Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Security Loopholes. Show all posts

Managing Privileges is Essential Security Strategy

In order to stop increasingly sophisticated hacker assaults, having a system that regulates privileged access is crucial. Therefore, one must integrate privilege removal into their cyber strategy to ensure secure protection without loopholes.

Privileged access: What Is It?

Privileged access occurs when a system's technical maintenance, changes, or privileged emergency outages are carried out by an entity using an administrative account or a credential with boosted permissions. This could happen on-site or in the cloud. Technical privileges are separate from high-risk entitlements connected to business operations in this context. For all essential use instances, PAM controls ensure that privileges, including any related mechanisms like privileged accounts or credentials, are used in permitted target systems.

According to several institutions, safeguarding administrator passwords in a password vault entails securing privileged identities. In reality, a comprehensive plan that addresses what qualifies as a privileged action is required.

Eliminating privileges will safeguard one against attacks

Around 80% of breaches include violation of privileges, according to Verizon's Data Breach Investigations Report 2022.

Hackers use linked devices, local repositories, and more to access privileged passwords. As a result, every company's defensive plan should include reducing privilege. A hacker must complete several steps in order to carry out a cyber-attack. To begin with, they hack into the system of the business and then attempt to escalate privileges or move laterally in their investigation process until they find new privileges that offer more access. And finally, when they carry out the attack.

Hence, robbing a hacker of their privileges through PAM stops them from moving on to the next stage. No matter how they entered, if they are unable to pass through, the attack fails. Employing privilege elimination will also defend against a variety of attacks.




Manchester Arena's Weapon Detecting


Evolv claims it can detect all weapons

US-based company "Evolv" known for selling artificial intelligence (AI) scanners, claims it detects all weapons.

However, the research firm IPVM says Evolv might fail in detecting various types of knives and some components and bombs. 

Evolv says it has told venues of all "capabilities and limitations." Marion Oswald, from Government Centre for Data Ethics and Innovation said there should be more public knowledge as well as independent evaluation of the systems before they are launched in the UK. 

Because these technologies will replace methods of metal detection and physical searches that have been tried and tested. 

Raised Concerns

AI and machine learning allow scanners to make unique "signatures" of weapons that distinguish them from items like computers or keys, lessening the need for preventing long queues in manual checks. 

"Metallic composition, shape, fragmentation - we have tens of thousands of these signatures, for all the weapons that are out there. All the guns, all the bombs, and all the large tactical knives," said Peter George, chief executive, in 2021. For years, independent security experts have raised concerns over some of Evolv's claims. 

The company in the past didn't allow IPVM to test its technology named Evolv Express. However, last year, Evolve allowed the National Center for Spectator Sports Safety and Security (NCS4). 

NCS4's public report, released last year, gave a score of 2.84 out of 3 to Evolv- most of the guns were detected 100% of the time. 

IPVM's private report shows loopholes

However, it also produced a separate report (private), received via a Freedom of Information request by IPVM. The report gave Evolv's ability to identify large knives 42% of the time. The report said that the system failed to detect every knife on the sensitivity level noticed during the exercise. 

The report recommended full transparency to potential customers, on the basis of the data collected. ASM Global, owner of Manchester arena said its use of Evolv Express is the "first such deployment at the arena in Europe," it is also planning to introduce technology to other venues. 

In an unfortunate incident in 2017, a man detonated a bomb at an Ariana Grande concert in the arena, which kille22 people and injured more than hundreds, primarily children. 

Evolv's Response

Evolv didn't debate IPVM's private report findings. It says that the company believes in communicating sensitive security information, which includes capabilities and limitations of Evolv's systems, allowing security experts to make informed decisions for their specific venues. 

We should pay attention to NCS4's report as there isn't much public information as to how Evolv technology works. 



Critical Bug Spotted in LoRaWAN Stack

 

Trend Micro researchers have discovered a critical flaw in the LoRaWAN stack allowing attackers to launch malicious code on a victim’s device. Researchers published a blog post to demonstrate the methodology employed by attackers to spot exploitable vulnerabilities in the LoRaWAN stack. Interestingly, the same technique can be used by stack developers to shield the stack and make LoRaWAN communication resistant to critical bugs.

Detecting bugs through fuzz testing


Researchers created a fuzzy architecture to spot vulnerabilities exploited by threat actors While researching and experimenting with LoRaWAN stack security, they designed a fuzzing architecture to detect interesting bugs that attackers might be able to leverage. It can also be used to create more effective security for the protocol stacks of LoRaWAN and other protocols as well.

Fuzz testing is a novel technique to detect security loopholes in software applications. Unlike traditional software testing techniques – SAST, DAST, or IAST – fuzz testing essentially “pings” code with random (or semi-random) inputs in an effort to crash it and thus identify “faults” that would otherwise not be apparent. 

The name “fuzz” is a reference to the random nature of the process. Fuzz testing’s supporters praise it for being fully automated and able to find obscure weaknesses, while its detractors complain it can be difficult to set up and prone to deliver unreliable results. 

Trend Micro employed this technique to cover as many code paths as possible with legitimate and dumb fuzzing using the AFL++ framework (evolution of AFL). This supplies some instrumentation for mutating pseudorandom bits, bytes, and words. 

Additionally, researchers compiled every type of message that could be interpreted by the parser. To increase the fuzzing process speed from 'by x2' up to 'by x20' persistent mode was used and to handle the amount of "uniq crash files" found in the repositories after fuzzing, researchers designed a classification method that can help users focus on the critical bugs first. 

Finally, the code is compiled into a different architecture than x86-64 - with a particular cross compiler with specific options. Hence, if researchers attempt to prove the flaw by exploiting it, additional time will be wasted in adapting the exploit to the right architecture.