Tag Archive for: takes

Vehere Takes the Lead With Tracking Its First-ever Zero-day Vulnerability and Subsequent Responsible Disclosure

/in


SAN FRANCISCO, May 30, 2023–(BUSINESS WIRE)–Vehere’s research wing, Dawn Treader, has announced its recent discovery of a zero-day vulnerability, marking a significant achievement for the cyber network intelligence organization. This is the first time Vehere has made such a discovery, showcasing the efficiency and capability of the research team. The identification of this vulnerability is a major milestone for the organization, and demonstrates their commitment to staying at the forefront of the ever-evolving cybersecurity landscape.

The vulnerability, identified through fuzzing, was a heap buffer overflow in MagickCore/quantum-import.c and affects ImageMagick versions 7.1.1-6. It allows attackers to exploit a crafted file and trigger an out-of-bound read error, resulting in an application crash and denial-of-service. The vulnerability was responsibly disclosed to ImageMagick, which promptly released a patch addressing the issue by ensuring proper memory allocation. RedHat has released an advisory to warn users about this vulnerability, assigning it a CVSS score of 5.5 and a CVE ID of CVE-2023-2157.

Read Dawn Treader’s exclusive blog post and discover further details about this zero-day vulnerability:
https://vehere.com/threat-severity-high/breaking-down-the-imagemagick-cve-2023-2157-vulnerability-dawn-treaders-findings/

Speaking on this impactful discovery, Vehere’s co-founder Praveen Jaiswal said, “Vehere’s successful identification and ethical disclosure of the vulnerability highlight our commitment to proactively identify and address potential threats. We are extremely proud that we are one of the few Indian companies to identify a zero-day vulnerability, and it serves as a testament to the expertise and dedication of our research team, Dawn Treader.”

Vehere is a revolutionary cybersecurity company that is boldly merging the realms of national security and enterprise security through a single, powerful platform. With a strong global presence and unparalleled expertise in cyber network intelligence, Vehere is radically changing the way organizations and governments protect themselves from cyber threats. Established in 2006, Vehere is a global corporation with offices in San…

Source…

BlackCat ransomware takes control of protected computers via new kernel driver

/in


A new kernel driver was discovered from a February 2023 BlackCat ransomware incident that leverages a separate user client executable as a way to control, pause and kill various processes on target endpoints of security agents deployed on protected computers.

In a May 22 blog post, Trend Micro researchers said they believe that the new kernel driver was an updated version that inherited the main functionality from samples disclosed in previous research in December 2022 by Mandiant, Sophos, and Sentinel One.

The three companies published a coordinated disclosure that malicious kernel drivers were being signed through several Microsoft hardware developer accounts. The joint researchers said these profiles had been used in a number of cyberattacks that included ransomware incidents. Microsoft subsequently revoked several Microsoft hardware developer accounts that were abused in these attacks.

Trend Micro’s researchers explained that malicious actors use different approaches to sign their malicious kernel drivers. In this case, the attackers tried to deploy the old driver disclosed by Mandiant, but because this driver had already been known and detected, the threat actors deployed another kernel driver signed by a stolen or leaked cross-signing certificate. The kernel driver typically gets used during the evasion phase, say the Trend researchers.

The recent activity of the BlackCat ransomware group signals a disturbing escalation in the cyber threat landscape, said Craig Jones, vice president of security operations at Ontinue. Jones said by exploiting signed kernel drivers, this raises the stakes in an ongoing high-stakes game of “digital cat and mouse” between cyber criminals and those tasked with thwarting their attempts.

“One of the intriguing aspects of this incident is the fact that the ransomware operators are using malicious kernel drivers signed through Microsoft’s portals or using stolen certificates,” said Jones. “This offers them privileged-level access to the systems they attack and lets them bypass security protocols. It also indicates a high level of sophistication and a solid understanding of Windows system operations. They are essentially used to manipulate and…

Source…

What do you do if a hacker takes over your ship?

/in


What do you do if a hacker takes over your ship?
The ship is not behaving as it should. What’s up? Captain Odd Sveinung Hareide explains to the others on the bridge what he has done, what he is prioritizing right now and the next move. Credit: Eli Anne Tvergrov, NTNU

You’re on the bridge, with the ship’s course shown on the digital display. But why is the ship continuing to turn west?

Everything looks normal on the computer screens in the dark wheelhouse—but outside, the land is dangerously close. What’s going on?

Down in the engine room, workers report via radio that everything is normal, but they wonder why the bridge has changed course. The engines are revving and the ship is picking up speed. The engine room hasn’t done this. What now?

Cybersecurity is a hot topic for the entire maritime industry, as well as in academia. A joint team recently conducted a completely new cyber security course at NTNU in Ålesund.

Probably the first of its kind

The Norwegian University of Science and Technology (NTNU) in Ålesund’s program for the maritime industry has just offered a new course entitled “Maritime digital security” (in Norwegian).

Over two months, course participants have looked at digital threats. They have assessed the risk of existing digital threats and realistically practiced a cyber attack on a ship under way. The key focus is on risk management of cyber attacks and building resilience.

“Where information technology and people meet, there is room for digital vulnerability. Security breaches can come in through the ship’s systems and through the port system and through the people who operate or supervise them,” Marie Haugli-Sandvik and Erlend Erstad said.

Both are Ph.D. candidates at the Department of Ocean Operations and Civil Engineering at NTNU. They are studying how the maritime industry can be better equipped to handle cyber attacks.

The two Ph.D. candidates have developed and now run the maritime digital security course, which appears to be the first of its kind in Norway.

The course has been included as part of the doctoral…

Source…

International Law Enforcement Takes Down Website Selling NetWire Malware

/in


by D. Howard Kass • Mar 13, 2023

International law enforcement has seized an internet domain that cyberattackers were using to sell malware on the dark web capable of stealing credentials from a victim’s computer.

The site, worldwiredlabs.com, was selling the Netwire remote access trojan (RAT), which targets a system’s operating system and creates a backdoor that allows it to spy on and gain control of the computer to execute malicious commands.

Croation National Arrested

In this action, authorities in Croatia on Tuesday arrested a Croatian national who allegedly was the administrator of the website. This defendant will be prosecuted by Croatian authorities. Additionally, law enforcement in Switzerland have seized the computer server hosting the NetWire RAT infrastructure, said U.S. District Attorney’s Office for the Central District of California officials.

The Federal Bureau of Investigation (FBI) in Los Angeles has been investigating the website since 2020. It was the only known distributor of NetWire. In the sting, FBI undercover investigators created an account on the website, paid for a subscription plan, and “constructed a customized instance of the NetWire RAT using the product’s builder tool,” according to the affidavit in support of the seizure warrant, the D.A.’s office said.

NetWire Probe Yields Results

The website marketed NetWire as a legitimate business tool to maintain computer infrastructure and the software was advertised on hacking forums. NetWire is well known to cybersecurity providers and federal law enforcement for its use in cybercrimes.

Commenting on the investigation, Donald Alway, the Assistant Director in Charge of the FBI’s Los Angeles field office, said:

“By removing the Netwire RAT, the FBI has impacted the criminal cyber ecosystem. The global partnership that led to the arrest in Croatia also removed a popular tool used to hijack computers in order to perpetuate global fraud, data breaches and network intrusions by threat groups and cybercriminals.”

International operations to combat cybercrime has become a necessary tactic to slow the propagation of malicious software. Indeed, President Biden’s recently released…

Source…