Tag Archive for: vulnerable

Critical D-Link Security Flaws Leaves Thousands Of These Storage Devices Vulnerable To Hacks

/in


end of life d link nas vulnerability allow code execution

End-of-life hardware can be quite the problem at times, even crashing back into Earth’s atmosphere at supersonic speeds for that matter. Of course, we wouldn’t expect such travesties happening with the hardware you keep in your basement, or that NAS you tucked away your closet. However, older tech gear can have serious security vulnerabilities that might not get patched due to its end-of-life status with the manufacturer. This is precisely what some D-Link networked attached storage (NAS) owners are finding out after a critical vulnerability was discovered, affecting up to 10s of thousands of devices still connected to the internet.

Roughly two weeks ago, researchers discovered a chain of vulnerabilities in several D-Link NAS devices including “DNS-340L, DNS-320L, DNS-327L, and DNS-325, among others.” The issues live with nas_sharing.cgi, which has a backdoor thanks to hardcoded credentials and command injection through the system parameter. These combined would allow for arbitrary code execution on the afflicted devices, allowing an attacker access to information, denial of service, or otherwise.

92k end of life d link nas vulnerability allow code execution

According to the researchers with NetSecFish, up to 92,000 D-Link devices are exposed to the internet and vulnerable to attackers. Shodan shows that there are significantly fewer exposed devices and fewer still that are tagged as end-of-life. Regardless, in response to the vulnerabilities, D-Link posted a notice explaining that the “exploit affects a legacy D-Link products and all hardware revisions, which have reached their End of Life (“EOL”)/End of Service Life (“EOS”) Life-Cycle.” As such, the recommendation for affected systems is to retire or replace them, as there will not be an update coming from the company.

Of course, you can also always ensure that the NAS devices are not exposed to the internet and simply use them internally, but there’s no guarantee that your data is safe. Thus, we would also recommend upgrading your storage server to something more current (16TB Buffalo NAS), to help prevent these types of security issues.

Source…

Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks

/in


Apr 09, 2024NewsroomBotnet / Vulnerability

D-Link NAS Devices

Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices.

Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in an advisory, said it does not plan to ship a patch and instead urges customers to replace them.

“The vulnerability lies within the nas_sharing.cgi uri, which is vulnerable due to two main issues: a backdoor facilitated by hard-coded credentials, and a command injection vulnerability via the system parameter,” security researcher who goes by the name netsecfish said in late March 2024.

Cybersecurity

Successful exploitation of the flaws could lead to arbitrary command execution on the affected D-Link NAS devices, granting threat actors the ability to access sensitive information, alter system configurations, or even trigger a denial-of-service (DoS) condition.

The issues affect the following models –

  • DNS-320L
  • DNS-325
  • DNS-327L, and
  • DNS-340L

Threat intelligence firm GreyNoise said it observed attackers attempting to weaponize the flaws to deliver the Mirai botnet malware, thus making it possible to remotely commandeer the D-Link devices.

D-Link NAS Devices

In the absence of a fix, the Shadowserver Foundation is recommending that users either take these devices offline or have remote access to the appliance firewalled to mitigate potential threats.

Cybersecurity

The findings once again illustrate that Mirai botnets are continuously adapting and incorporating new vulnerabilities into their repertoire, with threat actors swiftly developing new variants that are designed to abuse these issues to breach as many devices as possible.

With network devices becoming common targets for financially motivated and nation-state-linked attackers, the development comes as Palo Alto Networks Unit 42 revealed that threat actors are increasingly switching to malware-initiated scanning attacks to flag vulnerabilities in target networks.

“Some scanning attacks originate from benign networks likely driven by malware on infected machines,”…

Source…

CSUF cybersecurity students compete to hack into vulnerable systems – Orange County Register

/in


Last fall, Cal State Fullerton cybersecurity students competed in the Collegiate Penetration Testing Competition where teams of students from the region met to determine how to hack the security systems of an airport and then presented a report of their findings to executives.

The Cal State Fullerton team of six students placed second in the high-pressure competition, which provided real-world experience that they will bring to the jobs that await them once they graduate. Business sponsors often recruit winners for employment during these events, said Mikhail Gofman, professor of computer science and director of the ECS Center for Cybersecurity in the College of Engineering and Computer Science.

Penetration testing means trying to break through the security systems of a business by using the same tools and techniques that hackers use. If a penetration tester can discover and exploit a vulnerability, Gofman said, then so can an attacker.

“This is often called the security governance,” Gofman said, “the goal of which is to ensure the cybersecurity of the company. It is driven by risk management, and, of course, cyberattacks are a big part of the company risk management, because a cyberattack can have very devastating consequences.”

The regional competition focused on the security systems of an airport. “They weren’t actually real airport systems, but real networks which simulated what a network infrastructure of an airport would look like,” Gofman said. “The students had 12 hours, from morning to night, to conduct the penetration test to find and exploit as many security vulnerabilities as possible.”

Then they had to write a professional penetration testing report that communicated their findings in plain language.

“Our goal as a team was to try to fully compromise the company, given only a set of IP ranges and some scattered fictitious employee information they left on the internet for us to exploit,” said fourth-year student Katherine Chen, who was a member of the winning team.

“You use public information on the internet to impersonate someone and use their information for malicious purposes, which we were successfully able to do,” Chen said. “At…

Source…

2024 Thales Data Threat Report Reveals Rise In Ransomware Attacks, As Compliance Failings Leave Businesses Vulnerable To…

/in


(MENAFN– AETOSWire) (BUSINESS WIRE ) — Thales today announced the release of the 2024 Thales Data Threat Report , its annual report on the latest data security threats, trends, and emerging topics based on a survey of nearly 3000 IT and security professionals in 18 countries across 37 industries. This year’s report found that 93% of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47% last year.

Threats continue to increase in volume and severity

The number of enterprises experiencing ransomware attacks surged by over 27% in the past year. Despite this escalating threat, less than half of organisations have a formal ransomware plan in place, with 8% resorting to paying the ransom demands.

Malware stands out as the fastest-growing threat of 2024, with 41% of enterprises witnessing a malware attack in the past year – closely followed by phishing and ransomware. Cloud assets, including SaaS applications, cloud-based storage, and cloud infrastructure management, remain the primary targets for such attacks.

The report shows that for a second year running, human error remains the leading cause of data breaches, with 31% of enterprises pinpointing this as the root cause.

These insights are drawn from the 2024 Thales Data Threat Report, conducted by 451 Research. The report sheds light on how businesses are adapting their data security strategies and practices in response to an evolving threat landscape.

Compliance is the key to data security

The research found that over two fifths (43%) of enterprises failed a compliance audit in the past twelve months – with the report highlighting a very clear correlation between compliance and data security.

Of those that had failed a compliance audit in the past twelve months, 31% had experienced a breach that very same year. This compares to just 3% of those who had passed compliance audits.

Operational complexity continues to cause data headaches

Fundamental understanding of what systems, applications, and data are at risk continue to lag due to changing regulatory and threat landscapes. Only a third (33%) of organisations are…

Source…