Data center flaws spurred disruptions, espionage and malware attacks

By Waqas

Trellix's researchers uncovered a series of vulnerabilities in two prominent data center equipment vendors: CyberPower and Dataprobe.

This is a post from HackRead.com Read the original post: Data center flaws spurred disruptions, espionage and malware attacks

Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks

Germany's Federal Office for the Protection of the Constitution (BfV) has warned of cyber attacks targeting Iranian persons and organizations in the country since the end of 2022. "The cyber attacks were mainly directed against dissident organizations and individuals – such as lawyers, journalists, or human rights activists – inside and outside Iran," the agency said in an advisory. The

Identity Threat Detection and Response: Rips in Your Identity Fabric

Why SaaS Security Is a Challenge In today's digital landscape, organizations are increasingly relying on Software-as-a-Service (SaaS) applications to drive their operations. However, this widespread adoption has also opened the doors to new security risks and vulnerabilities. The SaaS security attack surface continues to widen. It started with managing misconfigurations and now requires a

South African Power Supplier Hit by DroxiDat Malware

By Deeba Ahmed

Cybersecurity researchers at Securelist have discovered a cyberattack against a power-generating firm in South Africa. Reportedly, the firm…

This is a post from HackRead.com Read the original post: South African Power Supplier Hit by DroxiDat Malware

China Hacked Japan’s Military Networks

The NSA discovered the intrusion in 2020—we don’t know how—and alerted the Japanese. The Washington Post has the story:

The hackers had deep, persistent access and appeared to be after anything they could get their hands on—plans, capabilities, assessments of military shortcomings, according to three former senior U.S. officials, who were among a dozen current and former U.S. and Japanese officials interviewed, who spoke on the condition of anonymity because of the matter’s sensitivity.

[…]

The 2020 penetration was so disturbing that Gen. Paul Nakasone, the head of the NSA and U.S. Cyber Command, and Matthew Pottinger, who was White House deputy national security adviser at the time, raced to Tokyo. They briefed the defense minister, who was so concerned that he arranged for them to alert the prime minister himself.

Beijing, they told the Japanese officials, had breached Tokyo’s defense networks, making it one of the most damaging hacks in that country’s modern history.

More analysis.

New Financial Malware 'JanelaRAT' Targets Latin American Users

Users in Latin America (LATAM) are the target of a financial malware called JanelaRAT that's capable of capturing sensitive information from compromised Microsoft Windows systems. "JanelaRAT mainly targets financial and cryptocurrency data from LATAM bank and financial institutions," Zscaler ThreatLabz researchers Gaetano Pellegrino and Sudeep Singh said, adding it "abuses DLL side-loading

Enterprise spending on cybersecurity has changed, and vendors must adapt

Sara Behar Contributor Sara Behar is a content manager at YL Ventures, where she promotes the firm’s cybersecurity expertise and provides value-add support to the firm’s portfolio companies with content creation and strategic initiatives. Even in the usually exciting world of cybersecurity, discussions on enterprise security budgets tend to veer toward the mundane. However, today’s […]

Researcher Releases PoC for Critical RCE Ghostscript (CVE-2023-36664) Vulnerability

A proof-of-concept (PoC) exploit code has been made available for the recently disclosed critical security flaw, tracked as CVE-2023-36664, affecting the popular Ghostscript open-source PDF library, making it imperative that users move quickly to...

The post Researcher Releases PoC for Critical RCE Ghostscript (CVE-2023-36664) Vulnerability appeared first on Penetration Testing.

Ford Says Wi-Fi Vulnerability Not a Safety Risk to Vehicles

Ford says a critical vulnerability in the TI Wi-Fi driver of the SYNC 3 infotainment system on certain vehicle models does not pose a safety risk.

The post Ford Says Wi-Fi Vulnerability Not a Safety Risk to Vehicles appeared first on SecurityWeek.

Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking

Several vulnerabilities discovered in Iagona ScrutisWeb ATM fleet monitoring software could be exploited to remotely hack ATMs.

The post Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking appeared first on SecurityWeek.

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) can expose to several attacks. Researchers from security firm SySS discovered multiple vulnerabilities in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) that could be exploited by an attacker to conduct several attacks. The experts presented their findings at the Black Hat USA security […]

The post Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) appeared first on Security Affairs.

Vulnerabilities exist in some of Intel Arc A750 and A770 GPU may result in denial of service or information disclosure

Intel appears to have been recently plagued by vulnerabilities, having just been exposed to a security flaw named “Downfall,” which affects multiple Core processors. Yet before the issue of “Downfall” could be fully resolved,...

The post Vulnerabilities exist in some of Intel Arc A750 and A770 GPU may result in denial of service or information disclosure appeared first on Penetration Testing.

BREIN Wraps Up IPTV Piracy Battle by Seizing .EU Domain Names

BREIN is systematically taking down pirate IPTV services, especially those that cater to Dutch consumers. The anti-piracy group recently closed the books on a multi-year case against the once-largest IPTV service in the Netherlands. While the matter had a successful outcome, it took multiple trips to court to wrap things up neatly.

From: TF, for the latest news on copyright battles, piracy and more.

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Multiple vulnerabilities in CyberPower PowerPanel Enterprise DCIM platform and Dataprobe PDU could expose data centers to hacking. Researchers from Trellix Advanced Research Center discovered multiple vulnerabilities impacting CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU). An attacker could exploit to gain unauthenticated access to these systems and […]

The post Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking appeared first on Security Affairs.

3 Mobile or Client-Side Security Myths Debunked

The industry's understanding of mobile or client-side security is too limited, leaving many mobile apps vulnerable. Don't let these three myths lead you astray.

How to Choose a Managed Detection and Response (MDR) Solution

MDR empowers organizations with enhanced security. Look for these four capabilities when selecting an MDR product.

India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First

The Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill (DPDPB) after it was unanimously passed by both houses of the parliament last week, marking a significant step towards securing people's information. "The Bill provides for the processing of digital personal data in a manner that recognizes both the rights of the individuals to protect their

LummaC Stealer Leveraging Amadey Bot to Deploy SectopRAT

Key Takeaways The blog delves into a new infection approach to disseminating the SectopRAT final payload. Providing insight into LummaC stealer and its method of procuring the Amadey bot malware. The Amadey bot replicates itself to ensure persistence, generating an LNK file within the startup folder directory. Upon being started, this LNK file triggers the …

LummaC Stealer Leveraging Amadey Bot to Deploy SectopRAT Read More »

The post LummaC Stealer Leveraging Amadey Bot to Deploy SectopRAT appeared first on Cyble.

nodesub: command-line tool for finding subdomains in bug bounty programs

nodesub Nodesub is a command-line tool for finding subdomains in bug bounty programs. It supports various subdomain enumeration techniques and provides flexible options for customization. Feature Perform subdomain enumeration using CIDR notation (Support input...

The post nodesub: command-line tool for finding subdomains in bug bounty programs appeared first on Penetration Testing.

Don’t Expect Quick Fixes in ‘Red-Teaming’ of AI Models. Security Was an Afterthought

Security in current AI models was an afterthought in their training as data scientists amassed breathtakingly complex collections of images and text.

The post Don’t Expect Quick Fixes in ‘Red-Teaming’ of AI Models. Security Was an Afterthought appeared first on SecurityWeek.

Bugs in transportation app Moovit gave hackers free rides

Hackers could have hijacked the user accounts of a popular transportation app and used them to get free rides and access people’s personal information, according to a security researcher. Omer Attias, a security researcher at SafeBreach, said he found three vulnerabilities in the Moovit app, which allowed him to collect new Moovit user’s registration information […]

Internet Archive’s Copyright Battle with Publishers Leads to Lending Restrictions

The Internet Archive's online book lending library will be severely limited to avoid copyright liability. The library and book publishers have agreed the terms of a judgment that leaves one crucial question open for the court. While restrictions are unavoidable, for now, the Internet Archive is eager to reverse the court's liability ruling on appeal.

From: TF, for the latest news on copyright battles, piracy and more.

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS

16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. Microsoft Threat Intelligence researchers discovered 16 high-severity vulnerabilities, collectively tracked as CoDe16, in the CODESYS V3 software development kit (SDK). An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, […]

The post Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS appeared first on Security Affairs.

UK gov keeps repeating its voter registration website is NOT a scam

Every year local government bodies or councils across Britain contact residents, asking them to update their voter details on the electoral register if these have changed.

To do so, residents are asked to visit HouseholdResponse.com, a domain that looks anything but official and has too often confused people, who mistake it for a scam.

What's worse is, failure to respond to this notice by visiting the website can, at least in theory, lead to a criminal penalty—a fine up to £1,000, according to the Electoral Commission website.

This can spark a sense of urgency and anxiety among people, and is a weakness that scammers could exploit.

'Household Response' not a household name

Last month, councils across England and Wales began contacting property occupants, asking them to update their voter records by visiting HouseholdResponse.com.

These notices, sent via postal mail and email, state the name and address of the resident who may be eligible to vote, along with a 2-part security code that needs to be entered on the Household Response website for authentication.

Ignoring these "annual canvass" letters is illegal
(Bromsgrove District Council)

The resident is then asked information about the people who live at their address, and if these people (including themself) are eligible to vote.

Failure to respond to the notice or providing inaccurate information can result in a £1,000 maximum fine, according to The Electoral Comission.

Suffice to say, the choice of domain, HouseholdResponse.com has frequently left residents confused and worried if the correspondence is a scam.

"It really is scandalous that in 2023, councils require electoral registration/confirmation to happen on householdresponse dot com rather than an actual trustworthy .gov site," states London-based software developer, Pranay Manocha on social media:

Software developer calls out the use of HouseholdResponse.com domain

In the past, others have also chimed in. And councils have had to step in to confirm that these notices are indeed genuine:

Confused residents in 2020, 2021, 2022, ...

User asking Cardiff Council if the domain is legitimate

Buckinghamshire Council resident suspicious of HouseholdResponse.com

"Each year the council’s Electoral Registration Officer (ERO) must conduct an annual canvass of all households to check that the information on the electoral register is up to date," a Buckinghamshire Council representative explained to the resident at the time.

Furthermore, the rep explains, because voter records on the "open register" are often reported to credit bureaus, and used for online identity verification, those who do not keep their details up to date could face problems when applying for credit or utilities:

"You may also have difficulty in getting credit for mortgages, credit cards and mobile phones, as the register is often used to carry out credit checks."

"It is a legal requirement to confirm details relating to your property. If you do not respond to the annual canvass you may be unable to vote in elections."

But, the resident did not seem convinced at the local authority's explanation and doubled down.

"I will be making a complaint to the [Information Commissioner's Office] about this," responded Preston-based Christian Ashby.

"It is irresponsible to encourage citizens to click links in emails that are not identifiably run by you or a related authority, especially when PII is at stake."

Even councils admit the notice looks fishy

It's not just the people—even councils sending these notices out admit that these bear an aura of suspicion, and have gone an extra mile to reassure citizens.

Household Response email sent by London's Wandsworth Council in 2021 ​​​​​​
(BleepingComputer)

To help weed out any confusion or anxiety among residents, some councils even include a link to their website in these notices attesting to the "genuine" nature of the domain.

Hounslow Council confirms the domain is legitimate

Similar advisories have been issued by Leeds, Rushcliffe, Chemlsford,.. you get the idea.

This bureaucratic process of confirming who is eligible to vote at each residential property is referred to as "annual canvassing."

There are good reasons for the annual canvass.

Britain's criteria for who is eligible to vote is rather broad, unlike what may be the norm in the US, Canada, and most nations.

To elaborate, you need not be a British citizen to cast vote in the UK. Citizens of Ireland and qualifying Commonwealth nations (which is a long list comprising Australia, Canada, India, Jamaica, Pakistan, Singapore...) who are legally residing in Britain are also eligible to vote in all elections. (It's a bit more complex for EU citizens).

It therefore becomes vital to keep the electoral register up to date at least once a year.

Safeguarding against scams

Used by more than 250 councils across UK, the Household Response service is hosted and maintained by a private company called Civica Election Services (CES).

But that's not a convincing explanation as to why the service can't be configured to use a .gov.uk domain.

Some caution, how the confusion associated with the domain can be leveraged by scammers to create lookalike phishing domains:

Residents caution against potential phishing domains

"For info, someone has camped on householdresponse(s).com for ads, it could cause confusion and also someone could use for a phishing attack," cautioned UK-based Jason Dean, who works in the banking software industry.

Thankfully, at the time of writing, the domain householdresponses.com (with a trailing 's') leads to a generic parked page, BleepingComputer confirmed.

Browsers like Chrome even warn the visitor if they meant to type the legitimate householdresponse.com instead:

Similar-sounding HouseholdResponses domain (BleepingComputer)

Governments around the world frequently contract third-party software vendors to provide web portals and domains for their services—such as for collecting parking fines.

But, too often, the choice of non-government domains can make a web portal hard to distinguish from illicit websites setup by threat actors.

When receiving correspondence via text, email, or postal mail that claims to be from the government, first ensure that the website or the phone number you are being directed to is endorsed by your local government authorities or council by visiting the council's official website directly.

Ford says cars with WiFi vulnerability still safe to drive

Ford is warning of a buffer overflow vulnerability in its SYNC3 infotainment system used in many Ford and Lincoln vehicles, which could allow remote code execution, but says that vehicle driving safety isn't impacted.

SYNC3 is a modern infotainment system that supports in-vehicle WiFi hotspots, phone connectivity, voice commands, third-party applications, and more.

The particular system is used in the following car models:

• Ford EcoSport (2021 – 2022)
• Ford Escape (2021 – 2022)
• Ford Bronco Sport (2021 – 2022)
• Ford Explorer (2021 – 2022)
• Ford Maverick (2022)
• Ford Expedition (2021)
• Ford Ranger (2022)
• Ford Transit Connect (2021 – 2022)
• Ford Super Duty (2021 – 2022)
• Ford Transit (2021 – 2022)
• Ford Mustang (2021 – 2022)
• Ford Transit CC-CA (2022)

Nearby attackers

The vulnerability is tracked as CVE-2023-29468 and is in the WL18xx MCP driver for the WiFi subsystem incorporated in the car's infotainment system, which allows an attacker in WiFi range to trigger buffer overflow using a specially crafted frame.

"An attacker within wireless range of a potentially vulnerable device can gain the ability to overwrite memory of the host processor executing the MCP driver," reads the system vendor's security bulletin.

Ford was informed by the supplier about the discovery of the WiFi flaw and took immediate action to validate it, estimate the impact, and develop mitigation measures.

In a statement released on Ford's media portal, the carmaker promises to make a software patch available soon, which customers will be able to load on a USB stick and install on their vehicles.

"Soon, Ford will issue a software patch online for download and installation via USB," reads Ford's announcement.

"In the interim, customers who are concerned about the vulnerability can simply turn off the WiFi functionality through the SYNC 3 infotainment system's Settings menu."

To further appease any concerns, the American carmaker has also stated that the flaw isn't easy to exploit, and even in that unlikely scenario, it wouldn't put the safety of targeted vehicles at risk.

"To date, we've seen no evidence that this vulnerability has been exploited, which would likely require significant expertise and would also include being physically near an individual vehicle that has its ignition and WiFi setting on," explains Ford.

"Our investigation also found that if this vulnerability was exploited, however unlikely, it would not affect the safety of vehicle occupants, since the infotainment system is firewalled from controls like steering, throttling and braking."

Finally, the company invites any security researchers who have discovered vulnerabilities in its vehicles to submit their reports directly on the company's HackerOne program, through which it has so far resolved nearly 2,500 bugs.