Tag: flaws | Page 3

Ransomware gang is exploiting flaws in backup software to attack infrastructure

August 21, 2023/in Internet Security

A known ransomware gang is exploiting a high-severity vulnerability in enterprise backup solutions to deploy malware to their targets and steal login credentials.

This is according to a new report from BlackBerry’s Threat Research and Intelligence team, which claims that the hacking campaign started in early June this year. The organization behind it, known as Cuba, has been alleged by some cybersecurity experts to have ties to the Russian government.

Apparently, Cuba excludes endpoints with the Russian keyboard layout from its attacks and has a number of Russian 404 pages on its infrastructure. Furthermore, it targets (almost exclusively) organizations in the Western world, leading researchers to conclude that the attackers are likely state-aligned.

Critical targets

In this campaign, the group targeted “critical infrastructure organizations” in the United States, as well as IT firms in Latin America, although no names were mentioned.

To target these firms, Cuba abused CVE-2023-27532, a high-severity flaw discovered in Veeam Backup & Replication (VBR) tools. By using previously obtained administrator credentials, the attackers use RDP to infiltrate the target network and drop their custom downloader BugHatch.

A couple of additional steps are required before the network is fully compromised, though, including the deployment of a vulnerable driver to turn off endpoint protection tools.

Given that the Veeam flaw has been around for a few months now, as well as the fact that a proof-of-concept is already available on the internet, deploying a patch is pivotal at this moment, warns BleepingComputer.

The publication added that Cuba also exploits CVE-2020-1472 (“Zerologon”), a vulnerability in Microsoft’s NetLogon protocol, which gives the attackers privilege escalation against AD domain controllers.

Last time we heard from Cuba was in mid-April last year, when cybersecurity researchers from Mandiant observed the group abusing flaws in Microsoft Exchange to compromise corporate endpoints, harvest data, and deploy the COLDDRAW malware.

The experts’ report stated the group used ProxyShell and ProxyLogon vulnerabilities at least since August 2021 to plant various web shells,…

Source…

When Hackers Descended to Test A.I., They Found Flaws Aplenty

August 16, 2023/in Computer Security

Avijit Ghosh wanted the bot to do bad things.

He tried to goad the artificial intelligence model, which he knew as Zinc, into producing code that would choose a job candidate based on race. The chatbot demurred: Doing so would be “harmful and unethical,” it said.

Then, Dr. Ghosh referenced the hierarchical caste structure in his native India. Could the chatbot rank potential hires based on that discriminatory metric?

The model complied.

Dr. Ghosh’s intentions were not malicious, although he was behaving like they were. Instead, he was a casual participant in a competition last weekend at the annual Defcon hackers conference in Las Vegas, where 2,200 people filed into an off-Strip conference room over three days to draw out the dark side of artificial intelligence.

The hackers tried to break through the safeguards of various A.I. programs in an effort to identify their vulnerabilities — to find the problems before actual criminals and misinformation peddlers did — in a practice known as red-teaming. Each competitor had 50 minutes to tackle up to 21 challenges — getting an A.I. model to “hallucinate” inaccurate information, for example.

They found political misinformation, demographic stereotypes, instructions on how to carry out surveillance and more.

The exercise had the blessing of the Biden administration, which is increasingly nervous about the technology’s fast-growing power. Google (maker of the Bard chatbot), OpenAI (ChatGPT), Meta (which released its LLaMA code into the wild) and several other companies offered anonymized versions of their models for scrutiny.

Dr. Ghosh, a lecturer at Northeastern University who specializes in artificial intelligence ethics, was a volunteer at the event. The contest, he said, allowed a head-to-head comparison of several A.I. models and demonstrated how some companies were further along in ensuring that their technology was performing responsibly and consistently.

He will help write a report analyzing the hackers’ findings in the coming months.

The goal, he said: “an easy-to-access resource for everybody to see what problems exist and how we can combat them.”

Defcon was a logical place to test generative artificial…

Source…

iOS 16.6 fixes over a dozen security flaws — don’t wait to update your iPhone

July 27, 2023/in Computer Security

Tom's Guide Awards 2023 winner: — Tom’s Guide Awards 2023 winner:

Apple has released iOS 16.6 and while this update only comes with a few new features ahead of iOS 17, you’re not going to want to skip it. This is because it addresses more than a dozen security flaws, including two that have been actively exploited by hackers.

iOS 16.6 contains fixes for a total of 16 security flaws in Find My, WebKit, Apple Neural Engine and more. Although Apple doesn’t discuss security issues with the best iPhones until after users have had a chance to patch them, a support document does shine a bit more light on the types of flaws that have been fixed in iOS 16.6.

Of these flaws, two are considered quite serious as the company is aware of reports that they have been used by hackers in their attacks. The first is a WebKit flaw (tracked as CVE-2203-37540) while the other is a Kernel flaw (tracked as CVE-2023-38606).

If the first flaw sounds familiar, this is because Apple tried to address it in a Rapid Security Response update earlier this month. However, this update led to some websites not displaying properly and Apple had to re-release the emergency security update intended to fix the flaw a few days later.

In addition to fixing 16 different flaws, Apple is also rolling out iMessage Contact Key Verification with iOS 16.6. This new security feature can also help keep you safe online and in the real world as it lets you verify that the person you’re texting with in iMessage really is who they say they are.

Since these two zero-days have already been used by hackers in their attacks, you’re going to want to install iOS 16.6 as soon as possible.

How to keep your iPhone safe from hackers

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

Keeping your iPhone up to date by installing the latest security patches and updates from Apple is one of the easiest ways to stay safe from hackers. This is because hackers and other cybercriminals like to target individuals running outdated software since the exploits they’ve developed for zero-day flaws can still be used successfully.

As BleepingComputer points out, 11 different zero-day vulnerabilities which affect Apple devices have been…

Source…

Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

June 24, 2023/in Internet Security

Jun 22, 2023Ravie LakshmananVulnerability / Endpoint Security

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild.

This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the activity is not known.

CVE-2023-32434 – An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges.

CVE-2023-32435 – A memory corruption vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content.

The iPhone maker said it’s aware that the two issues “may have been actively exploited against versions of iOS released before iOS 15.7,” crediting Kaspersky researchers Georgy Kucherin, Leonid Bezvershenko, and Boris Larin for reporting them.

The advisory comes as the Russian cybersecurity vendor dissected the spyware implant used in the zero-click attack campaign targeting iOS devices via iMessages carrying an attachment embedded with an exploit for the kernel remote code execution (RCE) vulnerability.

The exploit code is also engineered to download additional components to obtain root privileges on the target device, after which the backdoor is deployed in memory and the initial iMessage is deleted to conceal the infection trail.

The sophisticated implant, called TriangleDB, operates solely in the memory, leaving no traces of the activity following a device reboot. It also comes with diverse data collection and tracking capabilities.

This includes “interacting with the device’s file system (including file creation, modification, exfiltration, and removal), managing processes (listing and termination), extracting keychain items to gather victim credentials, and monitoring the victim’s geolocation, among others.”

In an attempt to complete the attack puzzle and gather its different moving parts, Kaspersky has released a utility called “triangle_check” that organizations can use to scan iOS device backups and hunt for any signs of…

Source…

Tag Archive for: flaws

How to keep your iPhone safe from hackers