Tag: hack | SpinSafe

Palo Alto’s Unit 42 team reveals new wave of PAN-OS firewall hack attempts

April 23, 2024/in Internet Security

PAN-OS firewalls are facing an “increasing number of attacks”, though so far, signs of active command execution are rare.

Palo Alto’s PAN-OS firewalls are coming under increasing attack following the company’s disclosure of a command injection vulnerability on 12 April.

A few days later, the Australian Signals Directorate’s Australian Cyber Security Centre circulated a critical alert over the vulnerability, warning Australian organisations using Palo Alto’s firewalls to “act now” to mitigate the vulnerability, while Palo Alto said it was working on a hotfix.

Now, Palo Alto’s Unit 42 has shared more details of how the vulnerability – CVE-2024-3400, which could allow a threat actor to run arbitrary code on affected PAN-OS firewalls – is being actively exploited.

The big brains at Unit 42 have broken down the exploitation attempts into four discrete groups.

At level zero, we have threat actors simply probing customer networks and failing to make any kind of access. Unit 42 expected these attempts to have “little to no immediate impact” on organisations, and simply applying the available hotfix should remedy the situation.

Unit 42 rates level one as threat actors actively testing the vulnerability. In this case, “a zero-byte file has been created and is resident on the firewall. However, there is no indication of any known unauthorised command execution.”

Again, applying Palo Alto’s hotfix should do the trick.

In both cases, Unit 42 believes resetting the impacted device is unnecessary, as there is no indication of active compromise or data exfiltration.

At level two, however, Unit 42 is beginning to see “potential exfiltration” of data.

“A file on the device has been copied to a location accessible via a web request, though the file may or may not have been subsequently downloaded,” Unit 42 said in a blog post. “Typically, the file we have observed being copied is running_config.xml.”

Unit 42’s advice in this case is to both install the hotfix and perform a private data reset.

“Private data reset clears all logs and reverts the configuration to factory defaults,” Unit 42 said. “The system will restart…

Source…

A Massive Therapy Hack Shows Just How Unsafe Patients’ Files Can Be

April 22, 2024/in Computer Security

The suburb of Courbevoie sits just west of Paris on the left bank of the Seine. It’s home to La Défense, a thicket of skyscrapers visible from the city that forms a distant, unlovely terminus to the grand axis extending from the Louvre up the Avenue des Champs-Élysées and through the Arc de Triomphe. Just a short walk from Courbevoie’s office towers, at 7:20 a.m. on Feb. 3, 2023, local police arrived at a short-term rental in a modern beige apartment block. They were responding to a domestic violence call.

Outside the apartment, the officers met the young woman who’d phoned. She told them her friend and her friend’s husband were inside. The night before, the three had been out late at a nightclub and the husband had been drinking. There had been a dispute, the woman said. Now she worried her friend was in danger. The officers knocked on the door, no one answered, and they broke it open with a battering ram.

Source…

Hack The Box Redefines Cybersecurity Performance, Setting New Standards in the Cyber Readiness of Organizations

April 17, 2024/in Internet Security

The innovative Cyber Performance Center approach helps businesses present a united front against cybercrime by aligning cybersecurity and corporate goals.

NEW YORK, NY, LONDON, UK and SYDNEY, AUSTRALIA / ACCESSWIRE / April 10, 2024 / Companies can level up their cybersecurity defenses – eliminating the skills and knowledge gaps that criminals regularly exploit thanks to Hack The Box’s Cyber Performance Center.

Hack The Box’s Cyber Performance Center unites individual ability, business management practices, and the human factor in the cybersecurity industry and it is designed to help organizations take a coordinated approach to their cyber readiness, reducing the vulnerabilities created when cybersecurity is siloed or treated as a tick-box requirement.

Its innovative model transcends the limits of traditional cyber training, taking a 360º overview that considers a business’s processes and technology investments along with the requirements of its cybersecurity teams. By matching processes and exercises to organizational outcomes it helps to align cybersecurity and business objectives.

Hack The Box’s disruptive approach also directly addresses the key human element within corporate cybersecurity, focusing on the upskilling and development cyber professionals need to perform to their best while providing clear career paths to encourage retention and combat the increased burnout and fatigue within the sector. This is critical as the global cybersecurity industry currently faces a skills shortage of four million people.

It is estimated that, by next year over half of significant cyber incidents will be caused by human error or skill shortages¹. The Cyber Performance Center approach helps organizations tackle their security as a company-wide goal, considering the needs of its cybersecurity team, business processes, and respective technology investments to promote a healthy security culture.

Hack The Box combines these three organizational pillars with a continuous learning journey based on the latest technologies, vulnerabilities, and solutions for all cybersecurity domains. The approach enables customers to create and maintain a robust cyber strategy, unlocking the skills of each member of…

Source…

A near-miss hack of Linux shows the vulnerability of the internet

April 14, 2024/in Computer Security

One of the most fascinating and frightening incidents in computer security history started in 2022 with a few pushy emails to the mailing list for a small, one-person open source project.

A user had submitted a complex bit of code that was now waiting for the maintainer to review. But a different user with the name Jigar Kumar felt that this wasn’t happening fast enough. “Patches spend years on this mailing list,” he complained. “5.2.0 release was 7 years ago. There is no reason to think anything is coming soon.”.

A month later, he followed up: “Over 1 month and no closer to being merged. Not a suprise.” [sic]

And a month after that: “Is there any progress on this?” Kumar stuck around for about four months complaining about the pace of updates and then was never heard from again.

A few weeks ago, the world learned a shocking twist. “Jigar Kumar” does not seem to exist at all. There are no records of any person by that name outside the pushy emails. He — along with a number of other accounts — was apparently part of a campaign to compromise nearly every Linux-running computer in the world. (Linux is an open source operating system — as opposed to closed systems from companies like Apple — that runs on tens of millions of devices.)

That campaign, experts believe, was likely the work of a well-resourced state actor, one who almost pulled off an attack that could have made it possible for the attackers to remotely access millions of computers, effectively logging in as anyone they wanted. The security ramifications would have been huge.

How to (almost) hack everything

Here’s how events played out: In 2005, software engineer Lasse Collin wrote a series of tools for better-compressing files (it’s similar to the process behind a .zip file). He made those tools available for free online, and lots of larger projects incorporated Collin’s work, which was eventually called XZ Utils.

Collin’s tool became one part of the vast open source ecosystem that powers much of the modern internet. We might think that something as central to modern life as the internet has a professionally maintained structure, but as an XKCD comic published well before the…

Source…

Tag Archive for: hack

How to (almost) hack everything