Tag Archive for: discovers

US Internet Agency discovers weaknesses in voting machines

/in


(MENAFN) According to a national cyber watchdog, electronic voting machines used in at least 16 states have security issues that hackers may exploit, rising additional doubts about the software following claims of rampant fraud and manipulation in the 2020 presidential election.

The Associated Press got a study from the United States Cybersecurity and Infrastructure Agency (CISA) on Tuesday that revealed nine severe flaws in Dominion Voting Systems equipment, indicating they might be vulnerable to hacking if not rectified.

The agency’s executive director, Brandon Wales, informed the Associated Press that CISA had no proof that the security weaknesses had ever been utilized to sway election outcomes, “states’ standard election security procedures would detect exploitation of these vulnerabilities and in many cases would prevent attempts entirely.”

MENAFN02062022000045014146ID1104312186


Legal Disclaimer: MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.

Source…

Mobile security specialist, Corrata, discovers weak encryption on major websites when accessed using iOS devices | News

/in


DUBLIN, May 17, 2022 /PRNewswire/ — Mobile threat defense solution provider, Corrata, today announced the discovery of poor encryption practices on a number of major websites including Irish telecoms company Eir and German newspaper Bild.  In line with its responsible disclosure practice, Corrata contacted the owners of the websites concerned and the weaknesses have now been remedied.  However it is likely that other websites contain similar vulnerabilities and Corrata urges website owners to make sure that their encryption is in line with industry best practice.

Today the vast majority of websites use encryption to ensure that sensitive data exchanges between users and the website remain confidential.  This confidentiality depends on the use of an internet protocol known as Transport Layer Security (TLS). HTTPS is the implementation of TLS used when browsing websites.  Its use is usually signalled by the appearance of the lock symbol at the top left hand corner of the browser address bar. 

However not all website implementations of https are equally secure.  Some websites use out of date versions of the protocol which are known to be vulnerable to hacking.  This is particularly risky when using Wifi networks because the traffic passing between a mobile phone and a Wifi access point can easily be spied upon.  Internet users rely on the fact that sensitive data is transmitted in encrypted form to combat such spying.  However where weak encryption is used it will fail to protect sensitive data such as passwords, financial information and other confidential data.

The specific weakness discovered by Corrata related to a misconfiguration of the sites’ web servers to favor an old insecure cipher called RC4 when accessed using iOS devices (iPhones and iPads).   Vulnerabilities in this cipher make it vulnerable to hacking and website owners have been strongly advised not to use it for at least ten years.  Devices with Corrata’s mobile threat defense solution installed automatically detect these flaws and prevent users’ data being stolen. It is these routine checks which brought the vulnerability to light. 

About Corrata

Corrata are global leaders…

Source…

Microsoft Discovers Nimbuspwn Privilege Escalation Vulnerability on Linux Systems Granting Hackers Root Permissions

/in


Microsoft discovered a privilege escalation vulnerability in Linux environments that could allow an attacker to take over computer systems.

The vulnerabilities collectively referred to as Nimbuspwn could be chained together to gain root privileges, allowing an attacker to create backdoors, deploy malicious payloads, and perform root code execution.

Microsoft says Nimbuspwn vulnerabilities could potentially be leveraged as a vector for ransomware deployment and other sophisticated threats, including nation-state cyber-espionage.

Nimbuspwn Linux privilege escalation vulnerability explained

Microsoft 365 defender research team began by listening to messages on the system bus leading them to review the code for the networkd-dispatcher.

They discovered information leaks via Directory Info Disclosure in Blueman and Directory Info Disclosure in PackageKit (CVE-2022-0987). Further probes led to the discovery of more issues on the networkd-dispatcher whose daemon runs at boot with root privileges.

A review of networkd-dispatcher code led to the discovery of directory traversal, symlink race, and time-of-check-time-of-use race conditions.

Microsoft says the networkd-dispatcher daemon used the “_run_hooks_for_state” method to discover and run scripts depending on the network state.

The method returns executable script files from the “/etc/networkd-dispatcher/.d” owned by the root user and the root group. The daemon then runs each script using the subprocess.Popen process.

Vulnerabilities in the networkd-dispatcher components:

  • The use of symbolic links – Microsoft discovered that the subprocess.Popen follows symbolic links in the discovery and running of scripts in the base directory.
  • Directory traversal vulnerability (CVE-2022-29799) – Microsoft discovered that the control flow fails to sanitize the OperationalState and the AdministrativeState states. Since the states are responsible for creating the executable script paths, an attacker could escape the “/etc/networkd-dispatcher” directory using the “../../” directory traversal patterns.
  • Time-of-check-time-of-use race condition (CVE-2022-29800) – Microsoft discovered a time gap between the discovery and execution of the root…

Source…

NCC CSIRT Discovers Banking App-Targeting Malware –

/in


The Nigerian Communications Commission’s Computer Security Incident Response Team (CSIRT) has discovered a newly-hatched malicious software that steals users’ banking app login credentials on Android devices.

According to a security advisory from the NCC CSIRT, the malicious software called “Xenomorph”, found to target 56 financial institutions from Europe, has high impact and high vulnerability rate. The main intent of this malware is to steal credentials, combined with the use of SMS and Notification interception to log-in and use potential 2-factor authentication tokens.

Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called “Fast Cleaner” ostensibly meant to clear junk, increase device speed and optimize battery. In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently.

To avoid early detection or being denied access to the PlayStore, “Fast Cleaner” was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.

Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service (SMS), intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.

The CSIRT said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones. Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.

“Xenomorph has been found to target 56 internet banking apps, 28 from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal, as well as Cryptocurrency wallets and general-purpose applications like emailing services.

The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads,” the CSIRT security advisory…

Source…