Sunday, January 19, 2025
Home Blog Page 48

Ukrainian Banks & Defense Ministry Hit with “Powerful” DDoS Attack

By
Steven Black (n0tst3)
-
0

Websites for several banks and government agencies in Ukraine — including the Ministry of Defense, Ministry of Internal Affairs and the Armed Forces of Ukraine — were facing disruptions Tuesday, according to multiple sources.

Ukraine’s Center for Strategic Communications and Information Security posted a message to Facebook late morning U.S. time saying the banks and the government were hit by a “massive” distributed denial-of-service (DDoS) cyberattack.

The Ministry of Defense tweeted that it had “probably” been targeted with DDoS, and that it was communicating via Facebook and Twitter. The Ukrainian State Service of Special Communication and Information Protection called it a “powerful DDOS attack on a number of information resources,” and said experts were “taking all necessary measures to resist and localize the cyberattack.”

None of the reports attributed the DDoS attacks to a specific source. The website disruptions come as tensions in the region continue to ratchet up, with the Russian government potentially on the verge of military escalation against Ukraine.

Local news reported that users were having problems with online banking earlier in the day. One of the banks in question, Privat, is one of the largest in Ukraine, and users were having issues with the bank’s app, the government agency reported in its Facebook post. Oschad, another bank hit with attacks, also had services disrupted. Both banks are state owned. Customers for one of the state-owned banks received text messages falsely claiming that ATMs were down, the Ukrainian Cyberpolice reported Tuesday. The messages “are not phishing, but are part of an information attack and do not correspond to reality,” the agency said.

The Ministry of Defense’s website remained inaccessible midday Tuesday, displaying a message in Russian that read: “The site is under technical maintenance.” The Armed Forces of Ukraine site was also inaccessible.

DDoS attacks typically involve flooding a website with countless bogus requests until it goes down.

“Though we’ve anticipated disruptive Russian attacks against Ukraine, we’ve seen no evidence of responsibility at this time,” said John Hultquist, the vice president of threat intelligence at cybersecurity firm Mandiant. “Denial of service attacks are notoriously difficult to attribute.”

News about the potential conflict on the ground continues to revolve around possible diplomatic resolution. The Russian government had “signaled a willingness to continue talks to resolve the crisis,” and some of its troops were returning to base, the Washington Post reported earlier in the day.

Dmytro Kuleba, Ukraine’s Minister of Foreign Affairs, tweeted Tuesday morning that skepticism regarding drawdowns was warranted: “We in Ukraine have a rule: we don’t believe what we hear, we believe what we see,” he wrote. “If a real withdrawal follows these statements, we will believe in the beginning of a real de-escalation.”

The U.S. Embassy in Kyiv began moving its operations 340 miles away to Lviv on Monday, while destroying some of the IT equipment it left behind, reports said.

You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

New public tool can uncover redacted, pixelated text, revealing sensitive data

By
Steven Black (n0tst3)
-
0

Developer warns that redaction method is insecure

Researchers have demonstrated how a new tool can uncover redacted text from documents, potentially exposing sensitive information to nefarious actors.

The tool, called Unredacter, was released by Bishop Fox today (February 15). To demonstrate that pixilation is “a no-good, bad, insecure, surefire way to get your sensitive data leaked”, it was designed to take redacted pixelized text and reverse it back into its reveal the supposedly hidden “clear text”.

In a blog post, lead researcher Dan Petro, who wrote the tool, explained that it was created in order to complete a challenge set by Jumspec, and also due to the use of pixilation being a “pet peeve” of his.

Insecure

Bishop Fox has a “long-standing policy” to only redact information using black bars, which the company says is the only secure way technique.

“Sometimes, people like to be clever and try some other redaction techniques like blurring, swirling, or pixilation,” lead researcher Dan Petro wrote. “But this is a mistake.”

He told The Daily Swig: “It’s just not a secure way to redact information,” he explained. “But you see it all the time out there on the internet, often by journalists.

“Clearly the community needed to be convinced that pixilation is bad, and a tool to un-redact is the best way to do it.”

The tool

Petro explained that assuming one already knows the font type for the original information and of the redacted text, “since the attacker in a realistic scenario would likely have received a full report”, his tool can be used to circumvent common issues when it comes to revealing redacted information.

These issues include character bleed over, when a letter shares more than one pixilation column, variable widths between letters, and font inconsistency, which can all make using an algorithm difficult.

Petro wrote: “…there’s an existing tool called Depix that tries to do exactly this through a really clever process of looking up what permutations of pixels could have resulted in certain pixelated blocks, given a De Bruijn sequence of the correct font.”

“I like the theory of this tool a lot,” he said, but added that it “doesn’t work as well in practice as you’d like”.

The blog post contains more technical detail on how the Unredacter tool was built, as well as a proof of concept.

Warning

Petro said that the tool is aimed at being used by “possibly Red Teams”, but added that it “is mostly a proof-of-concept to drive home a point – never redact text with anything other than black bars fully covering the text”.

The researcher added: “Redacted data can be almost anything from passwords in a pen test report to victim names in a criminal report.

“The consequences to insecurely redacting information is highly context-dependent, but generally, someone redacts information because they don’t want it to be read.”

You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines

source

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

Over 28,000 Vulnerabilities Disclosed in 2021 according to a report

By
Steven Black (n0tst3)
-
0
vulnerability

Risk Based Security on Monday released its vulnerability report for 2021 and revealed that a record-breaking 28,695 flaws were disclosed last year, which represents a significant increase from the 23,269 disclosed in 2020.

Of the vulnerabilities disclosed in 2021, more than 4,100 are remotely exploitable, have a public exploit available, and also have a patch or mitigation. By focusing on these security holes first, organizations could reduce risk by 86%, according to the vulnerability and data breach intelligence company.

On the other hand, to put that 4,100 into context, the known exploited vulnerabilities catalog maintained by CISA, which tracks issues disclosed over the past decade, only contains 360 entries.

The COVID-19 pandemic appears to have had some impact on vulnerability disclosures, starting with the first quarter of 2020, when there was a significantly lower number of disclosures. Risk Based Security (RBS) also noticed that disclosures slowed down in the first half of 2021, but they picked up in the second half of the year.

“In the 2021 Mid Year 2021 Report, the difference between 2020 and 2021 was only around 400. In the second half of the year, that gap then increased by over 3,500,” the company said in its latest report. “This is a considerable increase, further lending to the idea that we are seeing the disclosure landscape shake off the pandemic as researchers return to their normal output.”

As for the products with the most vulnerabilities discovered in 2021, the top 10 mostly includes Linux distributions. Google’s Pixel devices also made the top 10. Pixel phones ranked 12 in 2020 and moved up to the fifth place in 2021, but the number of vulnerabilities was roughly the same in both years.

One significant change in 2021 is that the top 10 does not include any version of Windows. Furthermore, in the list of top vendors, Microsoft dropped from second place in 2020 to fifth in 2021. However, this could be explained by the fact that 2020 was — as RBS puts it — “an unusually bad year for Microsoft,” with nearly 1,600 vulnerabilities, up from 940 in the previous year.

It’s worth noting that 29% of the vulnerabilities cataloged by RBS do not have a CVE identifier.

“The good news is that the industry is starting to make big leaps in how it views vulnerability management. Firms like Gartner are catching on to the inefficiencies caused by reliance on vulnerability scanners, while government agencies like the Cybersecurity Infrastructure and Security Agency are pushing for organizations to focus their prioritization on metadata like exploitability, rather than severity,” RBS said in its report.

It added, “All of these movements are educating organizations that it can be possible to proactively manage risk, rather than always reacting to it. As enterprises take the steps in assessing those possibilities, security teams will come to realize that it will all come down to the quality of data. To make informed risk-decisions, they will come to understand that comprehensive, actionable, and timely vulnerability intelligence will be critical, and that it won’t be found in the public source.”

Earlier this year, RBS announced getting acquired by threat intelligence company Flashpoint.

You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.

Bookmark
Please login to bookmarkClose

Google Patches Zero-Day Vulnerability attack vector Actively Exploiting Chrome

By
Steven Black (n0tst3)
-
0

Google on Monday announced the release of 11 security patches for Chrome, including one for a vulnerability exploited in the wild.

Tracked as CVE-2022-0609 and rated high severity, the exploited vulnerability is described as a use-after-free issue in Animation that was reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group.

“Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild,” the Internet giant notes in an advisory.

While the company did not provide additional information on the exploited zero-day, use-after-free bugs are typically exploited to achieve the execution of arbitrary code on vulnerable systems.

This is the first exploited Chrome zero-day patched by Google in 2022. According to data from the company’s Project Zero group, there were 14 exploited Chrome flaws last year.

Rolling out to Windows, Mac and Linux systems as Chrome 98.0.4758.102, the new browser iteration addresses six other high-severity and one medium-severity security flaws reported by external researchers.

The most important of these is CVE-2022-0603, a use-after-free in file manager. Google paid the reporting researcher a $15,000 bug bounty reward.

Next in line are CVE-2022-0604 (heap buffer overflow in tab groups), CVE-2022-0605 (use-after-free in Webstore API), and CVE-2022-0606 (use-after-free in Angle). The company handed out $7,000 bounty payouts for each of these.

The remaining high-severity flaws addressed with this Chrome release are CVE-2022-0607 (use-after-free in GPU) and CVE-2022-0608 (integer overflow in Mojo). Tracked as CVE-2022-0610, the medium-severity security hole is described as an inappropriate implementation issue in the Gamepad API.

According to Google, Chrome users will receive the new update in the coming days/weeks. Those who do not want to wait can trigger the update immediately by going to Menu > Help > About Google Chrome.

You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines

source

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

Adobe Issues an Emergency Patch to Address an Exploited Commerce Zero-Day Vulnerability

By
Steven Black (n0tst3)
-
0

Yesterday, Adobe issued an emergency advisory to notify users of Adobe Commerce and Magento about a critical zero-day vulnerability that has been exploited in attacks.

As per the tech giant’s threat data, the security issue is being used “in very limited attacks targeting Adobe Commerce merchants.”

To address the critical security flaw affecting its products, the American multinational computer software company has developed patches, which are delivered as MDVA-43395 EE 2.4.3-p1 v1.

The vulnerability has been identified as CVE-2022-24086, with a CVSS score of 9.8. It is characterized as an improper input validation issue that can result in arbitrary code execution. According to Adobe, the flaw can be abused without requiring authentication.

However, the California-based firm also stated that the flaw can only be exploited by hackers with administrative privileges.

Affected Products and Versions

The security vulnerability impacts Adobe Commerce (2.3.3-p1-2.3.7-p2) and Magento Open Source (2.4.0-2.4.3-p1), as well as earlier versions. Adobe Commerce versions prior to 2.3.3 are not affected.

Patches from Adobe can be downloaded and manually installed here.

Adobe has not given any other details about the attacks, and no one has been credited with disclosing the weakness.

According to SecurityWeek, the company declared that it is unable to discuss any additional information about the vulnerability in order to protect its customers’ privacy and security.

The company said that its internal security team was the one to find the vulnerability:

Our internal Adobe security team employs technologies that regularly monitor and help us identify and respond when issues occur.

securityweek

The findings come after Sansec, an e-commerce malware and vulnerability detection firm, revealed last week that a Magecart attack impacted 500 sites powered by Magento 1 with a credit card skimmer intended to collect sensitive payment details.

The cybercriminals took advantage of a combination of vulnerabilities, as well as the fact that Magento 1 is no longer receiving security fixes.

This month, Adobe released patches for products including Premiere Rush, Illustrator, and Creative Cloud. Among other issues, the patch round addressed security flaws that could result in arbitrary code execution, Denial-of-Service (DoS), and privilege escalation.

You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

How the metaverse could shape cybersecurity in 2022

By
Steven Black (n0tst3)
-
0

Can metaverse re-shape Cybersecurity in 2022 as we know it

“Metaverse” is a much-hyped concept that is being mentioned more and more frequently in conversations regarding technology and development. Although the idea has recently gained popularity, it is not entirely new. It first made an appearance in Neal Stephenson’s science fiction novel Snow Crash and since then, there have been many versions of the metaverse, especially as the gaming industry caught on to it. These versions have nurtured the idea, as evident through games like Second Life, Eve Online, or even GTA and Red Dead Online.

Despite its long-standing presence in the world of technology, the idea around the metaverse still seems somewhat hazy. It is probably because the recent construction of metaverse is set to happen through Facebook and promises to incarnate the next generation of the internet. It represents the idea of an immersive, next generational virtual 3D world, promising to connect all sorts of digital environments in almost like a digitized mimicry of the actual world we live in. And while the idea of a revolutionized digital world sounds exciting within itself, it has bubbled up several security concerns leading to that big question; how is the metaverse set to change cybersecurity in 2022?

Top cybersecurity concerns with the metaverse

Although the specific ideas around the metaverse are somewhat hazy, privacy and security concerns have surfaced surrounding the concept. There are numerous speculations around how it might impact cybersecurity and what might be some top security concerns needing immediate attention.

We are already aware of some of the cybersecurity issues that are most likely to occur within the metaverse, as far as living a virtual life in 2020 and 2021. While looking at statistical data, it is safe to predict a boom in common cybersecurity issues like phishing. Moreover, the development phases contain hints of possible cybersecurity scenarios within 2022. Since most cyberattacks and frauds have started to occur, It is possible to predict scenarios like:

  • NFTs are important as the epicenter of the metaverse economy. There could be an already evident rise in NFT scams, such as selling fake NFTs.
  • An occurrence of malicious smart contracts duping people and gaining access to personal information or cryptocurrency wallets.
  • The use of vulnerable AR/VR devices becoming an entryway for malware invasions and data breaches. A problem that came with the popularity of VR glasses.
  • A likely rise in blockchain scams occurring through seemingly legitimate financial institutions

However, the largest concern looming about the Metaverse surrounds the data privacy and security that will most likely remain under threat for several reasons.

For starters, there is the essential use of AR/VR devices that collect large amounts of user data and information such as biometric information, creating a potential for hack attacks. Moreover, the modern demand for user data is most likely to grow with the Metaverse, as it could provide leverage to collect more user data. Specifically, with Facebook the reason behind Metaverse, it is bound to rob people of their personal information. Moreover, as evident in Second Life, the metaverse avatars will become a source of data collection, violating user privacy.

What will cybersecurity be like in 2022 with the metaverse?

Since the idea of the metaverse has yet to come to life, it is hard to draw fine lines around how it might impact cybersecurity. However, it is possible to draw speculations based on the working of other “metaverses” the gaming industry has managed to conjure, and through various security concerns accompanying the idea.

Ever since the idea of the Metaverse hit the news, a flurry of cybercriminal activity has been evident through rising NFT scams. Since these scams deploy social engineering tactics, it’s safe to say that social engineering attacks are not going away any time soon. In fact, there will likely be a rise in attacks as the metaverse continues to take shape.

The fact that the Metaverse is so far going to house an extensive collection of sensitive data, there has to be a probable rise in hack attacks. Along with that is the evident impact it has on data privacy. If things remain vulnerable, there could be frequent hacks and data theft, harming all users. With that comes the imminent threat of scams and malware invasions.

However, what is probably most deeply concerning is that the metaverse is built through blockchain technology. While this technology is secure, it is not immune to vulnerabilities altogether. Moreover, it is decentralized, with no designated admin or moderator to keep charge or control. With such an absence of authority, there will be no possible way to retrieve stolen or illegally obtained assets.

Since the Metaverse will operate through avatars, there will be no concrete method to identify cybercriminals. Anyone can dupe the digital landscape, as evident over the dark web.

Implementing cybersecurity in the era of the metaverse.

Since the metaverse will bring about with it a hoard of cybersecurity issues, there will be a crucial need to implement strict cybersecurity measures and protocols. For starters, there will be a dire need to ensure stronger endpoint security through various tools like VPNs, proxies, and antimalware software. However, it is crucial that things don’t only stop at that.

As social engineering and phishing attacks are likely to rise, there will be a more crucial need to spread awareness regarding such issues. In fact, cybersecurity in all its essence requires a holistic approach, relying on the need for a perfect blend of security tools and appropriate awareness regarding it.

Along with that, many organizations will need to prepare ahead and implement the use of theta hunting, penetration testing, and vulnerability scans to ensure their security systems are safe, secure, and uncompromising. It is only with each individual recognizing the dire need to secure themselves and understand the risks associated with even the slightest bit of neglect that we can ensure a cyber secure 2022 with the metaverse.

Final Words

Digitization in all its forms is exciting. The development of technology is met with zeal and zest, primarily as it eases people’s lives all over and eradicates several problems. However, in all its glamour, the cybersecurity aspects of these digitizations are often undermined, as evident with the metaverse.

Although the metaverse is a genuinely remarkable concept and could help the world in several ways, it is crucial to realize that it might all fail if the cybersecurity aspect is ignored. Therefore, within all this hype on its development, cybersecurity is a topic that needs a lot more attention than it is getting.

You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines

source

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

Analyzing Phishing Attacks that use malicious PDFs

By
Steven Black (n0tst3)
-
0
Cybersecurity

Analyzing Phishing attacks

Every day everybody receives many phishing attacks with malicious docs or PDFs. I decided to take a look at one of these files. I did a static analysis and I went straight to the point to make this reading simple and fast.

Here is the received email as it was from the Caixa Economica Federal bank, but we can see the sender uses Gmail services and a strange name.

Analyzing Phishing attacks

I verified this e-mail header using MXtoolbox, and we can see the IP used by the sender (attacker).

Analyzing Phishing attacks email headers

Below is the reputation of the IP used by the attacker.

Analyzing Phishing attacks abusipdb

We can see this IP has a lot of mentions about malicious activities.

phishing PDFs

I downloaded this file in my VPS (Kali Linux) and used peepdf to do an analysis of the file structure, and I found 2 URIs in objects 3 and 5.

After I checked objects 3 and 5 using pdf-parser, I discovered a malicious URL in the 3.

I did a check about this URL in VirusTotal and it had a malicious reputation.

virustotal analysis

When I opened the file in the Kali, we could see it had an original logo of the bank and a button to click that will direct me to an URL.

When I clicked in this button the URL hxxp://cefonlineencaminha[.]z13[.[]web[.]core[.]windows[.]net redirect to another URL ms[.]meuappavisos[.]com

I checked the URL reputation, and it has a lot of mentions about it.

phishing PDFs

In conclusion, it’s essential to take care and attention to each detail when you open this kind of email because you can put your machine in a dangerous situation, have your data exfiltrated, be hacked and etc.

Tools used during the analysis:

source

You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

Thousands of npm accounts use email addresses with expired domains

By
Steven Black (n0tst3)
-
0
Cybersecurity
Cybersecurity

An academic research project found that thousands of JavaScript developers are using an email address with an expired domain for their npm accounts, leaving their projects exposed to easy hijacks.

The study, performed last year by researchers from Microsoft and North Caroline State University, analyzed the metadata of 1,630,101 libraries uploaded on Node Package Manager (npm), the de-facto repository for JavaScript libraries and the largest package repository on the internet.

2,818 developers exposed to account hijacks

Researchers said they found that 2,818 project maintainers were still using an email address for their accounts that had an expired domain, some of which they found on sale on sites like GoDaddy.

The team argued that attackers could buy these domains, re-register the maintainer’s address on their own email servers, and then reset the maintainer’s account password and take over his npm packages.

An attack like this would work because the npm portal does not enforce two-factor authentication (2FA) for account owners, meaning that once the attacker reset the owner’s password, they would be free to alter packages with any other hindrance.

In total, the research team said the 2,818 maintainer accounts managed 8,494 packages, which had an average of 2.43 direct dependents, denoting that any attack would also hit tens of thousands of other downstream projects.

Account hijacks like these could be spotted by the account owners, but researchers also pointed out that many npm libraries and accounts are either unmaintained (58.7%) or abandoned (44.3%), and there would be a big chance that attackers would be able to carry out their attacks without the maintainers even noticing.

npm team appears to have reacted to the findings

The research team said they notified the npm security team of their report’s findings but did not say how the npm team reacted. An email sent to GitHub, which owns npm, was not returned before this article’s publication.

However, it is worth noting that days before this study was published in December 2021, npm announced plans to slowly start enforcing 2FA for developer accounts.

This process was scheduled to take place in multiple stages, with the Top 100 maintainer accounts being enrolled in mandatory 2FA at the start of this month.

Additional details on the study are available in the “What are Weak Links in the npm Supply Chain?” research paper. Some of the research team’s other findings are also listed below:

  • 2.2% (33,249) of packages used install scripts, which could be abused to run malicious commands and is against npm best security practices;
  • The Top 1% packages (14,941) had an average of 32.4 maintainers per package, opening the door for attacks via the accounts of inactive or inattentive developers;
  • 389 packages had 40 contributors for every maintainer, opening the door for the accidental insertion of security flaws or flooding a project with contributions to sneak in malicious code;
  • The top 1% maintainers own an average number of 180.3 packages with direct dependents of 4,010 average packages, meaning some developers could be overworked or not have time to thoroughly maintain or review package changes.

You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

National Math and Science Databreach, more than 190,000 notified of data security incident

By
Steven Black (n0tst3)
-
0
data breach

According to their notification letter, on or about October 13, 2021, their AV software triggered an alert. Through the resulting investigation,  NMSI determined that between September 23, 2021 and October 18, 2021, an unauthorized actor “may have had access to certain systems.”

San Francisco 49ers confirm ransomware attack
RELATED READING

The National Math and Science Initiative (NMSI) in Texas describes itself as a non-profit organization whose mission is to improve U.S. student performance in the subjects of science, technology, engineering, and math.

Although they claim there is no evidence of misuse, the information that could have been subject to unauthorized access includes name, address, and Social Security number.

The notification, sent to 191,255 people, does not indicate whether all of those potentially affected are students, teachers, employees or contractors.

NMSI’s notification to Maine provides more detail than the notices provided to Massachusetts or Vermont.

source

You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

San Francisco 49ers confirm ransomware attack

By
Steven Black (n0tst3)
-
0
ransomware

The San Francisco 49ers NFL team has fallen victim to a ransomware attack that encrypted files on its corporate IT network, a spokesperson for the team has told The Record.

The team confirmed the attack earlier today after the operators of the BlackByte ransomware listed the team as one of their victims on Saturday on a dark web “leak site” the group typically uses to shame victims and force them into paying their extortion demands.

IMAGE: SCREENSHOT OF THE BLACKBYTE 49ERS EXTORTION PAGE (VIA @CYBERKNOW20)

“Upon learning of the incident, we immediately initiated an investigation and took steps to contain the incident,” the team told us earlier today.

“While the investigation is ongoing, we believe the incident is limited to our corporate IT network; to date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders,” it added.

The team said it notified law enforcement and is working with third-party cybersecurity firms to investigate the attack.

“[W]e are working diligently to restore involved systems as quickly and as safely as possible,” the team said.

Attack could have been catastrophic in “what if?” scenario

ransomware attack
ransomware

The attack could have been catastrophic if the team had qualified for Super Bowl LVI, which will take place later today.

The 49ers dramatically lost 17 to 20 after the Los Angeles Rams mounted a 4th quarter comeback in the NFC Championship game two weeks ago.

If they had made it to the Super Bowl, this ransomware attack could have seriously disrupted the team’s game preparations, bringing ransomware to the forefront of the US media cycle once again after several high-profile incidents last year, including one that took place over the 4th of July weekend.

Nonetheless, it is unclear how the current attack will impact the team’s plan for the next NFL season/year, which will start later this month with the free agency signing period, NFL Combine event, and subsequent NFL Draft.

What Is Ransomware and How Does It Work?

FBI warns about BlackByte attacks

As for the attackers, the BlackByte ransomware gang is one of the smaller ransomware operations active today, operating on a RaaS (Ransomware-as-a-Service) model where they rent out their ransomware to “affiliates” who then carry out intrusions into organizations and deploy it to encrypt files.

These “affiliates” also steal files from the hacked networks, which the BlackByte gang uses as leverage in negotiations, threatening victims that they will release the stolen files on a dark web “leak site” if they don’t pay their extortion demands.

https://twitter.com/campuscodi/status/1442807045485330435

The first BlackByte attacks were seen in September 2021, and this first version of the ransomware was not very well coded, allowing cybersecurity firm Trustwave to find a weakness and use it to create a free decrypter.

In the following weeks, the BlackByte group released a second version, without the encryption bug, which they have been using in attacks since then.

According to an FBI security alert, since November 2021, the agency said the “BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).”

The FBI released its security alert [PDF] on Friday, a day before the attack on the 49ers organization became public, which has led some security experts to believe the document might contain tactics and indicators of compromise from the current 49ers attack.

You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.

Bookmark
Please login to bookmarkClose
1...474849...79Page 48 of 79

Editor Picks

Featured

Cyber Academy

ABOUT US

RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more

Contact us: security@realinfosec.net

Social

Subscribe for weekly updates

Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.