SaltStack Multiple Vulnerabilities (CVE-2020-16846, CVE-2020-17490, CVE-2020-25592) Threat Alert
novembro 27, 2020
Overview
Recently, SaltStack released a security update to address multiple vulnerabilities (CVE-2020-16846, CVE-2020-17490, CVE-2020-25592). These vulnerabilities can cause authentication bypass and command execution. SaltStack recommends users upgrade as soon as possible.
Salt is an open-source IP architecture management solution written in Python. It has been widely used in data centers worldwide.
(mais…)Annual IoT Security Report 2019-6
novembro 25, 2020
Identification of IoT Assets from Known IPv6 Addresses
The preceding section gives a brief account of difficulties in the blind-scan of IPv6 addresses. To work around these problems, we based our recon on some available IPv6 addresses, in a bid to discover IoT assets operating in IPv6 environments. Sources of these addresses include Hitlist27, which maintains about 3 million IPv6 addresses, and NSFOCUS Threat Intelligence (NTI), which provides a collection of about 1.7 billion IPv6 addresses extracted from domain name intelligence. Note that the IPv6 addresses available for our recon are but a very small portion of the total number. Besides, IoT assets found active in IPv6 environments were rather small in number.
(mais…)Supply Chain Attack Event — Targeted Attacks on Java Projects in GitHub
novembro 24, 2020
Preface
Recently, GitHub’s Security Incident Response Team (SIRT) published an article saying that a set of Github code repositories were serving open-source projects that were infected with malicious code (https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain). According to the article, attackers submitted malicious code to the open-source projects, which were referenced by other open-source projects. After being used by developers, these open-source projects with malicious code will search the developers’ machines for NetBeans IDE. If the IDE is found, all Java Archive (JAR) files created by NetBeans will be infected and loaders of malware will be implanted to ensure that the projects can release a remote administration tool (RAT).
(mais…)Annual IoT Security Report 2019-5
novembro 23, 2020
This section presents the exposure of IPv6 assets on the Internet and methods for recon of these assets. IPv6 Evolution With the IoT and 5G gaining ground, the demand of network applications for IP addresses is undergoing an explosive growth. However, the IPv4 address space has been depleted and IPv4 addresses have been unevenly allocated. […]
Analysis of the 2020 H1 IoT Security Trend
novembro 20, 2020
Overview
2020 H1 witnessed nine Internet of Things (IoT) security events that deserved close attention:
- Ripple20 0-day vulnerabilities were discovered and affected hundreds of millions of networked devices in various industries across the globe.
- A high-risk 0-day vulnerability was detected in dozens of Netgear router products.
- A group of Industrial Control System (ICS) honeypots attracted four 0-day attacks.
- A critical remote code execution (RCE) vulnerability affected millions of network devices based on OpenWrt.
- Hackers exploited 0-day vulnerabilities in DrayTek devices to launch attacks on enterprise networks.
- Hackers hijacked a smart building access system and could launch distributed denial-of-service (DDoS) attacks on devices accessible via networks.
- Millions of devices using LoRaWAN were vulnerable to hacker attacks, and nodes, gateways, and servers in the LoRaWAN network were prone to critical vulnerabilities. Therefore, their security protection capabilities remained to be improved.
- Hackers divulged Telnet credentials of over 500,000 devices.
- Researchers discovered LiquorBot, which was a new botnet with the cryptomining function.
Annual IoT Security Report 2019-4
novembro 18, 2020
Introduction
As we indicated in the 2018 Annual IoT Security Report, network addresses on the Internet constantly change. Use of historical data to delineate exposure of assets will result in a deviation from reality, presenting a value higher than the actual number. Therefore, to accurately reflect the reality of a given area, we should specify a short period as the statistical cycle when calculating the number. This chapter starts with an analysis of the actual exposure of IoT assets in 2019.
With the booming of IoT applications and depletion of IPv4 addresses, IPv6 addresses will be gradually adopted, which is an irreversible trend. This means that IoT assets on IPv6 networks will become major targets of attackers. In this sense, it will be of great significance to cybersecurity to accurately survey IPv6 assets and services. For this reason, we also describe the methods for discovering IoT assets in IPv6 environments and analyze their exposure in this chapter.
(mais…)Windows Kernel cng.sys Privilege Escalation 0-day Vulnerability CVE-2020-17087 Threat Alert
novembro 17, 2020
Overview
Recently, Google Project Zero published an article about the Windows cng.sys privilege escalation vulnerability (CVE-2020-17087). The vulnerability allows attackers without authentication to trick users into running crafted malicious programs to escalate privileges.
At present, this vulnerability has been exploited in the wild, and Microsoft has not released patches to fix it. Users are advised to stay tuned and avoid running programs from unidentifiable sources.
(mais…)WebLogic Console HTTP Remote Code Execution Vulnerability (CVE-2020-14882) Protection Solution
novembro 16, 2020
Overview
The Critical Patch Update (CPU) for October 2020 released by Oracle contains a high-risk WebLogic Consoleremote code execution vulnerability (CVE-2020-14882).
The vulnerability can be triggered without authentication and has an extensive impact.
Unauthenticated attackers might construct special HTTP GET requests to exploit this vulnerability to execute arbitrary code on the affected WebLogic Server.
(mais…)VMware ESXi Remote Code Execution Vulnerability (CVE-2020-3992) Threat Alert
novembro 13, 2020
Vulnerability Description
On October 21, 2020, NSFOCUS detected that VMware released a security advisory that fixes a VMware ESXi remote code execution vulnerability (CVE-2020-3992). This vulnerability exists because OpenSLP as used in VMware ESXi has a use-after-free issue. An attacker residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. The vulnerability is assigned a CVSS base score of 9.8. Users should take preventive measures as soon as possible.
Reference link:
(mais…)Annual IoT Security Report 2019-3
novembro 11, 2020
LockerGoga Ransomware Alleged to Repeatedly Attack Plants
On January 24, 2019, France-based Altran Technologies was allegedly hit by LockerGoga ransomware. On March 19, Norsk Hydro, one of the largest aluminum companies worldwide, was hit by an extensive cyberattack, having machines around the globe infected with malware and some unable to operate. As a result, some plants had to switch from automatic to manual procedures, significantly compromising the productivity. This attack on the Norwegian aluminum company employed a tactic similar to that of LockerGoga. On March 12, 2019, two US chemical manufacturers Hexion and Momentive respectively suffered a LockerGoga ransomware attack9. In as short as two months, four plants in Europe and the USA became targets of ransomware attacks. Such devastating ransomware caused great damages to enterprises. According to a report on July 23, 201910, the attack could cost Norsk Hydro a whopping amount of $63.50 million to $75 million. But no exact figure was given because the computing system used for calculating profits was also compromised by the ransomware.
(mais…)