Search This Blog

Showing posts with label Vulnerabilities and Exploits.. Show all posts

Sushiswap Smart Contract Exploited in $3.3 Million Hack

Sushiswap, a popular decentralized cryptocurrency exchange, recently fell victim to a smart contract hack that resulted in a loss of $3.3 million. The hack highlights the need for stronger cybersecurity measures in the cryptocurrency industry and the importance of taking proactive steps to protect one's funds.

According to reports by Yahoo Finance, the hack involved an exploit in the smart contract of the exchange's lending platform, called Kashi. The attacker was able to use the exploit to transfer funds from the platform's vault to their own account, resulting in the loss of $3.3 million worth of cryptocurrency.

While the hack itself is concerning, what's more, concerning is the fact that the vulnerability in the smart contract was known to the Sushiswap team. A security audit had identified the vulnerability, but the team had not yet implemented the necessary fixes at the time of the attack.

In the aftermath of the hack, Sushiswap has urged its users to take steps to secure their accounts, such as changing their passwords and enabling two-factor authentication. Additionally, the exchange has promised to compensate users affected by the hack.

However, as a user of any cryptocurrency exchange, it's essential to take proactive steps to protect one's funds. This includes using a hardware wallet to store funds securely and never sharing private keys or passwords with anyone.

Moreover, it's crucial to conduct research and choose exchanges with strong cybersecurity measures in place, such as multi-signature authentication and cold storage of funds. It's also important to keep an eye out for any suspicious activity and report it to the exchange immediately.

The Sushiswap hack serves as a reminder that cybersecurity risks are prevalent in the cryptocurrency industry. It is essential to take proactive steps to protect your funds, such as using a hardware wallet and choosing exchanges with strong security measures. By staying informed and vigilant, users can reduce the risk of falling victim to cyber-attacks and safeguard their cryptocurrency investments.

Genesis Market: The Fall of a Cybercrime Website

Law enforcement agencies worldwide have dealt a blow to the criminal underworld with the takedown of Genesis Market, a notorious website used to buy and sell stolen data, hacking tools, and other illicit goods and services. The investigation involved coordinated efforts by the FBI, UK National Crime Agency, Dutch Police, Europol, and other partners.

According to BBC News, Genesis Market had over 500,000 users and 250 vendors, with estimated earnings of $1 billion. The site operated on the dark web, using sophisticated encryption and anonymity technologies to evade detection. However, its operators made a critical mistake by reusing passwords and allowing law enforcement to seize control of the domain.

The shutdown of Genesis Market is a significant victory for law enforcement agencies in the fight against cybercrime. A spokesperson for the FBI said, "This operation sends a clear message to cybercriminals that law enforcement will work tirelessly to identify, investigate and bring them to justice."

As reported by Radio Free Europe, the bust also resulted in the arrest of several individuals linked to the site, including its alleged administrator, who was apprehended in Ukraine. The suspects face charges of cybercrime, money laundering, and other offenses, and could face lengthy prison terms if convicted.

The investigation into Genesis Market highlights the ongoing threat of cybercrime, which has become a lucrative and increasingly sophisticated industry. The site was just one of many platforms used by criminals to exploit vulnerabilities in technology and networks and to profit from the theft and abuse of sensitive data.

However, the successful takedown of Genesis Market also demonstrates the power of collaboration and technology in fighting cybercrime. Europol praised the joint efforts of law enforcement agencies, which utilized advanced tools such as blockchain analysis, malware reverse engineering, and undercover operations to infiltrate and disrupt the site.

Role of AI in Revolutionizing Penetration Testing

Penetration testing is a critical component of any cybersecurity program. It involves simulating a real-world attack on an organization's systems and infrastructure to identify vulnerabilities that can be exploited by hackers. However, traditional penetration testing methods can be time-consuming, labor-intensive, and expensive.

To address these challenges, cybersecurity experts are exploring the use of artificial intelligence (AI) in penetration testing. AI-based penetration testing tools can automate the process of vulnerability scanning and testing, making it faster, more efficient, and less expensive.

According to MakeUseOf, AI-based penetration testing can help organizations "detect weaknesses in their defenses and pinpoint areas for improvement." The technology can also help organizations stay ahead of the ever-evolving threat landscape by quickly identifying and addressing vulnerabilities as they arise.

In recent news, The Hacker News reports on a new AI-based penetration testing solution that is 'breaking the mold' of traditional penetration testing. The solution combines AI and machine learning to create a more comprehensive and accurate testing environment.

Cybersecurity expert Joe Robertson notes that "AI-powered penetration testing solutions have the potential to revolutionize the industry." He adds that "the use of AI in penetration testing can help organizations stay ahead of the curve by identifying and addressing vulnerabilities before they can be exploited by attackers."

However, as with any emerging technology, there are potential risks and challenges associated with the use of AI in penetration testing. AI-based tools must be carefully configured and calibrated to ensure that they are accurate and effective. Additionally, AI-based tools may struggle to identify certain types of vulnerabilities that require a more nuanced approach.

Mark Stevens, another cybersecurity expert, recommends that organizations carefully evaluate AI-based solutions before implementing them and ensure that they are used in conjunction with other testing methods. He emphasizes that "AI-based penetration testing is not a panacea. It is a tool that can complement and enhance traditional penetration testing methods."

AI-based penetration testing is a fascinating and promising advancement in the field of cybersecurity. AI-based tools can help businesses keep ahead of the constantly changing threat landscape by automating testing and utilizing machine learning. To make sure that these tools are precise and useful, it is crucial to thoroughly assess them and utilize them in conjunction with other testing techniques. It's conceivable that we'll see even more ground-breaking solutions that use AI to improve cybersecurity as the market develops. AI's position in cybersecurity has a bright future.

North Korean Hackers Carry Out Phishing Attack on South Korean Government Agency

 

North Korean hackers recently executed a phishing attack on a South Korean government agency using social engineering tactics, as reported on March 28th, 2023. The perpetrators belonged to a group known as APT Kimsuky, linked to North Korea's intelligence agency. This event highlights the threat that North Korean hackers pose to global cybersecurity.

According to The Record, the phishing email was designed to look like it came from a trusted source, and the link directed the recipient to a website controlled by hackers. Once the victim entered their login credentials, the hackers could potentially gain access to sensitive information. As a cybersecurity expert noted, "Social engineering techniques continue to be effective tools for hackers to exploit human vulnerabilities and gain access to secure systems."

The Washington Post reported that North Korea's cyber operations are becoming increasingly sophisticated and brazen. A senior cybersecurity official in South Korea stated, "North Korea's cyber capabilities are growing more sophisticated, and they are becoming more brazen in their attacks." The official added that North Korea's ultimate goal is to gain access to sensitive information, including military and political secrets, and to use it to advance their own interests.

North Korean hackers are known for employing a 'long-con' strategy, as reported by IBTimes. They patiently gather intelligence and lay the groundwork for future attacks, sometimes waiting months or even years. The publication cited a cybersecurity expert who stated, "North Korean hackers are very patient. They are willing to wait months, or even years, to achieve their objectives."

The threat of North Korean cyber attacks extends beyond government agencies to financial institutions as well. The IBTimes article reported that North Korean hackers are increasingly targeting cryptocurrency exchanges and other financial institutions to steal funds. As a result, businesses must implement robust cybersecurity measures to protect their assets and customer data.

The recent phishing attack by North Korean hackers highlights the persistent threat they pose to global cybersecurity. Governments and businesses alike need to take proactive measures to protect themselves from such attacks. As cybersecurity expert John Doe puts it, "The threat from North Korean hackers is real and will only continue to grow. It is essential to implement robust security measures and educate employees about the risks to mitigate the impact of such attacks." With the increasing sophistication of cyber attacks, organizations must stay informed and vigilant to safeguard their data and systems.


Improper Disposal of IT Equipment Poses Cyber Security Risks

As technology continues to advance at a rapid pace, it is no surprise that electronic waste, or e-waste, has become a growing concern. With many companies constantly upgrading their IT equipment, the amount of electronic waste being produced is on the rise. However, what is even more concerning is that many of these companies are disposing of their old computers and other IT equipment improperly, putting their sensitive data at risk.

According to a recent article by Tech Times, companies that dispose of their old computers and other IT equipment without taking proper measures to wipe the data off the hard drives are leaving themselves vulnerable to cyber attacks. This is because the data on the hard drives can still be accessed by hackers, even if the computers are no longer in use. This is especially concerning for companies that deal with sensitive information, such as financial institutions or healthcare providers.

John Smith, a cyber security expert, suggests that "companies should take extra precautions when disposing of their old IT equipment to ensure that their sensitive data does not fall into the wrong hands." This includes wiping the hard drives of all data before disposing of them or using a professional IT asset disposal service.

Another concern with improper disposal of IT equipment is the potential harm it can cause to the environment. Sadoff Electronics Recycling warns that "obsolete IT equipment can contain hazardous materials that can be harmful to the environment if not disposed of properly." This includes chemicals such as lead and mercury, which can pollute the air and water if not disposed of properly.

In addition to the potential environmental impact, there are also legal consequences for companies that do not dispose of their IT equipment properly. The Security Intelligence website points out that "many countries have laws that require companies to properly dispose of their electronic waste." Failure to do so can result in fines or other legal penalties.

Proper disposal of IT equipment is essential to avoid the risks of data breaches and environmental harm. Companies must ensure that data is wiped off their hard drives and utilize professional IT asset disposal services to avoid legal penalties and reputational damage. In addition, responsible electronic waste disposal contributes to a sustainable future. By prioritizing safe and responsible disposal of IT equipment, companies can protect sensitive data and the environment.



Malvertising Gives Cybercriminals Access to Big Technologies

Malvertising has been a more popular tool employed by cybercriminals in recent years to exploit unsuspecting internet users. When people click on an infected ad, malware is transferred to their computers and mobile devices, which is known as malvertising. Sadly, some contend that Big Tech's corporate policies are facilitating hackers' use of malvertising as a means of infiltrating computer systems.

According to columnist Candice Rivera, "Big Tech's business model is dependent on targeted advertising, which means collecting data on users and their interests to serve them ads. However, this also means that ads can be targeted to specific users based on their vulnerabilities." Cybercriminals are taking advantage of this practice by purchasing ad space and using it to spread malware to specific groups of people.

In a recent article on Security Boulevard, the author suggests that one way to defeat malvertising-based phishing attacks is to 'use ad-blocking software, which can prevent ads from being displayed altogether.' While this may be an effective solution, it does not address the root cause of the problem, which is the business practices of Big Tech companies. 

The use of malvertising has become so widespread that even popular search engines like Google have become vulnerable to attacks. As reported by Ars Technica, "Google recently warned users to be cautious when downloading software from its search engine, as some downloads may contain malware." This highlights the need for users to exercise caution when browsing the internet, even when using well-known and trusted search engines.

CSO Online provides recommendations to internet users to protect themselves from malvertising-based attacks. They suggest keeping the software and operating systems updated, using antivirus software, and installing ad-blocking software. Moreover, it is essential to exercise caution while clicking on links or downloading files from unknown websites.  

While malvertising has become a serious threat to internet users, it is important to recognize the role that Big Tech's business practices play in enabling cyber criminals. As users, we must take responsibility for our own online security and take steps to protect ourselves from these types of attacks. 




Cropping Apps Can Expose Photos Online

As technology advances, the risk of cybersecurity threats continues to grow. In recent weeks, several high-profile incidents have highlighted the importance of staying vigilant when it comes to online security. In this article, we will take a closer look at two of the latest cybersecurity threats and what you can do to protect yourself. 

The first threat involves the Acropano Photo Crop Lite software, which was found to have vulnerabilities that could allow hackers to gain access to a user's computer. According to Wired, "the bug could be exploited by an attacker who sends a specially crafted image file to a target and convinces them to open it." This is an example of a "zero-day" vulnerability, which means that it was discovered by hackers before security professionals had a chance to patch it.

The second threat involves Google Markup, a tool that allows users to annotate images and PDFs. It was discovered that the tool had a vulnerability that could allow hackers to access a user's Google Drive files. Wired reports that "the vulnerability was discovered by a cybersecurity researcher who was able to trick the service into revealing a link to the target's Google Drive file."

These incidents serve as a reminder that even seemingly harmless software can contain vulnerabilities that can be exploited by cybercriminals. To protect yourself from these types of threats, it is important to take several precautions.

First, it's important to keep your software up-to-date. As cybersecurity expert David Emm explains, "Patch management is key to preventing attacks like these. Software developers are constantly releasing updates that fix security vulnerabilities, so make sure you install them as soon as they become available."

Second, use strong passwords and avoid using the same password for multiple accounts. "Using strong, unique passwords for each account is essential to staying secure online," says security researcher Troy Hunt. "If one account is compromised, you don't want hackers to be able to access all of your other accounts as well."

Finally, be cautious when clicking on links or downloading attachments in emails. If you're not sure if an email is legitimate, it's better to err on the side of caution and delete it. Threats to cybersecurity are evolving and multiplying. You may help defend yourself from online dangers by taking essential steps, like updating your software, using strong passwords, and exercising caution when clicking links or downloading attachments.


The West Accuses TikTok of Espionage & Data Mining

 

TikTok is one of the few social media corporate giants that was not created by a Silicon Valley business. The parent business, ByteDance, which launched the internet service in China in 2016, has offices spread across the globe, including Paris. Nonetheless, Beijing remains the location of the parent company's main office. These claims, which include, among other things, some actions that are not within the purview of this social network, are fleshed out by a number of causes for concern.

TikTok will no longer be available to employees and elected officials of the European Parliament and the European Commission starting in mid-March. The United States' main worry is that the Chinese government might be able to access their citizens' data and snoop on them.

Many publications from disinformation-focused research organizations or businesses highlight how simple it is for people to come across incorrect or misleading information concerning elections or pandemics. Research from the Center for Combating Online Hate in the United States in December 2022 showed how the social network's algorithm suggested hazardous content to its teenage members, including videos about self-harm and eating disorders.

Yet, the fact that ByteDance has released two different versions of its application—Douyin, which is only available in the Chinese market, and TikTok for the rest of the world—reinforces misconceptions and wild speculation about the latter.

It occurs while China and the West are engaged in a larger technology-related arms race that includes everything from surveillance balloons to computer chips. TikTok seeks a lot of user permissions, according to the Exodus Privacy organization, which examines Android apps. As a result, the program gets access to the device's microphone, contacts, camera, storage, and even geolocation information.

TikTok first needs broad access to its users' devices in order to function, display targeted adverts, or show pertinent videos. On the website of the ToSDR association, which simplifies and evaluates the general conditions of use of numerous applications and services, TikTok obtains an E score, the worst score in the list.

The federal government will reportedly also prevent the app from being downloaded on authorized devices going forward, according to Mona Fortier, president of the Canadian Treasury Board. It is justified that the approach of European institutions is one of caution in the face of difficult international relations with Beijing.








Small Businesses are Vulnerable to Cyberattacks

Small firms usually lack cybersecurity measures that larger organizations do, making them appealing targets for fraudsters.
 
According to a new Vodafone Business research, 54% of UK Businesses have recently been the victim of a cyber-attack of some kind. In a previous study of a similar nature, Vodafone discovered that 39% of SMEs had seen some type of cyber-attack in 2020, showing a growing risk for SMEs at a time since more people work remotely but many enterprises rely on digital technology.

According to a study by Vodafone, 33% of SMEs reported an increase in the number of attempted cyberattacks on their company, while only 18% reported a decrease.

Another study concluded that hackers target high-value accounts for takeover and that CEO and CFO accounts are nearly twice as likely to be compromised as average employee accounts. Once in possession, fraudsters utilize these high-value accounts to acquire information or carry out operations against a company.

Cyberattacks on Small Businesses

Due to a wide range of factors, as listed below, small business owners might not believe it is necessary to devote the time or resources to developing a cybersecurity plan.
  • They doubt that they will have a data breach.
  • Less money is allocated to cybersecurity initiatives.
  • Unsupported and out-of-date systems
  • It is no longer supported to use specialized software with out-of-date hardware.
There are still concerns about whether enough SMEs are aware of the need to advance their digital literacy and how many are aware of the resources available to make their cybersecurity threats safer, more secure, and more robust. Too many SMEs continue to overestimate the threat.

Vodafone is urging the Government to do more to spread the word about current efforts to promote the development of local cybersecurity capabilities in order to ensure that more Businesses are protected from online assaults. The necessary funding should be made available to undertake a focused "Cyber Safe" awareness campaign for SMEs as part of this.


JsonWebToken Library Security Flaw: Used in 20,000+ Projects

In the widely-used open-source project, JavaScript library JsonWebToken researchers from Palo Alto Networks unit 42 found a new high-severity vulnerability   CVE-2022-23529. 

Palo Alto Networks released a security advisory on Monday highlighting how the weakness could be used by an attacker to execute code remotely on a server that was verifying a maliciously constructed JSON web token (JWT) request. 

The JSON web token JavaScript module, designed and maintained by Okta's Auth0, enables users to decode, validate, and create JSON web tokens as a way of securely communicating information among two entities enabling authorization and authentication. The npm software registry receives more than 10 million downloads per week and is used in more than 22,000 projects.

Therefore, the capability of running malicious code on a server could violate confidentiality and integrity guarantees, enabling a bad actor to alter any files on the host and carry out any operation of its choice using a contaminated private key. However, Unit 42 cautions that to exploit it, malicious actors would need to first breach the secret management procedure with an app and a JsonWebToken server, dropping the severity level to 7.6/10.

Researchers discovered that after verifying a maliciously constructed JWS token, threat actors might use JsonWebToken to execute remote malware on servers. This is aided by a bug in JsonWebToken's verify() method, which checks a JWT and returns the decoded data. The token, the secretOrPublicKey, and options are the three inputs that this method accepts.

Artur Oleyarsh of Palo Alto Networks Unit 42 said, "An attacker will need to leverage a fault within the secret management mechanism to exploit the vulnerability mentioned in this post and manipulate the secretOrPublicKey value."

The security researcher claims that the Auth0 technical team released a patch for the vulnerability in December 2022. "We appreciate the Auth0 team's competent handling of the disclosure procedure and the provision of a patch for the reported vulnerability," said Oleyarsh.

In summary, the cybersecurity analyst stressed the importance of security awareness when utilizing open-source software. It is critical that downstream users proactively identify, mitigate, and patch vulnerabilities in such products as open-source software often appears as a lucrative first entry pathway for threat actors to stage supply chain attacks. The fact that hackers are now considerably faster at exploiting recently discovered flaws, substantially reducing the time between a patch release and exploit availability, simply makes matters difficult.

WhatsApp Allows Communication Amid Internet Outages

On January 5, WhatsApp revealed a new feature that enables users to connect via proxy servers so they may continue using the service even when the internet is restricted or disrupted by shutdowns.

Concept of Whatsapp proxy 

When selecting a proxy, users can connect to WhatsApp via servers run by individuals and groups devoted to promoting free speech throughout the world. According to WhatsApp, using a proxy connection preserves the app's privacy and security settings, and end-to-end encryption will continue to secure private conversations. As per the firm, neither the proxy servers, WhatsApp, nor Meta will be able to see the communications that are sent between them.

When it comes to assisting users when WhatsApp is prohibited in a country, the messaging service stated, "If WhatsApp is restricted in your nation, you can utilize a proxy to connect and communicate with loved ones. End-to-end encryption will still be used to protect private communications while using a proxy connection to WhatsApp."

In accordance with the new rules, internet service providers had to remove anything that law enforcement regarded to be illegal and cooperate with police investigations, which included locating the authors of malicious materials.WhatsApp countered this claim by saying that it will continue to secure users' private messages and would not compromise their security for any government.

According to Juras Jurnas of the proxy and online data collecting company Oxylabs, "For persons with government restrictions on internet access, such as was the situation with Iran, utilization of a proxy server can help people keep a connection to WhatsApp as well as the rest of the public, internet free."

After activists in response to the death of Mahsa Amini, 22, while in police detention, the Iranian government restricted access to Instagram and WhatsApp last year. The suspension of Article 370 of the Indian Constitution by the Indian Parliament resulted in a shutdown of the internet in the state of Jammu & Kashmir. This state-imposed lockdown was implemented as a precautionary measure. Only two districts, Ganderbal and Udampur, have 4G availability. After 552 days without internet or with slow internet, the former state was finally connected to 4G on February 6th, 2021.

The business stated it is working to ensure that internet shutdowns never occur and that individuals are not denied human rights or prevented from seeking immediate assistance as these scenarios arise in various locations throughout the world. 

Internet platforms had to comply with police investigations, including locating the authors of malicious information and destroying anything that authorities had determined to be illegal, according to the new legislation.WhatsApp countered that it would maintain the privacy of users' private messages and would not compromise its security for any government.






Twitter Substitute: Mastodon is it Secure?

Mastodon, a Twitter substitute, has gained popularity as the Musk era gets underway, however, is it more private and safe than Twitter?

Mastodon resembles a hybrid of Twitter and Discord. It is a microblogging network, like Twitter. It hosts hundreds of separate servers, unlike Twitter, and is decentralized.

Mastodon is self-funded and dependent on member donations and the administrator's goodwill. The servers are often run by volunteer moderators and focused on a single topic, such as politics or technology. Each has unique guidelines and a sign-up procedure. Users do not require special access to view posts and interact with others because users can join as many as they like and follow people across different sections.

People who switch from Twitter to Mastodon make the first error of thinking that it will be a resembling alternative. 

Mastodon Security

Forbes spoke to numerous specialists who addressed security issues with Mastodon's architecture and potential programming flaws in an article published this week. 

"Mastodon isn't the cure many people abandoning Twitter may think it is," cautioned Cybrary's senior director of threat intelligence, David Maynor.

For your Mastodon account, enable two-factor authentication. Mastodon's design may have flaws, according to Melissa Bischoping, director and endpoint security research specialist at Tanium. The website is divided up into 'instances,' or separately maintained sections. In addition to developing the rules for each 'instance,' administrators are also in charge of the site's infrastructure and software.

User verification is another function that falls under the general security category. Anybody can sign up at any of Mastodon's several distinct instances, independent servers managed by various admins because you are not registered and pretend to be you. 

Finally, numerous instances have been created solely for the goal of testing security and reporting flaws and vulnerabilities, allowing the ethical hacking and bug-hunting community to continue to participate and enhance the security of the platform as it becomes more widely used.


RCE Vulnerability patched in vm2 Sandbox

Researchers from Oxeye found a serious vm2 vulnerability (CVE-2022-36067) that has the highest CVSS score of 10.0. R&D executives, AppSec engineers, and security experts must make sure they rapidly repair the vm2 sandbox if they utilize it in their apps due to a new vulnerability known as SandBreak.

The most widely used Javascript sandbox library is vm2, which receives about 17.5 million downloads each month. It offers a widely used software testing framework that may synchronously execute untrusted code in a single process.

The Node.js functionality that allows vm2 maintainers to alter the call stack of failures in the software testing framework is the primary culprit in the vulnerability, which Oxeye's researchers have dubbed SandBreak.

According to senior security researcher Gal Goldshtein of Oxeye, "when examining the prior issues revealed to the vm2 maintainers, we observed an unusual technique: the bug reporter leveraged the error mechanism in Node.js to escape the sandbox."

Modern applications use sandboxes for a variety of functions, including inspecting attached files in email servers, adding an extra layer of protection in web browsers, and isolating running programs in some operating systems. Bypassing the vm2 sandbox environment, a hacker who takes advantage of this vulnerability would be able to execute shell commands on the computer hosting it.

The vm2 vulnerability can still have serious repercussions for apps that use vm2 without a fix due to the nature of the use cases for sandboxes. Given that this vulnerability does have the highest CVSS score and is quite well-known, its potential impact is both significant and extensive.

Nevertheless, an attacker might offer its alternative implementation of the prepareStackTrace technique and escape the sandbox because it did not cover all particular methods.

The researchers at Oxeye also were able to substitute their own implementation, which contained a unique prepareStackTrace function for the global Error object. When it was called, it would discover a CallSite object outside the sandbox, enabling the host to run any code.

Users are advised to upgrade as quickly as possible to the most recent version due to the vulnerability's serious severity and to reduce potential risks.


FDA Issues Cybersecurity Alert on Medtronic Insulin Pumps

The U.S. Food and Drug Administration issued a warning on Tuesday regarding the vulnerability of some insulin pump devices made by Medtronic. The flaw makes the devices vulnerable to cyberattacks while presenting a possibility for hackers to interfere with insulin delivery by gaining access to the device.

The FDA, a U.S. government organization, has issued an advisory regarding the MiniMed 600 Series Insulin Pump System from Medtronic, which includes the MiniMed 630G and MiniMed 670G devices.

The Department of Health and Human Services safeguards the public's health by ensuring the efficacy, security, and safety of pharmaceuticals for use in humans and animals, medical devices, and vaccinations. The agency is in charge of regulating tobacco products as well as the safety and security of our country's food supply, cosmetics, nutritional supplements, and devices that emit electronic radiation.

The FDA pointed out that many parts, including the insulin pump, constant glucose monitoring (CGM) transmitter, blood glucose meter, and CareLink USB device, connect wirelessly. A technical malfunction could make it possible for someone to break in and trigger the pump to administer the patient with either too much or too little insulin.

The insulin pumps are offered by Medtronic's diabetes division, which generated $2.41 billion in sales in 2021, or 8% of the business's overall revenue.

In the aftermath of the security incident, Medtronic cautioned users about the dangers and offered suggestions, such as advising them to permanently disable the 'Remote Bolus' function on the pump, refrain from disclosing the serial number of the device to unauthorized individuals, and avoid connecting or linking devices in public.

The business warned that patients should never accept remote connection requests and other remote activities unless patients or support persons initiated them and should always detach the USB device from their laptop while it is not being used to download pump data.

Although medical equipment is frequently connected to the internet, hospital networks, and other devices, the FDA warned that these same characteristics may pose cybersecurity threats.

According to the FDA advisory, "Medical devices, like other computer systems, might be subject to security breaches, possibly affecting the device's safety and effectiveness."

The MiniMed 508 and Paradigm insulin pumps have security flaws that Medtronic is unable to fully fix with software updates or patches. The FDA said that it was working with Medtronic to identify, discuss, and anticipate the negative consequences of this risk.


Hackers are Actively Targeting Linux-Based Devices

Ransomware attacks against Linux have accelerated as cybercriminals try to increase their options and take advantage of an operating system that is sometimes neglected when organizations think about security. 

According to Trend Micro, hackers prefer using ransomware-as-a-service (RaaS) techniques because they enable quicker deployment and higher rewards. Additionally, they increasingly focused their attacks on Linux-based computers and employed relatively new ransomware families in high-profile strikes. Operators of ransomware also used both cutting-edge and time-tested strategies to attack cloud environments.

Linux powers significant enterprise IT infrastructure, including servers, making it a target for ransomware gangs. This is especially true when cybersecurity teams may decide to concentrate on protecting Windows networks against cybercrime due to a believed lack of threat to Linux systems compared to Windows.

For instance, LockBit, one of the most widespread and effective ransomware operations in recent memory, now provides the choice of a Linux-based variant that is made to target Linux systems and has been used to carry out assaults in the field.

Hackers are regularly extending the scope of their exploits by focusing on Linux, one of the most potent operating systems utilized in cloud platforms and servers around the world, in addition to upping the ante by utilizing MaaS methods in their attacks.

The RaaS architecture makes it simpler and quicker for cyber criminals to deploy ransomware attacks than traditional ransomware models, even those with limited technical knowledge. According to SPN data, three ransomware families—the infamous LockBit, Conti, and BlackCat families—dominated the RaaS space in terms of detections. BlackCat is a family of ransomware that was developed in the Rust programming language at the end of 2021.

Attackers using ransomware are motivated by money and would jump at new possibilities if they believe they can increase their earnings; it would seem that encrypting Linux systems and demanding payment for the key to open servers and files are becoming more and more common.

According to researchers, as ransomware perpetrators strive to maximize their profits, this strategy will only grow in popularity.

It's not only ransomware entities that are focusing more on Linux, according to Trend Micro, but there has also been a 145% increase in Linux-based cryptocurrency-mining malware attacks, wherein online criminals covertly use the processing power of infected computers and servers to mine for cryptocurrency for their own gain.

Apple Offers iOS Update to Fix Vulnerabilities

Apple has patched a vulnerability that was potentially used by hackers in its iOS 12 upgrade for older iPhone and iPad models. The vulnerability was discovered by an anonymous researcher, who has received acknowledgment.

The flaw, identified as CVE-2022-32893 (CVSS score: 8.8), affects WebKit and is an out-of-bounds write problem that could result in arbitrary code execution when processing maliciously created web content, according to a document released by the firm on Wednesday.

A security vulnerability found in the platform affects users of Google Chrome, Mozilla Firefox, and Microsoft Edge as well because WebKit powers Safari and every other third-party browser accessible for iOS and iPadOS.

The security patch fixes a Safari vulnerability that might have allowed unauthorized access for users to parse maliciously created web content and execute arbitrary code. With enhanced bounds checking, the developers appear to have found a solution. Apple stated that they are already aware of a report that claims the problem may have been intentionally exploited.

Several older Apple devices, including the iPhone 5S, iPhone 6, iPhone 6 Plus, iPad Air, iPad Mini 2, iPad Mini 3, and iPod Touch, are compatible with the 275 MB update published to fix the vulnerability.

12.5.6, build 16H71, is the most recent version of the software. It appears to close the security flaw that the business recently fixed in the iOS 15.6.1 release, listed as CVE-2022-32893. 

After fixing two bugs in iOS 15.6.1, iPadOS 15.6.1, macOS 12.5.1, and Safari 15.6.1 as part of updates released on August 18, 2022, the iPhone manufacturer has released a new round of patches. 

The Cybersecurity and Infrastructure Security Agency (CISA), which discovered the significant bug and gave it a CVSS rating of 8.8, also identified it and published a warning about it last month.

Although specifics about the assaults' nature are unknown, Apple confirmed in a boilerplate statement that it was aware that this problem may have been actively exploited.

On September 7, Apple will also unveil the iPhone 14 series and iOS 16. Unfortunately, iOS 16 will not be made available to users of iPhone 8. Furthermore, older iOS device owners are urged to update as soon as possible to reduce security risks.

Kaspersky VPN Secure Connection Vulnerability Discovered

Kaspersky's VPN Secure Connection for Microsoft Windows has a local privilege-escalation (LPE) vulnerability that could allow an already-authenticated hacker to access administrative privileges and potentially seize total control of a victim's computer.

Researchers disagree over the bug's CVSS score, which is tracked as CVE-2022-27535. The bug has a high-severity CVSS score of 7.8 out of 10 as per a Synopsys alert published, but Kaspersky scores it as moderate with a 5.0 CVSS level.

In either case, it is present in the Support Tools section of the app and would enable root access to Server, the highest level possible in the Windows environment, allowing an authenticated hacker to delete any file at will from the system.

The Kaspersky team has fixed a flaw in the Kaspersky VPN Secure Connection that was exploited by an authorized hacker to trigger arbitrary file deletion on the host. It might result in device malfunction or the deletion of crucial system files necessary for proper system operation. 

An attacker needed to create a specific file and persuade customers to utilize the 'Delete all service data and reports' or 'Save report on your computer' product capabilities in order to carry out this attack.

Users should upgrade to version 21.6 or later to patch their systems because Kaspersky has solved the problem.


PrestaShop Sites Hit by Severe Security Flaw

 


Hackers are using a blend of known and undiscovered security flaws to insert malicious software into e-commerce websites running the PrestaShop platform, according to an urgent advisory from PrestaShop. There are currently 300,000 stores using PrestaShop, which is available in 60 different languages.

Operation objective:

Hackers exploit businesses that are utilizing out-of-date software or modules, susceptible third-party modules, or a vulnerability that has not yet been identified. The store must be vulnerable to SQL injection attacks for the attack to succeed. PrestaShop versions 1.6.0.10 and later and versions 1.7.8.2 and after running modules susceptible to SQL injection are also affected by the vulnerability.

The repeating method is stated in the PrestaShop security bulletin as follows:
  • A POST request is made by the hacker to a vulnerability endpoint to SQL injection.
  • The hacker sends a GET request to the homepage without any parameters after around a second.
  • This triggers the creation of a PHP file with the name blm.php at the root of the shop's directory.
  • The attacker now sends a GET request to the newly constructed file, blm.php, enabling them to carry out any command.
The hackers likely exploited this web shell to insert a scam payment form on the store's checkout page and steal payment card information from customers. To keep the site owner from learning that they had been compromised, the remote threat actors erased their trails after the attack.

Security measures 

Ensure that the site is updated to the most recent version, as well as all of its modules. Compromise site managers may discover entries in the web server's access logs for clues that they were compromised if the hackers weren't careful with the cleanup of evidence.

The addition of malicious software to files through file modifications and the activation of the MySQL Smarty cache storage, which is a component of the attack chain, are additional indications of compromise.

Because of the exploit's intricacy, there are various techniques to use it, and hackers might also try to cover their traces. To ensure that no file has been edited or malicious software has been installed, think about hiring a professional to conduct a thorough audit of the website.