- Dangling Domains: Security Threats, Detection and Prevalence
September 16, 2021
The Domain Name System (DNS) provides the naming service which maps mnemonic domain names to various resources such as IP addresses, email servers and so on. As one of the most fundamental internet components, DNS and domain names usually serve as trusted anchors for users to access desired internet resources. As a result, threat actors ...
- SOVA, Worryingly Sophisticated Android Trojan, Takes Flight
September 10, 2021
A new Android banking trojan named SOVA (“owl” in Russian) is under active development, researchers said, and it has big dreams even in its infancy stage. The malware is looking to incorporate distributed denial of service (DDoS), man in the middle (MiTM) and ransomware functionality into its arsenal – on top of existing banking overlay, ...
- Hackers leak passwords for 500,000 Fortinet VPN accounts
September 8, 2021
A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer.
While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid.
This leak is a serious incident as the VPN ...
- Netgear Smart Switches Open to Complete Takeover
September 7, 2021
Three severe Netgear vulnerabilities, codenamed Demon’s Cries, Draconian Fear and Seventh Inferno by the researcher that found them, affect 20 of the company’s managed smart switches and could allow an attacker to take them over.
The bugs were patched on Friday with zero technical details made available, but the researcher has now released more details on ...
- Analyzing SSL/TLS Certificates Used by Malware
September 3, 2021
Malware has increasingly been making use of encryption to help hide their network traffic in recent years. This makes sense especially when one realizes that ordinary network traffic is increasingly encrypted as well. Google’s own Transparency Report notes that HTTPS traffic now makes up the vast majority of network traffic passed via the Google Chrome ...
- Comcast RF Attack Leveraged Remotes for Surveillance
September 2, 2021
More details about a now-patched vulnerability in Comcast’s XR11 voice remotes have emerged, which would have made it easy for a threat actor to intercept radio frequency (RF) communications between the remote and the set-top box, effectively turning the remote into a surveillance device.
The XR11 remotes are some of the most common around, with more ...
- DNS Rebinding Attack: How Malicious Websites Exploit Private Networks
August 31, 2021
Web-based consoles are widely adopted by management software and smart devices to provide interactive data visualization and user-friendly configuration. This is gaining momentum as enterprises’ computer systems become more complex and more modern internet of things (IoT) devices are used at home. These web applications are usually located in internal environments or private networks protected ...
- Major websites hit by global outage
July 22, 2021
Visitors attempting to reach some sites received DNS errors, meaning their requests could not reach the websites.
Affected services included Airbnb, UPS, HSBC bank, British Airways and the PlayStation network used for online games.
One popular DNS provider, Akamai, reported “an emerging issue” with its Edge DNS service.
Source: BBC News
- Industrial Networks Exposed Through Cloud-Based Operational Tech
July 22, 2021
The benefits of using a cloud-based management platform to monitor and configure industrial control systems (ICS) devices are obvious — efficiency, cost-savings and better diagnostics just for starters. But new research found critical vulnerabilities in these platforms that could be used to paralyze operations if left unmitigated.
An analysis by Claroty’s newly branded Team82 research team ...
- Fortinet fixes bug letting unauthenticated hackers run code as root
July 20, 2021
Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges.
Both FortiManager and FortiAnalyzer are enterprise-grade network management solutions for environments with up to 100,000 devices. They are available as a physical appliance, as a virtual machine, ...
- SonicWall releases urgent notice about ‘imminent’ ransomware targeting firmware
July 14, 2021
Networking device maker SonicWall sent out an urgent notice to its customers about “an imminent ransomware campaign using stolen credentials” that is targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware.
In addition to the notice posted to its website, SonicWall sent an email to anyone ...
- Network Attack Trends: February-April 2021
July 1, 2021
Unit 42 researchers observed network attack trends, February-April 2021. In the following sections, we present our analysis of the most recently published vulnerabilities, including the severity and category. Additionally, we provide insight into how the vulnerabilities are actively exploited in the wild based on real-world data collected from Palo Alto Networks Next-Generation Firewalls. We then ...
- EUROPOL: Coordinated Action Cuts Off Access To Vpn Service Used By Ransomware Groups
June 30, 2021
Takedown of DoubleVPN makes it harder for criminal hackers to cover their tracks
This week, law enforcement and judicial authorities in Europe, the US and Canada have seized the web domains and server infrastructure of DoubleVPN. This is a virtual private network (VPN) service which provided a safe haven for cybercriminals to attack their victims.
This coordinated ...
- Sophisticated hackers are targeting these Zyxel firewalls and VPNs
June 25, 2021
Zyxel, a manufacturer of enterprise routers and VPN devices, has issued an alert that attackers are targeting its devices and changing configurations to gain remote access to a network.
In a new support note, the company said that a “sophisticated threat actor” was targeting Zyxel security appliances with remote management or SSL VPN enabled.
- Analyzing SonicWall’s Unsuccessful Fix for CVE-2020-5135
June 22, 2021
By Craig Young, a computer security researcher with Tripwire’s Vulnerability and Exposures Research Team
Back in September 2020, I configured a SonicWall network security appliance to act as a VPN gateway between physical devices in my home lab and cloud resources on my Azure account. As I usually do with new devices on my network, I ...
- Email Bug Allows Message Snooping, Credential Theft
June 22, 2021
Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email server software Dovecot, used by ...
- Researchers create an ‘un-hackable’ quantum network over hundreds of kilometers using optical fiber
June 10, 2021
Researchers from Toshiba have successfully sent quantum information over 600-kilometer-long optical fibers, creating a new distance record and paving the way for large-scale quantum networks that could be used to exchange information securely between cities and even countries.
Working from the company’s R&D lab in Cambridge in the UK, the scientists demonstrated that they could transmit ...
- CVE-2021-22909- Digging Into A Ubiquiti Firmware Update Bug
May 25, 2021
Back In February, Ubiquiti released a new firmware update for the Ubiquiti EdgeRouter, fixing CVE-2021-22909/ZDI-21-601. The vulnerability lies in the firmware update procedure and allows a man-in-the-middle (MiTM) attacker to execute code as root on the device by serving a malicious firmware image when the system performs an automatic firmware update. The vulnerability was discovered ...
- Bluetooth flaws allow attackers to impersonate legitimate devices
May 24, 2021
Attackers could abuse vulnerabilities discovered in the Bluetooth Core and Mesh Profile specifications to impersonate legitimate devices during the pairing process and launch man-in-the-middle (MitM) attacks.
The Bluetooth Core and Mesh Profile specifications define requirements needed by Bluetooth devices to communicate with each other and for Bluetooth devices using low energy wireless technology to enable interoperable ...
- NAME:WRECK DNS Bugs: What You Need to Know
May 9, 2021
For most internet users, there’s not much of a perceivable difference between the domain name they want to visit and the server that the domain queries.
That’s because the Domain Name System (DNS) protocol does a good job of seamlessly routing users to different IP addresses that are all associated with a single domain name. The ...