Tag Archive for: Researchers

DeleFriend Vulnerability Could Allow Unwanted Access to APIs, According to Researchers

/in


Hunters researchers noted the vulnerability could lead to privilege escalation. Google said the report “does not identify an underlying security issue in our products.”

Cybersecurity researchers from the firm Hunters discovered a vulnerability in Google Workspace that could allow unwanted access to Workspace APIs. The flaw is significant in that it could let attackers use privilege escalation to gain access that would otherwise only be available to users with Super Admin access. Hunters named this security flaw DeleFriend.

Jump to:

Vulnerability uncovered in Google’s domain-wide delegation

According to the Hunters team, the vulnerability is based on Google Workspace’s role in managing user identities across Google Cloud services. Domain-wide delegation (DWD) connects identity objects from either Google Workspace Marketplace or a Google Cloud Platform Service Account to Workspace.

Domain-wide delegation can be used by attackers in two main ways: to create a new delegation after having gained access to a Super Admin privilege on the target Workspace environment through another attack, or to “enumerate successful combinations of service account keys and OAuth scopes,” Hunters said. This second way is the novel method the researchers have discovered. Yonatan Khanashvilli, threat hunting expert at Team Axon at Hunters, posted a much more detailed explanation of DeleFriend.

Response from Google

Hunters disclosed this flaw to Google in August 2023 and wrote, “Google is currently reviewing the issue with their Product team to assess potential actions based on our recommendations.”

An anonymous Google representative told The Hacker News in November 2023, “This report does not identify an underlying security issue in our products. As a best practice, we encourage users to make sure all accounts have the least amount of privilege possible (see guidance here). Doing so is key to combating these types of attacks.”

Why this Google Workspace vulnerability is particularly dangerous

Hunters said this vulnerability is particularly dangerous because it is long-term (GCP Service account keys do not have expiry dates by default), easy to hide and hard to…

Source…

Researchers spot an increase in Jupyter infostealer infections

/in


Infections involving the Jupyter infostealer have increased over the last two weeks, in particular targeting organizations in the education and healthcare sectors, researchers said Monday.

VMware’s Carbon Black Threat Analysis Unit published a report on Monday highlighting a wave of new incidents involving the malware, which was first seen in late 2020. It allows hackers to steal credentials and exfiltrate data.

“New Jupyter Infostealer variants continue to evolve with simple yet impactful changes to the techniques used by the malware author. This improvement aims to avoid detection and establishes persistence, enabling the attacker to stealthily compromise victims,” the researchers said.

“This malware continues to be one of the top ten infections we’ve detected in our clients’ network primarily targeting the Education and Health sectors.” The report does not mention specific victims.

The malware has evolved to target the Chrome, Edge, and Firefox browsers while the hackers using it have also exploited search engines to get people to download malicious files with the malware attached, Carbon Black said.

In the most recent incidents, the researchers found the infostealer posing as legitimately signed files, using “a valid certificate to further evade detection” and allow initial access to a victim machine.

Common delivery methods for the malware include “malicious websites, drive-by downloads, and phishing emails,” as well as “malicious ads,” they said.

The researchers shared samples of infected files, including generalized how-to documents as well as more specific files. One example was a copy of the U.S. government’s budget for 2024.

In another instance, Carbon Black saw hackers exploiting a signed Autodesk Create Installer. Autodesk is a popular remote desktop application frequently exploited in past cyberattacks.

The report does not attribute Jupyter to a specific hacking group, but past research by other companies has suggested Russia as a point of origin.

Hackers are constantly evolving their efforts to deliver powerful infostealing malware. Last week, cybersecurity researchers at Bitdefender uncovered a campaign that saw hackers use Facebook ads…

Source…

Cisco IOS XE Hack: Researchers Find Another ‘Sharp Increase’ In Affected Devices

/in


Security News


Kyle Alspach


One of the most serious network device attacks in recent memory continues to widen, according to Censys researchers.

ARTICLE TITLE HERE


Compromises of Cisco IOS XE devices jumped by 8,000 on Wednesday, bringing the total number of affected systems to nearly 42,000, according to the latest data from cybersecurity firm Censys.

There’s no patch available for the critical vulnerability that’s being exploited in the attacks, although Cisco has provided mitigations that it’s said are effective at thwarting the compromises. IOS XE is a widely used Cisco networking software platform, with estimates suggesting that more than 140,000 devices in total are potentially vulnerable.

[Related: Why Cisco IOS XE Attacks Are Setting Off Alarm Bells]

Censys researchers had previously found 34,140 Cisco devices compromised, but on Wednesday said they had “found a sharp increase in infections” with the tally climbing to 41,983.

In response to a CRN inquiry Wednesday, Cisco said it did not have any new information to share.

Cisco said in an advisory Monday that the zero-day privilege escalation vulnerability—which is tracked as CVE-2023-20198—warrants the maximum severity rating, 10.0 out of 10.0.

Exploitation of the critical vulnerability can allow a malicious actor to acquire “full control of the compromised device and [allow] possible subsequent unauthorized activity,” Cisco’s Talos threat intelligence team said in a blog post Monday.

The attacks are one of the most serious network device hacks in recent memory, experts have said.

“The last few weeks have seen their fair share of potential sky-crumbling advisories,” Censys researchers said in a post. Those have included a vulnerability in Exim mail servers, “which amounted to much of nothing,” and an HTTP/2 attack that turned out to have a very narrow impact.

“But this time, Apollo, I think we have a problem,” the Censys researchers wrote, referring to the Cisco IOS…

Source…

IIT-Delhi researchers achieve secure quantum communication for 380 km in standard telecom fiber, ET Telecom

/in


New Delhi: IIT-Delhi researchers have achieved an experimental breakthrough on secure quantum communication up to a distance of 380 kilometres in standard telecom fiber with a very low error rate that can be helpful in securing financial transactions and secret codes. This long secure length is the highest achieved so far, not only in India but globally, for the Differential Phase Shift (DPS) QKD protocol, according to officials.

The results of the research by Indian Institute of Technology (IIT)-Delhi researchers has also been published in the “Nature Scientific Reports” journal.

“Such low quantum bit error rate (QBER) makes the quantum communication resistance to collective and individual attacks and implementable for various applications, such as securing financial transactions, medical records and secret codes,” said Bhaskar Kanseri, lead researcher and associate professor at IIT-Delhi’s Physics Department and Optics and Photonics Centre.

continued below

“It is also capable of securing network communication such as Internet of Things (IoT) and ready to revolutionise the field of cyber security,” Kanseri said.

He added that this realisation using state-of-the-art technology will not only help in reducing the need for trusted nodes for intercity or long-distance quantum key exchange, increasing the security of the cryptography scheme, but also prove to be a crucial step towards the commercial production of long-distance secure practical QKD devices.

In quantum communication, security is guaranteed by the laws of Quantum Physics and, in principle, it can not be broken even using a quantum computer, Kanseri explained.

“This QKD demonstration shows methods to get rid of the intermediate trusted nodes, which are the weak security loopholes and are vulnerable to several kinds of attacks. It paves ways for more secure long distance communication useful for strategic areas such as defence and online banking, making digital transactions safer in the near future,” he said.

  • Published On Oct 6, 2023 at 07:27 AM IST