Tag: Root | SpinSafe

Groundbreaking cybersecurity network takes root – Sentinel and Enterprise

April 21, 2024/in Internet Security

The list of organizations that the ransomware group Play has hacked as found on the dark web. Play allegedly hacked Lowell’s municipal network on April 24, and released 5GB of data on May 11. (Courtesy Brett Callow)

Sophisticated cyberattacks targeting the state’s municipalities and health-care systems have demonstrated the need for a coordinated approach to mitigate the damage caused by these incapacitating hacks.

It was just a year ago that Lowell’s municipal computer network was compromised.

The online ransomware group Play claimed responsibility for the massive cyberattack, boasting that it had released 5 gigabytes of data from that theft and posted it to the dark web.

Five months later, Lowell still hadn’t fully recovered from this network breach, which had left city government without phone service, email, access to financial, human resources, asset management and revenue systems, as well as other ancillary services like dog, business and marriage licenses.

In the interim, city departments faced the daunting prospect of rebuilding servers and networks, installing new equipment, creating secure user access portals and training employees in cybersecurity.

Even by September, Lowell police reported that critical functions could not be conducted from patrol car computers, forcing officers to log on at neighborhood precincts or police headquarters to complete their shift work — a tedious, time-consuming process.

And more recently, a far-reaching hack of a health-care payment service continues to inflict serious financial pain on the state’s health providers.

As reported by the State House News Service, the debilitating February cyberattack on Change Healthcare has cost the Massachusetts health-care system about $24 million a day, forcing care providers to seek financial relief from health insurers.

The Massachusetts Health and Hospital Association pegged the average daily costs stemming from the attack at $24,154,000, based on a survey that reflects responses from 12 hospitals and health systems.

“Depending on how long it lasts, it’s just like a snowball effect,” Karen Granoff, MHA’s senior director of managed care, told the…

Source…

ICANN Announces New Root Zone Key to Enhance DNS Security in 2024 Ceremony

February 29, 2024/in Internet Security

Internet security is set to receive a significant boost as the Internet Corporation for Assigned Names and Numbers (ICANN) embarks on an initiative to generate a new root zone key signing key (KSK) for the Domain Name System Security Extensions (DNSSEC). This move, scheduled for the 53rd KSK Ceremony on April 26, 2024, marks a pivotal moment in the ongoing effort to safeguard the authenticity of DNS information related to domain names across the globe.

Reviving the Key Generation Process

Following a hiatus caused by the departure of a crucial equipment supplier, ICANN has successfully identified and onboarded a replacement vendor, setting the stage for the generation of the new KSK. This development not only resumes the previously suspended plan but also reinforces ICANN’s commitment to maintaining a secure and stable DNS infrastructure. The new key is anticipated to undergo replication to an alternate facility in the third quarter of 2024, with its pre-publication in the DNS slated for January 2025, and eventual production deployment by late 2026 after a two-year standby period.

A Comprehensive Outreach for Smooth Transition

Understanding the critical importance of this transition for the global Internet community, ICANN is gearing up for an extensive outreach campaign. This campaign aims to educate and prepare stakeholders for the upcoming changes, ensuring a seamless integration of the new key into the DNSSEC framework. This proactive approach seeks to replicate the success of the key rollover exercise conducted in 2018, demonstrating ICANN’s ability to enhance DNS security without disrupting the broader Internet ecosystem.

Future-Proofing DNS Security

In addition to the KSK generation initiative, ICANN is also exploring avenues to further bolster DNS security through the modification of cryptographic algorithms used in signing the root zone. This reflects a broader strategy to adapt to evolving security challenges and maintain the integrity of DNS operations. By continuously evaluating and implementing advanced security measures, ICANN aims to stay ahead of potential threats to the DNS, ensuring its resilience and…

Source…

Looney Tunables Exploit Gives Hackers Root Access To Linux, That’s All Folks

October 4, 2023/in Computer Security

looney tunables privilege escalation vulnerability discovered linux kernel

If Marvin the Martian makes it onto your computer and does privilege escalation to take it over, we might now know just how they did it. A new Linux local privilege escalation vulnerability, dubbed Looney Tunables. that can bump basic users to root was discovered, affecting a plethora of Linux installations.

Glibc is the GNU C Library project, and it “provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel.” Effectively, any operation you do on a Linux kernel system has ties to this library in some form or fashion. Within this is a dynamic loader, which helps to prep and run programs on the system to see what shared libraries are needed by that program. With this, an environment variable called GLIBC_TUNABLES allows users to change library behavior on the fly to avoid requiring a recompile.

code looney tunables privilege escalation vulnerability discovered linux kernel — *Snippet of vulnerable code*

On the inside of glibc, a buffer overflow vulnerability was discovered in the function that handles GLIBC_TUNABLES. With exploitation, this would allow for full root privilege to be granted to a local attacker “on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13,” likely alongside other distributions of the Linux kernel. The researchers at Qualys note that the issue was introduced in April 2021 with glibc version 2.34, which has since been updated four times.

Thankfully, this vulnerability and associated exploit was sent to RedHat early last month, was patched around September 19th, and had a coordinated release date yesterday. Further, as it stands, exploit code is being withheld, but it would not be outside the realm of possibility that another research team or threat actor develops an exploit to integrate into a kill chain. As such, it is recommended that system administrators patch their boxes against this threat to “ensure system integrity and security.”

Source…