Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label DoS. Show all posts
Sport Events
ANSSI Cyber Attacks DoS Dos Attacks Olympics Paris Olympics Sport Events

Paris 2024 Olympics Faced Over 140 Cyberattacks, No Disruptions Reported

 

During the Paris 2024 Olympics, French authorities reported over 140 cyberattacks, but none of these incidents disrupted the sporting events. The French government’s cybersecurity agency, Anssi, maintained a high state of alert throughout the games, anticipating potential threats to the organizing committee, ticketing systems, and transportation infrastructure. Given the scale and visibility of the Olympics, cybercriminals often see such events as prime targets for malicious activities. 

From July 26 to August 11, Anssi recorded 119 reports of low-impact “security events.” In addition, there were 22 more serious incidents where “a malicious actor” successfully infiltrated a victim’s information system. These attacks targeted government entities, as well as infrastructure related to sports, transportation, and telecommunications. Despite these incidents, the overall impact on the Olympic Games was minimal. Anssi noted that about one-third of the incidents involved system downtime, with half of these caused by denial-of-service (DoS) attacks. 

These attacks are designed to overwhelm servers with traffic, rendering them inaccessible. Other cyber incidents included attempted system compromises, data breaches, and other forms of malicious activity. However, Anssi emphasized that all cyber events during the Olympics were generally of low impact, highlighting the effectiveness of the cybersecurity measures in place. A significant cyberattack occurred in early August, when ransomware targeted the Grand Palais, an Olympic venue, along with approximately 40 other museums across France. 

Ransomware attacks typically exploit security flaws to encrypt and block access to computer systems, demanding a ransom payment to restore access. Despite the attack, Anssi confirmed that none of the information systems critical to the Olympic Games were affected. While the Paris Olympics experienced fewer cyberattacks than the Tokyo 2021 Games, which reported 450 million cyber operations, the threat level remained high. In fact, Marie-Rose Bruno, director of technology and information systems for the Paris Games, had anticipated “eight to ten times more” cyberattacks than those seen in Tokyo. 

The Paris 2024 Olympics faced a considerable number of cyber incidents, but thanks to robust cybersecurity measures, these attacks had little to no impact on the events. The proactive efforts of French authorities and cybersecurity experts ensured that the games proceeded smoothly, without major disruptions to the athletes or spectators.
Read more »
Software Vulnerability
Cyber Security Data DoS Internet of Things Networks Software Vulnerability

The Role of IoT in Modern Infrastructure


Imagine if someone told you in the early 2000s that entire industries would run almost by themselves, thanks to a network of connected devices. Today, this is no longer science fiction but our reality, thanks to the Internet of Things (IoT). By 2030, it’s expected that there will be over 29 billion IoT devices globally. These devices are transforming critical infrastructure like power grids, water systems, transportation networks, factories, military bases, and airports, making them more efficient and reliable.

How IoT is Changing Critical Infrastructure

IoT is revolutionising how we manage and operate our critical infrastructure. These devices allow for real-time data collection, remote monitoring, and automation. This means that systems can run more smoothly, costs can be reduced, and services can be more reliable. However, setting up these networks over large areas isn’t easy. It requires substantial investment and upgrades to existing infrastructure.

The Cybersecurity Challenge

With so many devices connected, the security risks increase. Many IoT devices don’t have strong security features, making them easy targets for hackers. Here are some specific concerns:

1. Unauthorised Access: Many devices come with default passwords that are easy to guess, making them vulnerable to attacks.

2. Data Breaches: If data isn’t encrypted, it can be intercepted and misused.

3. Denial of Service (DoS): Networks can be overwhelmed by excessive traffic, causing disruptions.

4. Software Vulnerabilities: Outdated software can have security gaps that hackers can exploit.

Because these devices are interconnected, a breach in one can potentially compromise the entire network, causing widespread issues.

To protect against these threats, a multi-layered security approach is essential. Actelis Networks, a company specialising in secure networking solutions, uses a strategy called "Triple Shield." This includes encrypting data, breaking it into fragments, and scrambling it, making it extremely difficult for hackers to access and exploit the information.

Actelis’ strong security measures have earned it a spot on the U.S. Department of Defense’s approved products list. Recently, they secured contracts to upgrade the networks at three U.S. military bases, reflecting the growing investment in cybersecurity amid increasing cyber threats.

While security is crucial, ensuring that IoT devices can communicate without interruptions is also important. Actelis' hybrid-fibre technology uses existing network infrastructure, combining fibre, coax, and legacy copper wiring. This allows for high-speed connectivity without the need for extensive new construction, reducing costs and deployment time.

Actelis’ technology uses Ethernet access switches and extenders to achieve gigabit speeds over various types of wiring. This not only enhances connectivity but also supports the efficient operation of sensors and cameras essential for real-time monitoring and control.

The Future of IoT in Critical Infrastructure

As IoT continues to evolve, innovative network designs will play a key role in addressing the challenges of speed, maintenance, and security. Actelis’ hybrid-fiber technology and multi-layered security approach show how we can achieve these goals, ensuring that technological advancements contribute to a safer and more efficient future.

The integration of IoT in critical infrastructure is a dynamic and evolving field. By addressing both connectivity and security challenges, companies like Actelis Networks are helping build a more resilient and advanced infrastructure that can withstand the complexities of the modern digital landscape.


Read more »
WiFi
Bugs DoS Firewall Flaws VPN Vulnerabilities and Exploits WiFi

Several Palo Alto Devices Affected by OpenSSL Flaw

 

In April 2022, Palo Alto Networks aims to patch the CVE-2022-0778 OpenSSL flaw in several of its firewall, VPN, and XDR devices. 

OpenSSL published fixes in mid-March to address a high-severity denial-of-service (DoS) vulnerability impacting the BN mod sqrt() function used in certificate parsing, which is tracked as CVE-2022-0778. Tavis Ormandy, a well-known Google Project Zero researcher, uncovered the issue. An attacker can exploit the flaw by creating a certificate with invalid explicit curve parameters. 

The advisory for this flaw read, “The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form.” 

“It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters.” 

The bug affects OpenSSL versions 1.0.2, 1.1.1, and 3.0, and the project's maintainers fixed it with the release of versions 1.0.2zd (for premium support customers), 1.1.1n, and 3.0.2. When parsing an invalid certificate, an attacker can cause the OpenSSL library to enter an infinite loop, resulting in a DoS condition, according to Palo Alto Networks. 

“All PAN-OS software updates for this issue are expected to be released in April 2022. The full fixed versions for PAN-OS hotfixes will be updated in this advisory as soon as they are available.” as per Palo Alto Network. 

During the week of April 18, the company is expected to provide security remedies for the above vulnerability. PAN-OS, GlobalProtect app, and Cortex XDR agent software, according to Palo Alto, have a faulty version of the OpenSSL library, whereas Prisma Cloud and Cortex XSOAR solutions are unaffected. 

“We intend to fix this issue in the following releases: PAN-OS 8.1.23, PAN-OS 9.0.16-hf, PAN-OS 9.1.13-hf, PAN-OS 10.0.10, PAN-OS 10.1.5-hf, PAN-OS 10.2.1, and all later PAN-OS versions. These updates are expected to be available during the week of April 18, 2022.” continues the advisory. 

Customers with Threat Prevention subscriptions can enable Threat IDs 92409 and 92411 to limit the risk of exploitation for this issue while waiting for PAN-OS security upgrades, according to the company.
Read more »
Vulnerability and Exploits
DoS Exploits Linphone Session Initiation Protocol. SIP Vulnerability and Exploits

Attackers Remotely Exploit Bugs in Linphone Session Initiation Protocol (SIP) Stack

 

A team of researchers recently revealed data regarding a zero-click security vulnerability in the Linphone Session Initiation Protocol (SIP) stack that may have been effectively abused without even any effort from the victim's side to corrupt the SIP client as well as trigger a denial-of-service (DoS) situation. 

Linphone is a 20-year-old open-source voice-over IP (VoIP) project that claims to have been the first open-source software on Linux to use the Session Initiation Protocol (SIP). Its SIP software is used by developers and programmers to create communication systems that incorporate instant messaging, audio, and video. It is developed and maintained by France-based Belledonne Communications. 

The flaw, identified as CVE-2021-33056 (CVSS score: 7.5) by researchers, is a NULL pointer dereference vulnerability in the "belle-sip" component, a C-language library that is used to construct SIP transport, transaction, and dialogue layers, with all generations previous to 4.5.20 compromised by the bug. Claroty, an industrial cybersecurity firm, detected and reported the flaw.

To a certain end, the remotely manipulable security flaw can be enabled by appending a malevolent forward-slash ("</") to a SIP message header such as To (the call recipient), From (the call initiator), or Diversion (redirect the destination endpoint), culminating in a collapse of the SIP client program that uses the belle-sip library to manage and parse SIP messages. 

This bug is a zero-click vulnerability, as submitting an INVITE SIP request with a particularly designed From/To/Diversion header leads the SIP client to crash. As a result, any application that uses belle-sip to examine SIP messages will become inaccessible if a fraudulent SIP "call." is received. 

"Successful exploits targeting IoT vulnerabilities have demonstrated they can provide an effective foothold onto enterprise networks," Brizinov said. "A flaw in a foundational protocol such as the SIP stack in VoIP phones and applications can be especially troublesome given the scale and reach shown by attacks against numerous other third-party components used by developers in software projects." 

Furthermore, the latest updates for the core protocol stack have been released, companies who depend on the impacted SIP stack in their products must apply the changes downstream.
Read more »
XSS
DoS Vulnerabilities and Exploits Wire XSS

Attackers Denied of Full Control Over 'Wire' Users' Accounts

 

The developers of the Wire secure messaging app have patched the software against two critical security flaws, one of which could allow an attacker to takeover target users’ accounts. Specifically, the first of the two includes a cross-site scripting (XSS) vulnerability that allowed an attacker to fully control user accounts. The flaw tracked as, CVE-2021-32683, typically impacted the web app version 2021-05-10 and earlier.

According to security experts, threat actors often execute an XSS attack by sending a malicious link to a user and prompting the user to click it. If the app or website lacks proper security protocols, the malicious link executes the attacker’s chosen code on the user’s device. As a result, the attacker can steal the user’s active session cookie. 

Kane Gamble, an independent security researcher discovered two security issues in Wire Messenger versions for web and iOS. Headquartered in Germany with branches in the US, Sweden, and Switzerland, Wire is a popular messaging platform featuring audio, video, and text communications secured via end-to-end encryption with more than 500,000 users. 

The second flaw discovered by the researcher was a less critical denial of service (DoS) issue (CVE-2021-32666) in the iOS version of Wire.

“When we schedule the request to fetch the invalid asset, it’s not possible to create the URL object since the path contains an illegal URL character. This will in turn trigger an assertion which crashes the app,” the security researcher explained. 

Both flaws were subject to a coordinated disclosure process between Gamble and the Wire security team. “The DoS was fixed in version 3.81 and the stored XSS was patched in version 2021-06-01-production.0 [released June 1]. No update is required by the user other than updating your Wire on your iOS device if it hasn’t done so automatically,” Gamble further added.

A Wire spokesperson showed that there is no evidence of active exploitation of any of these bugs in the wild.

“The vulnerabilities were responsibly disclosed to us by a vulnerability researcher and after confirming their validity we fixed and released them as quickly as possible. We also proactively published the vulnerabilities as CVEs for full transparency,” the spokesperson said.
Read more »
Vulnerabilities and Exploits
CyRC DoS Message Brokers Vulnerabilities and Exploits

CyRC Identifies Three Major DoS Flaws in Popular Open Source Message Brokers

 

Synopsys Cybersecurity Research Centre (CyRC) has warned organizations of easily triggered denial-of-service (DoS) vulnerabilities in three widely used open-source message brokers: RabbitMQ, EMQ X, and VerneMQ. 

A message broker is a software that enables applications, systems, and services to communicate with each other and exchange information by translating messages between formal messaging protocols. It is responsible for managing IoT devices like smart home hubs and door locks via common protocol: Message Queuing Telemetry Transport (MQTT). 

MQTT, first released in 1999 is responsible for managing oil pipelines and a variety of home and industrial automation tasks. Any disruption in MQTT messaging could potentially leave users locked out of their homes and offices.

“Message brokers can be the nerve center of a complex system. If the message broker isn't working, then the various components of the system cannot communicate. Whatever services are provided by that system are unavailable until the message broker is restored,” Jonathan Knudsen, the researcher who identified the vulnerabilities, told SecurityWeek. 

Jonathan Knudsen identified that specially crafted MQTT messages can cause excessive memory consumption in RabbitMQ (owned by VMware), EMQ X, and VerneMQ, leading to the operating system terminating the application.

“These vulnerabilities can be exploited by any system that has access to the message broker. The broker can be configured to require authentication or refuse connections from unrecognized endpoints which would limit external attacks. But for an attacker with access to one of the vulnerable message brokers, the vulnerabilities can be exploited simply by delivering a badly formed network packet, which can be done with a very simple script,” Knudsen explained.

According to EMQ, its message broker has been installed more than 2 million times and it has over 5,000 users globally. RabbitMQ claims to have tens of thousands of users, including small startups and large enterprises. VerneMQ is used by companies such as Microsoft, Volkswagen, Siemens, and Swisscom.

Knudsen and CyRC privately disclosed the flaws to the project maintainers back in March, and all three have now been patched. RabbitMQ users are advised to upgrade to version 3.8.16 or above; EMQ X users to version 4.2.8 or above, and VerneMQ users to version 1.12.0 or above.
Read more »
Vulnerability
DoS Security Technology News Vulnerability

Critical Security Vulnerability Patched By VMware


VMware Inc. a publicly-traded software company recently fixed a critical security vulnerability that permitted the malicious attackers to access sensitive data.

The vulnerability as indicated by them resides in the VMware Directory Service (vmdir) which is a part of vCenter Server version 6.7 on Windows and virtual appliances. Known and tracked as CVE-2020-3952, it is evaluated as critical and gets a CVSSv3 score of 10.

In certain conditions, the vmdir doesn't actualize appropriate security controls, which permits attackers with network access to get to the sensitive data.

By utilizing the obtained information the attacker can compromise vCenter Server or various other services that rely upon vmdir for authentication.

In March VMware tended to high severity privilege escalation and DoS in the Workstation, Fusion, VMware Remote Console and Horizon Client and furthermore published KB article 78543 for additional details if a vCenter Server 6.7 deployment is influenced in any way.

 It is recommended for the user on the off chance that they are utilizing vCenter Server version 6.7, to update with 6.7u3f to fix the aforementioned critical vulnerability.


Here is the example log to check with influenced deployments.

2020-04-06T17:50:41.860526+00:00 data vmdird t@139910871058176: leg tendon MODE: Heritage  

 VMware lastly mentioned that “Clean installations of vCenter Server 6.7 (embedded or external PSC) are not affected.”
Read more »
Subscribe to: Posts (Atom)