Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Programming Language. Show all posts

Hackers Becoming More Advanced at Escaping AI/ML Technologies

 

Deep Instinct Threat Research team deeply enquired attack volumes and types and then extracted their results to forecast the future of cybersecurity scenarios, deciding what excites attackers, and lastly, it laid out steps that a company can take in order to safeguard itself from future cyberattacks. Key takeaways from this report include 2021 threat patterns which hint that bad actors are becoming more sophisticated in escaping AI/ML technologies, provoking companies to redouble attempts in the innovation battle. 

Particular attack vectors grew substantially, it includes a 170% rise in the use of Office droppers and a 125% rise in all threat types included. The amount of malware variants is considerably higher compared to pre-pandemic cases. Besides this, malicious actors have made a considerable turn towards newer languages like Python and Go, from older programming languages, like C and C++. These new languages offer easy learning and programming compared to their earlier variant. 

However, they are not commonly used, hence lower chances to be found by cybersecurity tools or get identified by cybersecurity experts. "Recent major events, such as Log4j and Microsoft Exchange server attacks, have placed a heightened priority on security, but these threats have long deserved the attention they’re just now getting on a global level. The results of this research shed light on the wide-ranging security challenges that organizations face on a daily basis," said Deep Instinct CEO Guy Caspi. 

Other Attack Volumes Types

Supply Chain Attacks- Big organizations with large client offerings often become easy targets for supply chain attacks in 2021. Here, hackers look to gain environmental access as well as target the customers by proxy. 

Prevalent Public and Private Sector Collaborations- A great deal of partnership was witnessed amid international enforcement agencies in the past year, the purpose was to identify and catch threat actors. 

High Impact of Zero-day- Major vulnerabilities were exploited and abused in a single day of a vulnerability disclose. Famous example includes HAFNIUM Group, it came out after Microsoft disclosed various zero-day vulnerabilities. 

Hackers have grown in terms of escaping identification and privilege escalation. Threat actors have started investing in anti-AI cyberattack techniques and use these methods into their campaigns.

Hackers Use Insulin Pump Management Vulnerability To Compromise Device

 

A recent study by Lyrebirds, a cybersecurity consultancy organization from Denmark, reveals that a design protocol vulnerability in the Insulet Omnipod Insulin Management System, aka Omnipod Eros, allows a hacker to take command of the device and send programming commands, which includes instant insulin injection. The flaw was found in the communication protocol, that makes it possible for a threat attacker to cut the signal through jamming or via sending messages after the nonce transmission, without the nonce being invalidated by the device. 

The nonce, alone, isn't linked to the device, meaning it can be used for any command the threat actor would like to execute and lets both devices to return to the anticipated, instant program flow, meanwhile continuing to send or set the harmful tactics. The controller and its pump communicate above 433 MHz radio with three packaging layers that exist on top of radio communication, which includes command and respond message and packet. The controller sends an order to the pump and it replies. The programming commands need a 4-byte nonce as the first parameter. 

Upon setting off a pump, the pump and the controller exchange the LOT and serial identification of the pump used for seeding a pseudo-random generator within both the pump and the controller. Once paired, the generators stay in synchronization for the lifetime of a pump. If it gets out of sync, a re-sync process is done but the new seed depends on the identification number sent during pump setup. The device needs a message with a serial number to deliver any packet, but it doesn't involve encryption within the system comes. 

Experts say that the information sent between controller and device isn't encrypted. As a result, the information in the message and packet headers can be exposed. "For example, the report shows a passive observer could parse the needed information from the pump status before a scheduled time. An attacker could also extract the data directly from the headers they’re trying to exploit from the programming command," SC Media.

GitHub Brings Suite of Supply Chain Security Features to Go

 

GitHub has released a number of supply chain security updates for Go programming language modules.

In a blog post published on July 22, GitHub staff product manager William Bartholomew stated that Go — also known as Golang is now firmly ingrained in the top 15 programming languages on the platform and that as the most famous host for Go modules, GitHub intends to assist the community in discovering, reporting, and preventing security vulnerabilities. 

Go modules were launched in 2019 to help with dependency management. As per the Go Developer Survey 2020, Go is now utilized in the workplace in some form by 76 percent of respondents. 

Furthermore, Go modules are becoming more popular, with 96 percent of those polled indicating they use them for package management, up 7% from 2019, and 87 percent saying they use exclusively Go modules for this reason. 

According to the results of the survey, the usage of other package management solutions is declining. As per GitHub, four major aspects of supply chain security enhancement are now available for Go modules. 

The first is GitHub's Advisory Database, an open-source repository of vulnerability information that presently has over 150 Go advisories at the time of publication. Developers can also use the database to get CVE IDs for newly identified security flaws. 

"This number is growing every day as we curate existing vulnerabilities and triage newly discovered ones," Bartholomew added. 

GitHub has also released its dependency graph, which can be used to track and evaluate project dependencies using go.mod, as well as warn users when risky dependencies are discovered. In this version, GitHub has also introduced Dependabot, which will notify developers when new security flaws in Go modules are identified.

To fix vulnerable Go modules, automatic pull requests can be enabled, and notification settings have been enhanced for fine-tuning. According to Bartholomew, repositories are enabled to automatically create pull requests for security updates, dependencies patch up to 40% faster than those that do not.

Perl.com, the Official Site for Perl Programming Language Hijacked

 

The domain Perl.com was made in 1994 and was the official site for the Perl programming language, it is enlisted with the registrar key-systems(.)net. An admonition went up on the perl.org foundation weblog overnight telling clients that perl.com was now directed to a parking site and exhorted against visiting "as there are some signals that it may be related to sites that have distributed malware in the past." 

“The perl.com domain was hijacked this morning and is currently pointing to a parking site. Work is ongoing to attempt to recover it.” reads the announcement published on the Perl NOC on 27th January 2021.

The hijack seems to have followed the deeply rooted way of an assailant jumping on a compromised account and swiping the domain instead of a simple expiration. The assailants changed the IP address from 151.101.2.132 to 35.186.238[.]10. After the hackers took control over the site, it was showing a clear page whose HTML contains GoDaddy parked domain scripts. 

Posting on Reddit, Brian Foy, editor on the site and writer of a few books on Perl, said: "It looks like there was an account hack. I don't know how long that would take to rewind. We're looking for people who have actual experience dealing with that situation so we can dispute the transfer." Perl.org was unaffected by the swipe. 

A look at the domain records shows the contact data is currently "REDACTED FOR PRIVACY". Gordon Lawrie – self-announced cyberlaw, trademark, and domain nerd – said that before the change Tom Christiansen was listed as the domain administrative contact. While the Perl group still can't seem to react to the solicitation for a remark, the hijacking of Christiansen's record appears to be a possibility. The expiry likewise seems to have been extended out to 26 January 2031.

Not long after the hijacking, the domain perl.com turned up as accessible to purchase for $190k on afternic.com, presently recorded as a name server in the domain record at the time of writing. The listing included other expensive domains, including piracy.com for a simple $125k, from client drawmaster. Afternic is an essential part of the GoDaddy association and, not long after when it was approached, the perl.com listing was pulled.