Cyber Security news
It seems that companies will never stop being inconvenienced by some security flaws. Vulnerability testing experts report that Cisco has extended the update patch to address a critical denial of service (DoS) vulnerability that was first detected and corrected in 2016.
The vulnerability in question, tracked as CVE-2016-1409 is a flaw on the IPv6 packet processing feature present in multiple company products. If exploited, the vulnerability would allow an unauthenticated remote threat actor to prevent a vulnerable device from processing IPv6 traffic, generating the DoS condition on the targeted device.
“A hacker could exploit the vulnerability by sending specially crafted Neighbor Discovery (ND) packets to any affected device for its processing. If the flaw is successfully exploited, the DoS condition will be triggered,” the specialists added.
Among the devices affected by this vulnerability are all those working with the following systems:
- Cisco IOS XR
- Cisco IOS
- Cisco IOS XE
- Cisco NX-OS
- Cisco ASA
- Cisco StarOS
This means that the vulnerability is not limited to products developed by Cisco. “This is a clear example of a configuration error in a software vendor; any device that is unable to discard these specially crafted packages could be impacted by the vulnerability,” say vulnerability testing experts. For example, some older versions of Juniper Junos and Huawei devices could also be vulnerable to this attack variant.
Upon publication of reports on the resurgence of the vulnerability, various members of the cybersecurity community questioned the company, which responded by announcing the extension of the original patch, released more than three years ago. “Cisco is investigating its entire product line to determine the scope of the vulnerability as well as the potential impact on each product. Security patches for this vulnerability will be released and/or updated as soon as possible,” the company’s security report says.
Cisco is constantly developing security patches to fix multiple vulnerabilities present in its developments. According to vulnerability testing specialists from the International Institute of Cyber Security (IICS) a few weeks ago the company released patches to fix six critical vulnerabilities affecting various products such as Unified Computing System server line and 220 Series Smart switches.
All critical vulnerabilities recently fixed by the company are related to a remote hacker’s ability to take control over an exposed device.
Thousands of videogame console users won’t like this news. Ethical hacking specialists report that the US’s High Court has decided that Internet service providers in British territory should help Nintendo to combat piracy, limiting access to websites of pirated and potentially malicious content.
The authorities, just like the video game developer, hope that this measure will help limit the ability of hackers to distribute pirated versions of such software, as well as assist in the fight against malware distribution through these illegal sites.
“The company is trying to push a new ‘Zero Tolerance’ policy on piracy, taking the case to the court and forcing Internet service providers to help Nintendo,” ethical hacking specialists say. The Nintendo Switch console has become one of the hackers’ favorite targets; whether to download games illegally or to inject malware into the devices of unsuspecting gamers, multiple threat actors have tried to find various ways to breach the security of the portable console.
The High Court ruling, for now only applicable to the top five Internet service providers in the UK, forces companies to take a proactive stance in combating piracy, blocking access to major pirated video game distribution websites.
Although authorities and entertainment software developers are aware that this measure will not solve the problem, it could impact hackers’ piracy distribution capability. The High Court has already resolved the ruling, now it remains for companies (Virgin Media, Talk Talk, EE, Sky Broadband and BT) to implement the necessary actions to comply with the court order.
Ethical hacking specialists mention that this is a clear example of how a major company can influence a country’s legislative agenda to implement measures against malicious users that put their users at risk and, of course, their incomes.
This is not the first time British lawmakers have tried to use Internet service providers in the fight against piracy. In 2017, a bill was passed that conditioned companies to alert via email users of these sites about the potential risks of downloading pirated content. However, this only caused users to turn to websites that were not blacklisted by the British authorities, something that many fear may also happen on this occasion.
Specialists in ethical hacking at the International Institute of Cyber Security (IICS) claim that, due to its popularity, hackers are constantly working to find vulnerabilities in Nintendo Switch. A clear example is the release of the latest version of the console firmware, which was hacked the same day it was released. The hackers managed to compromise Switch firmware version 7.0.0 just four hours after Nintendo made it available.
Hacking and cyber espionage activities between national states keep increasing. According to reports from digital forensics specialists, the Russian government had hacked FBI communications systems to prevent US agents from detecting Russian spies working in American territory and agencies.
The report states that, in addition to the ability to disrupt their communication systems, the FBI believes that Russian spies are able to locate their undercover surveillance equipment and intercept the contents of their confidential communications. Reports of Russian hackers’ activities in US territory began nearly 10 years ago.
Thanks to their capabilities, Russian spies would not only have managed to bypass the US authorities’ detection, but were also able to perform some counter-espionage work, gathering information about their pursuers and on the administration of the former President Barak Obama, which raised suspicions about a potential Russian spy infiltrating the US intelligence services, say digital forensics experts.
The first Russian intrusion into FBI systems dates back to 2010, after the arrest of a group of spies sent from the Kremlin to the US. Later, the federal agency began investigating Russia’s activities to infiltrate its agents in America, trying to gain access via some prominent figures in US politics, such as businessman Carter Page, further linked to the Trump’s campaign. Later, the Obama administration’s response was the expulsion of dozens of Russian diplomats and the shutdown of two diplomatic centers in the US, further relying on the investigation into the alleged Russian intervention in the presidential election 2016.
Digital forensics experts say both countries have increased their efforts to develop espionage and hacking activities in recent years. A couple of months ago, a report published in The New York Times claimed that Russia electrical systems had been hacked by the US government, injecting a dangerous malware capable of crippled all its operations. This report picked up the testimonies of two alleged officials close to this project, who claim not to rely on President Trump’s ability to handle this situation. Apparently, the fears of these officials come from a meeting at the White House in which President Trump met with senior Russian government officials to reveal classified information about US intelligence activities in Russian territory.
On the other hand, digital forensics specialists from the International Institute of Cyber Security (IICS) reported a major hack against the Federal Security Service, one of the intelligence agencies of the Russian government. The reports ensure that US agents were able to extract nearly 8 terabytes of classified information.
U.S. counter-espionage efforts have led to key actions, such as identifying a Russian agent infiltrating the CIA on which other media have revealed some other details.
An investigation by a group of information security experts from the firm vpnMentor discovered a massive data breach that has affected more than 20 million citizens of Ecuador; it appears that the exposure of this information has occurred due to a database with poor security measures.
The researchers, led by Noam Rotem and Ran Locar, discovered the misconfigured server containing this gigantic database in Florida, US. The evidence collected so far suggests that the Ecuadorian company Novaestrat owns that server. The company involved provides marketing services, data analysis, among other services.
Experts found this exposed database while working on a large-scale web mapping project. After the founding, vpnMentor experts contacted the company involved to inform them about the incident, as well as making some security recommendations.
Information security experts say the database contains a considerable amount of highly sensitive information, mostly belonging to Ecuadorian citizens; although no further information is available at the moment, the details publicly mentioned by experts suggest that the database was integrated with information collected by other organizations.
Among the public organizations and private companies that collected the information stored in this database are some instances of the government of Ecuador, the Ecuadorian bank Biess and an automotive association called Aeade. It is not known how long the database remained exposed, although it was secured on September 11. Among the exposed information are details such as:
- Full names
- Birth dates
- Email address
- Phone numbers
- Marital status
- Level of study
In their report, information security experts say they were even able to access the records associated with Julian Assange, activist and founder of WikiLeaks, who remained a long-time refugee at the Ecuadorian embassy facilities in London.
The incident has not only impacted millions of individuals. Multiple companies operating in Ecuadorian territory have also seen their information exposed, including tax details, business emails and contact data of hundreds of executives at these companies.
Although the breach has already been secured, due to the type of information exposed the affected persons could remain exposed to various risks for an indefinite time, perhaps years. Information security specialists at the International Institute of Cyber Security (IICS) claim that exposed information could be exploited by cybercriminals for massive spam, phishing and invasive advertising campaigns.
“Using the exposed personal information a criminal could even contact one of the affected persons directly to extract even more personal information, such as financial information and login credentials for email services or social media platforms,” experts say. As for the companies affected by the incident, some potential security risks include commercial espionage and fraud attempts through business email accounts.
TWO COURT-HIRED PENTESTERS ACCUSED OF INTRUSION; WHAT WOULD HAVE HAPPENED IF THEY HADN’T HAD PERMISSION TO PERFORM THE TESTS?
Ethical hacking experts report the arrest of two security specialists hired to evaluate a US court’s IT infrastructure; according to the reports, the two experts were caught while trying to physically access the court’s systems.
Justin Wynn and Gary Demercurio, the two information security specialists involved, were arrested by police in Iowa, US, after they set on an alarm while attempting to carry out the intrusion.
According to police reports, the two individuals argued that the intrusion was part of a penetration testing process that the court had requested from security firm Coalfire. In turn, this company hired the defendants, who now face charges of attempted robbery. In short, the hackers mention that they were only doing the work for which they were hired; the defendants had already collaborated with Coalfire on other ethical hacking services.
However, the Dallas County Court has another version. Although officials acknowledge that the company was in fact hired to conduct a series of information security tests, they also note that Coalfire never reported them hat part of the process was to try to physically compromise its systems.
“The company was hired to try to access court records through hacking activities in order to find potential security vulnerabilities. We were not informed that these attempts included physical intrusions”, says a statement from the court.
The two defendants have been in the custody of the law since last week; a court hearing has been scheduled for September 23th, while the law established a $50k USD bond for both investigators.
Specialists in ethical hacking at the International Institute of Cyber Security (IICS) believe that it is possible for those involved to evade time in prison, as long as the company can demonstrate that physical intrusion is part of its process of penetration tests.
For months there has been speculation about a set of cell towers placed in various points of Washington, DC Now, digital forensics specialists say they are sophisticated spying devices, presumably placed by the Israeli government.
A statement from three senior U.S. officials who have requested to remain anonymous confirms that, after various reports on unusual cellular activity in specific areas were filed, the FBI began an investigation, concluding that the Israeli government could be behind this activity, which involves placing false phone towers. These fake cell towers work by sending the received information to real towers while recording the phone information that passes through them.
However, President Donald Trump and his administration do not seem very alarmed about this incident. The aforementioned FBI report, pressure from the US Congress, or exposure to espionage suffered by people in that area mattered little to US authorities. President Trump himself is exposed to this activity, digital forensics experts say, as he has refused to use an encrypted device to communicate with people outside the White House.
Fake cell towers are often used by intelligence and law enforcement agencies, however, legislation around the use of this technology is too ambiguous, so on multiple occasions the law has preferred to suspend proceedings offences containing evidence obtained by this means. US agencies refuse to acknowledge the existence of such devices, although this is precisely one of the reasons why they are used in practice.
A few months ago, a group of congressmen sent Ajit Pai, chairman of the Federal Communications Commission (FCC), a letter requesting immediate action against any hostile and intrusive activity related to the use of this technology and devices similar, as the popular IMSI catchers known as Stingray.
Although the FCC did not respond to Congressional call, the Department of Homeland Security (DHS) agreed to a series of meetings with congressmen to determine possible courses of action.
International Institute of Cyber Security (IICS) digital forensics specialists mention that anyone transiting near the White House could expose their communications to these devices, so skip using the mobile phone on that area is recommended.