Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Software Bug. Show all posts
Software Bug
Apple Bug Data Breach data security Data Theft Employee Data iPhone theft macOS Personal Data Privacy Risks Software Bug

Sevco Report Exposes Privacy Risks in iOS and macOS Due to Mirroring Bug

 

A new cybersecurity report from Sevco has uncovered a critical vulnerability in macOS 15.0 Sequoia and iOS 18, which exposes personal data through iPhone apps when devices are mirrored onto work computers. The issue arose when Sevco researchers detected personal iOS apps showing up on corporate Mac devices. This triggered a deeper investigation into the problem, revealing a systemic issue affecting multiple upstream software vendors and customers. The bug creates two main concerns: employees’ personal data could be unintentionally accessed by their employers, and companies could face legal risks for collecting that data.  

Sevco highlighted that while employees may worry about their personal lives being exposed, companies also face potential data liability even if the access occurs unintentionally. This is especially true when personal iPhones are connected to company laptops or desktops, leading to private data becoming accessible. Sean Wright, a cybersecurity expert, commented that the severity of the issue depends on the level of trust employees have in their employers. According to Wright, individuals who are uncomfortable with their employers having access to their personal data should avoid using personal devices for work-related tasks or connecting them to corporate systems. Sevco’s report recommended several actions for companies and employees to mitigate this risk. 

Firstly, employees should stop using the mirroring app to prevent the exposure of personal information. In addition, companies should advise their employees not to connect personal devices to work computers. Another key step involves ensuring that third-party vendors do not inadvertently gather sensitive data from work devices. The cybersecurity experts at Sevco urged companies to take these steps while awaiting an official patch from Apple to resolve the issue. When Apple releases the patch, Sevco recommends that companies promptly apply it to halt the collection of private employee data. 

Moreover, companies should purge any previously collected employee information that might have been gathered through this vulnerability. This would help eliminate liability risks and ensure compliance with data protection regulations. This report highlights the importance of maintaining clear boundaries between personal and work devices. With an increasing reliance on seamless technology, including mirroring apps, the risks associated with these tools also escalate. 

While the convenience of moving between personal phones and work computers is appealing, privacy issues should not be overlooked. The Sevco report emphasizes the importance of being vigilant about security and privacy in the workplace, especially when using personal devices for professional tasks. Both employees and companies need to take proactive steps to safeguard personal information and reduce potential legal risks until a fix is made available.
Read more »
System Exploit
Cisco Cyber Security Software Bug SQL Injection System Exploit

Guarding Against SQL Injection: Securing Your Cisco Firepower Management Center

Guarding Against SQL Injection: Securing Your Cisco Firepower Management Center

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

This vulnerability exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system. 

A successful exploit could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root. To exploit this vulnerability, an attacker would need at least Read Only user credentials.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability

What Is SQL Injection?

SQL injection is a type of security vulnerability that occurs when an attacker manipulates input data to execute arbitrary SQL queries against a database. In the case of Cisco FMC Software, an authenticated attacker can exploit this vulnerability by sending crafted SQL queries to the web-based management interface.

Impact

Successful exploitation of this vulnerability can have severe consequences:

Data Extraction: The attacker can retrieve sensitive data from the database, including user credentials, configuration details, and logs.

Command Execution: By injecting malicious SQL queries, the attacker can execute arbitrary commands on the underlying operating system.

Privilege Escalation: If the attacker gains access to the database, they can potentially elevate their privileges to root.

Mitigation efforts by Cisco

Cisco has published free software upgrades to address the vulnerability mentioned in this advisory. Customers with service contracts that include regular software updates should receive security fixes through their usual update channels.

Customers can only install and receive support for software versions and feature sets for which they have acquired a license.

Cisco has promptly addressed this issue by releasing software updates. Organizations using Cisco FMC Software should take the following steps:

  • Update: Apply the relevant security fixes provided by Cisco. Ensure that your FMC Software is running the latest version.
  • Authentication: Limit access to the FMC interface. Only authorized users should have access, and unnecessary accounts should be disabled.
  • Monitoring: Implement monitoring and intrusion detection systems to detect any suspicious activity related to SQL injection attempts.

Read more »
WinRAR
Aerospace APT29 CVE vulnerability Data Breach Foreign policy Russia-Ukraine War Russian Hacker Software Bug supply chain security Ukraine WinRAR

APT29 Strikes: WinRAR Exploits in Embassy Cyber Attacks

During the latest wave of cyberattacks, foreign embassies have been the target of a malicious group known as APT29. They have employed a highly complex attack method that takes advantage of weaknesses in WinRAR, a widely used file compression software. There have been shockwaves throughout the cybersecurity world due to this worrisome disclosure, leading to immediate action to strengthen digital defenses.

According to reports from cybersecurity experts, APT29 has ingeniously employed the NGROK feature in conjunction with a WinRAR exploit to infiltrate embassy networks. The NGROK service, designed for secure tunneling to localhost, has been repurposed by hackers to conceal their malicious activities, making detection and attribution a formidable challenge.

WinRAR, a widely used application for compressing and decompressing files, has been targeted due to a specific vulnerability, identified as CVE-2023-38831. This flaw allows the attackers to execute arbitrary code on the targeted systems, giving them unfettered access to sensitive information stored within embassy networks.

The attacks, initially discovered by cybersecurity researchers, have been corroborated by the Ukrainian National Security and Defense Council (RNBO). Their November report outlines the APT29 campaigns, shedding light on the extent of the damage inflicted by these cyber intruders.

The fact that foreign embassies are specifically being targeted by this onslaught is very disturbing. Because these organizations handle so much private, political, and diplomatic data, they are often the focus of state-sponsored cyber espionage. The attackers' capacity to take advantage of flaws in popular software, such as WinRAR, emphasizes the necessity of constant watchfulness and timely software updates to reduce any threats.

Cybersecurity professionals advise companies, particularly those in delicate industries like diplomacy, to conduct extensive security assessments, quickly fix holes, and strengthen their defenses against ever-evolving cyber attacks in reaction to these disclosures. The APT29 attacks highlight the significance of a multi-pronged cybersecurity strategy that incorporates advanced threat detection methods, personnel awareness training, and strong software security procedures.

International cybersecurity organizations must work together as governments struggle with the ever-changing world of cyber threats. The APT29 attacks are a sobering reminder that the digital sphere has turned into a combat zone and that, in order to preserve diplomatic relations and maintain national interests, defense against such threats necessitates a united front.

Read more »
Vulnerabilities and Exploits
Application Management Hotel Chains Software Bug User Security Vulnerabilities and Exploits

Vulnerability in Oracle Property Management Software Puts Hotels at Risk

 

The hundreds of hotels and other hospitality-related organisations across the globe who use Oracle's Opera property management system may wish to immediately patch a bug that Oracle revealed in its April 2023 security update. 

Only an authenticated attacker with highly privileged access might take use of the vulnerability (CVE-2023-21932), according to Oracle, which has defined it as a complicated flaw in the Oracle Hospitality Opera 5 Property Services software. Based on factors like the apparent inability of an attacker to remotely exploit it, the vendor gave it a moderate severity rating of 7.2 on the CVSS scale. 

Inaccurate evaluation 

Oracle's description of the vulnerability is incorrect, according to the researchers who actually found and reported the bug to the firm. 

The researchers from Assetnote, a company that manages attack surfaces, and two other organisations claimed in a blog post that they had used the weakness to pre-authenticate remote code execution while taking part in a live hacking event in 2017. One of the biggest resorts in the US was mentioned by the researchers as the target in that incident. 

"This vulnerability does not require any authentication to exploit, despite what Oracle claims," Shubham Shah, co-founder and CTO of Assetnote, explained in a blog post this week. "This vulnerability should have a CVSS score of 10.0."

In order to centrally manage reservations, guest services, accounting, and other activities, hotels and hotel chains all over the world use Oracle Opera, also known as Micros Opera. Major hotel brands like Marriott, IHG, Radisson, Accor, and the Wyndham Group are among its clients. 

Attackers who use the software to their advantage may be able to obtain guests' sensitive personal information, credit card information, and other data. The Opera 5 Property Services platform's version 5.6 contains the bug CVE-2023-21932. 

Oracle claimed that the flaw enables attackers to access all data that Opera 5 Property Services has access to. A portion of the system's data would also be accessible to attackers, who might edit, add, or remove it. 

Shah, a bug hunter on the HackerOne platform, in connection with Sean Yeoh, engineering lead at Assetnote, Brendan Scarvell, a pen tester with PwC Australia, and Jason Haddix, CISO at adversary emulation firm BuddoBot, conducted a source-code analysis of Opera and found the vulnerability. 

Shah and the other researchers determined that CVE-2023-21932 involved an Opera code fragment that decrypts an encrypted payload after sanitising it for two particular variables rather than the other way around.

According to the researchers, this kind of "order of operations" flaw enables attackers to use the variables to smuggle in any payload without any sanitization taking place.

"Order of operations bugs are really rare, and this bug is a very clear example of this bug class," Shah tweeted earlier this week. "We were able to leverage this bug to gain access to one of the biggest resorts in the US, for a live hacking event." 

The researchers gave an explanation of the steps they took to get around particular restrictions in Opera in order to execute pre-authentication, noting that none of them required any kind of specialised access or software knowledge. 

Security expert Kevin Beaumont claimed there were a number of Shodan queries an attacker might use to discover hotels and other companies using Opera in response to the Assetnote blog.

According to Beaumont, every property he discovered using Shodan was not patched. We must eventually discuss Oracle product security, Beaumont stated.

CVE-2023-21932 is only one of many bugs in Oracle Opera, according to Shah and the other researchers, at least some of which the company has not fixed. Please never post this on the Internet, they pleaded.
Read more »
Subscribe to: Posts (Atom)