- Analyzing SonicWall’s Unsuccessful Fix for CVE-2020-5135
June 22, 2021
By Craig Young, a computer security researcher with Tripwire’s Vulnerability and Exposures Research Team
Back in September 2020, I configured a SonicWall network security appliance to act as a VPN gateway between physical devices in my home lab and cloud resources on my Azure account. As I usually do with new devices on my network, I ...
- Email Bug Allows Message Snooping, Credential Theft
June 22, 2021
Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email server software Dovecot, used by ...
- Researchers create an ‘un-hackable’ quantum network over hundreds of kilometers using optical fiber
June 10, 2021
Researchers from Toshiba have successfully sent quantum information over 600-kilometer-long optical fibers, creating a new distance record and paving the way for large-scale quantum networks that could be used to exchange information securely between cities and even countries.
Working from the company’s R&D lab in Cambridge in the UK, the scientists demonstrated that they could transmit ...
- CVE-2021-22909- Digging Into A Ubiquiti Firmware Update Bug
May 25, 2021
Back In February, Ubiquiti released a new firmware update for the Ubiquiti EdgeRouter, fixing CVE-2021-22909/ZDI-21-601. The vulnerability lies in the firmware update procedure and allows a man-in-the-middle (MiTM) attacker to execute code as root on the device by serving a malicious firmware image when the system performs an automatic firmware update. The vulnerability was discovered ...
- Bluetooth flaws allow attackers to impersonate legitimate devices
May 24, 2021
Attackers could abuse vulnerabilities discovered in the Bluetooth Core and Mesh Profile specifications to impersonate legitimate devices during the pairing process and launch man-in-the-middle (MitM) attacks.
The Bluetooth Core and Mesh Profile specifications define requirements needed by Bluetooth devices to communicate with each other and for Bluetooth devices using low energy wireless technology to enable interoperable ...
- NAME:WRECK DNS Bugs: What You Need to Know
May 9, 2021
For most internet users, there’s not much of a perceivable difference between the domain name they want to visit and the server that the domain queries.
That’s because the Domain Name System (DNS) protocol does a good job of seamlessly routing users to different IP addresses that are all associated with a single domain name. The ...
- New TsuNAME DNS bug allows attackers to DDoS authoritative DNS servers
May 6, 2021
Attackers can use a newly disclosed domain name server (DNS) vulnerability publicly known as TsuNAME as an amplification vector in large-scale reflection-based distributed denial of service (DDoS) attacks targeting authoritative DNS servers.
In simpler terms, authoritative DNS servers translate web domains to IP addresses and pass this info to recursive DNS servers that get queried by ...
- US Department of Defense expands its bug hunting programme to networks, IoT and more
May 5, 2021
The US Department of Defense (DOD) has significantly expanded its bug bounty program to all publicly accessible information systems, including not just websites but also networks, frequency-based communication, Internet of Things, and industrial control systems.
The DoD bug bounty, which is overseen by the DoD’s Cyber Crime Center (DC3), is now much broader than the “Hack ...
- The big Pentagon internet mystery now partially solved
April 24, 2021
A very strange thing happened on the internet the day President Joe Biden was sworn in. A shadowy company residing at a shared workspace above a Florida bank announced to the world’s computer networks that it was now managing a colossal, previously idle chunk of the internet owned by the U.S. Department of Defense.
That real ...
- Malware and ransomware gangs have found this new way to cover their tracks
April 22, 2021
Theres’s been a huge uptick in the proportion of malware using TLS or the Transport Layer Security to communicate without being spotted, cybersecurity firm Sophos reports.
While HTTPS helps prevent eavesdropping, man-in-the-middle attacks, and hijackers who try to impersonate a trusted website, the protocol has also offered cover for cybercriminals to privately share information between a ...
- HTTPS over HTTP: A Supply Chain Attack on Azure DevOps Server 2020
April 13, 2021
The need for data encryption during transmission has paved the way for organizations to rely on TLS — not just for sending data through the internet, but even within trusted corporate environments. Without the use of TLS or SSL, the authenticity of transmitted data and the identity of endpoint can’t be verified.
In this blog, we ...
- NAME:WRECK DNS vulnerabilities affect over 100 million devices
April 13, 2021
Security researchers today disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices.
Collectively referred to as NAME: WRECK, the flaws could be leveraged to take offline affected devices or to gain control over them.
The vulnerabilities were found in widespread TCP/IP stacks ...
- Winter 2020 Network Attack Trends: Internet of Threats
April 12, 2021
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020. Several newly observed exploits, including ...
- Critical security alert: If you haven’t patched old Fortinet VPN vulnerability, assume your network is compromised
April 12, 2021
Cyber criminals and nation-state cyber-espionage operations are actively scanning for unpatched vulnerabilities in Fortinet VPNs; organisations that use Fortigate firewalls on their network, and have yet to apply a critical security update released almost two years ago, should assume they’ve been compromised and act accordingly.
The alert from the National Cyber Security Centre (NCSC) follows a ...
- New Cring ransomware hits unpatched Fortinet VPN devices
April 7, 2021
A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies’ networks.
Cring ransomware (also known as Crypt3r, Vjiszy1lo, Ghost, Phantom) was discovered by Amigo_A in January and spotted by the CSIRT team of Swiss telecommunications provider Swisscom.
The Cring operators drop customized Mimikatz ...
- FBI: APTs Actively Exploiting Fortinet VPN Security Holes
April 3, 2021
The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat (APT) nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company’s SSL VPN products.
According to an alert issued Friday by the FBI and CISA, cyberattackers are scanning devices on ports 4443, 8443 ...
- Hancitor’s Use of Cobalt Strike and a Noisy Network Ping Tool
April 1, 2021
Hancitor is an information stealer and malware downloader used by a threat actor designated as MAN1, Moskalvzapoe or TA511. In a threat brief from 2018, we noted Hancitor was relatively unsophisticated, but it would remain a threat for years to come. Approximately three years later, Hancitor remains a threat and has evolved to use tools ...
- Critical netmask networking bug impacts thousands of applications
March 28, 2021
Popular npm library netmask has a critical networking vulnerability.
Netmask is frequently used by hundreds of thousands of applications to parse IPv4 addresses and CIDR blocks or compare them.
The component gets over 3 million weekly downloads, and as of today, has scored over 238 million total downloads over its lifetime. Further, about 278,000 GitHub repositories depend ...
- Cisco Plugs Security Hole in Small Business Routers
March 17, 2021
A popular line of small business routers made by Cisco Systems are vulnerable to a high-severity vulnerability. If exploited, the flaw could allow a remote – albeit authenticated – attacker to execute code or restart affected devices unexpectedly.
Cisco issued fixes on Wednesday for the flaw in its RV132W ADSL2+ Wireless-N VPN routers and RV134W VDSL2 ...
- New Mirai Variant Targeting Network Security Devices
March 15, 2021
On Feb. 23, 2021, one of the IPs involved in the attack was updated to serve a Mirai variant leveraging CVE-2021-27561 and CVE-2021-27562, mere hours after vulnerability details were published. On March 3, 2021, the same samples were served from a third IP address, with the addition of an exploit leveraging CVE-2021-22502. Furthermore, on March ...