The Spanish bank Santander said customers in Chile, Spain and Uruguay are affected by a data breach at a third-party provider.
The post Santander Data Breach Impacts Customers, Employees appeared first on SecurityWeek.
SecurityWeek – Read More
An unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail.
ESET, which identified the activity, attributed it with medium confidence to the Russia-aligned cyberespionage group Turla (aka Iron Hunter, Pensive Ursa, Secret Blizzard, Snake, Uroburos, and Venomous
The Hacker News – Read More
Apple patched a zero-day vulnerability (CVE-2024-27834) in Safari that was exploited at the Pwn2Own hacking competition. The vulnerability allowed an attacker to bypass Pointer Authentication Codes (PACs) and potentially execute remote code.
Cyware News – Latest Cyber News – Read More
The Avast Q1 2024 Threat Report highlighted a massive surge in social engineering scams, with a staggering 90% of all mobile and 87% of desktop threats falling into this category.
Cyware News – Latest Cyber News – Read More
Several serious vulnerabilities have been discovered in Telit Cinterion cellular M2M modems, including the possibility of remote arbitrary code execution (RCE) via SMS messages. These modems are used in millions of different devices and systems for both the consumer market segment (payment terminals, ATMs, cars) and various industries such as healthcare, financial, telecommunications, manufacturing and so on. We’ll tell you about the detected vulnerabilities and how you can protect yourself from them.
In total, Kaspersky ICS-CERT experts discovered seven zero-day vulnerabilities in Telit Cinterion modems:
CVE-2023-47610 / KLCERT-23-018: An attacker can achieve remote code execution (RCE) on the system by sending specially crafted SMS.
CVE-2023-47611 / KLCERT-22-216: Allows an attacker with low privileges on the system to elevate them to “manufacturer” level.
CVE-2023-47612 / KLCERT-22-194: An attacker with physical access to the device has the ability to read and write any files and directories on the system, including those that are hidden.
CVE-2023-47613 / KLCERT-22-211: Allows an attacker with low privileges on the system to escape a virtual directory and gain read and write access to protected files.
CVE-2023-47614 / KLCERT-22-210: Allows an attacker with low privileges on the system to disclose hidden virtual paths and filenames.
CVE-2023-47615 / KLCERT-22-212: Allows an attacker with low privileges on the system to gain unauthorized access to sensitive data.
CVE-2023-47616 / KLCERT-22-193: An attacker with physical access to the device has the ability to gain unauthorized access to sensitive data.
The most dangerous is the first vulnerability on this list (CVE-2023-47610). Among other things, it allows attackers to manipulate the modem’s memory and flash drive, ultimately giving them complete control over the system. Furthermore, this attack does not require physical access to the device or authentication.
All of the vulnerabilities mentioned above, from CVE-2023-47610 to CVE-2023-47616, affect the following list of cellular IoT modems:
Cinterion BGS5
Cinterion EHS5/6/8
Cinterion PDS5/6/8
Cinterion ELS61/81
Cinterion PLS62
Information about the vulnerabilities in these products was communicated in advance to Cinterion, the manufacturer of the modems.
It should be noted that the Cinterion modem line has changed hands several times. Cinterion company was acquired by Gemalto in 2010. In 2019, Gemalto was absorbed by Thales. Finally, in 2023, Thales sold the Cinterion modem line to Telit, resulting in Telit Cinterion.
It’s extremely difficult at this stage to compile a complete list of end products affected by these vulnerabilities. Manufacturers rarely disclose the component base used in their products, and cellular modem chips are often not directly integrated into end devices, but are parts of other components. What you end up with is multistage nesting – one supplier uses another supplier’s solutions in their product, that supplier uses a third, and so on down the chain. As a result, it is not easy even for the manufacturer of the end device to determine which chip performs the modem functions.
In the near future, our experts plan to publish a detailed technical report on the security of Telit Cinterion modems on the Kaspersky ICS-CERT website.
We are now communicating with the manufacturers of those products known to use vulnerable modems.
If you are aware of such products, please notify us at mailto:ics-cert@kaspersky.com. We will try to contact the manufacturers and provide them with a modem vulnerability report so that they can assess the impact of the vulnerabilities on the security of their products and plan mitigation measures.
To protect against the most dangerous of the discovered vulnerabilities (CVE-2023-47610), Kaspersky ICS-CERT experts recommend the following measures:
Disable SMS delivery to affected devices (this can be done by the telecom operator).
Use a private access point name (APN) with strict security settings.
For the other vulnerabilities (from CVE-2023-47611 to CVE-2023-47616), Kaspersky ICS-CERT experts advise doing the following:
Enforce application signature verification to prohibit installation of untrusted MIDlets on the device.
Strictly control physical access to the vulnerable devices.
Install updates and perform regular security audits.
Kaspersky official blog – Read More
Trying to configure or set up a VPN on your Android? Learn how to get started with our step-by-step guide.
Security | TechRepublic – Read More
The Ebury Linux botnet has ensnared over 400,000 Linux systems in 15 years, with roughly 100,000 still infected.
The post 400,000 Linux Servers Hit by Ebury Botnet appeared first on SecurityWeek.
SecurityWeek – Read More
Chris DeRusha is leaving his position as the federal CISO, a role he has held since January 2021.
He is also departing from his role as the deputy national cyber director at the Office of the National Cyber Director (ONCD).
Cyware News – Latest Cyber News – Read More
The malware modules spread via Ebury are used for various nefarious activities, such as proxying traffic, redirecting HTTP traffic, exfiltrating sensitive information, and intercepting HTTP requests.
Cyware News – Latest Cyber News – Read More
By Deeba Ahmed
Is FIDO2 truly unbreachable? Recent research exposes a potential vulnerability where attackers could use MITM techniques to bypass FIDO2 security keys.
This is a post from HackRead.com Read the original post: MITM Attacks Can Still Bypass FIDO2 Security, Researchers Warn
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More