Tag Archive for: released

Exploit Code Released for Critical Fortinet RCE Bug

/in


Researchers have released details for how to exploit a critical remote code execution (RCE) bug in Fortinet’s FortiNAC product, which allows an unauthenticated attacker to write arbitrary files on the system and achieve RCE as a root user.

Organizations use FortiNAC as a network access control solution to oversee and secure all digital assets connected to the enterprise network. The product can be used to manage a range of devices, including: corporate endpoints, Internet of Things (IoT), operational technology and industrial control systems (OT/ICS), and connected medical devices (IoMT), among others. The idea is to provide visibility, control, and automated response for everything that connects to the network, and as such, the device offers a golden opportunity for attackers to pivot and move deep into networks, enumerate environments, steal sensitive information, and more.

Researchers at Horizon3.ai released a blog post with a technical analysis of and proof of concept (POC) exploit for the vulnerability, tracked as CVE-2022-39952, and revealed and patched by Fortinet last week. They subsequently released the exploit code on GitHub.

Fortinet’s Gwendal Guégniaud discovered the vulnerability, which earned a critical rating of 9.8 on the CVSS vulnerability-severity scale. The bug allows attackers to take external control of a file name or path vulnerability in the FortiNAC Web server, Fortinet said in its advisory, thus allowing unauthenticated arbitrary writes on the system.

Fortinet has patched in its affected product versions, with customers urged to update to FortiNAC version 9.4.1 or above, FortiNAC version 9.2.6 or above, FortiNAC version 9.1.8, or FortiNAC version 7.2.0 or above.

How to Exploit the Fortinet FortiNAC Flaw

While there are several ways for attackers to obtain RCE by exploiting arbitrary file write flaws, the researchers wrote what’s called a “cron job to /etc/cron.d/” to take advantage of the vulnerability, they said.

The researchers extracted filesystems from both the vulnerable and patched versions of the product to examine the flaw, finding that Fortinet removed an offending file called /bsc/campusMgr/ui/ROOT/configWizard/keyUpload.jsp in the update that…

Source…

Cyber Security Today, Jan. 11, 2023 – Debate on ransomware attacks dropping continues, beware of long-hidden backdoors and lots of patches released

/in


The debate on ransomware attacks dropping continues, beware of long-hidden backdoors and lots of patches released.

Welcome to Cyber Security Today. It’s Wednesday, January 11th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Another entry in the debate on whether ransomware attacks are going up or down has been issued. Last week researchers at Emsisoft said the truth in the U.S. is hard to figure out because so many attacks aren’t publicly reported. This week researchers at Delinea released a report saying a survey it paid for suggests ransomware last year was down significantly over 2021. Of the 300 American IT decision-makers surveyed, 25 per said they were victims of ransomware in 2022. By comparison, 64 per cent of respondents said their firm was hit in 2021. Respondents also said budgets for ransomware defence dropped last year, although that could be because IT leaders are folding defences against ransomware with defences against all types of cyber attacks. More worrisome, the number of companies with incident response plans dropped to 71 per cent last year from 94 per cent in 2022. There’s a link to the full report in the text version of this podcast.

Threat actors are known for installing back doors on victims’ IT infrastructure to enable their attacks. That’s why scouring an entire IT environment is vital after a successful breach of security controls to make sure back doors aren’t left around. The latest example comes in a report from researchers at U.K.-based S-RM Intelligence. It looked into an attack by the Lorenz ransomware gang. The gang exploited a vulnerability in an organization using Mitel’s VoIP phone system. However, it was able to do that by using a backdoor that had been installed five months before the ransomware was launched. One theory is an initial access broker compromised the victim’s IT infrastructure and installed the backdoor, then notified the Lorenz group. Whatever the explanation, it’s another example of why continuously searching for backdoors as well as patching vulnerabilities is essential.

Ransom demands linked to denial of service attacks aren’t talked about a lot. However,…

Source…

200M Twitter records released on hacking forum

/in


Data relating to more than 200 million Twitter Inc. users have been published on a hacking forum two weeks after data relating to 400 million Twitter users was offered for sale on the same forum.

The data is available to download from BreachForums, the successor site to the now-shuttered RaidForums. The listing describes the data as a “DB/Scrape Leak,” meaning that the data was gathered through access to Twitter and scraping public information. The database includes email addresses, names, screen names, the number of followers each Twitter user has and the date each joined Twitter.

Although the listing comes from a different user than the previously offered 400 million Twitter records, Privacy Affairs claimed today that the data appears to be from the same source. The earlier data was believed to have been gathered by exploiting an application programming interface vulnerability that Twitter fixed in January 2022.

The database includes information on notable Twitter users such as Alphabet Inc. Chief Executive Office Sundar Pichai, Donald Trump Jr. and SpaceX Inc.

Bleeping Computer reported that the database still includes duplicates. Some of the sample data provided has also been confirmed to be legitimate.

A second listing from a different user on Breach Forums claims to have taken the same data dump and cleaned it up, including removing duplicates. The second listing also claims that the records indicate that the information was collected from early November 2021 through Dec. 14, 2021.

“This is a common example of how an unsecured API that developers design to ‘just work’ can remain unsecured because when it comes to security, what is out-of-sight is often out-of-mind,” Jamie Boote, associate software security consultant at application security company Synopsys Inc.’s Software Integrity Group, told SiliconANGLE. “Humans are terrible at securing what they can’t see.”

Sammy Migues, principal scientist at Synopsys Software Integrity Group, noted that the core of the story are the issues around API security.

“As cloud-native app development explodes, so does the world of refactoring monolithic apps into hundreds and thousands of APIs and…

Source…

Google released a second Chrome security update this week

/in


Google published a new security update for the company’s Chrome web browser that addresses three security issues in the browser. The new update comes less than a week after the release of Chrome 106, which addressed a total of 20 security issues in Chrome.

chrome 106 security update


The new security update is available already. Chrome is updated automatically by default, but updates may happen days or even weeks after the release. It is better, often, to install the update manually to protect the browser against potential attacks targeting the security issues.

To do so, load chrome://settings/help in the browser’s address bar or go to Menu > Help > About Google Chrome. Chrome displays the current version that is installed and runs a check for updates. The check will pick up the new security update and install it in the browser.

Once installed Chrome Stable should display version 106.0.5249.91 and Chrome Extended Stable should display version 106.0.5249.91, which can be checked on the Help page.

Google reveals that two of the reported security issues have a severity rating of high. High is the second-highest rating after critical. One security issue was detected internally, and that means that it is not revealed by the company to the public.

  • [$7000][1366813] High CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. on 2022-09-22
  • [$10000][1366399] High CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21

Google makes no mention of exploits in the wild, but there is always the chance that the company has not detected them yet or that attacks begin after the release of the security updates for Chrome.

Chrome users may check the official announcements for Chrome Stable and Chrome Extended Stable, but they don’t provide any additional details. other than a link to the update log, which lists changes meticulously.

Other Chromium-based browsers may post updates, as they may be affected by some of the reported security issues as well.

Now You: do you have Chrome installed on your devices?

Summary

Google released a second Chrome security update this week

Article Name

Google released a second Chrome security update this week

Description

Google published a new security update for the company’s Chrome web browser that addresses…

Source…