Category Archives: Cybersecurity
Vulnerability With Arris Routers
Security researcher Yerodin Richards has found an authenticated remote code execution vulnerability in Arris routers. ISPs typically provide these routers in loan for customers’ telephony and internet access. In a bizarre twist, he used the verification against itself to demonstrate the vulnerability.
Affected devices
The Arris router exploit allows a hacker to remotely access the device, says Richards. The bug is found in older TG2482A, TG2492, and SBG10 models, which can be commonly found in the Caribbean and Latin America. Richards says Arris told him it no longer supports the devices.
The vulnerability
The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. CVE-2022-45701 is a newly discovered issue. When testing for shell script command injection, the researcher found that $ is accepted by the web application. That was promising, but when paired into $( , it was neutralized. This implies that the developer was intentionally … Read the rest
Level-up Cyber Security Awareness
In 2022, four out of five workers did their work remotely or were hybrid. Remote work was embraced by companies, and they were forced to define and adopt remote working policies. However, IT departments were just as crucial in the new remote working era. They had to ensure security for their employees who were now working from home or from coffee shops.
Protecting sensitive information and maintaining regulatory compliance has become more difficult in today’s dynamic business landscape. Companies have to adapt their data access protocols to account for employees accessing data from various locations and devices. Businesses that shift their security posture when migrating from on-premise to hybrid and cloud environments again face a similar challenge, just as they did when they moved to the cloud.
Begin by defining the culture of security and then ensure that all employees are trained to respect the company’s standards. By training your … Read the rest
Is Your Microsoft Exchange Server Vulnerable to ProxyNotShell Flaw?
According to the non-profit Shadowserver Foundation, there are approximately 60,000 IP addresses with internet-facing Microsoft Exchange Server instances still vulnerable to CVE-2022-41082.
This might look like a standard Exchange Server bug, but it’s actually a lot worse. It’s really two flaws in one. The first flaw is a server-side request forgery in the Exchange API. The second is a remote code execution bug. We call this bug ProxyNotShell because it’s reminiscent of the ProxyShell bugs that plagued Microsoft servers earlier this year.
Microsoft did not patch this vulnerability until its November Patch Tuesday release. It was a long wait, but Microsoft said it was necessary to protect customers. You should still take action, though — follow Microsoft’s instructions for the Autodiscover endpoint to mitigate the vulnerability until it can be patched.
However, CrowdStrike published a blog post last month revealing a new exploit chain called “OWASSRF” that can bypass Microsoft’s … Read the rest
Is Your Website ADA Compliant?
The Americans with Disabilities Act (ADA) is a landmark civil rights law that prohibits discrimination against disabled individuals in all areas of public life. It gives millions of people with disabilities equal access to employment, government, telecommunications, and businesses.
Businesses must make reasonable modifications to accommodate customers with disabilities. Title III of the ADA addresses businesses specifically. It prohibits discrimination on the basis of disability in places of public accommodation, which include restaurants, private schools, sports stadiums, office buildings, and more. Businesses are required to make “reasonable modifications” to serve people with disabilities.
Who Needs to Be Compliant?
Under Title III, businesses “open to the public” both in the physical world and online are required to provide equal access to people with disabilities.
Examples of businesses open to the public include:
- Restaurants and bars.
- Retail establishments.
- Hotels and other places of lodging.
- Parks, zoos, and other places of recreation.
Black Friday Phishing Scams
Black Friday is approaching, and you should be aware of scams. Thirty percent of people in the US reported receiving phishing messages around Black Friday.
“[N]early a third of U.S. consumers (30%) said they received a phishing email around Black Friday last year, either by email or SMS to their personal email or cell,” the researchers write. “The thing is that consumers expect to receive more marketing and advertising emails from retailers during this time, touting their deals, along with updates about their orders and notifications about deliveries. Inboxes are noisier-than-usual and this makes it easier for cybercriminals to ‘hide’ their malicious messages. What’s more, attackers can leverage the ‘too-good-to-be-true’ deals people are expecting to receive, using them as lures to successfully deceive their victims. When the email looks like it has come from a legitimate brand and email address, people are more likely to click on malicious links that … Read the rest
Cyber Threats For Retail Stores
Cyber attacks on retailers are real and can occur online or offline. Credit card records can be stolen by malicious cyber-intruders. These attackers are able to enter a retail store in person and hack into your systems. Physical access to your retail store is the first step to a successful cyber attack. Threat actors can gain access to your network by using devices that fit in your wallet, like card skimmers, as well as vulnerable Wi-Fi networks, USB drives, and other hacking equipment. They can also use social engineering tactics to have an insider to help them. All retailers have experienced data being stolen, networks being degraded, and infrastructure being compromised.
Attention To Detail
With cyber security a big problem for retailers, it’s important to know the various methods used by cyber criminals to attack your business. They commonly use card skimmers and unsecured point-of-sale systems to acquire credit … Read the rest
Android Malware Infects 20 Million Users
A newly discovered Android malware was confirmed to have infected around 20 million users. The Clicker Malware, used 16 different malicious apps to get into the Google Play Store. Once there, it affected millions of users.
The Clicker Campaign
McAfee researchers found that the malware is hiding in applications that are disguised as legitimate tools. These applications are targeting Android phone users.
- These tools include Flashlight (Torch), QR readers, Camera, Unit Converters, and Task Managers.
- Its hard to tell the difference these days the apps may look like well-made Android software. However, they are hiding ad fraud features, equipped with remote configuration and Firebase Cloud Messaging (FCM) techniques.
- These Android applications are opened the malware is secretly downloaded in the background.
The researchers found that this malware is designed to disrupt the mobile advertising industry. It targets the ad-supported business models of the mobile ecosystem. The malware in turn generates … Read the rest
Conduct A ISO 27001 Risk Assessment in 7 Steps
Risk assessments are the most important part of any ISO 27001 project. They help you determine how to get your ISMS in order and keep it that way. This is the core of your information security management system, which is what you get when you implement the Standard.
What is an information security risk assessment?
When you look at the bigger picture of an information security management system, your first step is to look for risks. A risk assessment is a tool used to assess and manage incidents that have the potential to cause harm to your sensitive data. Your first step is to identify vulnerabilities that a cyber criminal could exploit or mistakes that employees could make. Then you determine the risk level and decide on the best course of action to prevent them from happening.
How to conduct an ISO 27001 risk assessment
Risk assessments can be complicated. … Read the rest
OAuth application abuse used to gain Exchange Online access
Microsoft researchers recently found a new type of attack. Hackers compromise Exchange Online access with malicious OAuth applications and then use it to change your email settings and spread spam.
OAuth applications are growing in popularity. One of the first malicious uses of OAuth applications is consent phishing. Consent phishing is a particularly sly form of phishing attacks that aim to trick users into granting permission to malicious apps so that they can gain access to cloud services such as email, files storage, and management APIs.
The attacker then gains access to the server by using a technique called credential stuffing, which is basically taking passwords from a compromised database and trying them. This is possible because the target OAuth authentication was bypassed. And they had administrator roles, so they could do everything on the site.
Figure 1. Overview of the attack chain. The time between application deployment and usage … Read the rest
Hackers Pivoting Around Macro Blocking in Microsoft Office
Microsoft’s default blocking of macros in its Office suite is not stopping hackers. These hackers are now using alternative files to host malicious payloads, now that Microsoft’s primary method of threat delivery is being cut off.
The use of macros-enabled attachments by threat actors has decreased dramatically in the past year, according to new data by Proofpoint revealed in a blog post Thursday. The decrease began when Microsoft announced it would block XL4 macros by default for Excel users. This was followed up with the blocking of VBA macros by default across the Office suite this year.
As Microsoft continues to improve its Office suite security, hackers are increasingly resorting to other file types as vessels for malware, Trend Micro researchers said. Specifically, the company is seeing an increase in the use of “container files” such as ISO and RAR attachments as well as Windows Shortcut (LNK) files.
In the … Read the rest
Loading ...