Tag: hacking | Page 161

83 million IoT devices at risk of hacking

August 19, 2021/in Computer Security

At least 83 million Internet of Things (IoT) devices around the world could be at risk of hacking, potentially enabling threat actors to listen in on private conversations and watch live video streams from baby monitors and smart cameras.

That’s according to new findings from Mandiant, a cyber security company and subsidiary of FireEye.

Mandiant security researchers Jake Valletta, Erik Barzdukas, and Dillon Franke discovered a vulnerability that affects IoT devices that use the Kalay network platform manufactured by Taiwanese IoT and M2M (machine-to-machine) solutions provider ThroughTek.

Tracked as CVE-2021-28372, the vulnerability affects a core component of the Kalay platform, allowing hackers to “listen to live audio, watch real-time video data, and compromise device credentials for further attacks based on exposed device functionality”, according to the researchers.

Although Mandiant was not able to pinpoint the affected devices, its researchers noted that ThroughTek has at least 83 million active devices as well as an estimated 1.1 billion monthly connections on its Kalay platform, with all of them potentially being exposed to hackers.

Mandiant disclosed the vulnerability to the US’ Cybersecurity and Infrastructure Security Agency (CISA), which has published an advisory report on the issue that recommends that users disconnect their ThroughTek devices from the internet, isolate them from the business networks, and to only connect to devices through virtual private networks (VPN).

A spokesperson for the UK’s National Cyber Security Centre (NCSC) told IT Pro that it is “aware of this vulnerability”, adding that ThroughTek “has released an update to fix the issue”.

Related Resource

X-Force Threat Intelligence Index

Top security threats and recommendations for resilience

Download now

“Simply using the platform does not automatically make you vulnerable to real-world impact, as additional information that is hard to guess is needed to exploit the vulnerability in an individual device successfully. To maximise protection, the NCSC recommends individuals keep their software up to date by installing the latest vendor updates as soon as practicable,” said the NCSC…

Source…

Unpatched Remote Hacking Flaw Disclosed in Fortinet’s FortiWeb WAF

August 18, 2021/in Internet Security

Details have emerged about a new unpatched security vulnerability in Fortinet’s web application firewall (WAF) appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system.

“An OS command injection vulnerability in FortiWeb’s management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page,” cybersecurity firm Rapid7 said in an advisory published Tuesday. “This vulnerability appears to be related to CVE-2021-22123, which was addressed in FG-IR-20-120.”

Rapid7 said it discovered and reported the issue in June 2021. Fortinet is expected to release a patch at the end of August with version Fortiweb 6.4.1.

The command injection flaw is yet to be assigned a CVE identifier, but it has a severity rating of 8.7 on the CVSS scoring system. Successful exploitation of the vulnerability can allow authenticated attackers to execute arbitrary commands as the root user on the underlying system via the SAML server configuration page.

“An attacker can leverage this vulnerability to take complete control of the affected device, with the highest possible privileges,” Rapid7’s Tod Beardsley said. “They might install a persistent shell, crypto mining software, or other malicious software. In the unlikely event the management interface is exposed to the internet, they could use the compromised platform to reach into the affected network beyond the DMZ.”

Rapid7 also warns that while authentication is a prerequisite for achieving arbitrary command execution, the exploit could be chained with an authentication bypass flaw, such as CVE-2020-29015. In the interim, users are advised to block access to the FortiWeb device’s management interface from untrusted networks, including taking steps to prevent direct exposure to the internet.

Although there is no evidence that the new security issue has been exploited in the wild, it’s worth noting that unpatched Fortinet servers have been a lucrative target for financially motivated and state-sponsored threat actors alike.

Earlier this April, the Federal Bureau of Investigation (FBI) and the…

Source…

Indra hacking group blamed for attack on Iranian railway system that trolled country’s supreme leader • Graham Cluley

August 16, 2021/in Computer Security

Indra hacking group blamed for attack on Iranian railway system that trolled country's supreme leader

On 9 July, Iran’s railroad system came under attack from hackers.

The attackers posted messages on station departure boards warning of “long delay[s] because of cyberattack”, and suggesting inconvenienced passengers call “64411” for more information.

64411 is reportedly the telephone number of the office of Ayatollah Ali Khamenei, Iran’s supreme leader.

A phone number–64411–was displayed on boards of train stations today in #Iran amid the reported cyberattack on the rail system. It directed commuters there to call for more information. It matched the number to #Iran‘s Supreme Leader’s Office that is displayed on his website. pic.twitter.com/IQQ85I6QhJ

— Iran International English (@IranIntl_En) July 9, 2021

The following day, Iran’s transport ministry said that its computer systems and website had suffered “widespread disruption…probably due to a cyberattack.”

An analysis by experts at Sentinel One pointed the finger of blame towards MeteorExpress (also known as Meteor), a previously unseen type of wiper malware that wiped computer file systems and locked out users.

Inevitably, Iran wasn’t terribly pleased about having its systems attacked by the hackers, and there have been reports that a subsequent drone attack by Iran against an Israeli-operated oil tanker, which resulted in the death of two crew members, might have been launched in a tit-for-tat response to the cyber attack.

However, an investigation by security researchers at Check Point has concluded that the attack was the work of a hacking gang called Indra that works against the Tehran regime, rather than an attack sponsored by a nation state such as Israel.

Sign up to our newsletter
Security news, advice, and tips.

Was it Israel? Was it Indra? Was it Indra working under the orders of Israel?

It’s hard to be certain.

But whoever was responsible for the attack on Iran’s train system which trolled the country’s supreme leader should probably consider that it’s no laughing matter, and that things could very quickly and seriously escalate.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

…

Source…

Be on the lookout for a hacking attack in Pakistan, MP cyber cops tell the media

August 14, 2021/in Internet Security

Cyber-attackers who identified themselves as the “Pakistan Cyber Army” have hacked the website of India’s top police agency, officials said on Saturday. The website of the Central Bureau of Investigation (CBI) was hacked by programmers who left a message saying that the attack was in revenge for similar Indian assaults on Pakistani sites, Press Trust of India said. The hackers signed their message on the Indian police website: “Long Live Pakistan.”

The spokeswoman said she could not comment on Indian media reports that more than 200 other Indian sites had also been attacked by Pakistani hackers.

CBI authorities said they were working to restore the site, which offered information to the public.

“We came to know the CBI site had been compromised Friday night,” the spokeswoman told AFP, asking not to be named. “It will take us a couple of days to restore the site.”

The CBI has “registered a case” and is investigating the attack, she said.

She said she could not immediately say who was responsible for the attack.

The message posted on the CBI site said the attack was “in response to the Pakistani websites hacked by ‘Indian Cyber Army’,” the Press Trust of India (PTI) reported.

“Hacked hahaa funny,” the message said. “Let us see what you investigating agency so called CBI can do” (sic).

Hackers had also infiltrated the server of the National Informatics Centre (NIC), which maintains most of the government’s websites, PTI reported. In August, a group also calling itself the “Pakistan Cyber Army” hacked into the website of independent Indian MP Vijay Mallya, a flamboyant liquor baron, who is also head of Kingfisher Airlines.

The group claims to have hacked a number of Indian websites in recent years, including India’s state-run Oil and Natural Gas Corporation, in retaliation for Indian hackers accessing Pakistan sites. Indian IT specialists have long lamented what they say is a lack of awareness about Internet security across the country, including in the corridors of power.

Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, said it would have been easy for attackers to get into the CBI public site as it was…

Source…

Tag Archive for: hacking