Tag Archive for: Hacks

Critical D-Link Security Flaws Leaves Thousands Of These Storage Devices Vulnerable To Hacks

/in


end of life d link nas vulnerability allow code execution

End-of-life hardware can be quite the problem at times, even crashing back into Earth’s atmosphere at supersonic speeds for that matter. Of course, we wouldn’t expect such travesties happening with the hardware you keep in your basement, or that NAS you tucked away your closet. However, older tech gear can have serious security vulnerabilities that might not get patched due to its end-of-life status with the manufacturer. This is precisely what some D-Link networked attached storage (NAS) owners are finding out after a critical vulnerability was discovered, affecting up to 10s of thousands of devices still connected to the internet.

Roughly two weeks ago, researchers discovered a chain of vulnerabilities in several D-Link NAS devices including “DNS-340L, DNS-320L, DNS-327L, and DNS-325, among others.” The issues live with nas_sharing.cgi, which has a backdoor thanks to hardcoded credentials and command injection through the system parameter. These combined would allow for arbitrary code execution on the afflicted devices, allowing an attacker access to information, denial of service, or otherwise.

92k end of life d link nas vulnerability allow code execution

According to the researchers with NetSecFish, up to 92,000 D-Link devices are exposed to the internet and vulnerable to attackers. Shodan shows that there are significantly fewer exposed devices and fewer still that are tagged as end-of-life. Regardless, in response to the vulnerabilities, D-Link posted a notice explaining that the “exploit affects a legacy D-Link products and all hardware revisions, which have reached their End of Life (“EOL”)/End of Service Life (“EOS”) Life-Cycle.” As such, the recommendation for affected systems is to retire or replace them, as there will not be an update coming from the company.

Of course, you can also always ensure that the NAS devices are not exposed to the internet and simply use them internally, but there’s no guarantee that your data is safe. Thus, we would also recommend upgrading your storage server to something more current (16TB Buffalo NAS), to help prevent these types of security issues.

Source…

Security pros are being hospitalized by after-effects of ransomware hacks

/in


New research from the Royal United Services Institute (RUSI) has laid bare the mental and physical toll that cybersecurity workers face as a result of their work.

In a number of interviews with individuals who had been at the forefront of ransomware attacks and their aftermath, RUSI found that individuals were suffering from stress related illnesses, alongside financial, reputational and social harm as a result of ransomware attacks.

Source…

Ransomware, Vendor Hacks Push Breach Number to Record High

/in


Cybercrime
,
Fraud Management & Cybercrime
,
Ransomware

Report: 2.6 Billion Personal Records Exposed in the Last 2 Years

Marianne Kolbasuk McGee (HealthInfoSec) •
December 7, 2023    

Ransomware, Vendor Hacks Push Breach Number to Record High
Data breaches in the U.S. have hit an all-time high thanks to hacking incidents, including ransomware and vendor attacks, says a new study released by Apple and MIT. (Image: Getty)

The number of data breaches in the U.S. has hit an all-time high amid mounting attacks against third party vendors and aggressive ransomware attacks, says a report from Apple and a Massachusetts Institute of Technology researcher.

See Also: OnDemand | Understanding Human Behavior: Tackling Retail’s ATO & Fraud Prevention Challenge

Data breaches have more than tripled between 2013 and 2022, compromising 2.6 billion personal records in just the past two years – and that trend has continued to worsen in 2023, says the report written by MIT professor Stuart Madnick and published Thursday.

In the first eight months of 2023, more than 360 million people were affected by corporate and institutional data breaches, and 1 in 4 people in the U.S. had their health data exposed in data breaches.

More ransomware attacks were reported through January to September 2023 than in all of 2022, the report said. In the first three quarters of 2023, the number of ransomware attacks increased by nearly 70% compared to the same period in 2022.

A 2023 survey of 233 IT and cybersecurity professionals across 14 countries working in the healthcare sector found that 60% of organizations have faced a ransomware attack, which is…

Source…

Rising Global Tensions Could Portend Destructive Hacks

/in


Critical Infrastructure Security
,
Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime

CISA’s Goldstein Says Critical Infrastructure Should ‘Remain on Heightened Alert’

Chris Riotta (@chrisriotta) •
October 25, 2023    

Rising Global Tensions Could Portend Destructive Hacks
Image: Shutterstock

U.S. government agencies and private sector organizations should “remain on heightened alert” for disruptive cyberattacks targeting critical infrastructure and key sectors amid a series of escalating global conflicts, a top official for the U.S. Cybersecurity and Infrastructure Security Agency said on Wednesday.

See Also: Revealing the Secrets of Synthetic Identity Fraud: Safeguarding Your Organization Amidst a Changing Threat Landscape


Recent government analysis, including the latest annual global threat assessment of the U.S. intelligence community, indicates that cybercriminals and foreign adversaries would likely execute destructive attacks against critical infrastructure in the U.S. in the event of a Chinese conflict with Taiwan.


The U.S. is already facing major international crises – Russia’s invasion of Ukraine and the war between Israel and Hamas – that pose an “extraordinary challenge in cybersecurity” for government agencies, critical infrastructure operators and the private sector, said Eric Goldstein, CISA’s executive assistant director for cybersecurity.


“Russian cyber actors remain highly capable,” Goldstein said during an event hosted by think tank R Street Institute. There is “tremendous uncertainty” surrounding the future trajectory of Russian cyber activity around the war in Ukraine.


“We have to remain on heightened alert about how we think about the…

Source…