Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Internet Service Providers. Show all posts
Telecom
Cyber Security Dos Attacks Internet Service Providers RCE Telecom

Juniper Bug Allows RCE and DoS Against Carrier Networks

 

Juniper Networks' Steel-Belted Radius (SBR) Carrier Edition has a severe remote code-execution vulnerability that leaves wireless carrier and fixed operator networks vulnerable to tampering. By centralizing user authentication, giving the proper level of access, and verifying compliance with security standards, telecom carriers utilize the SBR Carrier server to manage policies for how subscribers use their networks. It enables carriers to distinguish service tiers, diversify revenue models, and manage network resources. 

Juniper Networks, Inc. is a multinational technology company based in Sunnyvale, California. Routers, switches, network management software, network security solutions, and software-defined networking technology are among the networking products developed and sold by the company. Pradeep Sindhu started the company in 1996, with Scott Kriens serving as the original CEO until September 2008. Juniper Networks began by specializing in core routers, which are used by internet service providers (ISPs) to execute IP address lookups and route internet traffic. 

SBR Carrier versions 8.4.1, 8.5.0, and 8.6.0 that use the extensible authentication protocol are affected by the bug (CVE-2021-0276). It was on Wednesday, Juniper released a patch. On the CVSS vulnerability-severity rating scale, it gets a 9.8 out of 10. According to Juniper's advisory, it's a stack-based buffer-overflow vulnerability that an attacker can exploit by sending specially designed packets to the platform, causing the RADIUS daemon to crash. This can cause RCE as well as denial-of-service (DoS), which prevents phone subscribers from having a network connection. 

The flaw is one of the dozens that the networking giant patched this week across its carrier and corporate product lines, including multiple high-severity flaws that could be used to launch DoS assaults. Juniper claims that one of these can also be used for RCE. CVE-2021-0277 is an out-of-bounds read vulnerability that affects Junos OS (versions 12.3, 15.1, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2, 19.3, 19.4, 20.1, 20.2, 20.3 and 20.4), as well as Junos OS Evolved (all versions). 

The problem occurs when the Layer 2 Control Protocol Daemon (l2cpd) processes specially designed LLDP frames (l2cpd). On a local area network (usually over wired Ethernet), network devices utilize LLDP to advertise their identification, capabilities, and neighbors. “Continued receipt and processing of these frames, sent from the local broadcast domain, will repeatedly crash the l2cpd process and sustain the DoS condition,” Juniper said in its advisory, issued on Thursday.
Read more »
Security Breach
Cyber Crime Internet Service Providers malware Security Breach

Largest ISP in Austria Hit by a Security Breach



The largest internet service provider in Austria was hit by a security breach this week, in the wake of enduring a malware infection in November 2019, following an informant's report.

A1 Telekom said that their security team identified the malware a month later; however, that expelling the infection was trickier than it was initially envisioned.

From December 2019 to May 2020, its security team had stood up to the malware's operators in endeavors to expel the entirety of their hidden backdoor components and kick out the intruders.

The Austrian ISP told a local blogger that the malware just infected computers on its office network, yet not its whole IT framework, which comprised of approximately more than 15,000 workstations, 12,000 servers, and a large number of applications.

In interviews with the Austrian press [1, 2, 3], A1 said that the multifaceted nature of its internal system kept the attacker from advancing toward various frameworks "because the thousands of databases and their relationships are by no means easy to understand for outsiders."

The attackers evidently assumed manual control for the malware and endeavored to extend this initial foothold on a couple of frameworks to the company's whole system.

A1 said the attacker figured out how to compromise a few databases and even ran database inquiries so as to become familiar with the company's interior system.

A1, which hadn't disclosed the nature of the malware, didn't state if the 'intruders' were 'financially-focused' cybercrime gang or a nation-state hacking group.

While A1 declined to remark on the informant's attribution. Christian Haschek, the Austrian blogger and security researcher who originally broke the story, said the informant asserted the hack was carried out by Gallium, a codename utilized by Microsoft to portray a Chinese nation-state hacking group specializing in hacking telecom providers across the world.


Read more »
SS7 Hack
Cyberattack Hacking Internet Service Providers SS7 Hack

Hackers Now Utilizing SS7 Attacks to Steal Money from Bank Accounts


As indicated by yet another research cyber hackers have now shifted their attention towards taping the phone network by means of the misuse of the SS7 protocol in order to steal money from the bank accounts directly by intercepting the messages.

Since the protocol is utilized by Internet service providers and telecom company to control the telephone calls and instant text messages across the world, the SS7 attacks performed by the said cyber criminals uses a current 'structure blemish' i.e. a flaw in it and exploits it accordingly so as to perform different perilous attacks, that are very much similar to the acts of data theft, eavesdropping, text interception and location tracking.

UK's Metro Bank has already fallen victim to this attack. In view of the affirmation given by the National Cyber Security Center (NCSC), the 'defensive' arm of the UK's signals intelligence agency GCHQ, SS7 attacks are consistently utilized by cybercriminals to intercept the messages in order to steal the code that is additionally utilized for bank transactions.

NCSC said that “We are aware of a known telecommunications vulnerability being exploited to target bank accounts by intercepting SMS text messages used as 2-Factor Authentication (2FA).”

Due to this two factor authentication, by having a SS7 network access the cybercriminals can intercept the messages even after they gain access to the internet banking login credentials by the means of phishing attacks and then initiate the verification code through text message. Later they can without much of a stretch block it through SS7 attack and use it to finish their transaction procedure.

 “Something that members of the general public don’t necessarily have to worry about. An SS7 attack is unlikely to be effective if the bank uses a form of 2FA that doesn’t rely on text messages, such as an authenticator app.”

When approached some of the notable Telecom Service Providers to get to know their thoughts regarding this matter of concern, Vodafone says “We have specific security measures in place to protect our customers against SS7 vulnerabilities that have been deployed over the last few years, and we have no evidence to suggest that Vodafone customers have been affected.”

Likewise they express that, they are working with GSMA, banks and security specialists so as to alleviate and further protect their clients.

Read more »
Subscribe to: Posts (Atom)