New Horabot campaign takes over victim’s Gmail, Outlook accounts
A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool.
A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool.
Cicada (also known as Cicada3301) is a sophisticated ransomware, written in Rust, that has claimed more than 20 victims since its discovery in June 2024.
Read more in my article on the Tripwire State of Security blog. Read More
New Wi-Fi Authentication Bypass Flaw Puts Enterprise and Home Networks at Risk
[[{“value”:”
Security researchers Mathy Vanhoef and Héloïse Gollier, have recently uncovered several critical vulnerabilities in the Wi-Fi authentication protocols used in modern WPA2/3 networks collaborating with VPN testing company Top10VPN.
The identified flaws pose a significant security risk as they could potentially enable unauthorized access to sensitive data transmitted over wireless networks and compromise the security of all connected devices.
Wpa_supplicant is a widely used software that offers robust support for WPA, WPA2, and WPA3 security protocols. It is an integral part of the Android operating system and is also present in most Linux-based devices, including the ChromeOS used in Chromebooks.
iNet wireless daemon (IWD) is a wireless daemon designed by Intel for Linux-based devices. It offers a complete and robust Wi-Fi connectivity solution, providing advanced features such as advanced roaming, WPA/WPA2 support, and power management. It is a highly reliable and efficient solution for wireless connectivity on Linux devices.
Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks
.
Two Security Flaws
As researchers were examining the system for logical implementation flaws, they came across two distinct vulnerabilities that require immediate attention. They published a research article outlining the technical weaknesses.
CVE-2023-52160 (“Phase-2 bypass”)
A security flaw has been identified in wpa_supplicant v2.10 and earlier versions, which are widely used in Android and Linux devices.
This vulnerability can be exploited by an attacker to deceive the victim into connecting to a fake Wi-Fi network set up by the adversary. Once connected, the attacker can intercept and monitor the victim’s network traffic.
The security flaw can be taken advantage of by attackers against Wi-Fi clients that lack proper configuration for authentication server certificate verification.
Such incidents are still prevalent in reality, particularly with devices that run on ChromeOS, Linux, and Android platforms.
CVE-2023-52161 (“4-way bypass”):
An exploitable vulnerability has been discovered in IWD v2.12 and earlier versions that allows an attacker to gain unauthorized access to a protected Wi-Fi network. Upon gaining access, the attacker can use the network as if they were a legitimate user.
In the context of Wi-Fi network security, an attacker can leverage the IWD (iNet Wireless Daemon) to gain unauthorized access to the network and connected devices.
This can allow the attacker to potentially launch further attacks on the network or other clients connected to it. The only prerequisite for the attack is that the Wi-Fi network in question must be using IWD.
The researchers discovered two vulnerabilities which were promptly reported to the respective vendors. The vulnerabilities have been successfully patched by the vendors.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.