Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label https. Show all posts
MPIC
Chrome Cyber Security Google https Linting MPIC

Google sets new rules to improve internet safety through better website security

 




Google is taking major steps to make browsing the web safer. As the company behind Chrome, the most widely used internet browser, Google’s decisions shape how people all over the world experience the internet. Now, the company has announced two new safety measures that focus on how websites prove they are secure.


Why is this important?

Most websites use something called HTTPS. This means that the connection between your device and the website is encrypted, keeping your personal data private. To work, HTTPS relies on digital certificates that prove a website is real and trustworthy. These certificates are issued by special organizations called Certificate Authorities.

But hackers are always looking for ways to cheat the system. If they manage to get a fake certificate, they can pretend to be a real website and steal information. To prevent this, Google is asking certificate providers to follow two new safety processes.


The first method: double-checking website identity (MPIC)

Google is now supporting something called MPIC, short for Multi-Perspective Issuance Corroboration. This process adds more layers of checking before a certificate is approved. Right now, website owners only need to show they own the domain once. But this can be risky if someone finds a way to fake that proof.

MPIC solves the issue by using several different sources to confirm the website’s identity. Think of it like asking multiple people to confirm someone’s name instead of just asking one. This makes it much harder for attackers to fool the system. The group that oversees certificate rules has agreed to make MPIC a must-follow step for all providers.


The second method: scanning certificates for errors (linting)

The second change is called linting. This is a process that checks each certificate to make sure it’s made properly and doesn’t have mistakes. It also spots certificates that use outdated or weak encryption, which can make websites easier to hack.

Linting helps certificate providers stick to the same rules and avoid errors that could lead to problems later. Google has mentioned a few free tools that can be used to carry out linting, such as zlint and certlint. Starting from March 15, 2025, all new public certificates must pass this check before they are issued.


What this means for internet users

These changes are part of Google’s ongoing plan to make the internet more secure. When websites follow these new steps, users can be more confident that their information is safe. Even though these updates happen in the background, they play a big role in protecting people online.



Read more »
Third Party Supply Chain
AI vulnerabilities Apache Cryptographic Cyber Security CyberCrime CyberThreat https Software Third Party Supply Chain

Hidden Dangers in Third-Party Supply Chain

 


A supply chain attack refers to any cyberattack targeting a third-party vendor within an organization's supply chain. Historically, these attacks have exploited trust relationships, aiming to breach larger organizations by compromising smaller, less secure suppliers.

The Growing Threat of Software Supply Chain Attacks

While traditional supply chain attacks remain a concern, the software supply chain poses an even greater threat. Modern development practices rely heavily on third-party components, including APIs, open-source software, and proprietary products, creating vulnerabilities across multiple systems.

In the event of a security breach, the integrity of these systems can be compromised. A recent study highlights that many vulnerabilities in digital systems go unnoticed, exposing businesses to significant risks. Increased reliance on third-party software and complex supply chains has expanded the threat landscape beyond internal assets to external dependencies.

Key Findings from the 2024 State of External Exposure Management Report

The 2024 State of External Exposure Management Report underscores several critical vulnerabilities:

  • Web Servers: Web server environments are among the most vulnerable assets, accounting for 34% of severe issues across surveyed assets. Platforms such as Apache, NGINX, Microsoft IIS, and Google Web Server host more severe issues than 54 other environments combined.
  • Cryptographic Protocols: Vulnerabilities in protocols like TLS (Transport Layer Security) and HTTPS contribute to 15% of severe issues on the attack surface. These protocols, essential for secure communication, often lack proper encryption, making them a significant security concern.
  • Web Application Firewalls (WAFs): Only half of the web interfaces handling personally identifiable information (PII) are protected by a WAF. Moreover, 60% of interfaces exposing PII lack WAF coverage, increasing the risk of exploitation by cybercriminals.

Challenges in Vulnerability Management

Outdated vulnerability management approaches often leave assets exposed to increased risks. Organizations must adopt a proactive strategy to mitigate these threats, beginning with a thorough assessment of supply chain risks.

Steps to Secure the Supply Chain

  1. Assess Supplier Security Postures: Evaluate suppliers' data access and organizational impact, and categorize them into risk profiles based on vulnerability levels.
  2. Conduct Risk Assessments: Use questionnaires, on-site visits, and process reviews to identify weaknesses within the supply chain.
  3. Visualize Risks: Utilize interaction maps to gain a clearer understanding of supply chain vulnerabilities and develop a comprehensive security strategy addressing both physical and virtual risks.
  4. Collaborate with Leadership: Ensure senior leadership aligns security priorities to mitigate threats such as ransomware, data breaches, and sabotage.

Addressing Endpoint Vulnerabilities

With the rise of remote work, monitoring supplier endpoints has become critical. Risks such as device theft, data leaks, and shadow IT require proactive measures. While VPNs and virtual desktops are commonly used, they may fall short, necessitating continuous monitoring of telework environments.

Continuous Monitoring and Threat Management

Effective risk management requires continuous monitoring to protect critical assets and customer information. Organizations should prioritize advanced protective measures, including:

  • Threat Hunting: Identify potential breaches before they escalate, reducing the impact of cyberattacks.
  • Centralized Log Aggregation: Facilitate comprehensive analysis and anomaly detection through a unified system view.
  • Real-Time Monitoring: Enable swift response to security incidents, minimizing potential damage.

Building a Resilient Cybersecurity Framework

A robust, integrated risk monitoring strategy is essential for modern cybersecurity. By consolidating proactive practices into a cohesive framework, organizations can enhance visibility, close detection gaps, and fortify supply chains against sophisticated attacks. This approach fosters resilience and maintains trust in an increasingly complex digital landscape.

Read more »
Online Security
cookie theft Cookies Cyber Security cybercriminals FBI Hacking https MFA Bypass Online Security

FBI Warns of Cybercriminals Stealing Cookies to Bypass Security

 

Cybercriminals are now targeting cookies, specifically the “remember-me” type, to gain unauthorized access to email accounts. These small files store login information for ease of access, helping users bypass multi-factor authentication (MFA). However, when a hacker obtains these cookies, they can use them to circumvent security layers and take control of accounts. The FBI has alerted the public, noting that hackers often obtain these cookies through phishing links or malicious websites that embed harmful software on devices. Cookies allow websites to retain login details, avoiding repeated authentication. 

By exploiting them, hackers effectively skip the need for usernames, passwords, or MFA, thus streamlining the process for unauthorized entry. This is particularly concerning as MFA typically acts as a crucial security measure against unwanted access. But when hackers use the “remember-me” cookies, this layer becomes ineffective, making it an appealing route for cybercriminals. A primary concern is that many users unknowingly share these cookies by clicking phishing links or accessing unsecured sites. Cybercriminals then capitalize on these actions, capturing cookies from compromised devices to access email accounts and other sensitive areas. 

This type of attack is less detectable because it bypasses traditional security notifications or alerts for suspicious login attempts, providing hackers with direct, uninterrupted access to accounts. To combat this, the FBI recommends practical steps, including regularly clearing browser cookies, which removes saved login data and can interrupt unauthorized access. Another strong precaution is to avoid questionable links and sites, as they often disguise harmful software. Additionally, users should confirm that the websites they visit are secure, checking for HTTPS in the URL, which signals a more protected connection. 

Monitoring login histories on email and other sensitive accounts is another defensive action. Keeping an eye on recent activity can help users identify unusual login patterns or locations, alerting them to possible breaches. If unexpected entries appear, changing passwords and re-enabling MFA is advisable. Taking these actions collectively strengthens an account’s defenses, reducing the chance of cookie-based intrusions. While “remember-me” cookies bring convenience, their risks in today’s cyber landscape are notable. 

The FBI’s warning underlines the importance of digital hygiene—frequently clearing cookies, avoiding dubious sites, and practicing careful online behavior are essential habits to safeguard personal information.
Read more »
URLs
Data Exfiltration HFS https malware Monero Cryptocurrency Monero Miner URLs

Hackers Attack HFS Servers to Install Malware and Mine Monero


 

Cybersecurity researchers have identified a wave of attacks targeting outdated versions of the HTTP File Server (HFS) software from Rejetto, aiming to distribute malware and cryptocurrency mining tools. These attacks exploit a critical security flaw known as CVE-2024-23692, which allows hackers to execute arbitrary commands without needing authentication.

CVE-2024-23692 is a high-severity vulnerability discovered by security researcher Arseniy Sharoglazov. It was publicly disclosed in May this year, following a detailed technical report. The flaw is a template injection vulnerability that enables remote attackers to send specially crafted HTTP requests to execute commands on the affected systems. The vulnerability affects HFS versions up to and including 2.3m. In response, Rejetto has issued a warning to users, advising against the use of these versions due to their susceptibility to control by attackers.

Researchers at AhnLab Security Intelligence Center (ASEC) have observed multiple attacks on version 2.3m of HFS. This version remains popular among individuals, small teams, educational institutions, and developers for network file sharing. The attacks likely began after the release of Metasploit modules and proof-of-concept exploits soon after the vulnerability's disclosure.

During these attacks, hackers gather information about the compromised system, install backdoors, and deploy various types of malware. Commands such as "whoami" and "arp" are executed to collect system and user information and identify connected devices. Hackers also add new users to the administrators' group and terminate the HFS process to prevent other threat actors from exploiting the same vulnerability.

In several cases, the XMRig tool, used for mining Monero cryptocurrency, was installed. ASEC researchers attribute one of these attacks to the LemonDuck threat group. Other malware payloads deployed include:

1. XenoRAT: A tool for remote access and control, often used alongside XMRig.

2. Gh0stRAT: Used for remote control and data exfiltration.

3. PlugX: A backdoor associated with Chinese-speaking threat actors, providing persistent access.

4. GoThief: An information stealer that uses Amazon AWS for data exfiltration, capturing screenshots, collecting desktop file information, and sending data to an external command and control server.

AhnLab continues to detect attacks on HFS version 2.3m. Given that the server must be online for file sharing, it remains a lucrative target for hackers. Rejetto recommends users switch to version 0.52.x, which is the latest release despite its lower version number. This version is web-based, requires minimal configuration, and supports HTTPS, dynamic DNS, and administrative panel authentication.

The company has also provided indicators of compromise, including malware hashes, IP addresses of command and control servers, and download URLs for the malware used in these attacks. Users are urged to update their software to the latest version and follow cybersecurity best practices to protect their systems from such vulnerabilities.

By assimilating and addressing these vulnerabilities, users can better secure their systems against these sophisticated attacks.


Read more »
Subscribe to: Posts (Atom)