Forward-thinking predictions for the year ahead from some of the cybersecurity industry’s wisest minds.

Source

Cyberattackers are targeting a pair of just-patched vulnerabilities that allow remote unauthenticated information disclosure leading to remote code-execution.

Source

image
By Waqas The company behind Aztarna is Alias Robotics, a cyber-security startup. Manufacturers and users of IoT robots should breathe a sigh of relief that the cyber-security startup Alias Robotics has developed a robot scanning tool that can track any robot connected to the internet and powered by any robotic technology such as ROS or SROS. Dubbed Aztarna […] This is a post from HackRead.com Read the original post: Meet Aztarna, a tool to find vulnerable Internet connected robots

Source

image
Just when we thought we’d escaped 2018 without an attack on the scale of WannaCry, NotPetya or Equifax, we were struck by Marriott’s November news of a breach affecting 500 million guests and once again reminded that complacency is the enemy of cybersecurity. We were also reminded that predicting what will happen in the world of cybersecurity is a daunting task, especially amidst an increasingly complex and unpredictable political, economic, and societal landscape. But that’s never stopped us from bringing our readers the most salient, forward-thinking predictions for the year ahead from some of the cybersecurity industry’s wisest minds! This year we had more help; we added nine new members to our Advisory Board, each with a unique and varied background, and thus this year’s predictions took on a different tone. Self-reflection, both within their own organizations and the larger infosec industry, shone through among all Advisory Board members as they balanced cautious optimism with the stark reality that we’ve got a long way to go. Despite another year of forecasted increased infosec spending (up 8.7% to $124 billion in 2019, according to Gartner) and millions of investment dollars poured into security startups in 2018, most board members agreed with one thing: we can all do better. Without further ado, we bring you part one of the two-part 2019 predictions from the new, expanded RSA Conference Advisory Board. GDPR in 2019: A Year of Enforcement “If 2018 was the year of GDPR implementation, 2019 will focus heavily on GDPR’s implications and its enforcement,” says Hugh Thompson (Program Committee Chair, RSA Conference and CTO, Symantec). “We haven’t yet seen big prosecutions by the data protection authorities, but I think we are going to see those in 2019. GDPR has emboldened many other nations to ask, ‘how and what should we regulate?'” New AdBoard member J. Trevor Hughes (President and CEO, IAPP) also sees strong GDPR enforcement on the horizon. “There was a lag from the GDPR compliance deadline to enforcement, but we must expect more privacy enforcement on a global basis in 2019. Brexit has been a mess and there are many unanswered questions around what it means for the U.K.’s data protection post Brexit. Watch Europe, watch the FTC – with the number of privacy issues in the media, we’re entering the enforcement era of GDPR, in Europe and elsewhere.” In Australia, home to Narelle Devine (Chief Information Security Officer at the Australian Government Department of Human Services), new Mandatory Data Breach Notification laws came into effect at the start of 2018. The Australian laws are provisioned for a 30-day notification period rather than the 72-hour reporting requirements of GDPR, which she notes “is quite early, when you really may not yet know the full nature of the breach.” While the legislation and corresponding vigilance around personally identifiable information has increased in the last year, much of the criminal activity would have occurred before this uplift, she says. 2019 will see identity theft continue to rise before the mitigations of 2018 become effective. Diversity & Inclusion: Tip of the Iceberg This was far and away the topic the Advisory Board members were most vocal and passionate about. According to a research report by The American Association of University Women (AAUW), women hold about 26 percent of tech jobs. In cybersecurity that _drops _to 11 percent. It’s been a pervasive problem in the industry and, as some Board members argued, must be addressed now. 2019 will see significant progress to foment parity, however, all acknowledge we’re at the tip of the iceberg. “There will be a greater emphasis on diversifying workforces in 2019. We see our clients increasingly recognizing the value of diverse teams and taking more actions to hire and retain qualified underrepresented professionals at all levels.” says Joyce Brocaglia (CEO, Alta Associates & Founder of the Executive Women’s Forum on Information Security, Risk Management & Privacy). “We also see the role of the CISO continuing to be elevated in the coming year, requiring a diverse perspective and new set of executive level skills.” Laura Koetzle (VP and Group Director at Forrester) agrees. “Better hiring and retention methods will raise the number of women CISOs to 20 percent,” she predicts. “As their exclusive pool continues to shrink, hiring managers hide behind the excuse of a talent shortage instead of broadening their search to green talent or applicants with other relevant skill sets. We’re slowly seeing companies recognize the necessity of recruiting from nontraditional cybersecurity backgrounds. In 2017, only 13 percent of the Fortune 500 had women CISOs. In 2019, we expect to see that number grow to 20 percent as companies search for new security perspectives.” This talent gap has not gone unnoticed by Kim Jones (Professor of Practice, Arizona State University). We need to think long term, not short term,” he says. “The profession has done a good job of stimulating the entry level cybersecurity pipeline with innovative solutions, but many of these solutions are purely technology-focused instead of holistically focused on cybersecurity skills. This has left many, CISOs asking, ‘are these individuals prepared I to take the next step in their career?’ I think we’re going to start seeing the impact of this dilemma in 2019 as many young cyber professionals find themselves having to go back into academia (or other training venues) for additional skills or leaving the corporate sector to become individual consultants because they can’t take their career to the next level.” What about recruiting these future diverse leaders? “Companies are focusing on their diversity numbers, but not on creating cultures within their organizations that will enable them to support the underrepresented workforce they attract,” says Dena Haritos Tsamitis (Director, Carnegie Mellon University’s College of Engineering’s Information Networking Institute). “If you don’t have a culture of inclusion embedded in your practices, behaviors, leadership, messaging, and marketing, your company won’t be welcoming. It goes beyond the diversity statistics, organizations need to focus more on creating an inclusive and equitable environment. Diverse candidates are in high demand and they will not tolerate workplace cultures that are unwelcoming and unsupportive. Todd Inskeep (Director, Booz Allen Hamilton) adds that “we have so much diversity in the industry that we didn’t even know about. Many women have been in this space for a long time and remained invisible. In 2019 we’ll turn a corner in bringing more visibility into the diversity that we had and the value of diversity on teams.” Sandra Toms (Vice President and Curator of RSA Conference) challenged the security industry to acknowledge a broader definition of diversity in 2019. “My hope is that diversity expands beyond gender to invisible diverse aspects like beliefs, religion, life experiences, sexual orientation, and education. All those things that make a person whole. My prediction is that we’ll broaden the scope of diversity to include more individuals; a lot of language we use in cybersecurity is militaristic, we should look at that and find ways to revise our language to help more people become comfortable. I’ve been talking to a lot of companies that have made big strides when it comes to diversity, and we’ve still got a long way to go.” Risk Management: One Step Forward Years of major headline-grabbing cyber breaches have begun to open the eyes of companies traditionally reticent to invest heavily in security, say some members. “Boards are paying more attention to the operational impacts of WannaCry and NotPetya, and are trying to figure out how to factor cyber in, but there’s not a consensus yet,” says Inskeep. “It’s getting better, but we’ve got a couple years until we have a consensus on how boards talk about and measure the impact of cyberattacks.” Wade Baker (Independent InfoSec consultant and Co-Founder of the Cyentia Institute) agrees: “In the next year we’ll see a continuation of the balance of power between classic technical security professionals and more business-oriented board and non-security executives who will take more of a stake in cyber decisions.” These massive breaches will also impact cyber insurance rates in 2019,” says Dmitri Alperovitch (Co-Founder and CTO of CrowdStrike Inc.). “We are coming to the end of an era of low cyber insurance rates. I think they will go up next year due to huge payouts from breaches like NotPetya and WannaCry. Insurance companies are getting a rude awakening to the risks of cyber. Many insurance policies were written years ago and did not take into account that liability from breaches can easily be up in the hundreds of millions of dollars, as we’ve seen with NotPetya attacks.” (This post _2019 and Beyond: The (Expanded) RSAC Advisory Board Weighs in on What’s Next _originally appeared on the RSA Conference website.)

Source

The development team of the vulnerable Total Donations plugin appears to have abandoned it, and did not respond to inquiries from researchers.

Source

image
Dailymotion, the video-sharing platform, said Friday that it had fallen victim to a “large-scale” and ongoing credential-stuffing assault by attackers looking to harvest user data. The French YouTube competitor said in an alert that it has “successfully contained [the attacks] following the implementation of measures to limit its scope, even though perpetrators are continuing to mount efforts to brute-force user passwords. “Potentially impacted users have been contacted directly by Dailymotion to inform them and provide them with personalized support,” the company said. “The CNIL (French Data Protection Authority) has also been notified of the attack … the Dailymotion teams are actively working to end the attack and reinforce the protection of its user data.” Dailymotion has 300 million unique monthly visitors watching 3.5 billion videos per month according to its website. Credential-stuffing is a method of using automated scripts to try a large number of passwords against an online account (often in mere seconds) in hopes of finding the right one and cracking the account. Thanks to previous data breaches impacting wide swathes of the population by harvesting their passwords, the fact that many people re-use these passwords across many accounts, and the fact that that weak and easy-to-guess passwords are still endemic, such attacks tend to have a high rate of success. “Consumers who have not yet upgraded to multifactor authentication (MFA) to login to websites, more often than not, reuse a few static passwords across multiple websites,” Michael Magrath, director for Global Regulations & Standards at OneSpan, said via email. “Given the vast number of password-related breaches over the past few years, the convenient, yet insecure reuse of static passwords exposes individuals to the credential-stuffing attack used in this case. Consumers should always use MFA, where available, to add an additional layer of security to protect their privacy. Many websites support MFA today.” As a result, credential-stuffing is a rising scourge. According to a 2018 report from Shape Security, 80 to 90 percent of log-in attempts at online retailers is tied to attempted credential-stuffing by hackers. The report added that 82 percent of log-in requests at hotel and hospitality websites and services can be attributed to the technique. And, about 65 percent of log-ins against airlines are credential-stuffing attacks. The activity has significant consequences, too: The potential losses tied to credential spills come in at $50 million a day globally, Shape Security said – and it takes an average of 15 months for a credential breach to be reported. Attacks like this one and the recent offensive aimed at Dunkin Donuts should put web admins on notice, according to Rod Simmons, vice president of product strategy and Active Directory at STEALTHbits Technologies. “In giving users flexibility to set any desired password we fail to fix stupid,” he said via email. “Carbon-based life forms cannot [even] trip over creating secure passwords. Our challenge as system owners is to prevent users from doing lazy and stupid things. For example, ‘so I don’t forget my password, let me include my logon name in it plus by date of birth.’ Users will go out of their way, unintentionally, to do the least secure thing possible. As an administrator, prevent it.” Interested in learning more about data breach trends? Watch the free, on-demand Threatpost webinar, as editor Tom Spring examines the data breach epidemic with the help of noted breach hunter and cybersecurity expert Chris Vickery. Vickery shares how companies can identify their own insecure data, remediate against a data breach and offers tips on protecting data against future attacks.

Source

image
If the connectivity and security of your organization rely on Cisco RV320 or RV325 Dual Gigabit WAN VPN routers, then you need to immediately install the latest firmware update released by the vendor last week. Cyber attackers have actively been exploiting two newly patched high-severity router vulnerabilities in the wild after a security researcher released their proof-of-concept exploit code on the Internet last weekend. The vulnerabilities in question are a command injection flaw (assigned CVE-2019-1652) and an information disclosure flaw (assigned CVE-2019-1653), a combination of which could allow a remote attacker to take full control of an affected Cisco router. The first issue exists in RV320 and RV325 dual gigabit WAN VPN routers running firmware versions 1.4.2.15 through 1.4.2.19, and the second affects firmware versions 1.4.2.15 and 1.4.2.17, according to the Cisco’s advisory. Both the vulnerabilities, discovered and responsibly reported to the company by German security firm RedTeam Pentesting, actually resides in the web-based management interface used for the routers and are remotely exploitable. CVE-2019-1652—The flaw allows an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands on the system. CVE-2019-1653—This flaw doesn't require any authentication to reach the router's web-based management portal, allowing attackers to retrieve sensitive information including the router's configuration file containing MD5 hashed credentials and diagnostic information. The PoC exploit code targeting Cisco RV320/RV325 routers published on the Internet first exploits CVE-2019-1653 to retrieve the configuration file from the router to obtain its hashed credentials and then exploits CVE-2019-1652 to execute arbitrary commands and gain complete control of the affected device. Researchers from cybersecurity firm Bad Packets said they found at least 9,657 Cisco routers (6,247 RV320 and 3,410 RV325) worldwide that are vulnerable to the information disclosure vulnerability, most of which located in the United States. The firm shared an interactive map, showing all vulnerable RV320/RV325 Cisco routers in 122 countries and on the network of 1,619 unique internet service providers. Bad Packets said its honeypots detected opportunistic scanning activity for vulnerable routers from multiple hosts from Saturday, suggesting the hackers are actively trying to exploit the flaws to take full control of the vulnerable routers. The best way to protect yourself from becoming the target of one such attack is to install the latest Cisco RV320 and RV325 Firmware release 1.4.2.20 as soon as possible. Administrators who have not yet applied the firmware update are highly recommended to change their router's admin and WiFi credentials considering themselves already compromised. Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.

Source

If the connectivity and security of your organization rely on Cisco RV320 or RV325 Dual Gigabit WAN VPN routers, then you need to immediately install the latest firmware update released by the vendor last week.

Cyber attackers have actively been exploiting two newly patched high-severity router vulnerabilities in the wild after a security researcher released their proof-of-concept exploit code

Source

image
UPDATE Malicious scanning activity targeting Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN routers is underway, with a swell of opportunistic probes looking for vulnerable devices ramping up since Friday. According to Bad Packets Report’s honeypot data, cyberattackers are targeting a pair of just-patched vulnerabilities that allow remote unauthenticated information disclosure (CVE-2019-1653) leading to remote code-execution (CVE-2019-1652) on the routers. There are more than 9,000 routers open to the attack, the firm found. The first vulnerability exists in the web-based management interface for RV320/RV325; a simple GET request for /cgi-bin/config.exp returns full details of the device’s configuration settings, including administrator credentials (the password is hashed though). “[This] could allow an unauthenticated, remote attacker to retrieve sensitive configuration information,” explained researcher Troy Mursch, in an advisory published over the weekend. “All configuration details of the RV320/RV325 router are exposed by this vulnerability.” Bad Packets Report’s own scanning efforts using BinaryEdge, which canvassed 15,309 unique IPv4 hosts, determined that 9,657 Cisco RV320/RV325 routers are vulnerable to CVE-2019-1653: Broken down, it works out to 6,247 vulnerable out of 9,852 Cisco RV320 routers scanned; and 3,410 vulnerable out of 5,457 Cisco RV325 routers scanned. These are mostly located in the United States, Mursch said, though overall, vulnerable devices were found in 122 countries and on the networks of 1,619 different ISPs – making for a significant, global attack surface. Once a malefactor has gained admin credentials, he or she can further exploit the router after signing in. The CVE-2019-1652 flaw allows an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. “An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device,” according to Cisco’s documentation. “A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root.” A proof-of-concept for remote code-execution has been detailed by researcher/grey hat David Davidson, but Mursch noted that there are mitigating circumstances. “In regards to how the routers are going to be exploited once compromised, it’s not fully known yet,” he told Threatpost. “At this point, I can only confirm threat actors are only taking inventory of vulnerable devices by scraping the leaked configuration files and credentials. The actual damage may be limited due to the capabilities (or lack thereof) noted by David Davidson. Only time will tell.” Davidson’s tweet explained: yeah basically anyone unpatched is probably fucked. except for the fact the ‘wget' on these boxes is broken half the time and its probably beyond your average skid to cross compile their mirai bot for the correct mips64rev2 shit (for now) — some person (@info_dox) January 26, 2019 One interesting point to note is that the vulnerability also results in the SSID being leaked. “This allows attackers to use services such as WiGLE to determine the physical location of the router,” Mursch told Threatpost. This was also the case in the recent Orange Livebox vulnerability, Mursch pointed out. That means that an attacker can mount a variety of on-location proximity hacks, and it also allows easier botnet-building given that many admins use the same credentials for the administrative panel as well as the WiFi network — opening the door to more devices to enslave. The vulnerabilities affect Cisco RV320/RV325 routers running firmware releases 1.4.2.15 and 1.4.2.17. Cisco’s patch should be applied immediately, and administrators should change their devices’ admin and WiFi credentials to thwart any compromise that may have already occurred. This post was updated at 6:13 p.m. ET on Jan. 28, with comments from Mursch.

Source