A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into downloading and launching malicious installers. […]
Related Posts
.webp)
NSO Group’s Mysterious MOBILE & WIRELESS ‘MMS Fingerprint’ Hack Revealed
NSO Group’s Mysterious MOBILE & WIRELESS ‘MMS Fingerprint’ Hack Revealed
[[{“value”:”
The “MMS Fingerprint” attack, a previously unidentified mobile network attack purportedly employed by spyware company NSO Group, is referenced in a single sentence in an agreement between NSO and Ghana’s telecom regulator.
Because the hack is claimed to work on all three major smartphone operating systems (Blackberry, Android, and iOS), it was believed to be independent of the operating system and, hence, related to the MMS flow itself.
WhatsApp’s popular encrypted messaging service found a flaw in its system that let hackers install Pegasus spyware on customers’ smartphones in May 2019.
A WhatsApp voice call exploited the vulnerability, which might compromise a device without the owner’s knowledge.
WhatsApp sued NSO Group in October 2019. Since then, the US Supreme Court and US appeals court have rejected the NSO group’s requests to stop the case.
Most of this content was studied and talked about in open spaces. However, certain specifics found in a copy of a contract between the Ghanaian telecom regulator and an NSO Group reseller were not discussed.
Document
Live Account Takeover Attack Simulation
How do Hackers Bypass 2FA?
Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks
.
Agreement In The Records Of The Current Legal Dispute Between NSO And WhatsApp
“Within that contract, in Exhibit A-1, was a list of “Features and Capabilities” offered by NSO Group.
To telecom security specialists like us, these features were largely known; however, a feature title was (at first sight) unknown.
This was the ” MMS Fingerprint entry,” said Cathal McDaid, VP of technology at Swedish telecoms security firm ENEA.
Agreement describing MMS Fingerprint Feature
There is one sentence labeled under ‘Infection Assisting Tools,’ an “MMS Fingerprint” feature in that document’s list of “Features and Capabilities” that the NSO Group provides.
An MMS Fingerprint might function via,
Reveal the target device and OS version by sending an MMS to the device.
No user interaction, engagement, or message opening is required to receive the device fingerprint.
Since not all phones were MMS-capable at the time, a part of the procedure uses the SMS flow to initiate the process, which then performs an HTTP GET to determine the exact location of the MMS payload.
According to reports, this HTTP GET contains user device information. It was believed that this might be when the MMS Fingerprint might be lifted, and information about specific devices could be disclosed.
(HTTP GET) received from the targeted handset
With a few random sim cards, ENEA demonstrated that it was feasible, and it appears that the NSO Group’s claims are most likely accurate.
Researchers recovered the UserAgent and x-wap-profile fields of the device using this method.
The OS and device are identified with the first. The second one links to a User Agent Profile file that lists a mobile device’s capabilities.
The researchers could hide the process by altering the binary SMS element to a silent SMS and modifying the TP-PID value to 0x40. As a result, the targeted person’s phone is empty, and no MMS content is visible on the targeted device.
“Attackers could use this information to exploit specific vulnerabilities or tailor malicious payloads (such as the Pegasus exploit) to the recipient device type Or it could be used to help craft phishing campaigns against the human using the device more effectively.”
According to their examination over the past few months, the company reported that it had not seen any usage of this vulnerability in the wild.
Recommendation
Mobile users can turn off MMS auto-retrieval on their cell phones to stop the device from connecting automatically.
Mobile operators might consider blocking internet access from devices via the MMS ports; even if the message was received, it would not connect to the IP address controlled by the attacker.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post NSO Group’s Mysterious MOBILE & WIRELESS ‘MMS Fingerprint’ Hack Revealed appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Dark Web Monitoring: What’s the Value?
Dark Web Monitoring: What’s the Value?
Cybersecurity firms commonly sell “dark web monitoring” packages, with firms having slighly different features. Learn from Flare about the different dark web monitoring packages and the value they bring to your organization. […] Read More
BleepingComputer
BIND DNS Vulnerability Lets Attackers Flood Server With DNS Messages
BIND DNS Vulnerability Lets Attackers Flood Server With DNS Messages
The Internet Systems Consortium (ISC) has released critical security advisories addressing multiple vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 software, a cornerstone of the Domain Name System (DNS) infrastructure.
These vulnerabilities, identified as CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, and CVE-2024-4076, could allow attackers to destabilize DNS servers, leading to denial-of-service (DoS) conditions.
The most alarming of these vulnerabilities, CVE-2024-0760, involves a scenario where a malicious client can flood the server with DNS messages over TCP, potentially rendering the server unstable during the attack.
This particular exploit poses a significant threat as it can be executed remotely, making it easier for attackers to disrupt services without direct access to the server.
Another critical vulnerability, CVE-2024-1975, allows attackers to exhaust CPU resources using SIG(0) messages, which could slow down or crash the server. CVE-2024-1737 affects the server’s database performance when many resource records (RRs) exist simultaneously, causing significant delays.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
Lastly, CVE-2024-4076 can trigger assertion failures when the server handles stale cache data and authoritative zone content simultaneously, leading to potential system crashes.
These vulnerabilities have raised alarms across various sectors, including financial institutions, government agencies, and internet service providers (ISPs), all of which rely heavily on BIND for DNS resolution. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged users and administrators to apply the necessary updates immediately to mitigate these risks.
BIND 9, known for being the first and most widely deployed DNS solution, has a long history of being targeted due to its critical role in internet infrastructure. Previous high-profile attacks, such as the 2016 distributed denial-of-service (DDoS) attack on Dyn’s servers, have highlighted the potential for widespread disruption when DNS services are compromised.
The ISC has released patches to address these vulnerabilities, and users are strongly encouraged to upgrade to the latest versions to protect their systems. The affected versions include 9.16.0 to 9.16.36, 9.18.0 to 9.18.10, and 9.19.0 to 9.19.8. The updates are crucial to maintaining the stability and security of DNS operations.
As the internet continues evolving, ensuring foundational technologies like DNS security remains paramount.
How to Apply the Necessary Updates
1. Assess the Impact
Before initiating the update process, it is essential to assess the potential impact on your business operations. Consider the following:
Identify all systems running affected versions of BIND.
Evaluate the criticality of the systems and the potential downtime required for updates.
Communicate with stakeholders about the planned update and its potential impact.
2. Backup Configuration and Data
Ensure that you have a complete backup of your current BIND configuration and any relevant data. This step is crucial to restore services quickly if something goes wrong during the update process.
3. Download the Latest Patches
Visit the ISC website or your package manager to download the latest patches for BIND. The affected versions include:
9.16.0 to 9.16.36
9.18.0 to 9.18.10
9.19.0 to 9.19.8
4. Apply the Updates
Follow these steps to apply the updates:
For Linux-based systems:textsudo apt-get update sudo apt-get install bind9 ortextsudo yum update bind
For source installations:textwget https://downloads.isc.org/isc/bind9/9.x.x/bind-9.x.x.tar.gz tar -zxvf bind-9.x.x.tar.gz cd bind-9.x.x ./configure make sudo make install
5. Verify the Update
After applying the updates, verify that the BIND server is running the latest version:
textnamed -v
Ensure that the version number matches the latest patched version.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo
The post BIND DNS Vulnerability Lets Attackers Flood Server With DNS Messages appeared first on Cyber Security News.