy-based, malware-making digital security company Hacking Team recently had to wipe a lot of egg from its face when its website was vandalized; its Twitter account hijacked; and hundreds of gigabytes of source code, emails, and internal documents made public following a hack of its servers. Part of what came out of the data dump was that it had been providing malware to many different governments around the world, some of which are criticized for their oppressive regimes and human rights abuses.

One of the pieces of nefarious software which Hacking Team created used an exploit in the open font type manager module — ATMFD.dll — provided by Adobe. As Trend Micro explains in its blog post, the reason this could be exploited is because, while the module is processing font data, there’s a buffer underflow, because of a signed number extending.

Since the font’s buffer can be prepared by an attacker, this allows it to send commands and content to the front of the input buffer, which ultimately gives them a foot in the door of the system they’re going after.

This is just one of many different exploits which Hacking Team took advantage of in the creation of its various tools and tricks, which it sold to governments such as Sudan, United Arab Emirates, and Singapore. Another popular one used a vulnerability in Adobe’s Flash Player version 9 or later and works on almost every browser, including Internet Explorer, Chrome, Firefox and Safari.

The bug has apparently been there for years and hasn’t been patched, since it’s still present in the latest version of Flash. However, we can rest easy to some extent, as this sort of attack hasn’t been tracked in the wild apart from one specific instance in the recent past.

Trend Micro was also keen to point out in its breakdown of these threats that its software should provide protection against them … though you would expect it to say that.

Computing

Why recent hacks show Apple’s security strength, not its weakness

It may sound strange, but the recent stories about vulnerabilities in Apple’s security could be good news for the firm. That’s because they went a long way to highlighting its strengths -- and the strengths it has traditionally had over…
News

What Skylab taught us about space research, 40 years later

Thursday is the 40th anniversary of Skylab falling back to Earth. While most people know it as America's first manned space station, its influence extends much further, inspiring space research and scientific curiosity for decades
Music

Apple Music vs. Spotify: Which service is the streaming king?

Apple Music is giving Spotify a run for its money, but which service is best for you? In our Apple Music vs. Spotify showdown, we compare and contrast all we know about the two streaming music services.
Cars

Mini’s first EV lands at the intersection of electrification and driving fun

Mini introduced the 2020 Cooper SE, its first series-produced electric model. The battery-powered hatchback shares many powertrain parts with the BMW i3, though its range hasn't been announced yet.
Computing

Razer slashes up to 50% off mice, keyboards, and Blade laptops for Prime Day

Gamers can get all sorts of deals during Amazon's annual Prime Day sales event. For Prime Day 2019, you can grab Razer gaming mice, keyboards, and Blade laptops at discounts of up to 50% off. These deals start on Monday, July 15.
Computing

Dell launches $200 discount on XPS 13 and Inspiron laptops for Prime Day 2019

If you're in the market for a new laptop, Dell's Cyber Monday in July sale might be worth considering along with your Prime Day 2019 shopping plans. Dell's sale has a wide variety of discounted laptops, including its XPS 13 laptop.
Computing

Linux is now beating Windows on Microsoft’s own turf, and Azure is better for it

According to remarks by a developer at Microsoft, there are now more instances of Linux-based operating systems running on the company's Azure cloud platform than Windows-based ones.
Deals

Alienware m15 headlines Dell’s gaming PC sale to take on Amazon’s Prime Day

If you're looking to save some money on a new gaming PC or laptop, you may want to skip Amazon's Prime Day for Dell's Cyber Monday in July event. As part of the sale, you can score up to $710 in savings on the Alienware m15.
Computing

The best Prime Day laptop deals: Razer, HP, and Dell XPS discounts

Amazon Prime Day is just around the corner, and it's time to start preparing for some amazing laptop deals. Every year, we see huge discounts on gaming laptops, MacBooks, Chromebooks, and more.
Computing

AMD says it duped Nvidia with a price fakeout, escalating a two-front chip war

According to a recent interview with Scott Herkelman of AMD's Radeon Business Unit, AMD successfully convinced Nvidia they would launch their new GPUs at a higher price than they did, sabotaging Nvidias RTX Super launch.
Computing

Will the Surface Pro 7 ditch Intel chips for Qualcomm’s 5G support?

Microsoft might announce a new Surface Pro 7 towards the end of this year and according to new rumors, it might do with a new chip under the hood. Not an Intel chip though, but one from AMD, or even Qualcomm.
Computing

You can get a 2018 MacBook Air for just $999 with this latest deal from B&H

Other retailers like B&H are offering their own sweet laptop deals during Prime Day 2019. In fact, you can score a 13-inch 2018 MacBook Air with a Retina display at a $100 discount from B&H right now.
Computing

Upgrade your gaming rig with our favorite graphics cards for every budget

If you're serious about games, a good graphics card is essential. There’s no one-size-fits-all option for graphics cards, but our recommendations can help you pick from the best graphics cards for your needs.
Computing

AMD or Intel? We take a look at the pros and cons of both processors

When it comes to selecting a CPU for your PC, there's no shortage of chips for you to choose from. With Ryzen, Threadripper, and Core i9 CPUs though, the AMD vs. Intel argument is muddier than ever.