Tag Archive for: Sophisticated

Researchers Reveal “Most Sophisticated” iMessage Exploit Targeting iPhones

/in


Recently, the 37th Chaos Communication Congress took place in Hamburg, Germany. A team of cybersecurity experts, including Boris Larin from Moscow-based security firm Kaspersky, Leonid Bezvershenko, and Georgy Kucherin were part of the congress. They uncovered a series of zero-day vulnerabilities in iPhones, exploited through iMessage. This “Operation Triangulation” presentation marked the first public revelation of these susceptibilities and their exploitation methods.

Beware! Researchers Found iMessage Exploit

Reports claim that the attack, refined in its execution, starts with a seemingly harmless iMessage attachment. After that, the iMessage attachment exploits CVE-2023-41990. It is a vulnerability in an undocumented TrueType font instruction. Moreover, it also triggers a chain of events without any observable signs to the user. The exploit uses advanced techniques, including return/jump-oriented programming and a multi-staged JavaScript exploit, to achieve deep access to the device’s system.

For all those unaware, a “zero-day exploit” is similar to finding a secret way into a computer program or any system that nobody else knows about. In the case of Apple, even the people who made the program do not know about it. It is pertinent to mention here that there is no protection against it yet. The name “zero-day” means that the program makers have had zero days to resolve the problem because they just found out about it.

The researchers also disclosed how the attack exploits the JavaScriptCore debugging feature and an integer overflow vulnerability (CVE-2023-32434) to get read/write access to the entire physical memory of the machine at the user level. This strategy allows the hackers to bypass the Page Protection Layer (PPL).

It’s pertinent to mention that these exploits were patched by Apple’s iOS software updates with iOS and iPadOS 15.7.8 for older devices and 16.6. The presentation also highlighted the exploit’s ability to support older and newer iPhone models, including a Pointer Authentication Code (PAC) bypass for the latest models. The exploit’s sophistication is further evidenced by its use of hardware memory-mapped I/O (MMIO) registers.

PTA…

Source…

Russian hackers targeted US intel officers in ‘sophisticated spear phishing campaign,’ DOJ says

/in


Hackers acting on behalf of the Russian government targeted U.S. intelligence officers in a “sophisticated spear phishing campaign” designed to influence elections in the United Kingdom, the Justice Department (DOJ) alleged Thursday.

The operation successfully hacked into computer networks in the U.S., the U.K., Ukraine and other NATO member countries and “stole information used in foreign malign influence operations designed to influence the U.K.’s 2019 elections,” the DOJ said.

The DOJ unsealed a federal indictment Thursday against two individuals connected to the plot, after a federal grand jury in San Francisco returned an indictment Tuesday.

The two individuals charged are Ruslan Aleksandrovich Peretyatko, an officer in Russia’s Federal Security Service (FSB), the DOJ claimed, and Andrey Stanislavovich Korinets. They are each charged with one count of conspiracy to commit an offense against the United States and one count of conspiracy to commit wire fraud.

Along with other unindicted co-conspirators, the defendants were part of the so-called “Callisto Group,” the DOJ said.

The indictment alleges that the hacking campaign took place between at least October 2016 and October 2022 and targeted current and former employees of the U.S. Intelligence Community, Department of Defense, Department of State, defense contractors, and Department of Energy facilities.

The spear phishing campaign often was carried out by sending “sophisticated looking emails” that tricked the targets into providing their log-in credentials, thereby allowing the hackers to access the victims’ email accounts whenever they wanted to, the DOJ said.

Some of the emails were sent from “spoofed” accounts designed to look like other personal and work-related emails the victims would receive, the DOJ said. Sometimes, the emails claimed the users had violated terms of service on an account and had to log in via a provided link. When the users thought they were signing into their accounts, they were actually providing the account credentials to hackers, the DOJ said.

U.S. officials pointed to the indictments as evidence that Russia still is trying to target democratic elections, and they pledged to…

Source…

Elastio uses reverse engineering to better understand increasingly sophisticated ransomware

/in


Ransomware is on the minds of most corporations today, with a big concern about the impact of getting hit on day-to-day operations. Various solutions have emerged to help mitigate those headaches, including when it comes to cloud-native and cloud services.

The operating model in the cloud is much different than it is on-prem, according to Najaf Husain (pictured), founder and chief executive officer of Elastio Software Inc. That means there’s a very different strategy in place when it comes to technologies in the cloud to make things work, scale and be cost-performant for customers.

“We started out with the cloud in mind. All our technologies [are] focused on the cloud,” Husain said. “We work today on Amazon, you’ll see us go to multiple clouds soon — namely Azure, [Google Cloud Platform], the big triumvirate — but that’s where we start. Usually, the personas we focus on are the cloud security folks. Also, the infrastructure people get involved as well because it’s data. So, we’re kind of in between both of them.”

Husain spoke with theCUBE industry analyst John Furrier at the “Cybersecurity” AWS Startup Showcase event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the secret sauce of Elastio’s solutions and technology, along with the problems it aims to solve. (* Disclosure below.)

Knowing what’s in the data

Elastio is available out of the AWS Marketplace and works with a lot of Microsoft Corp. partners currently. The company also has a team that works with customers directly to get them deployed, with the product installed in 10 minutes through a cloud formation template, according to Husain.

“One thing that’s very unique about what we do, everything’s operated in the customer VPC,” he said. “So, it lives in the customer account, so the data never leaves that account. That’s a very important component of the platform.”

When it comes to Elastio’s core technologies, there are several areas at play, including the company’s deep inspection, its data integrity engine, and its ability to finally detect ransomware, malware and corruption inside data, according to…

Source…

DDoS attacks, growing more sophisticated, surged in Q2

/in


Dive Brief:

  • Distributed denial of service attacks surged during the second quarter as criminal and state-linked hacking organizations unleashed a number of sophisticated attacks against critical infrastructure providers and other organizations across the globe, Cloudflare said in a report released Tuesday.  
  • Experts linked pro-Russia hacktivist groups, including Killnet and Anonymous Sudan, to recent major DDoS attacks against Microsoft and threats against financial centers in the U.S. and Europe. 
  • Cloudflare research shows a sharp increase in deliberately engineered and targeted DNS attacks.

Dive Insight:

Cloudflare researchers report “alarming” increases in highly randomized and sophisticated HTTP DDoS attacks in recent months. 

“In some cases, these types of attacks are virtually indistinguishable from legitimate user traffic,” Omer Yoachimik, product manager of Cloudflare’s DDoS protection service, said via email. “Attackers have shown they are able to excel at imitating browser behavior which makes it especially challenging to filter the bad traffic without impacting legitimate traffic.”

Among the most serious attacks during the quarter, researchers noted an ACK flood DDoS attack that originated from a Mirai-variant botnet comprising about 11,000 IP addresses. The attack targeted an internet service provider in the U.S. and peaked at 1.4 terabits per second. 

Mattias Wåhlén, threat intelligence expert at Truesec, said the rise in DDoS attacks is linked to the increased use of flooding attacks, which are considered much more difficult to defend against compared with traditional DDoS attacks.

“These attacks are far more effective, as they tie [up] much more of the server’s capacity,” Wahlen said. 

In June, the Cybersecurity and Infrastructure Security Agency urged organizations to monitor their computer networks and exercise vigilance in order to determine whether outages were maintenance related or linked to an attack. 

Hackvists earlier this month claimed to have attacked payments company Stripe and the Treasury Department’s Electronic Federal Tax Payment System

Anonymous Sudan is now…

Source…