Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Wi-Peep: locating Wi ...

 Business

In November 2022, researchers at universities in the U.S. and Canada demonstrated a method of Wi-Fi device localization using inexpensive and easy-to-find equipment. The attack proof-of-concept was dubbed Wi-Peep, as it can be used to peep on devices communicating with each other via Wi-Fi. The research offers new   show more ...

insight into certain features of Wi-Fi networks, and the potential risks of device-localization. We should start by saying that the risks arent too high — an attack looks like something out of a Bond movie. But that doesnt make the research any less interesting. Wi-Peep attack features Before looking at the report in detail, lets consider a real-life attack. Attackers fly a mini-quadcopter with the most inexpensive microcomputer on board around a target building, collecting data to obtain a map of wireless devices inside with reasonable accuracy (±1.5 meters under ideal conditions). But why would they? Well, lets imagine its a bank or a top-secret laboratory whose security systems are equipped with Wi-Fi modules. And theres your why: their location could be of huge practical interest to attackers planning physical penetration. Simplified Wi-Peep attack scheme. Source. So how do researchers imitate something like that? The Wi-Peep attack exploits two important features of absolutely any Wi-Fi device, from ancient wireless modules from 20 years ago to the most modern. The first is the power-saving mechanism in Wi-Fi devices. The Wi-Fi module, say, in a smartphone can preserve battery by shutting down the wireless receiver for short periods of time. A wireless access point needs to consider this mode of operation: your router can accumulate data packets for a specific device, then transmit them all at once when it signals its ready again to receive a transmission. For a successful attack, a potential spy would need to obtain a list of MAC addresses — unique device IDs whose locations would be determined later. Devices in the same home, office, or hotel are usually connected to a shared Wi-Fi network, the name of which is no secret. It turned out that its possible to send a fake data packet, ostensibly from this shared wireless network, informing all connected devices that the access-point buffer has accumulated some data destined for them. In reply to this signal, the devices send responses which, when analyzed, reveal the unique MAC addresses of all network devices almost instantly. But theres a simpler way: eavesdrop on wireless radio traffic; however, this takes more time: according to the researchers you need to accumulate data in passive mode for 12 hours. The second exploitable feature of wireless data exchange was provisionally named Wi-Fi Polite. That name was assigned by the authors of an earlier 2020 study. In a nutshell, the essence of the feature is this: a wireless device always responds to an address request from another device, even if theyre not connected to a shared Wi-Fi network, and even if the request isnt encrypted or is malformed. In response, the Wi-Fi module sends a simple confirmation (Data from you received), but that turns out to be sufficient to determine the distance to the responding device. The response time for receipt of such a packet is strictly regulated, and is 10 microseconds. A potential attacker can measure the time between sending a request and receiving a response, subtract those 10 microseconds, and get the time taken for the radio signal to reach the device. What does that give? Moving around a stationary wireless device, we can determine its coordinates with a fairly high degree of accuracy, knowing our own location and the distance to the object of interest. Much of the research is devoted to overcoming the many difficulties of this method. The signal from the Wi-Fi radio transmitter is constantly reflected by walls and other obstacles, making it difficult to calculate the distance. In fact, that standardized response time should be 10 microseconds, but it actually varies from device to device — ranging from 8 to 13 microseconds. The geolocation accuracy of the attackers Wi-Fi module itself also has an effect: it turns out that even the precision of geopositioning systems (GPS, GLONASS, etc.) isnt always enough. Although the resulting data contains a lot of noise, if enough measurements are made, relatively high accuracy can be achieved. That means if you make tens of thousands of readings, you get a positioning accuracy with an error in the range of 1.26 to 2.30 meters — on the horizontal plane. On the vertical, the researchers were able to determine the exact floor in 91% of cases, but nothing more. Low-cost sophisticated attack Although the system for determining the coordinates of wireless devices turned out to be not very accurate, its still of interest — not least because the equipment used by the researchers is dirt-cheap. Theoretically, an attack can be carried out by a potential spy in person, simply by slowly walking around the target object. For added convenience, the researchers used a cheap quadcopter fitted with a microcomputer based on the ESP32 chipset and a wireless module. The total cost of this reconnaissance kit (excluding the cost of the quadcopter) is less than US$20! Whats more, the attack is virtually impossible to trace on the victims device. It uses the standard capabilities of Wi-Fi modules, which cannot be disabled or at least modified in terms of behavior. If communication between the victims device and the attackers microcomputer is possible in principle, the attack will work. The practical range of data transmission over Wi-Fi is tens of meters, which in most cases will suffice. Fuzzy implications If we assume the attack is doable in real life, is the data obtained of any use? The researchers propose several scenarios. First and most obviously, if we know the MAC address of the smartphone of a specific individual, we can roughly track their movements in public places. This is possible even if their smartphone is not connected to any wireless networks at the time of the attack. Second, creating a map of wireless devices in a secure building (a competitors office, bank premises) for a subsequent physical attack is an entirely realistic scenario. For example, attackers can determine the approximate location of surveillance cameras if these use Wi-Fi for data transmission. There are also less obvious benefits from collecting such data. You could, for instance, collect information about the number of Wi-Fi devices in a hotel to estimate how many guests there are. Such data may be of interest to competitors. Or, knowing the number of wireless devices could help determine if potential victims are at home. Even the MAC addresses themselves — without coordinates — are of some use: for collecting statistics about smartphone usage in a public place. In addition to spying and burglary, such methods are a threat to peoples privacy. However, the immediate risk of such a method being deployed in practice is still quite low. This applies to all potential attacks and data collection methods for which you have to get close to the target object. Its quite labor-intensive for one thing, meaning that few would do it on a mass scale, and for targeted attacks — other methods may be more effective. At the same time, scientific research helps to understand how minor features of complex technologies can be harnessed for malicious purposes. The researchers themselves note that the real benefit of their work will be if this small security and privacy risk is eliminated in future versions of wireless data transmission technologies. For the time being, all we can recommend is to use an anti-drone system. It wont help against Wi-Peep, but it will at least guard against being spied on from the air.

 Govt., Critical Infrastructure

A zero-trust architecture is one designed to require authorization from a central point—often referred to as a trust algorithm—for individuals or devices trying to access specific resources throughout a network.

 Malware and Vulnerabilities

The Lego Group has moved swiftly to fix a pair of API security vulnerabilities that existed in its BrickLink digital resale platform, after they were identified by Salt Labs, the research arm of API specialist Salt Security.

 Threat Actors

An Iranian cyber-espionage gang has learned new methods and phishing techniques, and aimed them at a wider set of targets – including politicians, government officials, critical infrastructure, and medical researchers – according to Proofpoint.

 Security Tips and Advice

The US National Institute of Standards and Technology (NIST) says it's time to retire Secure Hash Algorithm-1 (SHA-1), a 27-year-old weak algorithm used in security applications.

 Expert Blogs and Opinion

Much like its recent predecessors, 2022 was a bumper year in cybersecurity. A slew of high-profile data breaches, attacks on essential infrastructure, and targeted cyber warfare upped the ante in an already sophisticated threat landscape.

 Identity Theft, Fraud, Scams

A successful Meta-Phish attack could result in the loss of PII, login credentials, and Facebook profile links. Instead of a phishing link to an external landing page, the mail sample is crafted with a link that points to an actual Facebook post.

 Malware and Vulnerabilities

During a recent investigation, Sucuri researchers came across a simple piece of malware targeting FreePBX’s Asterisk Management portal which allowed attackers to arbitrarily add and delete users, as well as modify the website’s .htaccess file.

 Trends, Reports, Analysis

Organizations are looking for ways to reduce their application development costs, but automated coding can usher in some quality of code, monitoring, third-party security, and application security issues if you're unprepared.

 Malware and Vulnerabilities

Security researcher Peter H, aka ‘pmnh’, said the attack used Spring Expression Language (SpEL) injection. The bounty hunter found the bypass with the assistance of Synack pentester Usman Mansha during an engagement with a private Bugcrowd program.

 Security Products & Services

Today, the 2FA requirement is expanded to the entire user base, covering approximately 94 million users. While GitHub had announced this decision previously, it has now shared more details about how it will implement the new measure.

 Govt., Critical Infrastructure

Despite passing the Senate vote, the bill still needs to receive approval from the US House of Representatives before the end of the current congressional session. Only then will it be presented to President Joe Biden for approval.

 Malware and Vulnerabilities

The vulnerability resides in a PHP file in Cacti that allows remote agents to run different actions on the server. The only safeguard this file offered was to check whether requests were coming from an authorized IP address.

 Feed

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

 Feed

Red Hat Security Advisory 2022-9073-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

 Feed

Red Hat Security Advisory 2022-9068-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-9082-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, out of bounds write, and privilege escalation vulnerabilities.

 Feed

Red Hat Security Advisory 2022-9075-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-9076-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-9070-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-9066-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-9074-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-9071-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-9078-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-9080-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-9081-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

 Feed

Red Hat Security Advisory 2022-9079-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-9072-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-9065-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-9069-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-9077-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-9067-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2022-9058-01 - Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Issues addressed include code execution and deserialization vulnerabilities.

 Feed

Red Hat Security Advisory 2022-9032-01 - This release of Red Hat build of Eclipse Vert.x 4.3.4 GA includes security updates. For more information, see the release notes listed in the References section. Issues addressed include code execution and deserialization vulnerabilities.

 Feed

Accelerating security challenges and the increasing footprint of edge and IoT devices call for zero-trust principles to drive cyber resiliency.

 Feed

Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices despite originating from malicious software downloads on Windows hosts. "The botnet spreads by

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. The now-patched critical flaws, tracked as CVE-2022-26500 and CVE-2022-26501, are both rated 9.8 on the CVSS scoring system, and could be leveraged to

 Feed

The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce, announced Thursday that it's formally retiring the SHA-1 cryptographic algorithm. SHA-1, short for Secure Hash Algorithm 1, is a 27-year-old hash function used in cryptography and has since been deemed broken owing to the risk of collision attacks. While hashes are designed to be

 Feed

Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the supply chain attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites. It's tracking the threat cluster as UNC4166

 Feed

A former Twitter employee who was found guilty of spying on behalf of Saudi Arabia by sharing data pertaining to specific individuals has been sentenced to three-and-a-half years in prison. Ahmad Abouammo, 45, was convicted earlier this August on various criminal counts, including money laundering, fraud, falsifying records, and being an illegal agent of a foreign government. Abouammo was

 Feed

Reality has a way of asserting itself, irrespective of any personal or commercial choices we make, good or bad. For example, just recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack.  As usual, everyone cried "foul play" and suggested that proper cybersecurity measures should have been in place. And again, as usual, it all happens a bit too late.

 Feed

GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free. "Secret scanning alerts notify you directly about leaked secrets in your code," the company said, adding it's expected to complete the rollout by the end of January 2023.  Secret scanning is designed to examine repositories for access tokens, private keys,

2022-12
Aggregator history
Friday, December 16
THU
FRI
SAT
SUN
MON
TUE
WED
DecemberJanuaryFebruary