By recognizing the importance of diversity in technology stacks and incorporating it into security protocols and incident response plans, companies can proactively protect their infrastructure and reduce the likelihood of catastrophic events.
Cyware News – Latest Cyber News – Read More
Post Content
darkreading – Read More
“It’s critical to not only back up your critical workloads, but also to secure those backups against subsequent modification and deletion.”
The post Google Introduces ‘Air-Gapped’ Backup Vault to Thwart Ransomware appeared first on SecurityWeek.
SecurityWeek – Read More
A “simplified Chinese-speaking actor” has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization (SEO) rank manipulation.
The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimology footprint scattered across Thailand, India, Korea, Belgium, the Netherlands, and China.
”
The Hacker News – Read More
Security budgets are seeing modest growth in 2024, with an 8% increase compared to a 6% growth in 2023. However, hiring of security staff has significantly slowed down, according to a report by IANS Research and Artico Search.
Cyware News – Latest Cyber News – Read More
Cisco Talos’ Vulnerability Research team discovered two vulnerabilities have been disclosed and fixed over the past few weeks.
Talos discovered a time-of-check time-of-use vulnerability in Adobe Acrobat Reader, one of the most popular PDF readers currently available, and an information disclosure vulnerability in the Microsoft Windows AllJoyn API.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
The AllJoyn API in some versions of the Microsoft Windows operating system contains an information disclosure vulnerability.
TALOS-2024-1980 (CVE-2024-38257) could allow an adversary to view uninitialized memory on the targeted machine.
AllJoyn is a DCOM-like framework for creating method calls or sending one-way signals between applications on a distributed bus. It primarily is used in internet-of-things (IoT) devices to tell the devices to perform certain tasks, like turning lights on or off or reading the temperature of a space.
Microsoft fixed this issue as part of its monthly security update on Tuesday. For more on Patch Tuesday, read Talos’ blog here.
CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges.
Discovered by KPC.
Adobe Acrobat Reader, one of the most popular pieces of PDF reading software currently available, contains a time-of-check, use-after-free vulnerability that could trigger memory corruption, and eventually, arbitrary code execution.
TALOS-2024-2011 (CVE-2024-39420) can be executed if an adversary tricks a targeted user into opening a specially crafted PDF file with malicious JavaScript embedded. This JavaScript could then trigger memory corruption due to a race condition.
Depending on the memory layout of the process this vulnerability affects, it may be possible to abuse this vulnerability for arbitrary read and write access, which could ultimately be abused to achieve arbitrary code execution.
Cisco Talos Blog – Read More
Three major advisories from CISA address 17 vulnerabilities across products from LOYTEC Electronics GmbH, Hughes Network Systems, and Baxter.
Multiple products are affected by vulnerabilities allowing for the cleartext transmission of sensitive data, such as passwords, which could be exploited through Man-in-the-Middle (MitM) attacks. Despite being reported in 2021, these vulnerabilities are now publicly disclosed due to the vendor’s lack of response.
With 629 internet-exposed instances, primarily in Italy and France, the likelihood of exploitation is high. Proof of Concepts (PoCs) for these vulnerabilities is publicly available.
Other notable vulnerabilities include insufficiently protected credentials and SQL injection, affecting critical infrastructure systems.
The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted multiple vulnerabilities in ICS products from LOYTEC Electronics GmbH, Hughes Network Systems, and Baxter. Cyble Research & Intelligence Labs (CRIL) stressed critical vulnerabilities and threats identified between September 03, 2024, and September 09, 2024. These vulnerabilities span a range of severity levels and impact various products from LOYTEC Electronics GmbH, Hughes Network Systems, and Baxter.
Multiple vulnerabilities have been identified in LOYTEC Electronics GmbH’s product line. These issues primarily involve the cleartext transmission and storage of sensitive information, along with missing authentication for critical functions and improper access control. Specifically, CVE-2023-46380, CVE-2023-46382, CVE-2023-46383, and CVE-2023-46385 are high-severity vulnerabilities that expose sensitive data such as passwords to potential interception through Man-in-the-Middle (MitM) attacks. These vulnerabilities affect multiple products, including LINX-151, LINX-212, LVIS-3ME12-A1, and various models within the LIOB and L-INX Configurator series.
For instance, CVE-2023-46380 and CVE-2023-46382 both deal with cleartext transmission of sensitive information. The risk associated with these vulnerabilities is significant because attackers can intercept and read sensitive data sent over the network. Exploiting CVE-2023-46384 and CVE-2023-46386, which involve cleartext storage of sensitive information, further compounds the risk, as attackers gaining access to these stored data could potentially exploit it for unauthorized purposes.
Additionally, CVE-2023-46381 and CVE-2023-46387 address missing authentication and improper access control issues. These vulnerabilities allow unauthorized access to critical functions and systems, which can lead to broader system compromises if exploited. The absence of proper authentication mechanisms in these cases means that attackers could bypass security measures and gain unauthorized control.
Hughes Network Systems’ WL3000 Fusion Software is affected by two medium-severity vulnerabilities. CVE-2024-39278 and CVE-2024-42495 highlight insufficiently protected credentials and missing encryption of sensitive data, respectively. CVE-2024-39278 exposes credentials that are not adequately protected, which could be intercepted and misused by attackers.
On the other hand, CVE-2024-42495 involves missing encryption for sensitive data, increasing the risk of data breaches and unauthorized access. These vulnerabilities affect versions of the software before 2.7.0.10, emphasizing the importance of updating to the latest versions to mitigate these risks.
Baxter’s Connex Health Portal has been identified with critical and high-severity vulnerabilities. CVE-2024-6795 is a critical SQL injection vulnerability that affects all versions of the Connex Health Portal, released before August 30, 2024. SQL injection vulnerabilities allow attackers to execute arbitrary SQL commands on the database, potentially leading to unauthorized data access or modification.
In addition, CVE-2024-6796 involves improper access control, which can result in unauthorized access to sensitive application areas. Both vulnerabilities necessitate immediate patching and updates to protect against potential exploits.
The vulnerabilities identified across these ICS products highlight critical risks that need prompt attention. For LOYTEC Electronics GmbH products, the issues primarily involve data security flaws, while Hughes Network Systems and Baxter face vulnerabilities that affect credential protection and data encryption.
Organizations using these systems should prioritize applying available patches and updates, implementing robust access controls, and enhancing their security posture to mitigate the risks posed by these vulnerabilities. The majority of disclosed vulnerabilities are categorized as high severity, emphasizing the critical need for prompt action and mitigation.
These vulnerabilities highlight critical security issues in ICS products from LOYTEC Electronics GmbH, Hughes Network Systems, and Baxter. Key vulnerabilities include cleartext transmission of sensitive data, SQL injection, and improper access controls, all of which pose significant risks. Organizations must act quickly by applying patches, enhancing access controls, and improving security monitoring. These steps are crucial to mitigating the identified risks and protecting critical infrastructure from exploitation.
Implement network segmentation to isolate ICS networks from corporate and internet networks. Use firewalls and DMZs to manage traffic between segments.
Apply strong, multifactor authentication and limit access based on the principle of least privilege.
Keep ICS hardware and software updated with the latest patches to defend against known vulnerabilities.
Deploy monitoring tools to detect suspicious activities and maintain logs for forensic investigations.
Develop and test an ICS-specific incident response plan for effective handling of security incidents.
Educate staff on ICS-specific threats and best practices, emphasizing the risks of social engineering and untrusted software sources.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01
https://www.cisa.gov/news-events/ics-advisories/icsa-24-249-01
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-249-01
The post Major ICS Security Flaws Disclosed in LOYTEC, Hughes, and Baxter Products appeared first on Cyble.
Blog – Cyble – Read More
DDoS attacks have doubled, with governments being the most targeted sector, according to StormWall’s report. The number of DDoS incidents globally increased by 102% in the first half of 2024 compared to the same period in 2023.
Cyware News – Latest Cyber News – Read More
SplxAI has raised $2 million in pre-seed funding to help organizations identify vulnerabilities in AI chat applications.
The post SplxAI Raises $2 Million to Protect AI Chatbot Apps appeared first on SecurityWeek.
SecurityWeek – Read More
Quad7 botnet is expanding its reach by targeting additional SOHO devices with custom malware for Zyxel VPN appliances, Ruckus wireless routers, and Axentra media servers, in addition to previously reported TP-Link and ASUS routers.
Cyware News – Latest Cyber News – Read More