Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc

  • Viestiketjun aloittaja Viestiketjun aloittaja OldSkool
  • Aloitus PVM Aloitus PVM
Researcher discovered a “more powerful” variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month.
Attackers are actively exploiting a Windows Installer zero-day vulnerability that was discovered when a patch Microsoft issued for another security hole inadequately fixed the original and unrelated problem.

Over the weekend, security researcher Abdelhamid Naceri discovered a Windows Installer elevation-of-privilege vulnerability tracked as CVE-2021-41379 that Microsoft patched a couple of weeks ago as part of its November Patch Tuesday updates.
Klikkaa laajentaaksesi...
threatpost.com

Attackers Actively Target Windows Installer Zero-Day

Researcher discovered a “more powerful” variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month.
threatpost.com threatpost.com
 
!!!

The EU needs more cybersecurity graduates to plug the political bloc's shortage of skilled infosec bods, according to a report from the ENISA online security agency.

The public sectors of EU countries should "support a unified approach" to infosec-focused higher education, it says, addressing an issue that is by no means unique to the bloc.

In a new report titled "Addressing the EU Cybersecurity Skills Shortage and Gap Through Higher Education", academics Jason Nurse and Konstantinos Adamos, together with ENISA's Athanasios Grammatopoulos and Fabio Di Franco, said the European Union needs to get more students signing up for cybersecurity degrees.

The report found that the majority of cybersecurity degrees offered across the 27-states – 77 per cent – are at master's degree level. Just under a fifth (17 per cent) are undergraduate degrees while 6 per cent are at "postgraduate" level.
Klikkaa laajentaaksesi...
www.theregister.com

EU needs more cybersecurity graduates, says ENISA

Skills gap needs filling somehow
www.theregister.com www.theregister.com

Kirjoitin tästä toissa päivänä, eli koulutusta pitää muuttaa esim AMK tasolla siten että exploittaus ja pahanteko otetaan ensin esille ja sitten koulutetaan miten se korjataan alusta asti. Samalla pitäisi aloittaa myös raudan heikkouksista ja miten niitä on aikojen saatossa exploitattu. Tämä antaa niin rauta kuin softainsseille ymmärryksen alusta asti miten homma toimii kuin sen sijaan että se on erillisenä kurssina peruskoulutuksen jälkeen.
 
An unpatched Windows security vulnerability could allow information disclosure and local privilege escalation (LPE), researchers have warned. The issue (CVE-2021-24084) has yet to get an official fix, making it a zero-day bug – but a micropatch has been rolled out as a stop-gap measure.

Security researcher Abdelhamid Naceri originally reported the vulnerability as an information-disclosure issue in October 2020, via Trend Micro’s Zero-Day Initiative (ZDI). Though Microsoft had told him it was planning a fix for last April, the patch has not yet been forthcoming.

Then, this month, Naceri discovered that CVE-2021-24084 could also be exploited for LPE, so that non-admin Windows users can read arbitrary files even if they do not have permissions to do so. In a proof-of-concept exploit, he demonstrated that it’s possible to copy files from a chosen location into a Cabinet (.CAB) archive that the user can then open and read.

The process for doing so is very similar to the LPE exploitation approach for the HiveNightmare bug, CVE-2021-36934, which affects the Security Accounts Manager (SAM) database in all versions of Windows 10. The SAM component in Windows houses user account credentials and network domain information – a juicy target for attackers.

“As HiveNightmare/SeriousSAM has taught us, an arbitrary file disclosure can be upgraded to local privilege escalation if you know which files to take and what to do with them,” Mitja Kolsek, head of the 0patch team, noted in a recent posting. “We confirmed this [for the zero-day and were] able to run code as local administrator.”
Klikkaa laajentaaksesi...
threatpost.com

Unpatched Windows Zero-Day Allows Privileged File Access

A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.
threatpost.com threatpost.com

Niin monta zeroday exploittia. Tänä vuonna niitä on palanut iso kasa.
 
Microsoft has revealed its Digital Crimes Unit (DCU) won court approval to take control of websites a Chinese gang was using to attack targets across the world – often by exploiting vulnerabilities in Microsoft products.

A post attributed to Microsoft's corporate veep for customer security & trust, Tom Burt, states the US District Court for the Eastern District of Virginia has granted Microsoft to take control of malicious websites operated by a group called Nickel that has been around since at least 2016.

Burt's post indicates that Microsoft spotted Nickel trying to pinch information from "government agencies, think tanks and human rights organizations". Taking control of the websites Nickel owned will make it harder for the gang to conduct such attacks, Burt opined.

Nickel is also known as "KE3CHANG," "APT15," "Vixen Panda," "Royal APT" and "Playful Dragon".

Whatever the gang is called, it targets unpatched systems in the hope of owning and operating them with stealthy malware.
Klikkaa laajentaaksesi...
www.theregister.com

Microsoft takes over sites run by Chinese gang 'Nickel'

'Nickel' back in trouble for trying to lift secrets, often by exploiting Microsoft snafus
www.theregister.com www.theregister.com
 
cve-2021-44228-diagram.jpg

og4J is an open-source Java-based logging tool available from Apache. It has the ability to perform network lookups using the Java Naming and Directory Interface to obtain services from the Lightweight Directory Access Protocol. The end result: Log4j will interpret a log message as a URL, go and fetch it, and even execute any executable payload it contains with the full privileges of the main program. Exploits are triggered inside text using the ${} syntax, allowing them to be included in browser user agents or other commonly-logged attributes.
Klikkaa laajentaaksesi...
arstechnica.com

The Log4Shell 0-day, four days on: What is it, and how bad is it really?

If max-severity 0-day hasn’t already dampened your Xmas spirit, it likely soon will.
arstechnica.com arstechnica.com
 
The NCA now becomes the second law enforcement agency to officially supply HIBP with hacked passwords after the US Federal Bureau of Investigations began a similar collaboration with the service back in May. In a blog post today, Troy Hunt, HIBP creator Troy Hunt said that 225 million of the compromised passwords found by the NCA were new and unique.

These passwords have been added to a section of the HIBP website called Pwned Passwords. This section allows companies and system administrators to check and see if their current passwords have been compromised in hacks and if they are likely to be part of public lists used by threat actors in brute-force and password-spraying attacks. Currently, the HIBP Pwned Passwords collection includes 5.5 billion entries, of which 847 million are unique. All these passwords are also available as a free download, so companies can check their passwords against the data set locally without connecting to Hunt's service.

In a statement shared by Hunt, the NCA said it found the compromised passwords, paired with email accounts, in an account at a UK cloud storage facility. The NCA said they weren't able to determine or attribute the compromised email and password combos to any specific platform or company.
Klikkaa laajentaaksesi...
therecord.media

The NCA shares 585 million passwords with Have I Been Pwned

The UK National Crime Agency has shared a collection of more than 585 million compromised passwords it found during an investigation with Have I Been Pwned, a website that indexes data from security breaches.
therecord.media therecord.media

www.theregister.com

UK National Crime Agency finds 225 million previously unexposed passwords

Shares them with Troy Hunt’s Have I Been Pwned after sweeping them up from ‘compromised cloud storage’
www.theregister.com www.theregister.com
 
The Belgian military said on Tuesday it had been hit with a cyberattack five days ago and was still battling to restore affected parts of its system.
Military spokesman Olivier Severin told AFP that elements hit by last Thursday's attack, which contaminated services connected to the internet, were still being analysed and restored.
Severin did not name any group suspected of the attack and gave no further details of the systems involved.
The attackers are believed to have targeted a vulnerability in Log4j, a logging library that keeps track of events on a system.
The flaw, which was publicised earlier this month, was labelled "the single biggest, most critical vulnerability of the last decade" by US cybersecurity firm Tenable.
It can allow attackers to take control of a machine, move around the victim's network and deploy ransomware and spyware.
The Belgian military imposed "quarantine measures" to "contain the infected elements", Severin told the Belga press agency on Monday.
Log4j is a common piece of code and the vulnerability has led to widespread concern, but no other attacks on major companies or institutions have yet been reported.
Klikkaa laajentaaksesi...

Belgian military in five-day battle against cyberattack

METATEXT
www.spacewar.com
 
navigatormagazine.fi

Cinia ja Far North Digital rakentavat arktisen merikaapelin - Navigator Magazine

Cinia ja amerikkalainen Far North Digital perustavat yhteisen hankkeen tavoitteenaan rakentaa kaapelijärjestelmä, joka yhdistää Euroopan ja Aasian tietoverkot arktisen Luoteisväylän kautta. Nokian omistama ASN (Alcatel Submarine Networks) on mukana valittuna järjestelmän ja toteutusprojektin...
navigatormagazine.fi navigatormagazine.fi
www.politico.eu

Finnish-US internet cable planned to bolster Europe’s digital trade with Asia

A 14,000-kilometer internet cable in the Arctic could connect Japan to countries including Finland and Ireland in 2025.
www.politico.eu www.politico.eu
 
Suomalaisittain merkittävän tietoturva-yhtiön, FSecuren politiikka ainakin vuosi sitten, oli GSM-verkossa mobiililaitteiden hyväksytysti käyttö, vain Applen kännyköille.
 
Pihkakoski kirjoitti:
Suomalaisittain merkittävän tietoturva-yhtiön, FSecuren politiikka ainakin vuosi sitten, oli GSM-verkossa mobiililaitteiden hyväksytysti käyttö, vain Applen kännyköille.
Klikkaa laajentaaksesi...
Mikäs ompun tuotteissa tekee niistä turvallisen GSM-verkkoon? Eikös ne ihan GSM-salauksella siellä toimi...

Sitten jos mennään pikaviestinnän puolelle, niin siellähän on käytössä kaksisuuntainen salaus, mutta..
arstechnica.com

Zero-click iMessage zero-day used to hack the iPhones of 36 journalists

Malicious messages installed spyware that recorded audio and pics and stole passwords.
arstechnica.com arstechnica.com

Ihan mielenkiintoinen juttu jos tarkemmin penkoo. Wanhasta skannerin kuvanpakkausohjelmasta löytynyt bufferoverflow joka mahdollisti logiikkaporttien luomisen ja sitä kautta yksinkertaisen tietokoneen luomisen kännyn sisään... NSO on ollut muutenkin esillä, ja taitoa ilmeisesti löytyy...
 
Lapinukko kirjoitti:
Appsit paskaa androideissa?
Klikkaa laajentaaksesi...
Sitäkin jos niitä ihan kaikkialta latailee tai jotain randomeita emoijia play kaupasta. Yhtä hyvin Apple ne appsit tutkii kuin Googlekin, eli automaattisesti. Vanhat anterot on vaan niin paskoja turvallisuuden kannalta ja käyttäjät vielä paskempia... tottakai jollain random pelillä pitää olla oikeus osoitekirjaan ja käyttäjän vielä se hyväksyä...
 
Criminals are actively exploiting the high-severity Log4Shell vulnerability on servers running VMware Horizon in an attempt to install malware that allows them to gain full control of affected systems, the UK’s publicly funded healthcare system is warning.

CVE-2021-44228 is one of the most severe vulnerabilities to come to light in the past few years. It resides in Log4J, a system-logging code library used in thousands if not millions of third-party applications and websites. That means there is a huge base of vulnerable systems. Additionally, the vulnerability is extremely easy to exploit and allows attackers to install Web shells, which provide a command window for executing highly privileged commands on hacked servers.
Klikkaa laajentaaksesi...
arstechnica.com

Patch systems vulnerable to critical Log4j flaws, UK and US officials warn

One of the highest-severity vulnerabilities in years, Log4Shell remains under attack.
arstechnica.com arstechnica.com
 
U.S. Cyber Command task force executed what is being described as its “first offensive cyber effect operation” against real-world cyber threats. While the exact nature of the operation and its target remains unknown, the event was significant enough for the U.S. Secretary of Defense to personally attend to watch the operation in action.

The operation was conducted between February and August 2021 by a task force consisting of personnel from the Maryland Air National Guard’s 175th Cyber Operations Group, the Delaware Air National Guard’s 166th Cyber Operations Squadron, U.S. Navy’s Cyber Strike Activity Sixty-Three, the U.S. Air Force’s 341st Cyber Operations Squadron, and the Air Force Reserve. The task force executed the operation from February to August last year, although the Air National Guard (ANG) just announced it this week. While there have been other offensive cyber operations conducted by U.S. Cyber Command (USCYBERCOM), this is the first conducted and acknowledged by this particular task force.
Klikkaa laajentaaksesi...
www.thedrive.com

Cyber Command Task Force Conducted Its First Offensive Operation As The Secretary Of Defense Watched

The operation is another sign of the rapidly evolving nature of warfare in the digital domain and the future importance of offensive cyber operations.
www.thedrive.com www.thedrive.com
 
Researchers discovered a bug related to the Log4J logging library vulnerability, which in this case opens the door for an adversary to execute remote code on vulnerable systems. However, this flaw does not pose the same risk as the previously identified in Log4Shell, they said.

Frog security discovered the flaw and rated critical in the context of the H2 Java database console, a popular open-source database, according to a Thursday blog post by researchers.

H2 is attractive to developers for its lightweight in-memory solution–which precludes the requirement for data to be stored on disk—and is used in web platforms such as Spring Boot and IoT platforms such as ThingWorks.
Klikkaa laajentaaksesi...
threatpost.com

Log4J-Related RCE Flaw in H2 Database Earns Critical Rating

Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat.
threatpost.com threatpost.com
 
Team82 and Synk examined 16 different URL parsing libraries, including: urllib (Python), urllib3 (Python), rfc3986 (Python), httptools (Python), curl lib (cURL), Wget, Chrome (Browser), Uri (.NET), URL (Java), URI (Java), parse_url (PHP), url (NodeJS), url-parse (NodeJS), net/url (Go), uri (Ruby) and URI (Perl).
Klikkaa laajentaaksesi...
threatpost.com

URL Parsing-Library Bugs Allow DoS, RCE, Spoofing & More

Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications.
threatpost.com threatpost.com
As an example of a real-world attack scenario, slash confusion could lead to server-side request forgery (SSRF) bugs, which could be used to achieve RCE. Researchers explained that different libraries handle URLs with more than the usual number of slashes (https:///www.google.com, for instance) in different ways: Some of them ignore the extra slash, while others interpret the URL as having no host.

In the case of the former (the approach of most modern browsers as well as cURL), accepting malformed URLs with an incorrect number of slashes can lead to SSRF, researchers explained: “[Libraries that do not] ignore extra slashes…will parse this [malformed] URL as a URL with an empty authority (netloc), thus passing the security check comparing the netloc (an empty string in this case) to google.com. However, since cURL ignores the extra slash, it will fetch the URL as if it had only two slashes, thus bypassing the attempted validation and resulting in a SSRF vulnerability.”

URL confusion is also responsible for the Log4Shell patch bypass, according to Claroty, because two different URL parsers were used inside the JNDI lookup process: One parser was used for validating the URL, and another for fetching it.
Klikkaa laajentaaksesi...
 
The European Space Agency (ESA) is inviting applications from attackers who fancy having a crack at its OPS-SAT spacecraft.

It's all in the name of ethical hacking, of course. The plan is to improve the resilience and security of space assets by understanding the threats dreamed up by security professionals and members of he public alike.

OPS-SAT has, according to ESA, "a flight computer 10 times more powerful than any current ESA spacecraft" and the CubeSat has been in orbit since 2019, providing a test bed for software experiments.

It is therefore the ideal candidate for l33t h4x0rs to turn their attention to, while ESA engineers ensure the environment is kept under control.

"The in-built robustness of OPS-SAT makes it the perfect flying platform for ethical hackers to demonstrate their skills in a safe but suitably realistic environment," explained Dave Evans, OPS-SAT mission manager.
Klikkaa laajentaaksesi...
www.theregister.com

Hack our spacecraft, says ESA

Space: The final frontier for cybersecurity
www.theregister.com www.theregister.com
 
Russian law enforcement authorities said on Friday that they have arrested 14 people associated with REvil, a top ransomware group that has disrupted critical operations of wealthy targets and held their data hostage.

The action, carried out by Russia’s FSB, the successor agency to the KGB, is a rare example of the country’s government cracking down on cybercrime by its citizens. The US and Russia have no extradition treaty in place, and critics have said the Kremlin routinely harbors cybercriminals as long as they don’t target organizations located in the former Soviet Union. The arrests come as tensions between Russia and the US escalate over a standoff involving Ukraine.
Klikkaa laajentaaksesi...
arstechnica.com

Russia says it has neutralized the cutthroat REvil ransomware gang

“Big-game hunter” REvil has menaced the world for 3 years with massive attacks.
arstechnica.com arstechnica.com

A joint operation between the FSB and local police searched 25 addresses and detained 14 people; it also seized 426 million rubles, $600,000, 500,000 euros, computer equipment, and 20 luxury cars, Friday’s release said. Russian officials said they directly informed their US counterparts of the action. The authorities carried out the operation following a request from the US, the FSB said.
Klikkaa laajentaaksesi...
 
Linux users on Tuesday got a major dose of bad news—a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running any major distribution of the open source operating system.


Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. It also allows users to execute commands with high privileges by using a component called pkexec, followed by the command.
Klikkaa laajentaaksesi...
arstechnica.com

A bug lurking for 12 years gives attackers root on most major Linux distros

It’s likely only a matter of time before PwnKit is exploited in the wild.
arstechnica.com arstechnica.com
 
Sinun täytyy kirjautua vastataksesi.
Back
Top