Tag: ips | SpinSafe

In Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPs

September 1, 2023/in Internet Security

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:

Quickly hitting Enter key to hack an encrypted Linux computer

Researchers at Pulse Security discovered that an attacker who has physical access to an encrypted Linux system can gain local root access to the computer — bypassing full-disk encryption — by quickly hitting Enter on the keyboard or using a special device to simulate the process. These types of attacks are not new.

High-severity vulnerability patched in Chrome

Advertisement. Scroll to continue reading.

A new Chrome 116 update patches a high-severity use-after-free vulnerability. These types of flaws can typically be combined with other bugs for sandbox escapes and remote code execution. The bug bounty for the vulnerability has yet to be determined by Google.

Google details Android fuzzing efforts

Google has published a blog post detailing its Android fuzzing efforts, including how it finds vulnerabilities, why it continues to invest in fuzzing, challenges, and how others can contribute.

Top-level domains and DNS issues

Cisco Talos has conducted research into top-level domain (TLDs) and DNS issues, highlighting potential risks related to the .kids TLD, ‘zombified’ DNS name issues related to various country TLDs, as well as problems with second-level TLDs.

Skype mobile app is leaking IP addresses

The Skype mobile application is leaking IP addresses, according to a report from 404 Media. A hacker can obtain a targeted user’s IP by sending them a link over Skype — the victim does not have to interact with the link. Microsoft has been notified, but the company is not rushing to patch it.

Rackspace says cost of ransomware attack…

Source…

Cyber Security Certification Update

June 2, 2023/in Video

FBI: Beware Residential IPs Hiding Credential Stuffing

August 23, 2022/in Internet Security

Cyber-criminals are increasingly hijacking home IP addresses to hide credential stuffing activity and increase their chances of success, the FBI has warned.

Credential stuffing is a popular method of account takeover whereby attackers use large lists of breached username/password ‘combos’ and try them across numerous sites and apps simultaneously to see if they work. As many individuals reuse their credentials, they often do.

Working credentials can then be sold to others for initial access. The FBI and Australian Federal Police claim to have found two websites containing over 300,000 unique sets of credentials obtained via credential stuffing. The sites had over 175,000 registered customers and made over $400,000 in sales, the FBI said.

However, website owners can detect this suspicious activity if they know what to look for. This is where residential proxies come in. By compromising home routers or other connected technology, attackers can route their efforts through benign-looking IPs to trick network defenders.

“In executing successful credential stuffing attacks, cyber-criminals have relied extensively on the use of residential proxies, which are connected to residential internet connections and therefore are less likely to be identified as abnormal,” the FBI said in its Private Industry Notification.

“Existing security protocols do not block or flag residential proxies as often as proxies associated with datacenters.”

As well as combo lists, malicious actors buy configurations, or ‘configs,’ and other tools on underground sites to help improve success rates.

“The config may include the website address to target, how to form the HTTP request, how to differentiate between a successful vs unsuccessful login attempt, whether proxies are needed, etc,” the notice explained.

“In addition, cracking tutorial videos available via social media platforms and hacker forums make it relatively easy to learn how to crack accounts using credential stuffing and other techniques.”

The FBI recommended a multi-layered approach to mitigate the threat of credential stuffing.

A report from May last year claimed there were 193 billion credential stuffing attempts during…

Source…