Tag Archive for: light

Bit-Wizards Stresses Importance of IT Security in Light of Cybersecurity Awareness Month


Fort Walton Beach, Oct. 12, 2023 (GLOBE NEWSWIRE) — Managed IT Services provider Bit-Wizards is urging businesses of all sizes to prioritize security in response to Cybersecurity Awareness Month. With the average cost of a data breach in the United States reaching $9.48 million in 2023, up from $9.44 million in 2022, Bit-Wizards emphasizes the importance of businesses taking proactive measures to protect against cyber threats.

High-profile companies such as T-Mobile, MGM, Activision, and many others have already suffered financial losses due to cyberattacks this year, and with the holiday season approaching, Bit-Wizards warns that cybercrime tends to spike during this time. Businesspeople often let their guards down, and more employees are traveling and working remotely, making organizations more vulnerable to security risks.

“There’s an increase in activity for cyber threats this time of year because hackers know that people are not being as vigilant as they normally are,” says Jason Monroe, Director of Solution Consulting at Bit-Wizards.  “By nature, we’re relaxed, we’re happy, and we don’t think anything can touch us.”

To combat this, Bit-Wizards urges businesses to implement:

  • Employee training: The main problem with employees is that they simply don’t know that they’re doing anything wrong, or they don’t know what to look for. Training your employees to be skeptical about every external email should be ongoing training that happens regularly. Your employees are your last line of defense before a cyber-criminal can get into your network, but they are also the reason why the doors are left unlocked and opened. Training on computer security best practices, passwords, phishing, ransomware, and other threats should be frequent and ongoing.

  • Cybersecurity measures: Taking cybersecurity measures such as undergoing regular penetration tests is a smart way to help defend your network. A penetration test is an authorized attack on a network to evaluate its security posture. When you undergo a pen test, you’re hiring a company to ethically hack your system. The main focus of this exercise is to attempt to find a vulnerability in a company’s system and then exploit…

Source…

Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks


Apr 20, 2023Ravie LakshmananRansomware / Cyber Attack

Fortra

Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data.

The high-severity flaw, tracked as CVE-2023-0669 (CVSS score: 7.2), concerns a case of pre-authenticated command injection that could be abused to achieve code execution. The issue was patched by the company in version 7.1.2 of the software in February 2023, but not before it was weaponized as a zero-day since January 18.

Fortra, which worked with Palo Alto Networks Unit 42, said it was made aware of suspicious activity associated with some of the file transfer instances on January 30, 2023.

“The unauthorized party used CVE-2023-0669 to create unauthorized user accounts in some MFTaaS customer environments,” the company said. “For a subset of these customers, the unauthorized party leveraged these user accounts to download files from their hosted MFTaaS environments.”

The threat actor further abused the flaw to deploy two additional tools, dubbed “Netcat” and “Errors.jsp,” between January 28, 2023 and January 31, 2023, although not every installation attempt is said to have been successful.

Fortra said it directly reached out to affected customers, and that it has not found any sign of unauthorized access to customer systems that have been reprovisioned a “clean and secure MFTaaS environment.”

While Netcat is a legitimate program for managing reading and writing data over a network, it’s currently not known how the JSP file was used in the attacks.

The investigation also found that CVE-2023-0669 was exploited against a small number of on-premise implementations running a specific configuration of the GoAnywhere MFT solution.

As mitigations, the company is recommending that users rotate the Master Encryption Key, reset all credentials, review audit logs, and delete any suspicious admin or user accounts.

The development comes as Malwarebytes and NCC Group reported a spike in ransomware attacks during the month of March, largely driven by active exploitation of the GoAnywhere MFT vulnerability.

A total…

Source…

FCC looks into BGP vulnerabilities, in light of Russian hacking threat


The FCC is launching an inquiry into security issues surrounding the Border Gateway Protocol (BGP), a widely used standard used to manage interconnectivity between large portions of the Internet.

The move, announced Monday, was issued in response to “Russia’s escalating actions inside of Ukraine,” according to the commission’s notice of inquiry.

BGP is, in essence, a method of ensuring that independently managed networks that make up the global internet are able to communicate with one another. Its initial design, which the FCC said is still in widespread use today, does not contain important security features, meaning that, simply by misconfiguring its own BGP information, a bad actor could potentially redirect Internet traffic wherever it sees fit. This could let that attacker send incorrect information to its targets, read and compromise login credentials, or simply shut down whichever kinds of traffic it wishes.

The potential consequences of a BGP hack are extreme, the FCC said, noting that the types of network effects such an attack can cause include fallout for critical infrastructure like financial markets, transportation and utility systems.

There are security frameworks out there for BGP — the Internet Engineering Task Force and National Institute of Standards and Technology have both created several standards to make BGP more secure, among other projects with that aim in mind — but the FCC said that many networks have not taken advantage of them and remain vulnerable.

Hence, the commission’s inquiry has several goals, including the identification of the possible harms that could result from malicious attacks on BGP, methods of monitoring for BGP attacks, and any potential ways to accelerate the deployment of security standards for BGP.

Source…

Computer attacks with laser light


IT security: Computer attacks with laser light
As data may be transferred via light, security critical systems need optical protection. Credit: Andrea Fabry, KIT

Computer systems that are physically isolated from the outside world (air-gapped) can still be attacked. This is demonstrated by IT security experts of the Karlsruhe Institute of Technology (KIT) in the LaserShark project. They show that data can be transmitted to light-emitting diodes of regular office devices using a directed laser. With this, attackers can secretly communicate with air-gapped computer systems over distances of several meters. In addition to conventional information and communication technology security, critical IT systems need to be protected optically as well.

Hackers attack computers with lasers. This sounds like a scene from the latest James Bond movie, but it actually is possible in reality. Early December 2021, researchers of KIT, TU Braunschweig, and TU Berlin presented the LaserShark attack at the 37th Annual Computer Security Applications Conference (ACSAC). This research project focuses on hidden communication via optical channels. Computers or networks in critical infrastructures are often physically isolated to prevent external access. “Air-gapping” means that these systems have neither wired nor wireless connections to the outside world. Previous attempts to bypass such protection via electromagnetic, acoustic, or optical channels merely work at short distances or low data rates. Moreover, they frequently allow for data exfiltration only, that is, receiving data.

Hidden optical channel uses LEDs in commercially available office devices

The Intelligent System Security Group of KASTEL—Institute of Information Security and Dependability of KIT, in cooperation with researchers from TU Braunschweig and TU Berlin, have now demonstrated a new attack: With a directed laser beam, an adversary can introduce data into air-gapped systems and retrieve data without additional hardware on-side at the attacked device. “This hidden optical communication uses…

Source…