Tag Archive for: vulnerable

2024 Thales Data Threat Report Reveals Rise In Ransomware Attacks, As Compliance Failings Leave Businesses Vulnerable To…

/in


(MENAFN– AETOSWire) (BUSINESS WIRE ) — Thales today announced the release of the 2024 Thales Data Threat Report , its annual report on the latest data security threats, trends, and emerging topics based on a survey of nearly 3000 IT and security professionals in 18 countries across 37 industries. This year’s report found that 93% of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47% last year.

Threats continue to increase in volume and severity

The number of enterprises experiencing ransomware attacks surged by over 27% in the past year. Despite this escalating threat, less than half of organisations have a formal ransomware plan in place, with 8% resorting to paying the ransom demands.

Malware stands out as the fastest-growing threat of 2024, with 41% of enterprises witnessing a malware attack in the past year – closely followed by phishing and ransomware. Cloud assets, including SaaS applications, cloud-based storage, and cloud infrastructure management, remain the primary targets for such attacks.

The report shows that for a second year running, human error remains the leading cause of data breaches, with 31% of enterprises pinpointing this as the root cause.

These insights are drawn from the 2024 Thales Data Threat Report, conducted by 451 Research. The report sheds light on how businesses are adapting their data security strategies and practices in response to an evolving threat landscape.

Compliance is the key to data security

The research found that over two fifths (43%) of enterprises failed a compliance audit in the past twelve months – with the report highlighting a very clear correlation between compliance and data security.

Of those that had failed a compliance audit in the past twelve months, 31% had experienced a breach that very same year. This compares to just 3% of those who had passed compliance audits.

Operational complexity continues to cause data headaches

Fundamental understanding of what systems, applications, and data are at risk continue to lag due to changing regulatory and threat landscapes. Only a third (33%) of organisations are…

Source…

Network-Connected Torque Wrench Used in Factories Is Vulnerable to Ransomware

/in


Hackers could cause mayhem by hijacking Wi-Fi-enabled torque wrenches used at car factories, according to new security research.

On Tuesday, IT security company Nozomi Networks said it uncovered 25 vulnerabilities with an operating system from industrial equipment provider Bosch Rexroth. By exploiting these software bugs, a hacker could tamper with Bosch’s pneumatic torque wrenches, which connect to a customer’s IT network through the hardware’s embedded Wi-Fi module. 

Nozomi researchers tested the vulnerabilities to determine severity, and were able to install ransomware on the Bosch wrenches, effectively bricking them. “Furthermore, we could alter the graphical user interface (GUI) to display an arbitrary message on the screen, requesting the payment of a ransom,” the company added.  

Nozomi Networks slide

(Credit: Nozomi Networks)

The same vulnerabilities could also be abused to secretly alter the wrenches’ configuration settings, all while showing a normal value on the GUI. The sabotage could lead factory operators to think they had properly fastened screws on a car when in reality the bolts would be too loose or too tight, resulting in mechanical failure. 

Nozomi Networks slide

(Credit: Nozomi Networks)

Nozomi Networks discovered the vulnerabilities in Bosch Rexroth’s Linux-based NEXO-OS operating system, which can remotely reprogram the affected torque wrenches. The threat emerges if a hacker infiltrates a company network that contains access to NEXO-OS and the network-connected wrenches. Nozomi notes an “unauthenticated attacker” could then use the software flaws to gain greater privileges and kick off the sabotage. 

Recommended by Our Editors

Nozomi Networks reported the flaws to Bosch Rexroth, but an official fix won’t arrive until the end of January. In the meantime, Nozomi is recommending affected users restrict “network reachability” to the affected Bosch Rexroth products. 

Bosch Rexroth also published a security advisory. The company added: “Security is a top priority at Bosch Rexroth. Our experts continuously monitor any threats and take immediate countermeasures, if necessary, for example through updates offered by the manufacturers. With this approach, we can guarantee a…

Source…

Google accounts may be vulnerable to new hack, changing password won’t help

/in


A new method allegedly enables hackers to exploit authorization protocol OAuth2 functionality to compromise Google accounts and maintain valid sessions by regenerating cookies despite IP or password reset.

According to security firm CloudSEK, a threat actor under the alias PRISMA boasted a potent zero-day exploit and developed a sophisticated solution to generate persistent Google cookies through token manipulation.

“This exploit enables continuous access to Google services, even after a user’s password reset,” the report reads.

OAuth 2.0 stands for “Open Authorization 2.0” and is a widely used protocol for securing and authorizing access to resources on the internet. It makes verifying user identity easy by tapping into their social media accounts, such as Google or Facebook.

CloudSEK’s threat research team identified the exploit’s root at an undocumented Google Oauth endpoint named “MultiLogin.” This is an internal mechanism designed for synchronizing Google accounts across services, which ensures that browser account states align with Google’s authentication cookies.

The developer of the exploit “expressed openness to cooperation,” which accelerated the discovery of the endpoint responsible for regenerating the cookies.

The exploit, incorporated in a malware called Lumma Infostealer on November 14th, boasts two key features: session persistence and cookie generation. To exfiltrate the required secrets, tokens, and account IDs, the malware targets Chrome’s token_service table of WebData of logged-in Chrome profiles.

“The session remains valid even when the account password is changed, providing a unique advantage in bypassing typical security measures,” the report quotes PRISMA. “The capability to generate valid cookies in the event of a session disruption enhances the attacker’s ability to maintain unauthorized access.”

Researchers noted a concerning trend of rapid exploit integration among various Infostealer groups. They think the exploitation of undocumented Google OAuth2 MultiLogin endpoint provides a textbook example of sophistication, as the approach hinges on a nuanced manipulation of the GAIA ID (Google Accounts and ID…

Source…

K-12 schools improve protection against online attacks, but many are vulnerable to ransomware gangs

/in


Some K-12 public schools are racing to improve protection against the threat of online attacks

By

ALANNA DURKIN RICHER Associated Press

November 19, 2023, 9:06 AM ET

4 min read

WASHINGTON — Some K-12 public schools are racing to improve protection against the threat of online attacks, but lax cybersecurity means thousands of others are vulnerable to ransomware gangs that can steal confidential data and disrupt operations.

Since a White House conference in August on ransomware threats, dozens of school districts have signed up for free cybersecurity services, and federal officials have hosted exercises with schools to help them learn how to better secure their networks, said Anne Neuberger, the Biden’s administration’s deputy national security advisor for cyber and emerging technology.

Neuberger said more districts need to take advantage of programs available that would better guard against online attackers who are increasingly targeting schools. Their aim is to lock up computer systems, and in some cases, steal and publish sensitive personal information if a ransom is not paid.

“Compromises happens again and again, often in the same way, and there are defenses to protect against it. And here the government has really brought companies together, brought agencies together to deploy some of those,” Neuberger said in an interview. “Don’t give up. Reach out and sign up. And your kids will be a lot safer online.”

The administration announced steps over the summer to help cash-strapped schools, which have been slow to build up cybersecurity defenses. Ransomware attackers, many of whom are based in Russia, have not only forced schools to temporarily close but have exposed a wealth of students’ private information.

Last month, parents sued the Clark County School District in Nevada, alleging a ransomware attack led to the release of highly sensitive information about teachers, students and their families in the country’s fifth largest school district. In another high-profile case this year, hackers broke into the Minneapolis Public Schools system and dumped sexual assault case records and other sensitive files online after the district refused to pay a $1 million ransom.

More than 9,000…

Source…