CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Malware & Threats

Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking

Notepad++ found a vulnerability in the way the software updater authenticates update files. The post Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking appeared first on SecurityWeek.

Notepad++ hijack

Recent Notepad++ releases address a vulnerability that has allowed threat actors to hijack the free source code editor’s updater. 

Security researcher Kevin Beaumont reported in early December that a handful of organizations using Notepad++ had reported experiencing security incidents involving the code editor.

Beaumont said in an update this week that the attacks appeared to have been carried out by threat actors in China, with the attackers leveraging a Notepad++ vulnerability for initial access to the systems of telecoms and financial services firms in East Asia.

Notepad++ developers seem to have known about issues with the updater since at least mid-November, when version 8.8.8 release notes mentioned a security enhancement designed to prevent the application’s updater from being hijacked.

In a post published this week to announce the release of version 8.8.9, Notepad++ confirmed that traffic from the updater (WinGUp) was in some cases redirected to malicious servers, which resulted in compromised executable files being downloaded to the victim’s system.

Notepad++ developers’ investigation led to the discovery of a flaw in the way the updater validates the authenticity and integrity of update files.

“In case an attacker is able to intercept the network traffic between the updater client and the Notepad++ update infrastructure, this weakness can be leveraged by an attacker to prompt the updater to download and executed an unwanted binary (instead of the legitimate Notepad++ update binary).”

In the latest version, Notepad++ and the WinGUp component verify the signature of downloaded installers during the update process, and the update is not performed if the check fails.

However, it has yet to be determined exactly how traffic has been hijacked in the wild.

Beaumont, who described the campaign as a supply chain attack, believes threat actors may be hijacking traffic at the ISP level to push malicious updates, but pointed out that significant resources are required to conduct such an attack.

Related: Google Patches Mysterious Chrome Zero-Day Exploited in the Wild

Related: Wide Range of Malware Delivered in React2Shell Attacks

Related: Unpatched Gogs Zero-Day Exploited for Months

Latest News

CYBERNEWSMEDIAPublisher