Network Security


NEWS 
  • Cloudflare finds a way through China’s network defences

    November 30, 2022

    Cloudflare has found a way to extend some of its services across the Great Firewall and into mainland China. “Performance and reliability for traffic flows across the mainland China border have been a consistent challenge for IT teams within multinational organizations,” wrote product managers Kyle Krum and Annika Garbers. “Packets crossing the China border often experience ...

  • Vulnerable SDK components lead to supply chain risks in IoT and OT environments

    November 22, 2022

    Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External tools and products that are managed by vendors and developers can pose a security risk, especially to targets in sensitive industries. Attacks on software and hardware supply chains, like Log4J and ...

  • CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network

    November 16, 2022

    Today, CISA and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA), Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch (FCEB) organization in which Iranian government-sponsored APT actors exploited a Log4Shell vulnerability in unpatched VMware ...

  • Cyber vulnerability in networks used by spacecraft, aircraft and energy generation systems

    November 15, 2022

    A major vulnerability in a networking technology widely used in critical infrastructures such as spacecraft, aircraft, energy generation systems and industrial control systems was exposed by researchers at the University of Michigan and NASA. It goes after a network protocol and hardware system called time-triggered ethernet, or TTE, which greatly reduces costs in high-risk settings by ...

  • OpenSSL downgrades horror bug after week of panic, hype

    November 1, 2022

    OpenSSL today issued a fix for a critical-turned-high-severity vulnerability that project maintainers warned about last week. After days of speculation, infosec professionals and armchair bug hunters received more of a trick than a treat on November 1: two CVE-tagged security issues, both rated “high” severity, to patch. One flaw was earlier rated “critical,” though it has ...

  • DARPA’s CASTLE to Fortify Computer Networks

    October 24, 2022

    An ever-expanding cyber-attack surface, infrequent computer vulnerability scans, and burdensome security procedures create a seemingly lopsided battle when it comes to defending critical computing assets. Couple those factors with costly cybersecurity assessments that often lack actionable feedback, and the odds may appear to favor bad actors. DARPA intends to change that dynamic through a new program ...

  • The voting machine hacking threat you probably haven’t heard about

    October 14, 2022

    There’s a largely overlooked hacking target that could help those who want to sow doubt about vote tallies in the November midterms: cellular modems that transmit unofficial election-night results. The modems, which send vote data from precincts to central offices using cellphone networks, help election officials satisfy the public’s demand for rapid results. But putting any ...

  • 21ST CENTURY TECH – TERMINATING THE OLD AND LOOKING TO THE NEW

    October 5, 2022

    New research has shown the dramatic change in tech habits over 20 years, with people turning their backs on land lines, fax machines and digital cameras, whilst looking to a future of driverless cars and no computers or offices. In a study of 1000 people, less than a quarter said they regularly used email in the ...

  • CISA Issues Binding Operational Directive 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks

    October 3, 2022

    CISA has issued Binding Operational Directive (BOD) 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks, which seeks improve asset visibility and vulnerability enumeration across the federal enterprise. Although BOD 23-01 is only applicable to federal civilian executive branch (FCEB) agencies, CISA recommends all stakeholders review and incorporate the standards it sets forth. Doing so ...

  • Sophos fixes critical firewall hole exploited by miscreants

    September 28, 2022

    A critical code-injection vulnerability in Sophos Firewall has been fixed — but not before miscreants found and exploited the bug. The flaw, tracked as CVE-2022-3236, exists in the User Portal and Webadmin components of the firewall in versions 19.0 and older. While it hasn’t been issued a CVSS severity score, Sophos deemed it “critical” and noted ...

  • Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime

    September 21, 2022

    Cybercriminals compromise domain names to attack the owners or users of the domains directly, or use them for various nefarious endeavors, including phishing, malware distribution, and command and control (C2) operations. A special case of DNS hijacking is called domain shadowing, where attackers stealthily create malicious subdomains under compromised domain names. Shadowed domains do not ...

  • MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches

    September 20, 2022

    Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. One component of these attacks that is becoming more popular with the rise of multi-factor authentication is a technique called MFA Fatigue. When breaching corporate networks, hackers commonly use stolen employee login credentials to access VPNs and the ...

  • Cisco won’t fix authentication bypass zero-day in EoL routers

    September 7, 2022

    Cisco says that a new authentication bypass flaw affecting multiple small business VPN routers will not be patched because the devices have reached end-of-life (EoL). This zero-day bug (CVE-2022-20923) is caused by a faulty password validation algorithm that attackers could exploit to log into the VPN on vulnerable devices using what the company describes as “crafted ...

  • Mirai Variant MooBot Targeting D-Link Devices

    September 6, 2022

    In early August, Unit 42 researchers discovered attacks leveraging several vulnerabilities in devices made by D-Link, a company that specializes in network and connectivity products. The vulnerabilities exploited include: CVE-2015-2051: D-Link HNAP SOAPAction Header Command Execution Vulnerability CVE-2018-6530: D-Link SOAP Interface Remote Code Execution Vulnerability CVE-2022-26258: D-Link Remote Command Execution Vulnerability CVE-2022-28958: D-Link Remote Command Execution Vulnerability If the devices ...

  • Two years on, Apple iOS VPNs still leak IP addresses

    August 19, 2022

    Apple has left a VPN bypass vulnerability in iOS unfixed for at least two years, leaving identifying IP traffic data exposed, and there’s no sign of a fix. Back in early 2020, secure mail provider ProtonMail reported a flaw in Apple’s iOS version 13.3.1 that prevented VPNs from encrypting all traffic. The issue was that the ...

  • RTLS systems vulnerable to MiTM attacks, location manipulation

    August 16, 2022

    Security researchers have uncovered multiple vulnerabilities impacting UWB (ultra-wideband) RTLS (real-time locating systems), enabling threat actors to conduct man-in-the-middle attacks and manipulate tag geo-location data. RTLS technology is widely used in industrial environments, mass transit, healthcare, and smart city applications. Its primary role is to assist in safety by defining geofencing zones using tracking tags, signal ...

  • Over 9,000 VNC servers exposed online without a password

    August 14, 2022

    Researchers have discovered at least 9,000 exposed VNC (virtual network computing) endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks. VNC (virtual network computing) is a platform-independent system meant to help users connect to systems that require monitoring and adjustments, offering control of a remote computer via RFB ...

  • Palo Alto Networks Releases Security Update for PAN-OS

    August 10, 2022

    Palo Alto Networks has released a security update to address a vulnerability in PAN-OS firewall configurations. A remote attacker could exploit this vulnerability to conduct a reflected denial-of service. CISA encourages users and administrators to review the Palo Alto Networks Security Advisory CVE-2022-0028 and apply the necessary updates or workarounds. Read more… Source: U.S. Cybersecurity and Infrastructure Security ...

  • New Linux malware brute-forces SSH servers to breach networks

    August 4, 2022

    A new botnet called ‘RapperBot’ is being used in attacks since mid-June 2022, focusing on brute-forcing its way into Linux SSH servers to establish a foothold on the device. The researchers show that RapperBot is based on the Mirai trojan but deviates from the the original malware’s normal behavior, which is uncontrolled propagation to as many ...

  • Critical RCE vulnerability impacts 29 models of DrayTek routers

    August 4, 2022

    Researchers at Trellix have discovered a critical unauthenticated remote code execution (RCE) vulnerability impacting 29 models of the DrayTek Vigor series of business routers. The vulnerability is tracked as CVE-2022-32548 and carries a maximum CVSS v3 severity score of 10.0, categorizing it as critical. The attacker does not need credentials or user interaction to exploit the vulnerability, ...