28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack. […] Read More
BleepingComputer
AppSec Webinar: How to Turn Developers into Security Champions
Let’s face it: AppSec and developers often feel like they’re on opposing teams. You’re battling endless vulnerabilities while they just want to ship code. Sound familiar?
It’s a common challenge, but there is a solution.
Ever wish they proactively cared about security? The answer lies in a proven, but often overlooked, strategy: Security Champion Programs — a way to turn developers from Read More
Hackers Can Exploit Windows Container Isolation Framework to Bypass Endpoint Security
New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework.
The findings were presented by Deep Instinct security researcher Daniel Avinoam at the DEF CON security conference held earlier this month.
Microsoft’s container architecture (and by extension, Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Power Management Devices Flaw Let Attackers Shutdown Data Center
Businesses are looking to digital transformation and cloud services to support new working practices. This would be extremely simple for criminals to get into essential data center power management gear, turn off electricity to numerous linked devices, and interrupt all types of services from crucial infrastructure to commercial applications.
The Trellix Advanced Research Centre focused exclusively on the power supply and management systems used in data centers.
Researchers discovered four vulnerabilities in CyberPower’s PowerPanel Enterprise Data Centre Infrastructure Management (DCIM) platform and five vulnerabilities in Dataprobe’s iBoot Power Distribution Unit (PDU).
“Both products are vulnerable to remote code injection that could be leveraged to create a backdoor or an entry point to the broader network of connected data center devices and enterprise systems”, researchers explain.
CyberPower is a well-known provider of infrastructure and equipment for data centers, specializing in power management and protection technologies.
Their PowerPanel Enterprise DCIM platform serves as a single point of information and command for all devices, enabling IT professionals to manage, configure, and monitor the infrastructure within a data center over the cloud.
Reports say companies moving on-premise server installations to bigger, co-located data centers, such as those from leading cloud providers AWS, Google Cloud, Microsoft Azure, etc., frequently employ these platforms.
Sunbird Software estimates that 83% of business data center operators have increased rack density in the previous three years. As a result, they are looking to technologies like DCIM platforms to assist manage their infrastructure, avoid outages, and preserve uptime.
Document
FREE Webinar
API Attacks Have Increased by 400% – Understand the Fundamentals of Protecting Your APIs with a Positive Security Model – Register Now for a Free Webinar
CVE-2023-3264: Use of Hard-coded Credentials (CVSS 6.7)
CVE-2023-3265: Improper Neutralization of Escape, Meta, or Control Sequences (Auth Bypass; CVSS 7.2)
CVE-2023-3266: Improperly Implemented Security Check for Standard (Auth Bypass; CVSS 7.5)
CVE-2023-3267: OS Command Injection (Authenticated RCE; CVSS 7.5)
Particularly, any of the first three CVEs could be used by criminals to bypass authentication checks, access the management interface, and shut down devices inside data centers.
“The manipulation of the power management can be used to damage the hardware devices themselves – making them far less effective if not inoperable”, researchers said.
Power management devices made by Dataprobe help companies manage and monitor their infrastructure. Through a straightforward and user-friendly online application, their iBoot PDU enables managers to remotely regulate the power supply to their devices and equipment.
Dataprobe has hundreds of devices deployed in a variety of sectors, including government organizations, financial institutions, smart city IoT installations, and travel and transportation infrastructure.
Reports stated that thousands of these PDUs are used for tasks like digital signage, telecommunications, remote site management, and much more. The iBoot PDU in particular has been in use since 2016.
CVE-2023-3259: Deserialization of Untrusted Data (Auth Bypass; CVSS 9.8)
CVE-2023-3260: OS Command Injection (Authenticated RCE; CVSS 7.2)
CVE-2023-3261: Buffer Overflow (DOS; CVSS 7.5)
CVE-2023-3262: Use of Hard-coded Credentials (CVSS 6.7)
CVE-2023-3263: Authentication Bypass by Alternate Name (Auth Bypass; CVSS 7.5)
In this case, even the simplest act of shutting power to devices linked to a PDU would be important with access to these power management systems.
“A threat actor could cause significant disruption for days at a time with the simple “flip of a switch” in dozens of compromised data centers”, researchers explain.
The infected machines might be used to launch massive ransomware, DDoS, or Wiper attacks that could be far more widespread than those launched by Stuxnet, Mirai BotNet, or WannaCry.
Version 2.6.9 of the PowerPanel Enterprise software from Dataprobe and version 1.44.08042023 of the Dataprobe iBoot PDU firmware from CyberPower both provide patches for these issues.
Hence, all possibly vulnerable customers are urged to download and apply these fixes right now.
Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.
The post Power Management Devices Flaw Let Attackers Shutdown Data Center appeared first on Cyber Security News.
Cyber Security News