State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

/in


Apr 25, 2024NewsroomVulnerability / Zero-Day

Cisco Zero-Day Vulnerabilities

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments.

Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft).

“UAT4356 deployed two backdoors as components of this campaign, ‘Line Runner’ and ‘Line Dancer,’ which were used collectively to conduct malicious actions on-target, which included configuration modification, reconnaissance, network traffic capture/exfiltration and potentially lateral movement,” Talos said.

Cybersecurity

The intrusions, which were first detected and confirmed in early January 2024, entail the exploitation of two vulnerabilities

  • CVE-2024-20353 (CVSS score: 8.6) – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial-of-Service Vulnerability
  • CVE-2024-20359 (CVSS score: 6.0) – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability

It’s worth noting that a zero-day exploit is the technique or attack a malicious actor deploys to leverage an unknown security vulnerability to gain access into a system.

While the second flaw allows a local attacker to execute arbitrary code with root-level privileges, administrator-level privileges are required to exploit it. Addressed alongside CVE-2024-20353 and CVE-2024-20359 is a command injection flaw in the same appliance (CVE-2024-20358, CVSS score: 6.0) that was uncovered during internal security testing.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the shortcomings to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the vendor-provided fixes by May 1, 2024.

Cisco Zero-Day Vulnerabilities

The exact initial access pathway used to breach the devices is presently unknown, although UAT4356 is said to have started preparations for it as early as July 2023.

A successful foothold is followed by the deployment of two implants named Line Dancer and Line Runner, the former of which is an…

Source…

Israeli cyber security company Check Point beats quarterly profit estimate, ET Telecom

/in


The Israeli-based company said it earned $2.04 per diluted share excluding one-off items in the January-March quarter, up 13% from a year earlier. Revenue grew 6% to $599 million.

  • Updated On Apr 25, 2024 at 03:11 PM IST

    • JERUSALEM: Check Point Software Technologies on Thursday reported a higher than expected profit for the first quarter, helped by double-digit growth in its AI-powered security platform, which constituted more than 13% of total revenue.

    The Israeli-based company said it earned $2.04 per diluted share excluding one-off items in the January-March quarter, up 13% from a year earlier. Revenue grew 6% to $599 million.

    It was forecast to earn $2.00 a share on revenue of $594.88 million, according to LSEG data.

    Check Point said it bought back about 2 million shares in the quarter, worth $325 million, as part of its ongoing $2 billion share buyback programme.

    • Published On Apr 25, 2024 at 03:03 PM IST

      • Most Read in Internet

      Join the community of 2M+ industry professionals

      Subscribe to our newsletter to get latest insights & analysis.

      Download ETTelecom App

      • Get Realtime updates

Source…

The Impacts of AI on Cyber Security Landscape

/in


AI’s newfound accessibility will cause a surge in prompt hacking attempts and private GPT models used for nefarious purposes, a new report revealed.

Experts at the cyber security company Radware forecast the impact that AI will have on the threat landscape in the 2024 Global Threat Analysis Report. It predicted that the number of zero-day exploits and deepfake scams will increase as malicious actors become more proficient with large language models and generative adversarial networks.

Pascal Geenens, Radware’s director of threat intelligence and the report’s editor, told TechRepublic in an email, “The most severe impact of AI on the threat landscape will be the significant increase in sophisticated threats. AI will not be behind the most sophisticated attack this year, but it will drive up the number of sophisticated threats (Figure A).

Figure A: Impact of GPTs on attacker sophistication.
Figure A: Impact of GPTs on attacker sophistication. Image: Radware

“In one axis, we have inexperienced threat actors who now have access to generative AI to not only create new and improve existing attack tools, but also generate payloads based on vulnerability descriptions. On the other axis, we have more sophisticated attackers who can automate and integrate multimodal models into a fully automated attack service and either leverage it themselves or sell it as malware and hacking-as-a-service in underground marketplaces.”

Emergence of prompt hacking

The Radware analysts highlighted “prompt hacking” as an emerging cyberthreat, thanks to the accessibility of AI tools. This is where prompts are inputted into an AI model that force it to perform tasks it was not intended to do and can be exploited by “both well-intentioned users and malicious actors.” Prompt hacking includes both “prompt injections,” where malicious instructions are disguised as benevolent inputs, and “jailbreaking,” where the LLM is instructed to ignore its safeguards.

Prompt injections are listed as the number one security vulnerability on the OWASP Top 10 for LLM Applications. Famous examples of prompt hacks include the “Do Anything Now” or “DAN” jailbreak for ChatGPT that allowed users to bypass its restrictions, and when a…

Source…

ServingIntel and Yardi Elevate Senior Living with Cutting-Edge API Integration

/in


ServingIntel, a pioneer in dining management and point-of-sale solutions for senior living communities, proudly announces its advanced API integration with Yardi, a leader in electronic health record (EHR) and property management systems (PMS).

Oakbrook Terrace, Illinois, United States – April 24, 2024

This groundbreaking integration marks a significant evolution from traditional STP site file sharing to a dynamic, real-time data synchronization process, positioning ServingIntel as one of the select few to achieve such a technological milestone with Yardi.

For years, ServingIntel has maintained a connection with Yardi through secure file sharing, facilitating essential data exchanges. However, the transition to API integration heralds a new era of efficiency, automation, and scalability. “This API integration isn’t just an upgrade; it’s a transformation,” says Angela Landry, Director of Sales and Marketing at ServingIntel. “We’re moving from time-consuming processes to instantaneous, error-free data exchanges, unlocking unprecedented potential for senior living communities.”

The API integration enhances ServingIntel’s SI360 platform, enabling real-time updates and automation that were previously unattainable with STP site file sharing. The benefits are manifold:

Real-time Data Sync: Ensures immediate availability of the most current resident information, including health data and billing details, facilitating timely and accurate service delivery.

Automation: Reduces manual intervention, minimizing errors, and freeing staff to focus on resident care rather than data entry.

Scalability: Easily accommodates growth, with the flexibility to integrate additional services or systems as community needs evolve.

Flexibility: Offers tailored data exchange and customization options, surpassing the rigid protocols of STP file sharing.

Security: Utilizes advanced authentication methods such as OAuth for secure, encrypted data transfers, addressing the security vulnerabilities associated with traditional file sharing.

Cost-effectiveness: While both systems involve initial setup costs, the API’s long-term efficiency and reduced manual effort translate into…

Source…