Tag Archive for: Link

US government reinforces ICBC hack link to Citrix Bleed

/in


The possibility that this was the case was first raised by security researcher and commentator Kevin Beaumont via social media website Mastodon on Thursday 9 November. Beaumont had posted evidence drawn from Shodan revealing that ICBC was running a Citrix NetScaler appliance that was not patched against CVE-2023-4966.

According to the Wall Street Journal, which was first to report the latest development having reviewed the note, the Treasury told the industry that it was yet to fully establish that CVE-2023-4966, an information disclosure vulnerability, and a second bug tracked as CVE-2023-4967, a denial-of-service vulnerability, were the access vectors used by LockBit’s operatives. However, the authorities appear to be confident that this will be confirmed imminently.

In the wake of last week’s attack, according to Reuters, the disruption to ICBC’s ability to do business was so extensive that employees were forced to move to proprietary webmail services, while the brokerage was also left temporarily indebted to investment bank BNY Mellon to the tune of $9bn.

Separately, an individual purporting to represent the interests of the LockBit cartel told the news agency that ICBC has paid a ransom. The veracity of this claim has not been verified.

Should I worry about Citrix Bleed?

Commonly known as Citrix Bleed, zero-day exploitation of CVE-2023-4966 has been dated to the beginning of August, and it was added to CISA’s Known Exploited Vulnerabilities (KEV) catalogue on 18 October, eight days after Citrix issued an update to patch it.

Mandiant researchers explained that when successfully exploited, an attacker can use CVE-2023-4966 to hijack existing authenticated sessions and bypass authentication measures, and worse still, these sessions can persist even if the Citrix patch has been deployed.

Its analysts have also observed session hijacking in which session data was stolen before the patch was deployed, and thereafter used by an attacker.

Authenticated session hijacking is a problem because it can lead to attackers gaining wider downstream access based on the permissions that identity or session had been given.

They can then steal additional credentials and start moving…

Source…

I’m a security expert – never click killer link on your iPhone or Android or ‘it may be too late’ to save you

/in


SCAMMERS have many tricks up their sleeves to try and convince you to click on their malicious links.

One type of link may seem harmless at first sight but can be just as dangerous as a more obvious scam link.

Some scammers will send a shortened version of their estranged link to make it look more convincingCredit: Getty

The link you never want to click was brought to light by cyber security company and tech expert Kaspersky on how URL shorteners work, how they can be used, and the privacy and security threats they pose.

The tech expert highlighted that you want to avoid “disguised malicious links” that show up as shortened links.

Some scammers will send a shortened version of their estranged link to make it look more convincing.

Scam links will usually have tons of weird numbers, symbols, and misspellings but shortening the link can help them bypass that.

Shortening links can be easily done through a URL shortener online.

The shortened link may make cause a victim to overlook the need to rethink if it is a scam link.

Short links make it impossible to catch mistakes in the URL at first glance.

“You can only find out where a link points after clicking. And by then it may be too late — if the attackers exploit a zero-click vulnerability in the browser, the infection can occur as soon as you land on the malicious site,” Kaspersky said.

Another goal of the scam is to catch you at the right moment when you may be paying less attention.

The scam links can lead to websites that will ask for personal information to steal your money.

They can also lead you to a malicious source that puts a virus on your computer.

Source…

India grapples with lack of cybersecurity amid investigation into China link to hospital hack

/in


NEW DELHI: Weeks after a cybersecurity attack hit operations at one of India’s largest hospitals, investigators said they are looking into a possible China link.

The IP addresses of two emails used in the hacking attack on the All India Institute of Medical Sciences (AIIMS), India’s premier government hospital, allegedly originated from China’s Henan province and Hong Kong.

Officials have tracked a server address to China, but experts said that does not necessarily mean that hackers are located there.

India’s Home Ministry and anti-terror task force the National Investigation Agency are probing the hack.

Experts warned that the attack has exposed an urgent need for India to fortify its critical and core sectors, given that the breach was a result of the country not having any cybersecurity protocols in place.

The government has drafted a data privacy bill, but experts in the field said the country does not have enough safeguards in place.

Cybersecurity expert Pawan Duggal said that when an attack such as the one targeted at AIIMS happens, “no one knows what to do” and no agency has an SOP (standard operating procedure).

“We need to tell ourselves that this is a given reality, and the quicker we prepare ourselves, the quicker we go for public-private partnerships, the better it is. The government alone can’t deal with the challenges of cybersecurity,” he said. 

The attack could hamper India’s efforts to digitise health records, hampering government efforts to create a database that will give Indians access to their health records at any hospital within seconds.

CYBERSECURITY ATTACK

The hospital, where more than 12,000 patients get treatment daily, was hit by the attack on Nov 23.

The healthcare institution was not able to register new patients, and doctors could not access medical records or reports.

It later emerged that five servers that stored the data of more than 30 million patients – including health records of former prime ministers, top politicians and bureaucrats – were infected in a cyberattack.

It took weeks for the hospital to restore access and for the government to safeguard its systems.

SECOND LARGE ATTACK

Days after the attack on…

Source…

Implementing Cyber Security Protocols: Do Not be your Company’s Weakest Security Link

/in


Hacks often happen from end-users in your company being careless. However, the consequences can be for their company can be detrimental.

A series of large-scale ransomware incursions have prompted the U.S. to ramp up its cybersecurity measures. The Biden administration has also contacted dozens of countries to partner with American intelligence agencies to prevent evasive cybercriminals from acting around the globe.

Security is a weakest-link kind of game.

Defenders must defend all items in the physical realm and the cyber world. If you miss one item like the creation of an easy password to guess, an employee clicks on a phishing email, or you forget to update one application, an intruder can enter to attack your data storage.

To help you not become the weakest link, we will discuss the dark web of cybercrime and the behavioral component of security tasks. There are systematic ways you may avoid data breaches. However, many companies must also focus on how they can fortify their human-run systems from within.

Security violations to computer networks are a prominent threat. However, we often see frequent reports of companies and institutions experiencing severe data leaks. Twitch’s live-video site is one example of content creators’ earnings, among posting other details online.

Here we will observe the issues in cyber security and describe the best practices to avoid being your company’s weakest security link.

Why are Companies Getting Caught Flat-footed?

In some cases, the weakest link in your company is a lack of awareness. Therefore it is essential to make these individuals aware of some of the threats that companies might face. The people running these sites, especially those less technologically savvy, are unaware of the dangers, or all the things necessary to be secure are a secondary priority.

It’s not what the teams are building. It is about providing a well-trained security staff that knows what to look for and has the authority to…

Source…