Tag Archive for: unexpected

How One Application Test Uncovered an Unexpected Opening in an Enterprise Call Tool

/in


Working as security consultants is highly rewarding. Companies depend on us to view their environment from the perspective of an attacker and find vulnerabilities that could enable threats to succeed. One of the most impactful parts of our role is when we’re the first to find a major vulnerability that could lead to a widespread compromise beyond just our client.

That’s what happened this year with the Cisco Unified Communications Manager (CUCM) IM & Presence appliance. We performed an application penetration test against it for one of our clients. While doing so, we discovered an opening that could effect anyone who uses this appliance. Read on to find out how we explored the product, how we broke it and how to put it back together.

What Is the CUCM Product?

The CUCM solution is a middleware component that allows enterprises to integrate their various communication devices and manage them using one platform. In short, it unifies voice, video, data and mobile applications on fixed and mobile networks. Starting with the Cisco Unified Communications 9.0, the Cisco Unified Presence technology is integrated within the CUCM. Nowadays, most people refer to this solution as the CUCM IM & Presence Service. Almost every customer that uses the Cisco Jabber instant messaging application has the CUCM IM & Presence deployment.

The Findings

During the pen test, we first tried to use the least possible privilege to pinpoint the vulnerabilities that the least trusted users can reach. Then, we created a replica of the appliance in a lab environment. Using several reverse engineering techniques, we extracted the source code of the web application used to manage the appliance.

Through both dynamic testing and analysis of the source code, we found the following vulnerabilities:

  • 3 x Structured Query Language (SQL) injection (CVE-2021-1355, CVE-2021-1364, CVE-2021-1282)
  • SQL injection leads to arbitrary code execution (CVE-2021-1363, CVE-2021-1365)
  • Path traversal (CVE-2021-1357)
  • Cross-site scripting (CVE-2021-1407, CVE-2021-1408)

The main objective was to find vulnerabilities that attackers could exploit to elevate their privilege on the appliance. At first, our…

Source…

Hospitals Getting Unexpected Support – iHLS

/in


This post is also available in:
heעברית (Hebrew)

Ransomware attacks on US healthcare have drastically increased in their sophistication and intensity over the last year, which is expected to continue into 2021.

In recent weeks, the data of multiple healthcare providers has been leaked online by ransomware hackers.

“Protecting the US healthcare system against prevalent cyber threats should be viewed as a patient safety, enterprise risk, and strategic priority” – claims the Center for Internet Security (CIS), a nonprofit focused on best practice solutions for cyber defense and community outreach.

This is the reason why the organization is offering all US hospitals free ransomware protection tools. Private hospitals in need of ransomware assistance can now leverage a free malicious domain blocking and reporting (MDBR) service from CIS and Akamai, a DNS vendor, through a no-cost Multi-State Information Sharing & Analysis Center (MS-ISAC) membership.

MS-ISAC is a division of the Department of Homeland Security Cybersecurity and Infrastructure Security Agency. Its free ransomware service tool was previously offered to federal, local, and other public health entities. More than 1,000 US government entities already employ the tool.

The free service is enabled by a $1 million investment of CIS funds for private hospitals this year. The tool has already blocked 95.56 percent of all malware attacks and 3.01 percent of phishing attacks on the MS-ISAC’s public health members, as of January 31. In December, the service stopped at least nine ransomware domain instances across nine public health entities.

The MDBR prevents IT systems from connecting to harmful web domains, which can help limit infections tied to known malware, ransomware, and phishing threats.

Further, CIS has offered to provide weekly reporting to each participating healthcare entitiy on both accepted and blocked requests, according to healthitsecurity.com.

CIS officials noted that the tool can be integrated into existing systems with reletively minimal effort.

Source…

Unexpected protection added to Microsoft Edge subverts IE security

/in
Unexpected protection added to Microsoft Edge subverts IE security

Enlarge (credit: Brian Smithson / Flickr)

A researcher has uncovered strange and unexpected behavior in Windows 10 that allows remote attackers to steal data stored on hard drives when a user opens a malicious file downloaded with the Edge browser.

The threat partially surfaced last week when a different researcher, John Page, reported what he called a flaw in Internet Explorer. Page claimed that when using the file manager to open a maliciously crafted MHT file, the browser uploaded one or more files to a remote server. According to Page, the vulnerability affected the most recent version of IE, version 11, running on Windows 7, Windows 10, and Windows Server 2012 R2 with all security updates installed. (It’s no longer clear whether any OS other than Windows 10 is affected, at least for some users. More about that in a moment.)

Below this paragraph in Page’s post was a video demonstration of the proof-of-concept exploit Page created. It shows a booby-trapped MHT file triggering an upload of the host computer’s system.ini file to a remote server. Page’s video shows the file being downloaded with Edge.

Read 16 remaining paragraphs | Comments

Biz & IT – Ars Technica

Teen’s open Facebook invite leads to 500 unexpected gatecrashers

/in

Maybe there’s a better way to impress a girl than hosting a party where she invites all her gazillion Facebook friends to trash your mum’s house.
Naked Security – Sophos