Categories
Featured

The importance of the Vulnerability Operations Centre for cybersecurity

[ad_1]

Traditional cybersecurity is laser-focused on incident detection and response. In other words, it’s built around a Security Operations Centre (SOC). That’s no bad thing in itself. Read between the lines, however, and that assumes we’re waiting on the threats to come to us. With cyber adversaries evolving their tactics through AI, automated ransomware campaigns, and other advanced persistent threats (APTs), adopting advanced, proactive measures has never been more critical. Except that your SOC team is already drowning in vulnerabilities and knee-jerk remediations. How can they even begin to manage this?

Today’s ever worsening threat landscape calls for a strategic pivot towards the establishment of a Vulnerability Operations Centre (VOC) to rethink the foundational challenges of vulnerability management and cyber resilience.

The Strategic Imperative of the VOC

[ad_2]

Source Article Link

Categories
Featured

Hackers are already attacking this Microsoft SharePoint vulnerability, so patch now

[ad_1]

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new Microsoft Sharepoint Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling that hackers have begun exploiting it in the wild.

The vulnerability is tracked as CVE-2023-24955, and carries a severity score of 7.2. It is described as a critical remote code execution (RCE) flaw, that allows an authenticated threat actor, with Site Owner privileges, to execute arbitrary code on the vulnerable endpoints. 

[ad_2]

Source Article Link

Categories
News

Apple Silicon Vulnerability Allows Hackers to Extract Encryption Keys

[ad_1]

An unpatchable vulnerability has been discovered in Apple’s M-series chips that allows attackers to extract secret encryption keys from Macs under certain conditions, according to a newly published academic research paper.

m1 vs m2 air feature toned down
Named “GoFetch,” the type of cyber attack described involves Data Memory-Dependent Prefetchers (DMPs), which try to predict what data the computer will need next and retrieve it in advance. This is meant to make processing faster, but it can unintentionally reveal information about what the computer is doing.

The paper finds that DMPs, especially the ones in Apple’s processors, pose a significant threat to the security provided by constant-time programming models, which are used to write programs so that they take the same amount of time to run, no matter what data they’re dealing with.

The constant-time programming model is meant to protect against side-channel attacks, or types of attacks where someone can gain sensitive information from a computer system without directly accessing it (by observing certain patterns, for example). The idea is that if all operations take the same amount of time, there’s less for an attacker to observe and exploit.

However, the paper finds that DMPs, particularly in Apple silicon, can leak information even if the program is designed not to reveal any patterns in how it accesses memory. The new research finds that the DMPs can sometimes confuse memory content, which causes it to treat the data as an address to perform memory access, which goes against the constant-time model.

The authors present GoFetch as a new type of attack that can exploit this vulnerability in DMPs to extract encryption keys from secure software. The attack works against some popular encryption algorithms that are thought to be resistant to side-channel attacks, including both traditional (e.g. OpenSSL Diffie-Hellman Key Exchange, Go RSA decryption) and post-quantum (e.g. CRYSTALS-Kyber and CRYSTALS-Dilithium) cryptographic methods.

In an email to ArsTechnica, the authors explained:

Prefetchers usually look at addresses of accessed data (ignoring values of accessed data) and try to guess future addresses that might be useful. The DMP is different in this sense as in addition to addresses it also uses the data values in order to make predictions (predict addresses to go to and prefetch). In particular, if a data value “looks like” a pointer, it will be treated as an “address” (where in fact it’s actually not!) and the data from this “address” will be brought to the cache. The arrival of this address into the cache is visible, leaking over cache side channels.

Our attack exploits this fact. We cannot leak encryption keys directly, but what we can do is manipulate intermediate data inside the encryption algorithm to look like a pointer via a chosen input attack. The DMP then sees that the data value “looks like” an address, and brings the data from this “address” into the cache, which leaks the “address.” We don’t care about the data value being prefetched, but the fact that the intermediate data looked like an address is visible via a cache channel and is sufficient to reveal the secret key over time.

In summary, the paper shows that the DMP feature in Apple silicon CPUs could be used to bypass security measures in cryptography software that were thought to protect against such leaks, potentially allowing attackers to access sensitive information, such as a 2048-bit RSA key, in some cases in less than an hour.

According to the authors, the flaw in Apple’s chips cannot be patched directly. Instead, the attack vector can only be reduced by building defenses into third-party cryptographic software that could result in an extreme performance degradation when executing the cryptographic operations, particularly on the earlier M1 and M2 chips. The DMP on the M3, Apple’s latest chip, has a special bit that developers can invoke to disable it, but the researchers aren’t yet sure what kind of penalty will occur when this performance optimization is turned off.

As ArsTechnica notes, this isn’t the first time researchers have identified threats in Apple DMPs. Research documented in 2022 discovered one such threat in both the ‌M1‌ and Apple’s A14 Bionic chip for iPhones, which resulted in the “Augury” attack. However, this attack was ultimately unable to extract the sensitive data when constant-time practices were used.

“GoFetch shows that the DMP is significantly more aggressive than previously thought and thus poses a much greater security risk,” the researchers claim on their website. “Specifically, we find that any value loaded from memory is a candidate for being dereferenced (literally!). This allows us to sidestep many of Augury’s limitations and demonstrate end-to-end attacks on real constant-time code.”

Users concerned about the vulnerability are advised to check for GoFetch mitigation updates that become available in future macOS updates for any of the encryption protocols known to be vulnerable. Apple representatives declined to comment on the record when ArsTechnica asked about the research.

[ad_2]

Source Article Link

Categories
Featured

Another Microsoft vulnerability is being used to spread malware

[ad_1]

Hackers are using a novel phishing technique to deliver remote access trojans (RAT) to unsuspecting victims.

According to the report, published this Monday, threat actors are using a technique called Object Linking and Embedding (OLE).

[ad_2]

Source Article Link

Categories
News

ASUSTOR Severe Vulnerability Detected – update Surveillance Center now

ASUSTOR Severe Vulnerability Detected - update Surveillance Center now

ASUSTOR has released an emergency update for its Surveillance Center software after discovering a severe vulnerability that could allow attackers to gain elevated privileges and execute malicious code on the ADM platform. The company has released an urgent security update for its Surveillance Center software, which is a critical move to address a serious vulnerability that could potentially allow cyber attackers to gain unauthorized access and control.

This vulnerability is particularly alarming because it could enable attackers to gain elevated privileges within the ADM platform, which is the core of ASUSTOR’s network storage systems. If this security gap were to be exploited, it could lead to the introduction of harmful code, resulting in malware infections that could compromise the integrity and security of the system.

The risk posed by this vulnerability cannot be overstated. It could allow for unauthorized manipulation of surveillance systems, leading to significant security breaches. ASUSTOR’s proactive release of the emergency update is a clear indication of the company’s commitment to protecting its users’ data from such threats.

ASUSTOR Severe Vulnerability Detected

To further enhance the security of your system, ASUSTOR recommends that users take several additional steps. First and foremost, it is crucial to update your passwords. Passwords should be strong and unique, avoiding simple combinations that can be easily guessed. A good password typically includes a mix of letters, numbers, and symbols, making it much harder for attackers to crack. ASUSTOR strongly recommends taking the following actions to ensure your data is secure:

  • Change your password.
  • Use a strong password.
  • Change default HTTP and HTTPS ports. Default ports are 8000 and 8001 respectively.
  • Turn off Terminal/SSH and SFTP services and other services you do not use.
  • Make regular backups and ensure backups are up to date.
  • Turn on and update snapshots if available.
  • Enable the AbuseIPDB risk detection greylist.

Another important security measure is to change the default HTTP and HTTPS ports. These ports, which are often set to 8000 and 8001, should be changed to less common numbers. This simple change can significantly reduce the risk of unauthorized access attempts, as it makes it more difficult for attackers to target your system.

Users should also consider disabling services that are not regularly used, such as Terminal/SSH and SFTP. These services can act as potential entry points for attackers if they are left enabled without proper security monitoring. By disabling them, you can close off these vulnerabilities and make your system more secure.

Update Surveillance Center

Regular backups are a cornerstone of data protection. It is essential to perform backups consistently and verify that they are up to date. In the event that your system is compromised, having a recent backup is invaluable for restoring your data quickly and efficiently.

Adding another layer of protection, ASUSTOR suggests implementing snapshots. Snapshots can capture the state of your system at specific intervals, which can be incredibly helpful for a speedy recovery process if your system encounters any issues.

Lastly, enabling the AbuseIPDB risk detection greylist can provide an additional layer of defense. This service helps to identify and block potential threats by cross-referencing a database of known malicious IP addresses. By using this service, you can prevent many known threats from ever reaching your system.

The emergency update from ASUSTOR is a critical response to a significant security threat. By following the company’s guidance on password security, port adjustments, service management, backup practices, snapshot maintenance, and risk detection, users can significantly enhance the security of their ADM platform. It is imperative for users to take immediate action to ensure the continued safety and reliability of their surveillance systems.

Filed Under: Technology News, Top News





Latest timeswonderful Deals

Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, timeswonderful may earn an affiliate commission. Learn about our Disclosure Policy.

Categories
News

ZOOM VISS vulnerability impact scoring system announced

ZOOM VISS vulnerability impact scoring system announced

The digital landscape, ever expanding and evolving, has given rise to an increasing number of security vulnerabilities. To address this issue, a new open-source project called the Vulnerability Impact Scoring System (VISS) has been introduced. VISS is designed to enhance security measures by providing a unique assessment tool that measures the impact of vulnerabilities from a defender’s perspective. This innovative approach focuses on the actual impact of potential threats, rather than on their theoretical existence.

Since March 2023, Zoom, a leading video conferencing platform, has been utilizing VISS to assess reward disbursements within its Bug Bounty Program. This program encourages security researchers and product users to uncover and disclose security vulnerabilities, providing them with legal protection. The incorporation of VISS into this program has been instrumental in helping Zoom prioritize vulnerabilities that are most likely to impact them, thus allowing for more efficient use of resources.

The Vulnerability Impact Scoring System analyzes vulnerabilities based on 13 impact aspects. These aspects are categorized into three groups: platform, infrastructure, and data. The resulting score, ranging from 0 to 100, reflects the severity of the impact within a specific environment. This scoring system provides an objective measure of the potential damage a vulnerability could inflict, enabling organizations to prioritize their response efforts accordingly.

ZOOM VISS vulnerability impact scoring

VISS was put to the test during the HackerOne H1-4420 live-hacking event in London in 2023. The event demonstrated the effectiveness of VISS in improving resource allocation and focusing on addressing Critical and High severity vulnerabilities. The implementation of VISS led to a shift in vulnerability report submissions towards these higher severity categories, with a significant reduction observed in medium severity submissions.

This shift towards targeting higher severity vulnerabilities is a testament to the efficacy of VISS. By providing a clear, objective measure of the potential impact of a vulnerability, VISS enables organizations to focus their resources where they are most needed. This, in turn, leads to a more robust and secure digital environment.

VISS is not just a tool for individual organizations, but a global mission to enhance security measures. By providing a comprehensive and objective measure of vulnerability impact, VISS aims to enhance the capabilities of incident response and security teams across the globe. The open-source nature of the project invites contributions to its development, fostering a collaborative approach to improving digital security.

The development and implementation of the Vulnerability Impact Scoring System is a significant stride forward in the realm of digital security. By focusing on the actual impact of vulnerabilities, VISS offers a more realistic and effective approach to managing digital threats. The system’s successful use in Zoom’s Bug Bounty Program and the HackerOne H1-4420 live-hacking event highlights its potential to transform the way organizations respond to security vulnerabilities.

The VISS project is open for exploration and contribution under the GPL 3.0 license at https://github.com/zoom/viss. This open-source project is a testament to the collaborative spirit of the digital community, inviting all to contribute to the ongoing development and enhancement of this innovative security tool. With the continued development and implementation of VISS, the future of digital security looks promising.

Filed Under: Technology News, Top News





Latest timeswonderful Deals

Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, timeswonderful may earn an affiliate commission. Learn about our Disclosure Policy.