Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Threat actors
Cyber Security Healthcare LockBit Ransomware Threat actors

HC3 Issues a Warning About a LockBit Ransomware Variant

 

The Health Sector Cybersecurity Coordination Center issued a threat briefing on LockBit, a ransomware gang that recently published a new variation. The hackers were behind the widely publicized ransomware attack on Accenture this summer, in which the firm was supposedly held hostage for $50 million. Threat actors claimed to have acquired more than six terabytes of data, according to researchers from the cyber intelligence firm Cyble. 

"Through our security controls and protocols, we identified irregular activity in one of our environments," said Accenture in a statement. "We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup. There was no impact on Accenture's operations, or on our clients' systems." 

According to Eleanor Barlow, content manager at SecurityHQ, LockBit attacks are recognized for their ability to encrypt Windows domains using Active Directory group settings. When a domain is compromised, the malware generates new group policies and sends them to networked devices. The policies in this case disable antivirus protection and allow malware to be installed.

"Threat actors continue to view unpatched systems as an easy, if not preferred, method of intrusion," wrote officials from the cybersecurity arm of the U.S. Department of Health and Human Services in its brief.

LockBit was founded in September 2019 and began advertising its "ransomware as a service" affiliate scheme in January 2020, according to HC3. In May 2020, it began collaborating with Maze, another ransomware organization, and in September of the same year, it launched its own leak site. LockBit v2.0 was released in June of this year. Now, according to HC3, it employs a double extortion scheme involving the StealBit malware. It has improved encryption and circumvents user account control methods.

It also relaunched its affiliate programme, in which affiliates determine the ransom, choose the payment method, and receive the majority of the money before paying the gang. Armenia, Azerbaijan, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, and Uzbekistan are not part of the Commonwealth of Independent States. 

According to HC3, hospitals are simple targets, but the LockBit affiliate showed "a great dislike for people who attack healthcare companies while providing contradicting information regarding whether he targets them himself." Although the United States has lucrative targets, data privacy regulations mandating victim organizations to notify all breaches have lowered the incentive for such entities to pay the ransom, according to HC3.
Read more »
Russian Cyber Security
Cyber Security Internet Safety Putin Russian Cyber Security

Putin demanded to protect children from harmful information on the Internet

Russian President Vladimir Putin demanded to protect children from harmful information on the Internet. He believes that this is a very urgent problem that the whole world is solving now. According to the president, there are people who, for their own profit, drive minors to suicide.

“As for information resources, I believe that our schools should use state information resources. This does not mean at all that we should reduce the space of freedom to a minimum. Not at all,” the Russian leader clarified.

Putin reminded that personal data of users are collected by all information resources, “so we should take care to ensure the safety of children and citizens in the online space”.

“And here, of course, only the state can be asked for their rational use and for ensuring the safety of people. Therefore, information resources in schools should be state-owned,” the president explained.

“We know, unfortunately, that all sorts of shameless people who do not think about anything but profit use the Internet to make a profit to the maximum. And, sorry for the bad manners, they didn't care about the fate of people and children. Therefore, this is where children are driven to suicide, here is child pornography,” Putin explained.

He also positively assessed the initiative of domestic Internet companies to create their own public organization to ensure the information hygiene of minors. “We will continue to support and help this,” the president concluded.  

On September 1, Putin said that the state and society should join efforts to create a safe online space for children. He expressed hope that global digital platforms will be involved in ensuring the safety of children online.


Read more »
Technology
Georgia Tech News Technology

Georgia is actively working on the introduction of a digital national currency

The National Bank of Georgia is working on the introduction of the digital lari. The vice-president of the central bank, Papuna Lezhava, said that the pilot program is planned to be launched in 2022.

“85% of the world's central banks are already working on a digital currency, some are in the research stage, some are testing, some have already implemented, including China and the Bahamas. We also want to be at the forefront of this trend,” he told reporters on Tuesday.

“Digital currency is not a cryptocurrency, but the evolution of cash. It will most likely also be based on the blockchain, and will also be a fast and cheap payment method. However, unlike modern cryptocurrencies, there will be no mining. The National Bank will be the only issuer of digital currency,” noted Mr. Lezhava.

According to him, the digital lari will be able to compete with cryptocurrencies in some services, but will not have the character of speculative accumulation.

At the initial stage, the digital lari is planned to be introduced for retail sales.

The National Bank believes that the digital currency will help to increase the efficiency of the payment system and financial accessibility.

"Digital lari will become a faster and cheaper means of payment than traditional means. It will work 24 hours a day. All transactions do not require an Internet connection. But the main advantage is that it will be technologically open to other types of technologies and as compatible as possible. Today, neither paper lari nor other means of payment have such luxury," the Vice President of the Central Bank added.

Earlier, CySecurity News was reported that the Verkhovna Rada of Ukraine has adopted a law on the legalization of cryptocurrencies, which will allow using cryptocurrency for settlement transaction.

Read more »
Vulnerability and Exploits
Android OS Exploits Google Remote Code Execution Vulnerability and Exploits

Google Released 41 Security Updates, Severity High and Critical

 

Google issued latest Android October security patches, fixing 41 vulnerabilities, of high and critical severity. Every month, Google issues security patches for Android OS consisting vendor fixes and framework for the month. The current update includes patches for 10 vulnerabilities which were addressed in the 2021-10-01 Security patch level, which was released earlier this week. The flaws with high severity patched October's DoS (Denial of Service), remote code executions, information disclosure issues, and elevation of privilege. Three critical severity vulnerabilities in the update are termed as: 
  • CVE-2020-11301: A critical vulnerability impacting Qualcomm's WLAN parts, concerned with unencrypted (simple text) frames acceptance on secure networks. 

  • CVE-2020-11264: A critical vulnerability impacting Qualcomm's WLAN parts, concerned with non-EAPOL/WAPI frames acceptance from malicious source retrieved in IPA exception pathways. 

  • CVE-2021-0870: Remote Code execution vulnerability in android OS, which allows threat actor to deploy arbitrary codes related to the privileged process. 

The 41 vulnerabilities released this month have not been exploited according to experts, therefore users can be assured of no vulnerability exploits running in the wild. Earlier devices which are incompatible with the current security updates are more susceptible to attacks, because this month's security patches can be a golden opportunity for hackers to deploy exploits in the future. One should note that, Android OS security patches are not limited to android variants, the latest updates are concerned with android versions 8.1 to 11. 

Similarly, the OS variant isn't a deciding factor for to know whether your device is compatible. If the user is sure that his device has reached the EOL date, he can install a third party android distribution that would provide monthly security updates for the device, or replace it with a new version. "Android fans have been eagerly waiting for the release of version 12, which was rumored for October 4, 2021, but what they got instead was the source of Android 12 pushed to the Android Open Source Project" reports Bleeping Computers. The last step highlights that the actual release is not far away, and OTA update news could be supported for Pixel device.
Read more »
data security
Cyber Security Cyber Security awareness Cybersecurity data risks data security

Cybersecurity Awareness Month Report Includes Cybersecurity Trends, Attitudes, and Behaviors

 



Cybersecurity experts are rigorously working to devise solutions for the ever-expanding attack tactics that cybercriminals come up with, there is ample research conducted in the sphere of cybersecurity as cyber police actively monitor and counter the increasingly sophisticated cybercrime. There are a number of applications and software that could be installed yet the crime rate has continued to quadruple which is indicative of the security loopholes. 

The National Cybersecurity Alliance and CybSafe published a report in which the firm polled 2,000 individuals across the U.S. and UK; the report’s key findings include cybersecurity trends, attitudes, and behaviors ahead of Cybersecurity Awareness Month this month. 

Lisa Plaggemier, Interim Executive Director, National Cybersecurity Alliance said that “The cybersecurity threat landscape is as complex and diverse as it has ever been. The daily headlines of data breaches and ransomware attacks is a testament to the problem getting worse, yet most people aren’t aware of the simple steps they can take to be a part of the solution. It’s critical to have a deeper understanding of both the challenges we face and the prevailing attitudes and behaviors among the public.” 

“Cybersecurity is about more than just tools, it’s about people,” said Oz Alashe, CEO at CybSafe. “Too often people are forgotten in cybersecurity conversations.” 

According to the research results, millennials (44%) and Gen Z (51%) have experienced more cyberattacks than baby boomers (21%). Meanwhile, 25% of millennials and 24% of Gen Zers have disclosed that their private data has been breached more often in comparison to baby boomers. Subsequently, 79% of baby boomers disclosed that they had never been a victim of cybercrime.

As per a survey, executing commonly known tech security measures such as strong passwords, multi-factor authentication (MFA), and others are the best way to protect the system. 

The corresponding responses of the public are as mentioned below: 

Password rules: 46% of respondents said that they go with different passwords for every online account, 20% said that they never or rarely do so. While 43% said that they create a long and unique password either “always” or “very often.” 

Software update installation lagging: 31% of respondents said they either sometimes, rarely, or never install software updates. Whereas, 48% of respondents said that they don’t know what MFA is. 

“Despite the myth that older individuals are more likely to be susceptible to cybercriminals and their tactics, our research has uncovered that younger generations are far more likely to recognise that they have been a victim of cybercrime,” said Plaggemier. 

“This is a stark reminder for the technology industry that we cannot take cybersecurity awareness for granted among any demographic and need to focus on the nuances of each different group. And, clearly, we need to rethink perceptions that younger individuals are more tech-savvy and engage more frequently in cybersecurity best practices than older technology users.” 

The report further substantiated that 34% of individuals have personally been a victim of a data breach. Of these individuals, 51% reported that they experienced data breaches more than once. While 19% of respondents said that they have been a victim of identity theft. Out of those who were a victim of cybercrime, 61% told that they did not report the incident.
Read more »
Vulnerabilities and Exploits
Arbitrary code execution Code Injection Vulnerability Python Package Vulnerabilities and Exploits

JFrog Expose Code Injection Vulnerability Affecting Yamale Python Package

 

Security researchers at JFrog, have recently exposed a code injection vulnerability in Yamale, a schema and validator for YAML, that could easily be exploited by an attacker to execute arbitrary Python code.

The issue tracked as CVE-2021-38305 (CVSS score: 7.8), allows hackers to circumvent existing protections and execute arbitrary Python code by exploiting the schema file provided as input to Yamale, JFrog security researchers explained.

Yamale is a Python package that allows manufacturers to validate YAML (a data serialization language for writing configuration files) from the command line. The popular package is used by at least 224 repositories On GitHub.

"This gap allows attackers that can provide an input schema file to perform Python code injection that leads to code execution with the privileges of the Yamale process. We recommend sanitizing any input going to eval() extensively and — preferably — replacing eval() calls with more specific APIs required for your task,” JFrog Security CTO Asaf Karas stated. 

According to researchers, the vulnerability has been patched in Yamale version 3.0.8. "This release fixes a bug where a well-formed schema file can execute arbitrary code on the system running Yamale," the developers of Yamale noted.

The findings are the latest in a series of security flaws unearthed by JFrog in Python packages. In June 2021, Yamale revealed typo squatted packages in the PyPi repository that were identified to download and implement third-party cryptominers such as T-Rex, ubqminer, or PhoenixMiner for mining Ethereum and Ubiq on exploited devices. 

Soon after, the JFrog security researchers uncovered eight more malicious Python libraries, downloaded over 30,000 times, that could have been exploited to implement remote code on the targeted device, collect system data, automatically store credit card information and passwords in Chrome and Edge browsers, and even steal Discord authentication tokens.

"Software package repositories are becoming a popular target for supply chain attacks and there have been malware attacks on popular repositories like npm, PyPI, and RubyGems," the researchers said. "Sometimes malware packages are allowed to be uploaded to the package repository, giving malicious actors the opportunity to use repositories to distribute viruses and launch successful attacks on both developer and CI/CD machines in the pipeline."
Read more »
XHTML Code
CAPTCHA Security Flaw Forum Manager GitHub Vulnerabilities and Exploits XHTML Code

MyBB CAPTCHA Flaw Breaks Forum Validation Checks

 

MyBB has issued a warning to users that the latest version of the programme contains a CAPTCHA-breaking flaw that may affect forum functioning. 

The popular open-source software serves as the foundation for thousands of online forums. However, in June, version 1.8.27 accidentally introduced a programming vulnerability that affects CAPTCHA verification systems enabled by users. 

The project's developers warned on October 3 that the problem affects reCAPTCHA v3 and hCaptcha invisible, two services meant to prevent harmful bots from flooding web pages with false traffic. According to the MyBB developers, validation efforts performed using CAPTCHAs, when applied on a forum, “appear broken and the verification can reject or accept attempts incorrectly”. 

The problem, which has been reported on GitHub, was caused by the usage of the incorrect template and handlers for the CAPTCHAs. Incorrect pointers in reCAPTCHA v3 have resulted in a faulty image verification prompt, possibly allowing the system to be circumvented. 

In the context of hCaptcha, the incorrect handler may cause the feature to refuse all challenges. MyBB advises that users move to an alternative technique for applying CAPTCHAs on their forums temporarily or manually apply forthcoming updates available on GitHub. 

Version 1.8.27 is presently being stabilized, and a fix will be included in the next maintenance release.

Examine the builds 

In addition to the CAPTCHA fix, MyBB has requested forum managers to check their error logging configurations. A read-only feature released in MyBB 1.8.27 requires XHTML code validation as it is created to give forum administrators a chance to notice any errors in a configuration error report– ahead of the planned full release of this feature. 

Customized MyCodes, plugins, theme templates, or username styles that are incompatible with the next version may cause problems in the next build. 

The developers stated, “After upgrading, validation errors will continue to be logged, but messages with problematic MyCode will not be displayed to prevent potential XSS attacks against your forums.”
Read more »
Vulnerabilities and Exploits
Cisco Cisco smart switches High Severity Security patches Vulnerabilities and Exploits

Cisco Releases Patches for Several High Severity Vulnerabilities

 

This week, Cisco addressed a number of high-severity flaws in its Web Security Appliance (WSA), Intersight Virtual Appliance, Small Business 220 switches, and other products. If all of these issues are successfully exploited, attackers may be able to cause a denial of service (DoS), perform arbitrary commands as root, as well as obtain administrator rights. 

Two high-severity vulnerabilities (CVE-2021-34779 and CVE-2021-34780) were discovered within the implementation of the Link Layer Discovery Protocol (LLDP) for Small Business 220 series smart switches, allowing arbitrary code execution and a denial of service condition. The business switch series software update additionally fixes four medium-severity security issues that could cause LLDP storage destruction on a vulnerable device. 

Inadequate input validation inside the Intersight Virtual Appliance is another serious flaw. The security vulnerability, identified as CVE-2021-34748, could allow arbitrary instructions to be executed with root rights. 

Cisco further patched two high-severity flaws in its ATA 190 series and ATA 190 series multiplatform (MPP) software this week. The issues, identified as CVE-2021-34710 and CVE-2021-34735, might be used to execute malicious code and create a denial of service (DoS) scenario, accordingly. 

One of these flaws was disclosed to Cisco by firmware security company IoT Inspector, which published an alert on Thursday 7th of October, detailing its observations. 

Cisco has fixed a race issue in the AnyConnect Secure Mobility Client for Linux and macOS that could've been exploited to execute arbitrary code having admin rights, as well as an inappropriate memory management vulnerability in AsyncOS for Web Security Appliance (WSA) that might result in DoS. 

CVE-2021-1594, an inadequate input validation vulnerability in the REST API of Cisco Identity Services Engine, is yet another high-severity weakness patched this week (ISE). An intruder in a man-in-the-middle position might leverage the issue to execute arbitrary instructions with root access by decrypting HTTPS data between two ISE personas on different nodes. 

Cisco also provided fixes for TelePresence CE and RoomOS, Smart Software Manager On-Prem, 220 series business switches, Identity Services Engine, IP Phone software, Email Security Appliance (ESA), DNA Center, and Orbital, which all have moderate issues. However, Cisco has issued patches for all these flaws and claims that exploits for them have not been publicly revealed.

Read more »
Vulnerabilities
Authentication Bypass CCTV cameras China Cyber Security Vulnerabilities

Unpatched Dahua Cameras are Prone to Authentication Bypass Vulnerabilities

 

Two authentication bypass vulnerabilities exist in unpatched Dahua cameras, and a proof-of-concept exploit released on 7th October makes the case for upgrading urgent. Both CVE-2021-33044 and CVE-2021-33045 are authentication bypass weaknesses that can be remotely exploited during the login process by sending specially crafted data packets to the target device. 

This comes a month after Dahua issued a security advisory urging owners of vulnerable models to update their firmware, but given how often these devices are forgotten after initial setup and installation, it's possible that many of them are still running an old and vulnerable version. The list of impacted models is long and includes several Dahua cameras, including some thermal cameras. 

IPVM confirmed in 2019 that numerous Dahua cameras had a wiretapping vulnerability, based on tests and information from Dahua. Even if the camera's audio was turned off, an unauthenticated attacker could still listen in. 

An emergency investigation was conducted by the Dahua Security Team and the R&D Team, with the following preliminary findings: 

 • Unauthorized download vulnerability in video chat - This vulnerability no longer exists after code reworking because the relevant functional modules were refactored. Some EOL products would have posed a threat to security.

 • Replay attack vulnerability: This was a newly discovered vulnerability that had affected several Dahua products. 

Dahua spokesperson Tim Shen said, "Dahua uses the secure login authentication method “Digest” by default, but in order to be compatible with early devices, we also retain support for the login authentication method with insufficient security. This vulnerability just exploits these insecure login authentication methods." 

The flaw was initially reported to Dahua in May of 2019. Tenable Research Engineer Jacob Baines discovered a vulnerability within an Amcrest (Dahua OEM) camera's firmware (PoC here, CVE-2019-3948), allowing unauthenticated access to the audio stream. 

The Chinese surveillance camera provider Dahua Technology has been barred from doing business and selling products in the United States since October 2019, when it was added to the US Department of Commerce's 'Entity List.' However, tens of thousands of Dahua cameras are still in use around the country, and some of them may not be readily apparent. Many cameras marketed in the United States under American or Canadian brands use Dahua hardware and even software, according to a new revelation from The Intercept.
Read more »
Vulnerabilities and Exploit
macOS Products Malicious Codes PoC Exploit Code Vulnerabilities and Exploit

PoC Exploit Code Published for macOS Gatekeeper Bypass Vulnerability

 

Cybersecurity researcher Rasmus of F-Secure has published a proof-of-concept (PoC) exploit code for a macOS Gatekeeper bypass vulnerability that Apple fixed earlier this year in April. 

The PoC exploit code targets CVE-2021-1810, a flaw that can lead to the bypass of all three protections that Apple executed against downloading malicious files in macOS – file quarantine, Gatekeeper, and notarization. 

The vulnerability was spotted in the Archive Utility component of macOS Big Sur and Catalina and can be abused via a specially designed ZIP file. To successfully exploit the flaw, an attacker must trick a user into installing and opening an archive to implement malicious code inside. 

By exploiting the flaw, the attacker can implement unsigned binaries on macOS devices, even if the Gatekeeper enforces code signing or warn user of the malicious code implementation . According to Sten, the flaw is related to the way in which the Archive Utility handles file paths. Particularly, for paths longer than 886 characters, the com.apple.quarantine extended attribute would no longer apply, resulting in a Gatekeeper bypass for the files. 

While researching edge cases with long path filenames, the researcher identified that some macOS components acted surprisingly when the total path length reached a certain limit. Finally, Sten identified that it was feasible to design an archive with a hierarchical structure for which the path length was long enough so that Safari would call Archive Utility to unpack it and that Archive Utility would not apply the com.apple.quarantine attribute, but short enough to be browsable using Finder and for macOS to execute the code within. 

“In order to make it more appealing to the user, the archive folder structure could be hidden (prefixed with a full stop) with a symbolic link in the root which was almost indistinguishable from a single app bundle in the archive root,” the researcher explained in his blog post. 

The researcher also published a video demo of the exploit that creates the archive with the path length necessary to bypass CVE-2021-1810, along with a symbolic link to make the ZIP file look normal. The flaw was addressed with the release of macOS Big Sur 11.3 and Security Update 2021-002 for Catalina.
Read more »
Vulnerability and Exploits
Cybersecurity Breach Mac macOS PoC Vulnerability and Exploits

Expert Releases PoC Exploit for MacOS Gatekeeper Bypass

 

Cybersecurity expert Rasmus Sten, an F-Secure software engineer, published a PoC exploit code for MacOS Gatekeeper bypass that Apple fixed earlier in 2021. The PoC (Proof of Concept) exploit attacks CVE-2021-1810 vulnerability, which leads to escaping three protection that Apple has built against harmful file downloads, particularly Gatekeeper, notarization and file quarantine. The vulnerability was discovered in the Archive Utility component of MacOs Big Sur and Catalina and can be compromised using specifically made ZIP file. 

For the compromise to be successful, the attacker has to fool the user into downloading and installing the archive to deploy malicious codes in the system. The vulnerability exploit would allow an attacker to execute unsigned binaries on MacOS systems, including Gatekeeper that enforces code signatures and user wouldn't be aware of the malicious code execution. According to Sten, the vulnerability is linked to a pattern where Archive Utility controls file paths. Especially, if the paths are larger than 886 characters, the com.apple.quarantine feature couldn't be enabled, which will allow Gatekeeper bypass for the malicious files. 

During the investigation of long path file names samples, Sten found that few MacOS parts showed unexpected pattern after the final path length touched a certain point. In the end, experts found that it may be possible to make an archive with a hierarchical structure, in this case, the path length would be long enough for Safari to call Archive Utility to unload it and wouldn't use com.apple.quarantine attribute, but small enough for Finder to browse and MacOS to deploy the malicious codes in the system. 

To lure the victim easily, attacker could hide archive folder structure using a symbolic link in root which is almost indifferent from a single application bundle in an archive root. "Sten, who also released a video demo of the exploit, has published PoC code that creates the archive with the path length necessary to bypass CVE-2021-1810, along with a symbolic link to make the ZIP file look normal.The vulnerability was addressed with the release of macOS Big Sur 11.3 and Security Update 2021-002 for Catalina," reports Security Week.
Read more »
Subscribe to: Comments (Atom)