83r71n

83r71n, 15 days ago to Cybersecurity

Google's passkeys, introduced in 2022, have become a popular and secure alternative to traditional passwords, being used over 1 billion times across 400 million-plus Google accounts. These passkeys, which rely on fingerprints, face scans, or PINs for authentication, are faster and more resistant to phishing than passwords. Google plans to integrate passkeys into its Advanced Protection Program, enhancing security for high-risk users. Additionally, third-party password managers like Dashlane and 1Password can now support passkeys, further expanding their use. The technology is supported by major companies like eBay, Uber, PayPal, and Amazon, indicating a shift towards passkey-based authentication as a more secure and efficient method.

https://blog.google/technology/safety-security/google-passkeys-update-april-2024/

#cybersecurity #google #passkeys #password #pin #phishing #app #dashlane #1password #ebay #uber #paypal #amazon

83r71n, 1 month ago to Cybersecurity

A critical vulnerability, identified as CVE-2024-20356, has been found in Cisco's Integrated Management Controller (IMC). This flaw allows for command injection, potentially giving attackers the ability to gain root access to systems. The vulnerability is located in the web-based management interface of the IMC, which is used for remotely managing Cisco hardware. The issue arises from insufficient user input validation in the IMC interface, allowing an authenticated, remote attacker with administrative privileges to inject malicious commands.

Security researchers from Nettitude have developed a Proof of Concept (PoC) exploit, named "CISCown," to demonstrate this vulnerability. The exploit involves sending crafted commands through the web interface, enabling attackers to execute arbitrary code with root privileges on the underlying operating system of Cisco hardware. This PoC exploit is part of a toolkit developed by Nettitude and is available on GitHub. It uses parameters such as target IP, username, and password to automate the exploitation process and deploy a telnetd root shell service on compromised devices.

The release of this PoC exploit signifies a critical threat level for organizations using affected Cisco products. Gaining root access can lead to data theft, system downtime, and further network compromise. Cisco has responded by releasing software updates to address this vulnerability. It is strongly recommended that all affected organizations apply these updates immediately, as no known workaround mitigates this vulnerability.

The affected products include a range of Cisco servers and computing systems, such as the 5000 Series Enterprise Network Compute Systems (ENCS), Catalyst 8300 Series Edge uCPE, UCS C-Series M5, M6, and M7 Rack Servers in standalone mode, UCS E-Series Servers, and UCS S-Series Storage Servers. Users and administrators are advised to visit Cisco’s official security advisory page and the Nettitude GitHub repository hosting the exploitation toolkit for more detailed information and access to the updates.

https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/

#cybersecurity #cisco #vulnerability #imc #cve #poc #nettitude #encs #ucpe #ucs #m5 #m6 #m7 #github

83r71n, 1 month ago to Cybersecurity

A critical vulnerability, named BatBadBut, was discovered in the Rust programming language, affecting not just Rust but also Erlang, Go, Python, Ruby, and potentially others. This vulnerability, with a severity score of 10/10, could allow attackers to execute arbitrary commands on Windows systems by exploiting how Rust handles batch files. The issue arises from Rust's standard library improperly escaping arguments when invoking batch files on Windows, leading to potential command injection. The vulnerability has been addressed with a fix in Rust version 1.77.2, which developers are urged to update to. Other programming languages and systems, including Node.js, PHP, and Java, are also affected and are working on patches.

https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/

https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html

#cybersecurity #rust #batbadbut #vulnerability #erlang #go #python #ruby #nodejs #php #java #windows #commandinjection #RyotaK #Grub4K #flattsecurity

83r71n, 1 month ago to Cybersecurity

Fortinet has revealed vulnerabilities in its FortiOS, FortiProxy, FortiClient Linux, and FortiClient Mac products, including a critical one that could allow remote code execution. This critical flaw, identified as CVE-2023-45590, has a high severity score and could enable an attacker to execute arbitrary code by tricking a user into visiting a malicious website. Other high-severity issues affect FortiOS and FortiProxy, where credentials are not adequately protected. A specific flaw (CVE-2023-41677) might allow an attacker to steal the administrator cookie under certain conditions. Additionally, FortiClientMac has vulnerabilities due to a lack of configuration file validation. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about the potential for cyber threat actors to exploit these vulnerabilities.

https://www.fortiguard.com/psirt/FG-IR-23-087

https://www.fortiguard.com/psirt/FG-IR-23-345

https://www.fortiguard.com/psirt/FG-IR-23-493

#cybersecurity #fortinet #fortios #fortiproxy #forticlient #linux #mac #vulnerability #cve #cisa

83r71n, 1 month ago to Cybersecurity

Google has introduced Kernel Address Sanitizer (KASan) to enhance the security of Android firmware. KASan is designed to detect memory corruption vulnerabilities and stability issues before they affect user devices. It works by monitoring memory access operations to ensure they only target valid regions, identified in a shadow memory area. This tool has already helped identify and fix over 40 memory safety bugs in Android firmware. KASan is particularly useful for bare-metal targets, requiring specific compiler options and strategies to implement effectively. It's part of Google's efforts to address the security challenges posed by the vast number of Android devices and the fragmented ecosystem that makes vulnerability patching difficult.

https://security.googleblog.com/2024/03/address-sanitizer-for-bare-metal.html

#cybersecurity #google #kernel #kasan #android #firmware #bugs #baremetal #patch

83r71n, 1 month ago to Cybersecurity

The Python Package Index (PyPI) repository experienced a malware upload attack, forcing maintainers to suspend new project creation and user registration to mitigate the threat. This incident involved malicious Python packages, likely uploaded using typo-squatting techniques, designed to steal sensitive information and credentials. The malware also included a persistence mechanism to remain active on compromised systems.

https://status.python.org/incidents/dc9zsqzrs0bv

#cybersecurity #python #pypy #attack #malware #incident

83r71n, 2 months ago to Cybersecurity

GitHub has introduced push protection for public repositories to prevent the accidental leak of secrets like API keys and tokens, which could lead to security breaches and legal issues. This feature automatically blocks commits that contain detected secrets. GitHub has now made this protection the default for all users, offering an option to remove or bypass the block for legitimate secrets. Despite the protection, users can still choose to bypass the block or disable it entirely, though GitHub recommends keeping it enabled for security. For organizations using GitHub Enterprise, adding GitHub Advanced Security can extend these protections to private repositories, enhancing security with features like secret scanning and code scanning.

https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/

#cybersecurity #github #push #protection #githubenterprise #githubadvancedsecurity

83r71n, 3 months ago to Cybersecurity

A popular file transfer software from Fortra called GoAnywhere Managed File Transfer (MFT) has been found to have a serious security flaw. This flaw, known as a path traversal weakness, could give anyone free administrator rights over the system. The flaw was discovered in December 2023 by cybersecurity researchers Mohammed Eldeeb and Islam Elrfai from Spark Engineering Consultants and disclosed to GoAnywhere’s developer, Fortra. The flaw has a severity score of 9.8 out of 10, making it extremely critical. Users are urged to patch the software immediately to prevent potential misuse and avoid further issues.

https://www.fortra.com/security/advisory/fi-2024-001

#cybersecurity #fortra #goanywhere #mft #vulnerability #patch

83r71n, 3 months ago to Cybersecurity

EquiLend, a financial technology company owning a platform that executes $2.4 trillion of securities transactions each month, has confirmed unauthorized access to its systems on January 22. The incident has disrupted some of its services. The company has taken immediate steps to secure its systems and is working with external cybersecurity firms to restore the services as quickly as possible. Clients have been informed that this may take several days. The company is working closely with the U.S. Department of the Treasury to monitor the situation. The impact of the cyberattack on financial markets is yet to be determined.

#cybersecurity #equilend #wallstreet #cyberattack

83r71n, 4 months ago to Cybersecurity

Mandiant's X account was compromised through a brute-force password attack by a drainer-as-a-service (DaaS)* group. The account lacked two-factor authentication (2FA), which could have mitigated the attack.

*(DaaS): A Drainer-as-a-Service is a type of cyber attack where hackers sell access to their botnets, which are networks of computers controlled remotely.

https://thehackernews.com/2024/01/mandiants-x-account-was-hacked-using.html

#cybersecurity #mandiant #attack #bruteforce #hack #2fa #daas #botnets