U.S. CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalo
Aggregator
Minutes Network Appoints Gaming And Web3 Veteran Jamie King, Former Rockstar Co-Founder, as CMO
9 months ago
**LEEDS, United Kingdom, October 14th, 2024/Chainwire/--**Minutes Network, the world's first blockch
El Dorado
9 months ago
cohenido
CVE-2000-0794 | SGI IRIX 6.2 gmemusage/gr_osview HOME memory corruption (EDB-20127 / XFDB-5063)
9 months ago
A vulnerability was found in SGI IRIX 6.2. It has been classified as critical. Affected is an unknown function of the file gmemusage/gr_osview. The manipulation of the argument HOME as part of Environment Variable leads to memory corruption.
This vulnerability is traded as CVE-2000-0794. An attack has to be approached locally. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2014-7694 | Fastappz Corvette Museum 1.399 X.509 Certificate cryptographic issues (VU#582497)
9 months ago
A vulnerability was found in Fastappz Corvette Museum 1.399 and classified as critical. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues.
The identification of this vulnerability is CVE-2014-7694. The attack can only be done within the local network. There is no exploit available.
vuldb.com
How nation-states exploit political instability to launch cyber operations
9 months ago
In this Help Net Security interview, Ismael Valenzuela, Vice President of Threat Research & Intelligence at BlackBerry, discusses the impact of geopolitical tensions on the frequency and sophistication of cyberattacks. He explains how nation-states and politically motivated groups exploit unrest for strategic advantages, providing examples of recent conflicts and their cyber implications. How do geopolitical tensions directly affect the frequency and sophistication of cyberattacks? Can you give examples of how nation-states or politically motivated groups … More →
The post How nation-states exploit political instability to launch cyber operations appeared first on Help Net Security.
Mirko Zorz
CVE-2016-1352 | Cisco Unified Computing System up to 1.3(1b) HTTP Request os command injection (CSCuv33856 / Nessus ID 93108)
9 months ago
A vulnerability has been found in Cisco Unified Computing System up to 1.3(1b) and classified as very critical. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to os command injection.
This vulnerability is known as CVE-2016-1352. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2016-1362 | Cisco AireOS up to 7.4.120.0/7.5.x/7.6.100.0 on WLC HTTP Request resource management (CSCun86747 / Nessus ID 90893)
9 months ago
A vulnerability, which was classified as problematic, was found in Cisco AireOS up to 7.4.120.0/7.5.x/7.6.100.0 on WLC. This affects an unknown part of the component HTTP Request Handler. The manipulation leads to improper resource management.
This vulnerability is uniquely identified as CVE-2016-1362. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2016-2184 | Linux Kernel 3.10.0-229.20.1.el7.x86_64 snd-usb-audio Driver null pointer dereference (USN-2969-1 / EDB-39555)
9 months ago
A vulnerability, which was classified as critical, was found in Linux Kernel 3.10.0-229.20.1.el7.x86_64. This affects an unknown part of the component snd-usb-audio Driver. The manipulation leads to null pointer dereference.
This vulnerability is uniquely identified as CVE-2016-2184. Attacking locally is a requirement. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
The dark side of API security
9 months ago
APIs are the backbone of digital transformation efforts, connecting applications across organizations, so their security is of the utmost importance. In this Help Net Security video, Lori MacVittie, a Distinguished Engineer at F5, discusses the current state of API security. A recent F5 State of Application Strategy report found that: Most organizations’ API estates are expected to expand by 10% over the next two to three years, making security a major priority. Less than 70% … More →
The post The dark side of API security appeared first on Help Net Security.
Help Net Security
Congress Seeks Urgent Action After Chinese Telecom Hack
9 months ago
Lawmakers Demand Answers, Security Overhaul After Chinese Hack of Telecom Networks
Congress is demanding answers from AT&T, Verizon, and Lumen after reports revealed that Chinese hackers breached U.S. telecom infrastructure, targeting systems linked to court-authorized wiretaps, as the FBI and the Cybersecurity and Infrastructure Security Agency investigate the Salt Typhoon group.
Congress is demanding answers from AT&T, Verizon, and Lumen after reports revealed that Chinese hackers breached U.S. telecom infrastructure, targeting systems linked to court-authorized wiretaps, as the FBI and the Cybersecurity and Infrastructure Security Agency investigate the Salt Typhoon group.
Revenue Cycle Vendor Notifying 400,000 Patients of Hack
9 months ago
Texas-Based Gryphon Healthcare Says an Unnamed Third Party Was at Center of Breach
A Texas-based revenue cycle management firm is notifying about 400,000 individuals of a hacking incident it says originated with another third party. The incident is among a growing list of major breaches implicating vendors and cumulatively affecting tens of millions of patients so far this year.
A Texas-based revenue cycle management firm is notifying about 400,000 individuals of a hacking incident it says originated with another third party. The incident is among a growing list of major breaches implicating vendors and cumulatively affecting tens of millions of patients so far this year.
Oil and Gas Firms Aware of Cyber Risks
9 months ago
Sector Uses Multifactor, Eschews Cloud, Can't Afford Cyber Insurance
The oil and gas industry has high levels of cyber awareness and low levels of cyber insurance, says a sectoral assessment from credit rating agency Moody's. The sector has experienced a clutch of high-profile attacks including a high-profile 2021 incident at Colonial Pipeline.
The oil and gas industry has high levels of cyber awareness and low levels of cyber insurance, says a sectoral assessment from credit rating agency Moody's. The sector has experienced a clutch of high-profile attacks including a high-profile 2021 incident at Colonial Pipeline.
Most EU Nations to Miss Upcoming NIS2 Deadline
9 months ago
Only Six Nations Have Incorporated NIS2 Into National Statute
Most European countries are set to miss a trading bloc deadline for implementing a key cybersecurity regulation that requires measures such as mandatory security auditing for essential services such as hospitals and banks. Just six countries have integrated the NIS2 directive into national law.
Most European countries are set to miss a trading bloc deadline for implementing a key cybersecurity regulation that requires measures such as mandatory security auditing for essential services such as hospitals and banks. Just six countries have integrated the NIS2 directive into national law.
Let’s Clone a Cloner - Part 2: You Have No Power Here
9 months ago
<p>Previously on Let's Clone a Cloner, I needed a long-range RFID badge cloner. There are many walkthroughs out there on how to build a cloner that are fantastic, innovative builds, but I wanted one that meets all of my…</p>
Costa Petros
勒索软件攻击事件为何不断增加
9 months ago
勒索软件攻击事件在近期有所下降后又开始回升。根据 NCC Group 发布的数据显示,勒索软件攻击的复苏是由老牌勒索软件即服务 (RaaS) 组织主导的。
通过“积极监控每个勒索软件组织使用的泄漏站点并在受害者详细信息发布时抓取”收集的数据,研究人员确定 Lockbit 是 7 月份最活跃的勒索软件团伙,发动了 62 次攻击。比上个月增加了 10 次,是第二和第三活跃团体总和的两倍多。
Lockbit 3.0 仍然是最具威胁性的勒索软件组织,所有组织都应该警惕它。
攻击次数第二多和第三多的组织分别是 Hiveleaks 和 BlackBasta ,共发起过 27 次和 24 次攻击。这些数字表明每个组织的攻击次数都在快速增长——自 6 月以来,Hiveleaks 增长了 440%,BlackBasta 增长了 50%。
勒索软件攻击的复苏和这两个特定团体的崛起很可能密切相关。
勒索软件攻击事件为何会反弹
NCC Group 的研究人员统计,7 月份共发生 198 起成功的勒索软件攻击活动,较 6 月份增长 47%。尽管这一增长势头迅猛,但仍远低于今年春季创下的最高纪录,3 月和 4 月均发生了近 300 起此类攻击活动。
今年 5 月,美国政府加大了打击俄罗斯网络犯罪的力度,悬赏 1500 万美元,以获取有关 Conti(当时全球最大的勒索软件团伙)的宝贵信息。
根据报告作者推测:“威胁者很可能正在经历结构性变化,并开始适应新的运作模式,导致他们的总体危害程度同时增加。”
Hiveleaks 和 BlackBasta 就是这次重组的产物。
这两个组织都“与 Conti 有关联”,Hiveleaks 是其附属组织,而 BlackBasta 则是其替代分支。因此,Conti 似乎没过多久就重新出现在威胁领域,尽管是以新身份出现的。现在,Conti 已经一分为二,因此进入8月份,这些数字进一步增加也就不足为奇。
胡金鱼
“秘密入侵”几乎涉所有中国主要城市!重磅报告揭露美国网络攻击
9 months ago
今年4月15日、7月8日,中国国家计算机病毒应急处理中心等机构连续发布了两次专题报告,揭露了美方利用所谓“伏特台风”虚假叙事行动计划对我国抹黑的真实意图。
10月14日,我国网络安全机构第三次发布专题报告,进一步公开美国政府机构和“五眼联盟”国家针对中国和德国等其他国家,以及全球互联网用户实施网络间谍窃听、窃密活动,并掌握了美国政府机构通过各种手段嫁祸他国的相关证据,另外还有他们采取“供应链”攻击,在互联网设备产品中植入后门等事实,彻底揭穿所谓“伏特台风”这场由美国联邦政府自导自演的政治闹剧。
美研发嫁祸他国隐身“工具包”代号“大理石”
报告显示,长期以来,美国在网络空间积极推行“防御前置”战略,并实施“前出狩猎”战术行动,也就是在对手国家周边地区部署网络战部队,对这些国家的网上目标进行抵近侦察和网络渗透。为适应这种战术需要,美国情报机构专门研发了掩盖自身恶意网络攻击行为、嫁祸他国的隐身“工具包”,代号“大理石”。
国家计算机病毒应急处理中心高级工程师杜振华介绍,“大理石”的主要功能是对这种网络武器,也就是像间谍软件或者恶意程序代码中的可识别特征进行混淆,甚至是擦除。就像是把开发者的指纹给擦除了,也相当于像把枪械武器的膛线改变了,所以导致从技术上对这种武器的溯源变得非常困难。
技术团队调查发现,根据“大理石”工具框架源代码及其注释显示,它被确定为一个机密级(且不可向国外透露)的武器研发计划,起始时间不晚于2015年。“大理石”工具框架可以使用超过100种混淆算法,它能将源代码文件中可读的变量名、字符串等替换为不可读(不可识别)内容,并且可以插入特定的干扰字符串。
杜振华说:“我们可以看到,这里边有阿拉伯语、中文、俄语、朝鲜语、波斯语,那么他在缓冲区做好混淆的数据之后,会把缓冲区的数据写入到指定的位置,或者是相应程序的文件当中,实现对这种网络武器痕迹的故意植入。”
安天科技集团技术委员会副主任李柏松介绍:“这是一种在网络攻击中比较常见的手段,比如说a组织把自己伪装成了b组织,而这种伪装可以在好多个不同的环节出现。比如他在架设命令控制服务器的过程中,或是在他窃密的木马开发过程中,好多个阶段都可以用这样的一些手法。而这就使得他的攻击变得很难去溯源。”
通过这些栽赃、虚构的手段,美国网络战部队和情报机构的黑客就能任意变换身份、变更形象,通过冒充其他国家的身份在全球实施网络攻击窃密活动,然后将这些行为栽赃给被冒充的非美国 “盟友”的国家。
技术团队通过掌握的证据发现,“伏特台风”行动就是一个典型的、精心设计的、符合美国资本集团利益的虚假信息行动,也就是所谓的“假旗”行动,其技战术与美国和“五眼联盟”国家情报机构所采用技战术完全吻合。
美对全球互联网用户实施无差别监听
我国网络安全机构发布的报告显示,美国政府机构之所以虚构出所谓中国背景的“伏特台风”网络攻击组织,目的就是为了继续把持《涉外情报监视法案》第“702条款”所赋予的“无证”监视权,以维持其庞大的“无差别”“无底线”监听计划。而正是有了“702条款”的相关权限,美国政府机构才能持续对全球互联网用户实施无差别监听,甚至直接从美国各大互联网企业的服务器上获取用户数据,是名副其实的网络空间“窥探者”。
技术团队调查发现,据美国国家安全局的内部绝密级资料显示,美国依托其在互联网布局建设中先天掌握的技术优势和地理位置优势,牢牢把持全球最重要的大西洋海底光缆和太平洋海底光缆等互联网“关键节点”,先后建立了7个国家级的全流量监听站。美国政府机构与英国国家网络安全中心紧密合作,对光缆中传输的数据进行解析和数据窃取,实现对全球互联网用户的无差别监听。
杜振华说:“通过对这些光缆中的数字信号进行提取、汇聚、还原、解码、解密,就可以得到光缆通信数据当中的语音信息、文字信息、视频信息,甚至是‘用户名密码’。这些情报的受益方很多,主要是两个方面,一方面是美国自己,当然包括美国的军方情报机构,另一方面是美国的情报合作伙伴,特别是像‘五眼联盟’国家。”报告显示,为了将窃取的数据实时转化成可阅读、可检索的情报信息,美国国家安全局实施了两个重点工程项目,分别是“上游”(UpStream)项目和“棱镜”(Prism)项目,这两个项目分别承担数据存储和数据还原分析的功能。
杜振华介绍:“‘上游’项目顾名思义,就是从海底光缆中把原始数据提取出来,汇聚形成一个巨大的数据水库,供后续进行深度分析。‘棱镜’计划就是在‘上游’项目的基础上,对数据水库当中的流量进行深度的分析分类,这两者实际上互为补充,都是美国网络监听项目的重要组成部分。”
据网络安全专家介绍,为了解决“上游”项目中加密数据破解和网络通信流量路径覆盖不全等突出问题,美国政府还会通过“棱镜”项目直接从微软、雅虎、谷歌、脸书、苹果等美国各大互联网企业的服务器上获取用户数据。
而“上游”和“棱镜”两个项目正是在《涉外情报监视法案》第“702条款”的授权下建设实施的,因此第“702条款”成为美国情报机构代表美国联邦政府合法、公开、持续窃取全球互联网链路数据的官方依据,也成为美国“窃密帝国”的扎实证据。
中国主要城市几乎都在美国网络秘密入侵范围内
报告显示,为了满足情报需要,针对监听系统“盲区”的特定目标,美国国家安全局下属的“特定入侵行动办公室”会发动网络秘密入侵行动,受害目标主要集中在亚洲、东欧、非洲、中东和南美等地区,据技术团队掌握的证据显示,特定目标已经被植入的间谍程序超过5万个。
技术团队调查发现,在美国国家安全局的内部文件中显示,中国境内的主要城市几乎都在其网络秘密入侵行动范围内,大量的互联网资产已经遭到入侵,其中包括西北工业大学和武汉市地震监测中心所在地区。
李柏松表示:“美方对间谍软件的控制有很多种不同的方式,比较易于理解的是网络远程控制。另外他们有一个代号为‘水蝮蛇’的装备,看起来就像是个USB的接头一样,然后可以伪装成类似于键盘、鼠标的接口,他把这个装备接入到物理隔离网络的设备上去,然后把窃取的数据通过信号的方式发送出来,甚至实现对它的一个控制。”
专家介绍,除了直接实施网络入侵行动窃取数据之外,针对一些防范等级高且入侵难度大的高价值目标,特别入侵行动办公室还会采取“供应链”攻击的方式,也就是在美国大型互联网企业或设备供应商的配合下,从物流环节拦截攻击目标,另外还会对攻击目标所采购的美国网络设备进行拆解并植入后门,然后重新打包发货给攻击目标。
李柏松介绍:“这种被做了手脚的设备得到使用之后,就会成为攻击者的一个突破口。攻击者可以利用它的漏洞、后门,在我们不知道的情况下进入到我们的内网。”
杜振华介绍:“它主要是针对这种防御能力比较强、攻击难度比较大的目标,特别是一些保密等级很高的目标,包括单位、个人和群体。它的隐蔽性非常强,所以能够实现长期潜伏的窃密活动。因为它有可能造成网络瘫痪,所以它的危害无论是从泄密度,还是安全隐患的角度,都是非常严重的。”
美方不断将网络攻击溯源政治化
通过“702条款”的授权,美国情报机构建立了规模庞大的全球化互联网监听网络,向美国政府机构提供了大量高价值情报,使美国政府屡屡在外交、军事、经济、科技等领域占得先机,“702条款”以及与之相配套的互联网监听系统成为现阶段美国维持其霸权地位的“秘密武器”。
报告显示,在拥有强大的先发技术优势条件下,任何目标都有可能被美国联邦政府及其情报机构列入“重点监控名单”,其中包括一些美国的“盟友”国家法国、德国、日本,甚至普通美国公民。
杜振华介绍:“这样无差别、无底线的监听,其实来源于美国的对外情报监视法案第‘702条款’,又被称为‘无证监视法案’。它的权力是非常大的,而且很少受到制约,所以实际上是美国对外肆无忌惮开展这种网络监听活动的一个根源。”
专家介绍,为了维持庞大的监听计划,美国政府机构每年所需的经费预算也是相当惊人,而这正是美国联邦政府及其情报机构合谋策划、推动“伏特台风”计划的主要动力。
杜振华介绍:“‘伏特台风’这种虚假叙事,实际上就是为了骗取国会为这些竞争项目投入更多的资金。同时,美国还必须通过这种虚假事实去保住‘702条款’这样一个无证监视的权利,还可以达到抹黑和诋毁中国的目的。”
报告指出,多年来,美国政府机构出于自身一己私利,不断将网络攻击溯源问题政治化,而微软等公司则为了迎合美国政客、政府机构和情报机构,出于提高自身商业利益考虑,打着“中国网络威胁论”的旗号,为“702条款”源源不断地输送情报。
中国一向反对政治操弄网络安全事件的技术调查,反对将网络攻击溯源归因问题政治化。报告再次呼吁,网络安全需要广泛的国际协作,广大网络安全企业和研究机构也应该专注于对网络安全威胁对抗技术的研究以及如何为用户提供更高质量的产品和服务。
文章来源:央视新闻客户端
企业资讯
Jetpack fixes critical information disclosure flaw existing since 2016
9 months ago
error code: 1106
CVE-2000-0797 | SGI IRIX 6.2/6.3 gr_osview -D memory corruption (EDB-20126 / XFDB-5062)
9 months ago
A vulnerability classified as critical has been found in SGI IRIX 6.2/6.3. This affects an unknown part of the file gr_osview. The manipulation of the argument -D leads to memory corruption.
This vulnerability is uniquely identified as CVE-2000-0797. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Data breaches trigger increase in cyber insurance claims
9 months ago
Cyber claims have continued their upwards trend over the past year, driven in large part by a rise in data and privacy breach incidents, according to Allianz. Cyber claims frequency exceeds €1 million The frequency of large cyber claims (>€1 million) in the first six months of 2024 was up 14% while severity increased by 17%, according to the insurer’s claims analysis, following just a 1% increase in severity during 2023. Data and privacy breach-related … More →
The post Data breaches trigger increase in cyber insurance claims appeared first on Help Net Security.
Help Net Security