Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for How safe are robots? ...

 Business

When people think of robots, they often imagine anthropomorphic metal figures from sci-fi movies, or industrial automatons on gigantic assembly lines. Few contemplate the fact that robots have long been fully among us. They wash our cars, deliver parcels, sort goods in warehouses, administer pills to patients, ring   show more ...

church bells — and the list only grows longer and longer. Essentially, these are cyberphysical devices on the internet of things (IoT). This raises a valid question: if so many organizations are already using robots, whos in charge of their security? Our colleagues studied the implications of the increasingly widespread adoption of automation and robots, asking more than 4500 representatives of various organizations what they think about this. It turned out that 44% of respondents consider the level of robot security in organizations to be quite high, while 40% hold the opposite view. A cursory online search shows that the latter group are more likely to be right. Security experts have long been trying to draw attention to the issues of protecting robots: theyve investigated many machines in recent years and found them to be vulnerable. Here are just a few that caught their eye. Car wash Back in 2017, at the Black Hat conference, researchers Billy Rios and Jonathan Butts demonstrated how to hack an automatic car wash and what threat this poses to humans. They studied a PDQ LaserWash automatic car wash system, which can be connected to the internet, and found a way to hijack it. They even showed that its possible to slam the bay door into a car, which could endanger not only the vehicle, but also the driver. At the time of initial posting, the vulnerability still wasnt closed. Autonomous mobile robots In the spring of 2022, researchers from Cynerio studied Aethon autonomous mobile robots used in hospitals to transport goods, materials, and clinical supplies. The hackers found vulnerabilities in the control servers and easily took over the robots — which, in their turn, had access to restricted areas in hospitals and could operate service elevators, not to mention the possibilities for spying. The researchers presented some perfectly realistic attack scenarios using the holes they discovered, from stealing medication to sabotage by ramming objects or delaying delivery of critical drugs. In this case the vendor closed the vulnerabilities before the report was published. Humanoid robot In 2018, experts from IOActive showed how an NAO robot – a humanoid robot manufactured by SoftBank Robotics – can be attacked. One could think at first that an NAO robot is little more than a toy. However, various organizations use the robots for teaching children, and some have even tried to find a business application for it as… a customer communications manager! By modifying the robots system files, the researchers were able to steal information from its memory, as well as make it use foul language and show pornography when given access to a screen. What at first glance might seem like a harmless prank would have grave consequences for the owners when the lawsuits from angry parents and business customers start piling up. The researchers also managed to infect the robot with ransomware and have it demand a ransom. In this case – as in the first, above – the developers were reportedly in no hurry to close the vulnerabilities. Fortunately, not everyone is turning a blind eye to robot security: more than half (51%) of our survey respondents believe that robots are vulnerable to hacking. You can read the main findings of the study by downloading the following PDF: The future of jobs. A study on the consequences of automation and increased use of robots.

image for U.S. Govt. Apps Bund ...

 A Little Sunshine

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail   show more ...

about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices. Pushwoosh says it is a U.S. based company that provides code for software developers to profile smartphone app users based on their online activity, allowing them to send tailor-made notifications. But a recent investigation by Reuters raised questions about the company’s real location and truthfulness. The Army told Reuters it removed an app containing Pushwoosh in March, citing “security concerns.” The Army app was used by soldiers at one of the nation’s main combat training bases. Reuters said the CDC likewise recently removed Pushwoosh code from its app over security concerns, after reporters informed the agency Pushwoosh was not based in the Washington D.C. area — as the company had represented — but was instead operated from Novosibirsk, Russia. Pushwoosh’s software also was found in apps for “a wide array of international companies, influential nonprofits and government agencies from global consumer goods company Unilever and the Union of European Football Associations (UEFA) to the politically powerful U.S. gun lobby, the National Rifle Association (NRA), and Britain’s Labour Party.” The company’s founder Max Konev told Reuters Pushwoosh “has no connection with the Russian government of any kind” and that it stores its data in the United States and Germany. But Reuters found that while Pushwoosh’s social media and U.S. regulatory filings present it as a U.S. company based variously in California, Maryland and Washington, D.C., the company’s employees are located in Novosibirsk, Russia. Reuters also learned that the company’s address in California does not exist, and that two LinkedIn accounts for Pushwoosh employees in Washington, D.C. were fake. “Pushwoosh never mentioned it was Russian-based in eight annual filings in the U.S. state of Delaware, where it is registered, an omission which could violate state law,” Reuters reported. Pushwoosh admitted the LinkedIn profiles were fake, but said they were created by a marketing firm to drum up business for the company — not misrepresent its location. Pushwoosh told Reuters it used addresses in the Washington, D.C. area to “receive business correspondence” during the coronavirus pandemic. A review of the Pushwoosh founder’s online presence via Constella Intelligence shows his Pushwoosh email address was tied to a phone number in Washington, D.C. that was also connected to email addresses and account profiles for over a dozen other Pushwoosh employees. Pushwoosh was incorporated in Novosibirsk, Russia in 2016. THE PINCER TROJAN CONNECTION The dust-up over Pushwoosh came in part from data gathered by Zach Edwards, a security researcher who until recently worked for the Internet Safety Labs, a nonprofit organization that funds research into online threats. Edwards said Pushwoosh began as Arello-Mobile, and for several years the two co-branded — appearing side by side at various technology expos. Around 2016, he said, the two companies both started using the Pushwoosh name. A search on Pushwoosh’s code base shows that one of the company’s longtime developers is a 41-year-old from Novosibirsk named Yuri Shmakov. In 2013, KrebsOnSecurity interviewed Shmakov for the story, “Who Wrote the Pincer Android Trojan?” wherein Shmakov acknowledged writing the malware as a freelance project. Shmakov told me that, based on the client’s specifications, he suspected it might ultimately be put to nefarious uses. Even so, he completed the job and signed his work by including his nickname in the app’s code. “I was working on this app for some months, and I was hoping that it would be really helpful,” Shmakov wrote. “[The] idea of this app is that you can set it up as a spam filter…block some calls and SMS remotely, from a Web service. I hoped that this will be [some kind of] blacklist, with logging about blocked [messages/calls]. But of course, I understood that client [did] not really want this.” Shmakov did not respond to requests for comment. His LinkedIn profile says he stopped working for Arello Mobile in 2016, and that he currently is employed full-time as the Android team leader at an online betting company. In a blog post responding to the Reuters story, Pushwoosh said it is a privately held company incorporated under the state laws of Delaware, USA, and that Pushwoosh Inc. was never owned by any company registered in the Russian Federation. “Pushwoosh Inc. used to outsource development parts of the product to the Russian company in Novosibirsk, mentioned in the article,” the company said. “However, in February 2022, Pushwoosh Inc. terminated the contract.” However, Edwards noted that dozens of developer subdomains on Pushwoosh’s main domain still point to JSC Avantel, an Internet provider based in Novosibirsk, Russia. WAR GAMES Pushwoosh employees posing at a company laser tag event. Edwards said the U.S. Army’s app had a custom Pushwoosh configuration that did not appear on any other customer implementation. “It had an extremely custom setup that existed nowhere else,” Edwards said. “Originally, it was an in-app Web browser, where it integrated a Pushwoosh javascript so that any time a user clicked on links, data went out to Pushwoosh and they could push back whatever they wanted through the in-app browser.” An Army Times article published the day after the Reuters story ran said at least 1,000 people downloaded the app, which “delivered updates for troops at the National Training Center on Fort Irwin, Calif., a critical waypoint for deploying units to test their battlefield prowess before heading overseas.” In April 2022, roughly 4,500 Army personnel converged on the National Training Center for a war games exercise on how to use lessons learned from Russia’s war against Ukraine to prepare for future fights against a major adversary such as Russia or China. Edwards said despite Pushwoosh’s many prevarications, the company’s software doesn’t appear to have done anything untoward to its customers or users. “Nothing they did has been seen to be malicious,” he said. “Other than completely lying about where they are, where their data is being hosted, and where they have infrastructure.” GOV 311 Edwards also found Pushwoosh’s technology embedded in nearly two dozen mobile apps that were sold to cities and towns across Illinois as a way to help citizens access general information about their local communities and officials. The Illinois apps that bundled Pushwoosh’s technology were produced by a company called Government 311, which is owned by Bill McCarty, the current director of the Springfield Office of Budget and Management. A 2014 story in The State Journal-Register said Gov 311’s pricing was based on population, and that the app would cost around $2,500 per year for a city with approximately 25,000 people. McCarty told KrebsOnSecurity that his company stopped using Pushwoosh “years ago,” and that it now relies on its own technology to provide push notifications through its 311 apps. But Edwards found some of the 311 apps still try to phone home to Pushwoosh, such as the 311 app for Riverton, Ill. “Riverton ceased being a client several years ago, which [is] probably why their app was never updated to change out Pushwoosh,” McCarty explained. “We are in the process of updating all client apps and a website refresh. As part of that, old unused apps like Riverton 311 will be deleted.” FOREIGN ADTECH THREAT? Edwards said it’s far from clear how many other state and local government apps and Web sites rely on technology that sends user data to U.S. adversaries overseas. In July, Congress introduced an amended version of the Intelligence Authorization Act for 2023, which included a new section focusing on data drawn from online ad auctions that could be used to geolocate individuals or gain other information about them. Business Insider reports that if this section makes it into the final version — which the Senate also has to pass — the Office for the Director of National Intelligence (ODNI) will have 60 days after the Act becomes law to produce a risk assessment. The assessment will look into “the counterintelligence risks of, and the exposure of intelligence community personnel to, tracking by foreign adversaries through advertising technology data,” the Act states. Edwards says he’s hoping those changes pass, because what he found with Pushwoosh is likely just a drop in a bucket. “I’m hoping that Congress acts on that,” he said. “If they were to put a requirement that there’s an annual audit of risks from foreign ad tech, that would at least force people to identify and document those connections.”

 Breaches and Incidents

The BianLian ransomware group listed the company as a victim on the gang’s site. The page lists “File server data. Projects, Marketing, HR, Public Relations,” which suggests these are files that have been copied and will potentially be released.

 Malware and Vulnerabilities

Zanubis uses accessibility services to overlay its victim’s apps with their own login screen. For the last iteration, analyzed samples seem to focus on improving social engineering capabilities, including links to Peru’s government sites.

 Trends, Reports, Analysis

These companies have implemented less than half of all domain security measures. In addition, lookalike domains are targeting those companies as well—with 75% of homoglyph registrations being registered to unrelated third parties.

 Malware and Vulnerabilities

Researchers identified more than 1,600 publicly available images on Docker Hub attempting to affect users via cryptocurrency miners, backdoors, website redirectors, and more. Based on the type of leaked secret, these images are subcategorized as SSH keys (155), AWS credentials (146), GitHub tokens (134), NPM tokens (24), and others (78).

 Identity Theft, Fraud, Scams

According to Adex, the threat actors used the club website to increase traffic to a likely fraudulent online gaming website. FC Barcelona’s website is visited monthly by 5.4 million people and ranks among the most visited football clubs.

 Govt., Critical Infrastructure

The US Federal Communications Commission (FCC) has barred itself from authorizing the import or sale of Chinese telecoms and video surveillance products from Huawei, ZTE, Hytera Communications, Hikvision, and Dahua, on national security grounds.

 Breaches and Incidents

Security company Cyfirma outlined a series of exploits in the wild targeting Windows Internet Key Exchange (IKE) Protocol Extensions for CVE-2022-34721. The critical bug may have been exploited to target almost 1000 systems. Microsoft added that IKEv2 is not impacted, however, all Windows Servers are vulnerable as they accept both V1 and V2 packets.

 Malware and Vulnerabilities

ESET researchers connected the Russian Sandworm APT group to a new ransomware, dubbed RansomBoggs, that has been targeting Ukrainian entities. Sandworm’s linkage with the new RansomBoggs indicates that the group is actively enhancing its toolset to make its attacks efficient. 

 Incident Response, Learnings

Interpol said that 27 countries joined the Africa Cyber Surge Operation, which ran from July to November. Coordinated from the Interpol Command Centre in Kigali, Rwanda, the operation focused on tackling the enablers of cybercrime, Interpol said.

 Feed

vBulletin versions 5.5.2 and below suffers from an issue where user input passed through the "messageids" request parameter to /ajax/api/vb4_private/movepm is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by malicious users to inject arbitrary PHP   show more ...

objects into the application scope, allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.

 Feed

Ubuntu Security Notice 5745-1 - Florian Weimer discovered that shadow was not properly copying and removing user directory trees, which could lead to a race condition. A local attacker could possibly use this issue to setup a symlink attack and alter or remove directories without authorization.

 Feed

Red Hat Security Advisory 2022-8639-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted   show more ...

third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

 Feed

Red Hat Security Advisory 2022-8638-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted   show more ...

third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

 Feed

Red Hat Security Advisory 2022-8643-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

 Feed

Red Hat Security Advisory 2022-8646-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

 Feed

Red Hat Security Advisory 2022-8649-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

 Feed

Red Hat Security Advisory 2022-8640-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted   show more ...

third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

 Feed

Red Hat Security Advisory 2022-8648-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted   show more ...

third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

 Feed

Red Hat Security Advisory 2022-8650-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

 Feed

Red Hat Security Advisory 2022-8644-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

 Feed

Debian Linux Security Advisory 5290-1 - Apache Commons Configuration, a Java library providing a generic configuration interface, performs variable interpolation, allowing properties to be dynamically evaluated and expanded. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers.

 Feed

Ubuntu Security Notice 5744-1 - It was discovered that libICE was using a weak mechanism to generate the session cookies. A local attacker could possibly use this issue to perform a privilege escalation attack.

 Feed

Red Hat Security Advisory 2022-8634-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

 Feed

Debian Linux Security Advisory 5288-1 - It was discovered that a buffer overflow in GraphicsMagick, a collection of image processing tools, could potentially result in the execution of arbitrary code when processing a malformed MIFF image.

 Feed

Red Hat Security Advisory 2022-8647-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

 Feed

Red Hat Security Advisory 2022-8645-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

 Feed

Red Hat Security Advisory 2022-8641-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted   show more ...

third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

 Feed

Red Hat Security Advisory 2022-8637-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted   show more ...

third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

 Feed

Twitter chief executive Elon Musk confirmed plans for end-to-end encryption (E2EE) for direct messages on the platform. The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend. The company's plans for

 Feed

Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. The issue relates to a confused deputy problem, a type of privilege escalation where a program that doesn't have permission to perform an action can coerce a more-privileged entity to perform the action. The shortcoming was reported

 Feed

It's not news that phishing attacks are getting more complex and happening more often. This year alone, APWG reported a record-breaking total of 1,097,811 phishing attacks. These attacks continue to target organizations and individuals to gain their sensitive information.  The hard news: they're often successful, have a long-lasting negative impact on your organization and employees, including:

 Feed

Over a dozen security flaws have been discovered in baseboard management controller (BMC) firmware from Lanner that could expose operational technology (OT) and internet of things (IoT) networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip (SoC), that's found in server motherboards and is used for remote monitoring and management of a host system, including

2022-11
Aggregator history
Monday, November 28
TUE
WED
THU
FRI
SAT
SUN
MON
NovemberDecemberJanuary