The government-sponsored dental and oral healthcare provider warned its customers that a March attack exposed sensitive data, some of which was leaked online by the ransomware group. Read More
Related Posts
TikTok Pixel Privacy Nightmare: A New Case Study
TikTok Pixel Privacy Nightmare: A New Case Study
Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations. But one online travel marketplace targeting young holidaymakers with ads on the popular video-sharing platform broke GDPR rules when a third-party partner misconfigured Read More
Hackers Attempted To Takeover JavaScript Project From OpenJS Foundation
Hackers Attempted To Takeover JavaScript Project From OpenJS Foundation
[[{“value”:”
Attackers tried to take over the JavaScript project from OpenJS Foundation, which is home to JavaScript projects utilized by billions of websites globally.
This is similar to the incident that was recently disclosed and targeted at the open-source XZ Utils tracked as (CVE-2024-3094).
The XZ Utils software supply chain breach was the outcome of a highly skilled social engineering operation in which the attacker gained the project’s maintainer’s trust over several years by making valid code contributions.
The Open Source Security Foundation (OpenSSF) and OpenJS published a joint alert on a similar credible takeover attempt, advising users to identify developing attack patterns and take precautions to secure their open-source projects.
Specifics Of The Additional Credible Takeover Attempt
“The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails”, reads the alert.
“These emails implored OpenJS to take action to update one of its popular JavaScript projects to “address any critical vulnerabilities,” yet cited no specifics.”
Free Live Webinarfor DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors – Register Here.
Despite having little past involvement, the email author(s) requested that OpenJS designate them as a new maintainer of the project.
The way that “Jia Tan” positioned themselves in the XZ/liblzma backdoor is quite similar to this strategy.
None of these individuals have been granted special access to the project hosted by OpenJS.
In this case, administrative access to the source code as a maintainer is not given out as a “quick fix” for any issue and instead demands a higher degree of earned trust.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) stated last week that the XZ Utils backdoor event also emphasizes the “fragility” of the open-source ecosystem and the risks brought about by maintainer weakness.
The report advised paying attention to how interactions make you feel. A social engineering attack could involve interactions that foster self-doubt, feelings of inadequacy, the idea that you’re not doing enough for the project, etc.
Unusual Patterns Associated With Social Engineering Takeovers
Relatively unknown community members have been politely but aggressively and persistently pursuing the maintainer or their hosted entity.
Request from new or unidentified individuals to be promoted to maintainer status.
Endorsement from more unidentified community members who might likewise be acting under pretenses—a.k.a. “sock puppets”.
PRs with blobs included as artifacts.
Purposefully obscured or challenging to comprehend source code.
Gradually escalating security issues.
Deviation from standard project deployment, build, and compilation procedures can make it possible for malicious payloads from the outside to be inserted into binary artifacts like zip files or blobs.
A delusion of urgency, particularly if it compels a maintainer to skip a control or do a review with less care.
In addition, OpenSSF recommends following industry-standard security best practices, strong authentication, a security policy including a “coordinated disclosure”, and emerging best practices for merging new code.
Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.
The post Hackers Attempted To Takeover JavaScript Project From OpenJS Foundation appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
PoC Exploit Released for BIG-IP Privilege Escalation Vulnerability
PoC Exploit Released for BIG-IP Privilege Escalation Vulnerability
A critical vulnerability in F5 BIG-IP, a popular network traffic management and security solution tracked as CVE-2024-45844, allows authenticated attackers to bypass access control restrictions and potentially compromise the system.
According to the security advisory issued by F5, the vulnerability exists within the BIG-IP monitor functionality. An attacker with at least Manager role privileges can elevate their privileges and modify the configuration, even with port lockdown settings in place.
This means that even with restricted access, an attacker with the necessary credentials could exploit this flaw to gain unauthorized access and control.
The vulnerability was discovered by myst404 (@myst404_) from Almond, who published the technical details and a PoC exploit for this flaw.
F5 has acknowledged the vulnerability and released updated versions of BIG-IP that address this issue. Affected versions include BIG-IP 17.1.1, 16.1.4, and 15.1.10.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide (PDF)
PoC Exploit Published
The exploitation of this vulnerability involves creating a malicious MCP (Master Control Program) message, which is used internally in F5 BIG-IP appliances.
An attacker can create an MCP message that creates a new administrator user, allowing them to escalate their privileges. The PoC exploit demonstrates how an attacker with Manager role privileges can create an LTM (Local Traffic Manager) monitor and use it to send a malicious MCP message to the network socket 127.0.0.1:6666, effectively bypassing access control restrictions.
F5 has released patches for this vulnerability in BIG-IP versions 17.1.1.4, 16.1.5, and 15.1.10.5. Organizations using affected versions are strongly urged to update their systems to the latest fixed versions as soon as possible.
Temporary mitigations, such as blocking access to the Configuration utility and SSH through self-IP addresses or the management interface, can be implemented until updates are applied.
The CVSSv4 score for this vulnerability is 8.6, indicating a high severity level. F5 advises only allowing command line (CLI) access to trusted users, as all users with CLI access are granted Administrator privileges.
BIG-IP Next uses a new architecture built around a zero-trust model, ensuring that internal messages are protected.
In light of this critical vulnerability, organizations are advised to take immediate action to protect their BIG-IP systems. Updating to the latest patched versions and restricting access to the Configuration utility and SSH are essential steps in preventing exploitation.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here
The post PoC Exploit Released for BIG-IP Privilege Escalation Vulnerability appeared first on Cyber Security News.