Threat actors are circumventing geo-location-based security detections, using a combination of cybercrime-as-a-service platforms and the purchasing of local IP addresses. Read More
Related Posts
Judge0 Security Flaw Let Attackers Run Arbitrary Code & Gain Root Access
Judge0 Security Flaw Let Attackers Run Arbitrary Code & Gain Root Access
[[{“value”:”
Tanto Security has disclosed critical vulnerabilities in the widely-used open-source service Judge0, which could allow attackers to perform a sandbox escape and gain root access to the host machine.
The vulnerabilities, identified as CVE-2024-29021, CVE-2024-28185, and CVE-2024-28189, pose a significant threat to the security of the service, which numerous organizations employ for secure sandboxed code execution.
Judge0 is designed to run arbitrary code within a secure environment. According to the Judge0 website, the service boasts 23 clients and over 300 self-hosted instances on the public Internet.
The service is also presumed to be used within many private internal networks.
The disclosed vulnerabilities have raised concerns among development and cybersecurity communities, particularly within educational institutions and talent recruitment companies that rely on Judge0 to ensure the safe execution of code.
The discovery of the vulnerabilities was made public through a detailed blog post by Tanto Security, which outlined the process of uncovering the flaws, including source code analysis and exploitation.
Is Your Network Under Attack? – Read CISO’s Guide to Avoiding the Next Breach – Download Free Guide
The investigation into Judge0’s security began with a casual conversation between the researcher and a friend who utilized the platform for offloading the complex task of secure code execution.
This conversation sparked the researcher’s interest, prompting a deeper exploration of Judge0’s mechanisms.
Certain oversights in the service’s default configuration made the vulnerabilities exploitable. For instance, the default password for the Judge0 configuration file is “YourPasswordHere1234,” and the deployment instructions do not explicitly advise users to change it.
This oversight could leave many instances vulnerable if the administrators did not update the default password.
Demonstration of the Attack
Furthermore, the researcher demonstrated the potential for an attacker to create a submission that could brute force the password.
By making multiple submissions, the attacker could queue up submissions and run an SQL query to modify the run arguments of a submission, ultimately leading to a sandbox escape and root access.
These vulnerabilities have severe implications, as they could allow attackers to execute arbitrary code with the highest level of privileges on the host machine.
This could lead to unauthorized access to sensitive data, disruption of services, and the potential for further exploitation within the network.
Tanto Security’s disclosure has prompted a swift response from the cybersecurity community, with calls for immediate action to patch the vulnerabilities and secure Judge0 instances.
Organizations using Judge0 are urged to review their configurations, update passwords, and apply any available security updates to mitigate the risks associated with these vulnerabilities.
Judge0 users are now tasked with reinforcing their defenses to prevent exploitation by malicious actors.
Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> Try Free Demo
The post Judge0 Security Flaw Let Attackers Run Arbitrary Code & Gain Root Access appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
European Dismantle of EncroChat Led To 6,500 Arrests & Seizure Of $979 Million Funds
European Dismantle of EncroChat Led To 6,500 Arrests & Seizure Of $979 Million Funds
More than 6,500 people were arrested as a result of the takedown of the encrypted phone service platform Encrochat, and 900 million euros ($980 million) worth of assets were confiscated.
Following the work of a joint investigation team (JIT) formed by both nations in 2020 with assistance from Eurojust and Europol, EncroChat was successfully taken down.
Users of EncroChat phones were promised unbreakable encryption, anonymity, and no traceability via a special, hardened version of Android that operated on these devices.
In addition, the service included panic device wipes, tamper-proof booting, and a hardware cryptographic engine that was resistant to brute force attacks and FIPS 140-2 certified.
With a “panic button” function that may delete all data, EncroChat devices were well-liked by criminals.
The devices might boot into a hidden encrypted partition for safe connection through French servers.
The service was priced at €1,000 per device and €1,500 for a contract of six months.
Additionally, it had features to guarantee the automated deletion of messages and a unique PIN to erase all data stored on the device.
Users would be able to immediately delete compromising messages in this way.
Reports say the encryption tool EncroChat was unlawfully utilized by Organised Crime Groups (OCGs) globally.
Investigators have been able to intercept, analyze, and evaluate approximately 115 million illicit chats since the system was taken down, involving an estimated 60 000 users.
Assets Seized Since The 2020 EncroChat Takedown
6 558 suspects arrested, including 197 High-Value Targets
7 134 years of imprisonment of convicted criminals up to now
EUR 739.7 million in cash seized
EUR 154.1 million frozen in assets or bank accounts
30.5 million pills of chemical drugs seized
103.5 tonnes of cocaine seized
163.4 tonnes of cannabis seized
3.3 tonnes of heroin seized
971 vehicles seized
271 estates or homes seized
923 weapons seized, as well as 21 750 rounds of ammunition and 68 explosives
83 boats and 40 planes seized
In further investigation, the company that created the tool was found to be using a French server.
The ability to circumvent encryption and get access to user correspondence eventually became available.
Over 115 million messages and data from the JIT partners were evaluated by a large, devoted team of professionals at Europol.
Nearly 700 actionable intelligence packages were delivered to nations across the world by Europol after it cross-checked and analyzed the data and combined it with information from its information systems.
According to Europol, the majority of EncroChat users either participated in organized crime (34.8%) or trafficked drugs (33.3%). The others were engaged in murders (11.5%), money laundering (14.4%), and the trafficking of guns (6.4%).
Even though not all of the accused EncroChat participants have received sentences, they have already been found guilty and sentenced to a total of 7,134 years in jail.
Notably, many of EncroChat’s users switched to the alternative service “Sky ECC” when the company was shut down since it was a legitimate business.
Sky ECC’s encryption was broken by Europol and investigators from many European cyber police units, who then saw conversations between some 70,000 users.
“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.
The post European Dismantle of EncroChat Led To 6,500 Arrests & Seizure Of $979 Million Funds appeared first on Cyber Security News.
Cyber Security News
Beware of New Phishing Attacks Mimicking Booking.com and Airbnb
Beware of New Phishing Attacks Mimicking Booking.com and Airbnb
Beware of attackers masquerading as well-known vacation rental websites such as Airbnb and Booking.com.
Scammers that prey on tourists for Phishing Attacks are more active once the summer travel season is in full force.
It is recommended to double-check the website URL before entering any credentials on it to prevent being the victim of such scams.
If you’re unsure about the correct address, it’s best to double-check using Wikipedia and a search engine.
Phishing Site Mimicking Booking.com
According to Kaspersky’s research, the fake website’s goal is to collect “email passwords” and email addresses that may also be used as usernames.
The phishers appear to have tangled their nets; their true target is likely credentials for Booking.com accounts.
Notably, the second-largest group of Booking.com users, hotel and flat owners who utilize the website to draw in customers, was also targeted by phishers. There are fake websites that collect usernames and passwords for them as well.
Scammers Target Airbnb Users
A fake Airbnb site, which is a replica of the real one, advertises appealing flat rentals while persistently informing users that they must send money to a third party to finalize their reservation.
Other Online Scams
Scam sites promise great items in exchange for taking a survey. In this example, travel surveys with a $100 reward.
At the end of the survey, the fraudsters typically ask the victim for personal information such as their first and last name, address, phone number, and, in some cases, Phishing Attacks, payment information.
Such information may be utilized for a variety of unpleasant things in the future, ranging from identity theft to hacking into financial accounts. The “prize,” on the other hand, is not exactly forthcoming.
Airline passengers are another common target for phishers. Fake websites impersonating the official sites of several carriers are constantly appearing. The larger the airline, the more likely phishers would target its customers’ credentials.
DocumentFREE Demo
Deploy Advanced AI-Powered Email Security Solution
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Beware Of Online Scammers And Phishers
Only utilize reliable websites. Before entering any sensitive information, such as a login and password or a credit card number, double-check the website URL.
Install a reputable antivirus with built-in protection against online fraud and phishing on all your devices. This will provide you with an early warning about sites to avoid.
The post Beware of New Phishing Attacks Mimicking Booking.com and Airbnb appeared first on Cyber Security News.
Cyber Security News