Tag Archive for: bugs

More LockBit-based ransomware strains set sights on prevalent bugs

/in


Widely known security vulnerabilities have been increasingly targeted by ransomware strains based on the leaked toolkit of the LockBit ransomware operation, reports The Record, a news site by cybersecurity firm Recorded Future.

After reporting that vulnerable WS_FTP servers impacted by the CVE-2023-40044 flaw were targeted by Reichsadler Cybercrime Group with a payload based on exposed LockBit source code, Sophos researchers discovered that old Adobe ColdFusion servers have also been subjected to attacks with a LockBit knockoff by the BlackDogs2023 ransomware.

“It’s entirely possible that other copycats will emerge, which is why it’s essential for organizations to prioritize patching and upgrading from unsupported software whenever possible. However, it’s important to note that patching only closes the hole. With things like unprotected ColdFusion servers and WS_FTP, companies need to also check to make sure none of their servers are already compromised, otherwise, they’re still at risk of these attacks,” said Sophos Principal Threat Researcher Sean Gallagher.

Source…

Remote ATM hacking possible with Iagona ScrutisWeb bugs

/in


ATMs impacted by four Iagona ScrutisWeb ATM fleet monitoring system flaws, which have been remediated last month, could be subjected to remote hacking attacks, reports SecurityWeek.

Attackers could leverage the vulnerabilities, tracked as CVE-2023-33871, CVE-2023-38257, CVE-2023-35763, and CVE-2023-35189, to facilitate server data acquisition, arbitrary command execution, and encrypted admin password procurement and decryption, which could then be used to monitor connected ATMs and execute various malicious activities, according to a report from Synack Red Team members who discovered the security bugs.

“Additional exploitation from this foothold in the client’s infrastructure could occur, making this an internet-facing pivot point for a malicious actor,” said researcher Neil Graves, who added that further study is needed to determine the possibility of a custom software upload to allow the exfiltration of cards and redirection of Swift transfers.

Organizations have already been warned by the Cybersecurity and Infrastructure Security Agency regarding the flaws last month.

Source…

Peloton Bugs Expose Enterprise Networks to IoT Attacks

/in


People could potentially lose more than just pounds by using a Peloton treadmill, as the Internet-connected fitness equipment also can leak sensitive data or pose as an initial-access pathway through an attack that compromises any of three key attack vectors, a researcher has found.

Researchers from Check Point Software took a deep dive into the popular Peloton Tread equipment and found that attackers can enter the system — which is essentially an Internet of Things (IoT) device — via the OS, applications, or by exploiting APIs to load various malware.

Hacking a Peloton Tread through any of these points could lead to the exposure not only of a user’s personal data, but attackers could also leverage the machine’s connectivity to move laterally to a corporate network to mount a ransomware or other type of high-level attacks, the researchers revealed in a blog post published this week.

“As fitness enthusiasts embrace the convenience and connectivity of these advanced workout machines, it becomes imperative to explore their potential vulnerabilities,” according to the post, attributed to Check Point’s Augusto Morales, technology lead for threat solutions; Shlomi Feldman, product management, Quantum IoT Protect & SD-WAN; and Mitch Muro, product marketing manager, Quantum IoT Protect & Quantum Spark.

The Peloton fitness brand is perhaps best known for its stationary bicycle and related application, which saw an explosive surge in popularity during the COVID-19 pandemic. The company also offers Peloton Tread, a companion treadmill device that operates on the Android OS, which was the focus of the researchers’ investigation.

Researchers had also identified a previous flaw in the Peloton system which could have allowed attackers to remotely spy on victims through an open unauthenticated API. Indeed, its mere existence as an IoT device exposes the home fitness gear to the same vulnerabilities that any Internet-exposed device faces, and the potential risks to users that go along with them.

Check Point alerted Peloton of the flaws the researchers discovered. The company assessed them and ultimately determined that physical access to the device was required for exploitation, Peloton said in a…

Source…

Two Microsoft Windows bugs under attack, one in Secure Boot with a manual fix • The Register

/in


Patch Tuesday May’s Patch Tuesday brings some good and some bad news, and if you’re a glass-half-full type, you’d lead off with Microsoft’s relatively low number of security fixes: a mere 38.

Your humble vulture, however, is a glass-half-empty-and-who-the-hell-drank-my-whiskey kind of bird, so instead of looking on the bright side, we’re looking at the two Microsoft bugs that have already been found and exploited by miscreants. Plus a third vulnerability, which has been publicly disclosed. We’d suggest patching these three stat.

Six of the 38 vulnerabilities are deemed “critical” because they allow remote code execution.

The two that are under active exploit, at least according to Microsoft, are CVE-2023-29336, a Win32k elevation of privilege vulnerability; and CVE-2023-24932, a Secure Boot security feature bypass vulnerability, which was exploited by the BlackLotus bootkit to infect Windows machines. Interestingly enough, BlackLotus abused CVE-2023-24932 to defeat a patch Microsoft issued last year that closed another bypass vulnerability in Secure Boot. Thus Redmond fixed a hole in Secure Boot, and this malware abused a second bug, CVE-2023-24932, to get around that.

CVE-2023-29336 is a 7.8-out-of-10 rated flaw in the Win32k kernel-mode driver that can be exploited to gain system privileges on Windows PCs. 

“This type of privilege escalation is usually combined with a code execution bug to spread malware,” Zero Dan Initiative’s Dustin Childs said. “Considering this was reported by an AV company, that seems the likely scenario here.” 

Redmond credited Avast bug hunters Jan Vojtešek, Milánek, and Luigino Camastra with finding and disclosing the bug.

Time to boot out a threat

Meanwhile, CVE-2023-24932 received its own separate Microsoft Security Response Center (MSRC) advisory and configuration guidance, which Redmond says is necessary to “fully protect against this vulnerability.”

“This vulnerability allows an attacker to execute self-signed code at the Unified Extensible Firmware Interface (UEFI) level while Secure Boot is enabled,” MSRC warned. “This is used by threat actors primarily as a persistence and defense evasion mechanism.”

If also noted, however,…

Source…