Hackers now exploit new vulnerabilities in just 15 minutes

Hackers are now ​​moving faster than ever when it comes to scanning vulnerability announcements from software vendors.

Threat actors are actively scanning for vulnerable endpoints within a period of just 15 minutes once a new Common Vulnerabilities and Exposures (CVE) document is published, according to Palo Alto’s 2022 Unit 42 Incident Response Report.

Getty Images

As reported by Bleeping Computer, the report stresses how hackers are always scanning software vendor bulletin boards, which is where vulnerability announcements are disclosed in the form of CVEs.

From here, these threat actors can potentially exploit these details in order to infiltrate a corporate network. It also gives them an opportunity to distribute malicious code remotely.

“The 2022 Attack Surface Management Threat Report found that attackers typically start scanning for vulnerabilities within 15 minutes of a CVE being announced,” the blog post from Palo Alto’s Unit 42 states.

With hackers becoming more dangerous than ever in recent years, it can take them mere minutes to find a weak point in their target’s system. This is naturally made much easier if they’re aided by a report detailing what exactly can be exploited.

Simply put, system administrators will basically have to expedite their process in addressing the security defects and patch them before the hackers manage to find a way in.

Bleeping Computer highlights how scanning doesn’t require a threat actor to have much experience in the activity to be effective. In fact, anyone with a rudimentary understanding of scanning CVEs can perform a search on the web for any publicly disclosed vulnerable endpoints.

They can then offer such information on dark web markets for a fee, which is when hackers who actually know what they’re doing can buy them.

A large monitor displaying a security hacking breach warning.
Stock Depot/Getty Images

Case in point: Unit 42’s report mentioned CVE-2022-1388, a critical unauthenticated remote command execution vulnerability that was affecting F5 BIG-IP products. After the defect was announced on May 4, 2022, a staggering 2,552 scanning and exploitation attempts were detected within just 10 hours of the initial disclosure.

During the first half of 2022, 55% of exploited vulnerabilities in Unit 42 cases are attributed to ProxyShell, followed by Log4Shell (14%), SonicWall CVEs (7%), and ProxyLogon (5%).

Activity involving hackers, malware, and threat actors in general has evolved at an aggressive rate in recent months. For example, individuals and groups have found a way to plant malicious code onto motherboards that is extremely difficult to remove. Even the Microsoft Calculator app isn’t safe from exploitation.

This worrying state of affairs in the cyber security space has prompted Microsoft to launch a new initiative with its Security Experts program.

Editors’ Choice

Repost: Original Source and Author Link


OpenSea fixes vulnerabilities that could let hackers steal crypto with malicious NFTs

OpenSea has fixed vulnerabilities in its platform that could’ve let hackers steal someone’s crypto after sending them a maliciously crafted NFT. The issue was found by security firm Check Point Research, which noticed tweets from people claiming they were hacked after being gifted NFTs, according to a blog post. The researchers talked to one of the people saying they were attacked, and found vulnerabilities proving an attack could happen this way and reported the problems to OpenSea. The security firm says the NFT trading platform fixed the issue within an hour and worked with researchers to make sure the fix worked.

While the attackers potentially being able to drain entire wallets is certainly not a good look for OpenSea, it wasn’t a simple matter of just gifting someone an NFT — the exploit needed its target to click on a few prompts first, including one that might include transaction details. While being sent an NFT gift doesn’t require any interaction on your part, the malicious NFTs were harmless if they just sat unviewed in an OpenSea account.

The transfer confirmation message users may see while viewing an infected NFT.
Image: Check Point Research

The potentially dangerous situation occurs when viewing the image by itself (by, say, right-clicking on it and hitting “open in new tab”). For users with a crypto-wallet browser extension like MetaMask installed, it initiates a popup asking to connect to their wallet. If the target clicks yes, the attackers could snag the wallet’s information and trigger another popup asking to approve a transfer from the victim’s wallet to their own. If you’re not paying attention or didn’t realize what was going on and confirmed the transfer, you could wind up losing everything in your wallet.

OpenSea says in a statement that it hasn’t found any instances of someone actually carrying out that kind of attack — though it’s still unclear what happened to the people who say they were attacked. As far as I could find, there were only a few people talking about being hacked after receiving a gift NFT.

OpenSea says it’s working with third-party wallet providers to help people recognize malicious signature requests. Still, for the most part, standard internet safety rules apply — don’t click on things that seem out of the ordinary, and definitely don’t confirm any transaction requests unless you’re entirely sure it’s something you want to do.

While this particular attack required a lot of interaction (as well as at least some amount of inattention) from the target, it’s good to see Check Point’s confirmation that OpenSea has fixed it. It’s easy to imagine people new to NFTs potentially getting their wallets drained, and we’ve seen examples of bad actors and scammers in the crypto space. There are those who are willing to steal people’s Ethereum, pretend to be OpenSea support employees, or sell an almost certainly fake Banksy.

OpenSea also announced on Monday that it would hide gifted NFTs from an account’s page by default if they’re from unverified collections and add an option to suspend your account from buying or selling NFTs if you think your wallet has been compromised.

Repost: Original Source and Author Link


Security researcher sounds alarm over ATM NFC reader vulnerabilities

IOActive security researcher Josep Rodriquez has warned that the NFC readers used in many modern ATMs and point-of-sale systems are leaving them vulnerable to attacks, Wired reports. The flaws make them vulnerable to a range of problems, including being crashed by a nearby NFC device, locked down as part of a ransomware attack, or even hacked to extract certain credit card data.

Rodriquez even warns that the vulnerabilities could be used as part of a so-called “jackpotting” attack to trick a machine into spitting out cash. However, such an attack is only possible when paired with exploits of additional bugs, and Wired says it was not able to view a video of such an attack because of IOActive’s confidentiality agreement with the affected ATM vendor.

By relying on vulnerabilities in the machines’ NFC readers, Rodriquez’s hacks are relatively easy to execute. While some previous attacks have relied on using devices like medical endoscopes to probe machines, Rodriquez’ can simply wave an Android phone running his software in front of a machine’s NFC reader to exploit any vulnerabilities it might have.

In one video shared with Wired, Rodriquez causes an ATM in Madrid to display an error message, simply by waving his smartphone over its NFC reader. The machine then became unresponsive to real credit cards held up to the reader.

The research highlights a couple of big problems with the systems. The first is that many of the NFC readers are vulnerable to relatively simple attacks, Wired reports. For example, in some cases the readers aren’t verifying how much data they’re receiving, which means Rodriquez was able to overwhelm the system with too much data and corrupt its memory as part of a “buffer overflow” attack.

The second problem is that even once an issue is identified, companies can be slow to apply a patch to the hundreds of thousands of machines in use around the world. Often a machine needs to be physically visited to apply an update, and many don’t receive regular security patches. One company said the problem Rodriquez has highlighted was patched in 2018, for example, but the researcher says he was able to verify that the attack worked in a restaurant in 2020.

Rodriguez plans to present his findings as part of a webinar in the coming weeks to highlight what he says are the poor security measures of embedded devices.

Repost: Original Source and Author Link


A security researcher found Wi-Fi vulnerabilities that have existed since the beginning

The security researcher who discovered the Krack Wi-Fi vulnerability has discovered a slew of other flaws with the wireless protocol most of us use to power our online lives (via Gizmodo). The vulnerabilities relate to how Wi-Fi handles large chunks of data, with some being related to the Wi-Fi standard itself, and some being related to how it’s implemented by device manufacturers.

The researcher, Mathy Vanhoef, calls the collection of vulnerabilities “FragAttacks,” with the name being a mashup of “fragmentation” and “aggregation.” He also says the vulnerabilities could be exploited by hackers, allowing them to intercept sensitive data, or show users fake websites, even if they’re using Wi-Fi networks secured with WPA2 or even WPA3. They could also theoretically exploit other devices on your home network.

There are twelve different attack vectors that fall under the classification, which all work in different ways. One exploits routers accepting plaintext during handshakes, one exploits routers caching data in certain types of networks, etc. If you want to read all the technical details on how exactly they work, you can check out Vanhoef’s website.

According to The Record, Vanhoef informed the WiFi Alliance about the vulnerabilities that were baked-in to the way Wi-Fi works so they could be corrected before he disclosed them to the public. Vanhoef says that he’s not aware of the vulnerabilities being exploited in the wild. While he points out in a video that some of the vulnerabilities aren’t particularly easy to exploit, he says others would be “trivial” to take advantage of.

Vanhoef points out that some of the flaws can be exploited on networks using the WEP security protocol, indicating that they’ve been around since Wi-Fi was first implemented in 1997 (though if you’re still using WEP, these attacks should be the least of your concerns).

Vanhoef says that the flaws are wide-spread, affecting many devices, meaning that there’s a lot of updating to do.

The thing about updating Wi-Fi infrastructure is that it’s always a pain. For example, before writing this article I went to check if my router had any updates, and realized that I had forgotten my login information (and I suspect I won’t be alone in that experience). There’s also devices that are just plain old, whose manufacturers are either gone or not releasing patches anymore. If you can, though, you should keep an eye on your router manufacturer’s website for any updates that are rolling out, especially if they’re in the advisory list.

Some vendors have already released patches for some of their products, including:

As for anything else you need to do, Vanhoef recommends the usual steps: keep your computers updated, use strong, unique passwords, don’t visit shady sites, and make sure you’re using HTTPS as often as possible. Other than that, it’s mostly being thankful that you’re not in charge of widespread IT infrastructure (my deepest condolences if you, in fact, are).

Repost: Original Source and Author Link