Tag Archive for: Vulnerability

Exploited TP-Link Vulnerability Spawns Botnet Threats

/in


Endpoint Security
,
Governance & Risk Management
,
Internet of Things Security

Attackers Exploit Old Flaw, Hijack TP-Link Archer Routers

Prajeet Nair (@prajeetspeaks) •
April 17, 2024    

Exploited TP-Link Vulnerability Spawns Botnet Threats
Botnet are searching for unpatched TP-Link Archer AX21 routers. (Image: Shutterstock)

Half a dozen different botnets are prowling the internet for TP-Link-brand Wi-Fi routers unpatched since last summer with the goal of commandeering them into joining distributed denial-of-service attacks.

See Also: Cyber Hygiene and Asset Management Perception vs. Reality

Chinese router manufacture TP-Link in June patched a command injection vulnerability in its Archer AX21 router, a residential model that retails for less than $100. Consumer-grade routers are notorious for uneven patching, either because manufacturers are slow to develop patches or consumers don’t apply them. “Once they’re connected to the internet, they don’t care anymore about the router,” one industry CISO told Oxford University academics researching a 2023 paper.

The vulnerability, tracked as CVE-2023-1389, allows attackers to insert malicious commands by calling the “locale” API on the web management interface. Attackers use set_country to insert remote code since the unpatched routers don’t sanitize that input.

Researchers at Fortinet said Tuesday they’ve observed multiple attacks over the past month focused on exploiting the vulnerability – including botnets Moobot, Miori, the Golang-based agent “AGoent,” a Gafgyt variant and an unnamed variant of the infamous Mirai…

Source…

A near-miss hack of Linux shows the vulnerability of the internet

/in


One of the most fascinating and frightening incidents in computer security history started in 2022 with a few pushy emails to the mailing list for a small, one-person open source project.

A user had submitted a complex bit of code that was now waiting for the maintainer to review. But a different user with the name Jigar Kumar felt that this wasn’t happening fast enough. “Patches spend years on this mailing list,” he complained. “5.2.0 release was 7 years ago. There is no reason to think anything is coming soon.”.

A month later, he followed up: “Over 1 month and no closer to being merged. Not a suprise.” [sic]

And a month after that: “Is there any progress on this?” Kumar stuck around for about four months complaining about the pace of updates and then was never heard from again.

A few weeks ago, the world learned a shocking twist. “Jigar Kumar” does not seem to exist at all. There are no records of any person by that name outside the pushy emails. He — along with a number of other accounts — was apparently part of a campaign to compromise nearly every Linux-running computer in the world. (Linux is an open source operating system — as opposed to closed systems from companies like Apple — that runs on tens of millions of devices.)

That campaign, experts believe, was likely the work of a well-resourced state actor, one who almost pulled off an attack that could have made it possible for the attackers to remotely access millions of computers, effectively logging in as anyone they wanted. The security ramifications would have been huge.

How to (almost) hack everything

Here’s how events played out: In 2005, software engineer Lasse Collin wrote a series of tools for better-compressing files (it’s similar to the process behind a .zip file). He made those tools available for free online, and lots of larger projects incorporated Collin’s work, which was eventually called XZ Utils.

Collin’s tool became one part of the vast open source ecosystem that powers much of the modern internet. We might think that something as central to modern life as the internet has a professionally maintained structure, but as an XKCD comic published well before the…

Source…

Bitdefender Fixes Major Security Vulnerability: Patch Your Software Now

/in


Bitdefender has released a patch for a major security flaw in its products that could expose users’ devices to third-party access.

Under the Common Vulnerability Scoring System (CVSS), this threat — CVE-2023-6154 — scored 7.8, representing a serious threat to users of the affected products. Hackers can exploit the vulnerability to gain control over your device, siphon off personal information, or install malware on your computer.

Vulnerability CVE-2023-6154: Local Privilege Escalation

The vulnerability in question impacts a number of Bitdefender software, including Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; and Antivirus Free: 27.0.25.114.

According to Bitdefender, the bug is a configuration issue in the seccenter.exe executable. By leveraging this vulnerability, attackers can control and influence the behavior of the software, allowing them to execute third-party libraries.

Thankfully, Bitdefender detected and issued a patch for the vulnerability that plugs the security hole in the above antivirus packages.

Bitdefender Has Faced Privilege Escalation Vulnerabilities Before

This isn’t the first time that Bitdefender has had issues with vulnerabilities. In 2020, Bitdefender Antivirus Free was found to have issues within two processes — vsserv.exe and updatesrv.exe.

These processes, which have the highest level of system permissions, could be hijacked to execute third-party, malicious scripts, according to a report by SafeBreach. Bitdefender fixed the bug a month after it was reported.

It’s not uncommon for vulnerabilities to be detected in cybersecurity products and other software. That’s why bug bounties and white hat hackers exist; they look for and report on issues like these before cybercriminals can exploit them.

How to Patch Your Bitdefender Software

If you use any of the affected Bitdefender software, we recommend updating your app immediately to receive the security patch. Here’s how:

  1. Open the Bitdefender app on your device.
  2. Click on “Update Now.”

Bitdefender sits second place in our ranking of the best antivirus solutions. To learn more about this…

Source…

Apple Silicon Vulnerability Allows Hackers to Extract Encryption Keys

/in


An unpatchable vulnerability has been discovered in Apple’s M-series chips that allows attackers to extract secret encryption keys from Macs under certain conditions, according to a newly published academic research paper (via ArsTechnica).

m1 vs m2 air feature toned down
Named “GoFetch,” the type of cyber attack described involves Data Memory-Dependent Prefetchers (DMPs), which try to predict what data the computer will need next and retrieve it in advance. This is meant to make processing faster, but it can unintentionally reveal information about what the computer is doing.

The paper finds that DMPs, especially the ones in Apple’s processors, pose a significant threat to the security provided by constant-time programming models, which are used to write programs so that they take the same amount of time to run, no matter what data they’re dealing with.

The constant-time programming model is meant to protect against side-channel attacks, or types of attacks where someone can gain sensitive information from a computer system without directly accessing it (by observing certain patterns, for example). The idea is that if all operations take the same amount of time, there’s less for an attacker to observe and exploit.

However, the paper finds that DMPs, particularly in Apple silicon, can leak information even if the program is designed not to reveal any patterns in how it accesses memory. The new research finds that the DMPs can sometimes confuse memory content, which causes it to treat the data as an address to perform memory access, which goes against the constant-time model.

The authors present GoFetch as a new type of attack that can exploit this vulnerability in DMPs to extract encryption keys from secure software. The attack works against some popular encryption algorithms that are thought to be resistant to side-channel attacks, including both traditional (e.g. OpenSSL Diffie-Hellman Key Exchange, Go RSA decryption) and post-quantum (e.g. CRYSTALS-Kyber and CRYSTALS-Dilithium) cryptographic methods.

In an email to ArsTechnica, the authors explained:

Prefetchers usually look at addresses of accessed data (ignoring values of accessed data) and try to guess future addresses that might be useful. The DMP is…

Source…