Tag: expose | Page 2

New speculative execution hack can expose passwords and other sensitive data on Apple SoCs

October 28, 2023/in Computer Security

TL;DR: Researchers at Georgia Tech have developed a side-channel exploit for Apple M-series and A-series chips running macOS and iOS. The attack, cleverly dubbed iLeakage, can force Safari and other browsers to reveal Gmail messages, passwords, and other sensitive and private information.

iLeakage works similarly to the Spectre and Meltdown exploits that gave chip manufacturers so much trouble in 2018. The attack leverages the speculative execution feature of modern processors to gain access to information that would normally be hidden.

The method Georgia Tech developed is not a simple matter. While it doesn’t require specialized equipment, the attacker must have a decent knowledge of reverse engineering Apple hardware and side-channel exploits. It also involves creating a malicious website that uses JavaScript to covertly open another webpage, Gmail, for example, to scrape data into a separate popup window on the hacker’s computer. It’s not a hack that script kiddies could execute.

https://www.youtube.com/watch?v=Z2RtpN77H8o

The technique can reveal the contents of an email so long as the user is logged into Gmail (masthead video). It can also grab credentials if the victim uses a password manager’s auto-fill function (above). Theoretically, the exploit could show the hacker practically anything that goes through the processor’s speculative execution pipe. Below they demo how it can access a target’s YouTube history.

iLeakage utilizes WebKit, so it only works with Safari on Macs with an M-series chip (2020 or later). However, any browser on recent iPhones or iPads is vulnerable since Apple requires developers to use its browser engine on those operating systems. It is unclear if the method could be tweaked to use non-WebKit browsers in macOS.

Although there is no CVE tracking designator, Georgia Tech notified Apple of the security issue on September 12, 2022. Cupertino developers are still working on fully mitigating it. At the time of public disclosure, Apple had patched the vulnerability in macOS, but it’s not on by default and is considered “unstable.” The researchers listed steps to enable the…

Source…

Ransomware attack threatens to expose McLaren Health patient data

October 9, 2023/in Internet Security

Michigan Attorney General Dana Nessel warned this week a cyberattack against McLaren Health Care could affect a large number of patients.

McLaren Health, a healthcare system with 15 Michigan hospitals, was hit by a ransomware attack in August, according to the attorney general’s office. Ransomware, a type of malware that can shut down an entire network, is used to steal data before encrypting the system. The stolen information is then held hostage until a ransom is paid.

“This attack shows, once again, how susceptible our information infrastructure may be,” Nessel said in a statement. “Organizations that handle our most personal data have a responsibility to implement safety measures that can withstand cyber-attacks and ensure that a patient’s private health information remains private.”

A cybercriminal group called ALPHV, or BlackCat, claimed responsibility for stealing the sensitive personal health information of 2.5 million McLaren patients, a news release said. But the actual number of affected patients and the type of health information remains unknown.

ALPHV claimed in a message posted to the dark web last week the McLaren data was on the dark web and would be released in a few days unless a ransom payment was received. The group is also linked to the data breach at MGM Resorts that is reportedly costing $100 million.

McLaren shared a statement saying, “we are investigating reports that some of our data may be available on the dark web and will notify individuals whose information was impacted, if any, as soon as possible.”

The healthcare group also said it found no evidence the cybercriminals still have access to the IT system. McLaren has brought in security experts and is working with law enforcement, a news release said.

“Protecting the security and privacy of data in our systems is a top organizational priority, so we immediately launched a comprehensive investigation to understand the source of the disruption and identify what, if any, data exposure occurred,” McLaren said.

Nessel encouraged McLaren patients to protect their data and know the warning signs when someone is using private medical information:

A doctor’s bill for services you did not…

Source…

Cyber Security Gaps Expose Latin Americans to Online Fraud | Technology | Cyber Attacks | Investments | Cryptocurrencies | Scams |

August 15, 2023/in Internet Security

Realizing she was out, Gabriella Batalha didn’t think much of it Instagram, It wasn’t until the next day that she discovered her account was full of ads Investments Inside Cryptocurrencies High performance.

The 27-year-old lawyer from Rio de Janeiro had to pay 200 reais (about US$40) to restore his account. “consultant” He says he found a guy on YouTube who might be a scammer. “It took me two days to recover my account and I was very stressed”He explained.

Patalha was not the only one. Online scams on the rise in Brazil 65% Last year, there were more than 200,000, according to data from the Brazilian Public Security Yearbook published last month.

Also Read: Application Loans: Three Precautions to Avoid Scams and Extortion

Across Latin America, online fraud and cyberattacks are “at an all-time high,” said cybersecurity firm Tenable, posing an urgent problem for the well-connected region.

Recent advances in technology inclusion in Latin America have created new opportunities for fraud, experts say, as the epidemic spurs a trend toward mobile banking and shopping using payment systems like Brazil’s most popular PIX.

The region is increasingly online. In 2022, the 77.9% Compared to Latin America and the Caribbean, people used the Internet 74.8% Above the previous year and world rate 66.3%According to the International Telecommunication Union (ITU).

According to a report by Internet security company Kaspersky, half of Latin American Internet users spend an average of six hours a day on social networks.

“Growing dependence on new technologies has made it easier for cybercriminals to attack more often”said Kerry-Ann Barrett, cybersecurity expert at the Organization of American States (OAS).

Threats are becoming more complex and costly, costing the region billions a year, Barrett noted.

In Peru, a gang defrauded a construction company of more than $62,000 by posing as a bank on a fake website, the attorney general’s office said.

In Mexico, fraudsters have targeted unsuspecting victims with fake job offers via text messages, prompting victims to share sensitive personal data, according to local press reports.

“Latin America is a priority target…

Source…

Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking

August 14, 2023/in Internet Security

Several vulnerabilities discovered in the ScrutisWeb ATM fleet monitoring software made by French company Iagona could be exploited to remotely hack ATMs.

The security holes were discovered by Synack Red Team members and they were patched by the vendor in July 2023 with the release of ScrutisWeb version 2.1.38.

ScrutisWeb allows organizations to monitor banking or retail ATM fleets from a web browser, enabling them to quickly respond to problems. The solution can be used to monitor hardware, reboot or shut down a terminal, send and receive files, and modify data remotely. It’s worth noting that ATM fleets can include check deposit machines and payment terminals in a restaurant chain.

The Synack researchers identified four types of vulnerabilities that have been assigned the CVE identifiers CVE-2023-33871, CVE-2023-38257, CVE-2023-35763 and CVE-2023-35189.

The flaws include path traversal, authorization bypass, hardcoded cryptographic key, and arbitrary file upload issues that can be exploited by remote, unauthenticated attackers.

Threat actors could exploit the flaws to obtain data from the server (configurations, logs and databases), execute arbitrary commands, and obtain encrypted administrator passwords and decrypt them using a hardcoded key.

The researchers said an attacker can leverage the flaws to log into the ScrutisWeb management console as an admin and monitor the activities of connected ATMs, enable management mode on the devices, upload files, and reboot or power them off.

Advertisement. Scroll to continue reading.

Hackers could also exploit the remote command execution vulnerability to hide their tracks by deleting relevant files.

“Additional exploitation from this foothold in the client’s infrastructure could occur, making this an internet-facing pivot point for a malicious actor,” explained Neil Graves, one of the researchers involved in this project.

“Further examination would be required to determine if custom software could be uploaded to individual ATMs to perform bank card exfiltration, Swift transfer redirection, or other malicious activities. However, such additional testing was out of scope of the assessment,” Graves said.

The US…

Source…

Tag Archive for: expose