Tag Archive for: Details

Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers

/in


Industrial and IoT cybersecurity firm Claroty on Thursday disclosed the details of five vulnerabilities that can be chained in an exploit potentially allowing threat actors to hack certain Netgear routers.

The vulnerabilities were first presented at the 2022 Pwn2Own Toronto hacking competition, where white hat hackers earned a total of nearly $1 million for exploits targeting smartphones, printers, NAS devices, smart speakers and routers.

Claroty’s router exploit, which targeted Netgear’s Nighthawk RAX30 SOHO router, earned the company’s researchers $2,500 at Pwn2Own. 

The flaws used in the exploit chain are tracked as CVE-2023-27357, CVE-2023-27367, CVE-2023-27368, CVE-2023-27369, and CVE-2023-27370. They were all patched by Netgear with the release of firmware version 1.0.10.94 in early April.

Three of the vulnerabilities have been rated ‘high severity’ and their exploitation can lead to remote code execution, authentication bypass and command injection. Chaining all the flaws can have a significant impact.

“Successful exploits could allow attackers to monitor users’ internet activity, hijack internet connections and redirect traffic to malicious websites, or inject malware into network traffic,” Claroty warned on Thursday. 

“An attacker could also use these vulnerabilities to access and control networked smart devices (security cameras, thermostats, smart locks), change router settings including credentials or DNS settings, or use a compromised network to launch attacks against other devices or networks,” the company added. 

One mitigating factor is that executing the exploit requires access to the LAN — it’s not a WAN attack that can be executed from the internet, which is why it earned a smaller reward at Pwn2Own. 

Advertisement. Scroll to continue reading.

“These vulnerabilities require an attacker to have your WiFi password or an Ethernet connection to your network to be exploited,” Netgear explained in its advisory.

Related: Netgear Neutralizes Pwn2Own Exploits With Last-Minute Nighthawk Router Patches

Related: Game Acceleration Module Vulnerability Exposes Netgear Routers to Attacks

Source…

ID, bank details, contact information at risk as cyber criminals hack PH Property Bendigo real estate agency

/in


A regional Victorian real estate agency has fallen victim to a data breach.

PH Property Bendigo sent an email to clients yesterday afternoon saying a staff member’s email address was hacked on March 15.

The hackers managed to get past security protocols by the company that include randomised passwords, 2-Factor Authentication for all email accounts, and an in-house internet firewall security system.

The company said four months of data was stolen which could affect about 200 customers. 

Source…

Medicare Ransomware Attack Details Sought by GOP Committee Heads

/in


Republican congressional leaders want the US Centers for Medicare and Medicaid Services to turn over more information on a ransomware attack that exposed the identifiable information of 254,000 Medicare beneficiaries.

The US House’s Committee on Oversight and Reform and Committee on Energy and Commerce are investigating a data breach identified by the agency in October 2022 but not reported to Congress until December 2022.

CMS has said Medicare information was exposed in a hack of a third party government subcontractor, which “acted in violation of its obligations.”

“In other words, bad actors had access to Medicare beneficiaries’ information for two …

Source…

Microsoft details DDoS attacks against healthcare, recent campaigns from KillNet

/in


Microsoft on Friday shared details about the distributed denial-of-service (DDoS) attack landscape against healthcare applications hosted in Azure whilst highlighting the recent attack campaigns launched by KillNet or its affiliated hacktivist groups.

Killnet is a pro-Russia hacktivist group known for its DDoS campaigns against western countries, targeting governments and companies with a focus on the healthcare sector. According to Microsoft’s security researchers, the group attempted to evade DDoS mitigation strategies by changing their attack vectors, such as utilizing different layer 4 and layer 7 attack techniques and increasing the number of sources participating in the campaign.

Microsoft measured the number of daily DDoS attacks on healthcare organizations in Azure between November 18, 2022, and February 17, 2023, and observed a significant increase in the frequency of attacks, with the number of daily attacks rising from 10-20 in November to 40-60 in February.

Among the various types of healthcare organizations, pharmaceutical and life sciences organizations were attacked the most, accounting for 31% of all attacks. Hospitals were the second most targeted with 26%, followed by healthcare insurance with 16% and health services and care organizations with 16% of all attacks.

The Microsoft Azure Network Security Team also observed a combination of multi-vector layer 3, layer 4, and layer 7 DDoS attacks. These attacks primarily focused on web applications and utilized a combination of TCP and UDP vectors. The researchers observed layer 7 DDoS attacks consuming many TCP connections and keeping them alive long enough trying to deplete memory state resources to render the application unavailable – a repeated pattern noticed in several cases for attacks attributed to KillNet.

Here’s the distribution of DDoS attack types targeting healthcare:

  • UDP floods – 53.16%
  • TCP – 44.42%
  • IP flood – 1.78%
  • Packet anomaly – 0.36%
  • UDP amplification – 0.28%

As for the campaigns launched by KillNet and affiliate hacktivist groups, the attack targeted a healthcare provider. The attack lasted less than 12 hours and included TCP SYN, TCP ACK, and packet anomalies. The attack throughput wasn’t very…

Source…