Legal experts, technologists and tech-industry representatives say software liability is extremely difficult to design, with multiple competing approaches. But some lawmakers want to make it a top priority.
The Record from Recorded Future News – Read More
Dan Jarvis, the U.K.’s security minister, says the country’s options for improving its defenses against cybercrime and digital espionage include an overhaul of the 1990 Computer Misuse Act.
The Record from Recorded Future News – Read More
There are more similarities between developing a professional athlete and developing a cybersecurity pro than you might expect.
darkreading – Read More
Bitdefender has issued a security advisory detailing critical vulnerabilities within its flagship products, Bitdefender Total Security and SafePay. These vulnerabilities pose significant risks to users and require urgent patching.
Bitdefender Total Security serves as a cybersecurity solution designed to protect devices across various platforms against malware, ransomware, and numerous other cyber threats. Its key features include real-time threat detection, privacy safeguards, and performance enhancements. A standout feature, SafePay, is a secure browser that isolates users’ online activities—such as banking and shopping—encrypts transactions to prevent unauthorized access and ensure safe financial interactions.
The vulnerability classification is based on the Common Vulnerability Scoring System (CVSS) and includes four categories: Critical (9.0-10), High (7.0-9.0), Medium (4.0-6.9), and Low (0.0-3.9). The advisory highlights six high-severity vulnerabilities, each assigned a corresponding CVE ID: CVE-2023-6055, CVE-2023-6056, CVE-2023-6057, CVE-2023-6058, CVE-2023-49567, and CVE-2023-49570. All of these vulnerabilities affect Bitdefender Total Security and SafePay, with patches now available via automatic updates.
CVE-2023-6055: The first vulnerability, identified as CVE-2023-6055, relates to improper certificate validation in Bitdefender Total Security. It has a CVSS score of 8.6, indicating a high severity level. The issue stems from the software’s failure to adequately validate HTTPS website certificates. Specifically, if a site certificate does not include “Server Authentication” in its Extended Key Usage extension, the software incorrectly considers it valid. This flaw can enable an attacker to conduct a Man-in-the-Middle (MITM) attack, potentially intercepting and modifying communications between users and websites. To address this issue, an automatic update to version 27.0.25.115 is available.
CVE-2023-6056: Another significant vulnerability, CVE-2023-6056, also carries a high severity score of 8.6. This vulnerability involves the software improperly trusting self-signed certificates, particularly those signed with the RIPEMD-160 hashing algorithm. As a result, attackers can establish MITM SSL connections to arbitrary sites. Users are encouraged to install the automatic update to version 27.0.25.115 to mitigate this risk.
CVE-2023-6057: The third vulnerability, CVE-2023-6057, is found within the HTTPS scanning functionality of Bitdefender Total Security. With a CVSS score of 8.6, this vulnerability arises from the software’s failure to adequately check the certificate chain for DSA-signed certificates, allowing for potential MITM attacks. To resolve this issue, users should apply the automatic update to version 27.0.25.115.
CVE-2023-6058: This vulnerability impacts Bitdefender SafePay and has a high severity score of 8.6. It occurs when SafePay blocks a connection due to an untrusted server certificate, but users have the option to add the site to exceptions. By doing so, the software subsequently trusts the certificate for future HTTPS scans, which can open the door to MITM attacks using self-signed certificates. An automatic update to version 27.0.25.115 is available to fix this vulnerability.
CVE-2023-49567: Another critical vulnerability is CVE-2023-49567, which has the same CVSS score of 8.6. This flaw is due to the software trusting certificates issued using MD5 and SHA1 collision hash functions, enabling attackers to create rogue certificates that appear legitimate. Users should update to version 27.0.25.115 to eliminate this risk.
CVE-2023-49570: This vulnerability also scores 8.6 on the CVSS scale. This vulnerability allows Bitdefender to trust a certificate issued by an unauthorized entity, potentially enabling MITM attacks. To protect against this risk, users should install the automatic update to version 27.0.25.115.
To mitigate the risks associated with these vulnerabilities, the following strategies are recommended:
Organizations should regularly update all software systems with the latest patches from official vendors. Establishing a routine for applying critical patches immediately can reduce vulnerabilities.
A comprehensive strategy should encompass inventory management, patch assessment, testing, deployment, and verification. Automation of these processes can enhance consistency and efficiency.
Implement proper segmentation to protect critical assets from less secure areas. This strategy can help limit exposure and reduce potential attack surfaces.
Organizations should maintain a clear incident response plan detailing how to detect, respond to, and recover from security incidents. Regular testing of this plan is essential to ensure its effectiveness.
Comprehensive monitoring solutions should be in place to detect and analyze suspicious activities. Utilizing Security Information and Event Management (SIEM) systems can enhance real-time threat detection and response capabilities.
Organizations must proactively evaluate the criticality of their End-of-Life (EOL) products and plan for timely upgrades or replacements to minimize security risks.
The recent vulnerabilities found in Bitdefender Total Security and SafePay highlight critical risks that can undermine users’ cybersecurity defenses. While these products are designed to protect against a myriad of threats, the existence of high-severity vulnerabilities necessitates a proactive approach to patch management. Organizations must remain vigilant, ensuring that their cybersecurity solutions are not only effective but also up-to-date to prevent exploitation.
The post Bitdefender Total Security Vulnerabilities: Recent Patches and Recommendations appeared first on Cyble.
Blog – Cyble – Read More
Stream.Security (formerly Lightlytics) has raised a total of $55 million since launching in 2020 with a cloud data security product.
The post Stream.Security Secures $30 Million Series B appeared first on SecurityWeek.
SecurityWeek – Read More
Cyble’s weekly sensor intelligence report detailed more than 30 active attack campaigns against known vulnerabilities.
New attacks were observed against a vulnerability in the Spring Java framework, and more than 400,000 attacks were observed exploiting a known IoT vulnerability.
Cyble’s Vulnerability Intelligence unit also observed thousands of brute-force attacks and hundreds of phishing campaigns.
Here are some highlights from Cyble’s October 17 sensor report sent to clients.
CVE-2024-38816 is a high-severity Path Traversal vulnerability in the popular Spring Java framework that is still undergoing NVD assessment. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks.
An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. Specifically, an application is vulnerable when both of the following are true: the web application uses RouterFunctions to serve static resources, and resource handling is explicitly configured with a FileSystemResource location.
Malicious requests are blocked and rejected when either of the following is true: the Spring Security HTTP Firewall is in use, or the application runs on Tomcat or Jetty.
CVE-2020-11899 is a medium-severity Out-of-bounds Read vulnerability in the Treck TCP/IP stack, which was developed as an IPv6 implementation for the limited space of embedded devices. The flaw affects Treck TCP/IP versions before 6.0.1.66 and is also part of the “Ripple20” series of vulnerabilities that can lead to data theft, changes in device behavior or function, network intrusion, device takeover, and other malicious activities.
Cyble sensors detected more than 411,000 attacks on the CVE-2020-11899 vulnerability from Oct. 9 to 15, 2024, often in an attempt to gain administrator privileges (image below).
Cyble sensors have detected attacks against other “Ripple20” vulnerabilities during this period—most notably CVE-2020-11900, an IPv4 tunneling Double Free vulnerability also present in the Treck TCP/IP stack before 6.0.1.41—so IoT environments that may contain these vulnerabilities should check for exposures and apply appropriate mitigations.
CISA’s Ripple20 advisory – updated last month – lists 17 industrial, medical, and critical infrastructure device manufacturers whose products were potentially affected by the vulnerabilities.
Several other recent exploits observed by Cyble remain active. Linux systems remain under attack as threat actors (TAs) have become increasingly resourceful at delivering malware via package managers and other means. CoinMiner, Mirai, and IRCBot attacks remain active threats against Linux systems.
Previously reported vulnerabilities in PHP (CVE-2024-4577), GeoServer (CVE-2024-36401), and AVTECH IP cameras (CVE-2024-7029) also remain under active attack by threat actors.
Cyble detected 478 new phishing email addresses this week, a multi-week high. Below is a table listing the email subject lines and deceptive email addresses used in six prominent scam campaigns.
E-mail Subject
Scammers Email ID
Scam Type
Description
ABOUT YOUR PAYMENT…
dr.sumitra@ukrit.in
Claim Scam
Fake refund against claims
ATTN: Lucky Winner
santaluciasrspen1@spainmail.com
Lottery/Prize Scam
Fake prize winnings to extort money or information
GOD BLESS YOU….
info@advanceairsystem.com
Donation Scam
Scammers posing as Donors to donate money
My Donation
test@cinematajrobi.ir
Investment Scam
Unrealistic investment offers to steal funds or data
Order 21542906: cleared customs
support@recryptogen.com
Shipping Scam
Unclaimed shipment trick to demand fees or details
UN Compensation Fund
info@usa.com
Government Organization Scam
Fake government compensation to collect financial details
Cyble sensors detected thousands of brute-force attacks in the most recent report. The top 5 attacker countries and ports targeted were: Vietnam – ports 22 (52%), 3389 (25%), and 445 (22%); attacks originating from the United States targeted ports 5900 (58%), 22 (20%), 3389 (15%), 445 (5%), and 135 (2%). Ukraine, Russia, and Greece majorly targeted ports 3389, 1433, 5900, and 445. Security Analysts are advised to add security system blocks for the attacked ports (such as 22, 3389, 443, 445, 5900, and 3306).
Cyble researchers recommend the following security controls:
Blocking target hashes, URLs, and email info on security systems (Cyble clients received a separate IoC list).
Immediately patch all open vulnerabilities listed here and routinely monitor the top Suricata alerts in internal networks.
Constantly check for Attackers’ ASNs and IPs.
Block Brute Force attack IPs and the targeted ports listed.
Immediately reset default usernames and passwords to mitigate brute-force attacks and enforce periodic changes.
For servers, set up strong passwords that are difficult to guess.
With active threats against multiple systems highlighted, companies need to remain vigilant and responsive. The large number of brute-force attacks and phishing campaigns demonstrates the vulnerability crisis faced by organizations.
To protect their digital assets, organizations should address known vulnerabilities and implement recommended security controls, such as blocking malicious IPs and securing network ports. A proactive and layered security approach will be key in protecting defenses against exploitation and data breaches.
The post Cyble Sensors Detect Attacks on Java Framework, IoT Devices appeared first on Cyble.
Blog – Cyble – Read More
Critical and high-severity vulnerabilities that can lead to full device compromise have been found in mbNET.mini and Helmholz industrial routers.
The post Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Is NordVPN worth it? How much does it cost and is it safe to use? Read our NordVPN review to learn about pricing, features, security, and more.
Security | TechRepublic – Read More
Latrodectus malware has been increasingly used by cybercriminals, with recent campaigns targeting the financial, automotive and healthcare sectors.
The post Latrodectus Malware Increasingly Used by Cybercriminals appeared first on SecurityWeek.
SecurityWeek – Read More