China calls for internet security barrier. Advice for companies to keep pace with federal privacy requirements. US considers establishment of a Cyber Force. Read More
The CyberWire
The all in one place for non-profit security aid.
China calls for internet security barrier. Advice for companies to keep pace with federal privacy requirements. US considers establishment of a Cyber Force. Read More
The CyberWire
Over 130,000 Solar Panel Installations Exposed Online
Based on recent reports from Cyble, there has been a large attack vector for threat actors in the Solar industry’s PV (Photo-Voltaic) diagnostic and monitoring systems.
These systems are used to measure efficiency, detect faults, and optimize overall operations.
The research also mentioned that these systems are exposed over the internet, making them a prime target for threat actors.
These Distributed Energy Resources (DERs) are used to monitor and provide access to energy grids, remotely troubleshoot these systems, and many others.
As these systems play a major role in the energy sector, securing these systems requires a high priority.
If threat actors target vulnerable PV monitoring systems, it can affect multiple energy-based entities and organizations.
Internet Exposed PV Systems
Reports indicate that there are over 130,000 PV monitoring and diagnostic systems exposed over the internet, which is a wide attacking surface for threat actors.
In addition to spear-phishing, Denial of Service (DoS), and physical damage to the assets, threat actors can also target PV inverter controls that can inflict great damage.
The Vulnerabilities in the PV industry include
Outdated firmware
Public exposure of sensitive information
Poor access control
Improper Network segmentation
Unsecured Communication
Default passwords
These kinds of security misconfigurations and lack of security in these systems are actively being exploited in other sectors like Financial, Education, etc.
Furthermore, bypassing the authorization protocol of these systems is becoming easy for threat actors.
The energy sector is one of the most crucial sectors in a country which is connected with several other sectors, including the Military and Intelligence. Targeting this sector will impact beyond the sector.
The largest impacts it can lead to include reduced energy production, energy supply and demand imbalance, EV vehicles disruption, charging infrastructure and mobility services disruption and can also lead to economic impacts with downtime in businesses resulting in financial losses.
As the energy crisis is on the rise, it is recommended for organizations in the energy sector to stay secure from threat actors and patch and upgrade all the systems. Cyble has published a complete report on how PVs are targeted.
“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.
The post Over 130,000 Solar Panel Installations Exposed Online appeared first on Cyber Security News.
Cyber Security News
Firefox Patches Multiple High Severity Vulnerabilities
Mozilla has released Firefox 129, addressing multiple high-severity vulnerabilities. These patches are critical for enhancing the browser’s security and protecting users from potential exploits.
The latest Firefox update patches several critical vulnerabilities, each significantly impacting user security. Below is a summary of the most notable issues:
How to Build a Security Framework With Limited Resources IT Security Team (PDF) – Free Guide
CVE IDImpactDescriptionReferencesCVE-2024-7518HighOut-of-bounds memory access in graphics shared memory handling.Bug 1875354CVE-2024-7519HighOut of bounds memory access in graphics shared memory handling.Bug 1902307CVE-2024-7520The fullscreen notification dialog can be obscured by document content.Type confusion in WebAssembly.Bug 1903041CVE-2024-7521HighIncomplete WebAssembly exception handling.Bug 1904644CVE-2024-7522HighOut of bounds read in editor component.Bug 1906727CVE-2024-7523HighDocument content could partially obscure security prompts (affects Android versions).Bug 1908344CVE-2024-7524HighCSP strict-dynamic bypass using web-compatibility shims.Bug 1909241CVE-2024-7525HighMissing permission check when creating a StreamFilter.Bug 1909298CVE-2024-7526HighUninitialized memory used by WebGL.Bug 1910306CVE-2024-7527HighUse-after-free in JavaScript garbage collection.Bug 1871303CVE-2024-7528HighUse-after-free in IndexedDB.Bug 1895951CVE-2024-7529ModerateDocument content could partially obscure security prompts.Bug 1903187CVE-2024-7530ModerateUse-after-free in JavaScript code coverage collection.Bug 1904011CVE-2024-7531LowPK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines.Bug 1910306
The vulnerabilities addressed in this update pose significant risks, including potential spoofing attacks, memory corruption, sandbox escapes, and unauthorized data access.
For instance, CVE-2024-7518 could allow a malicious site to obscure fullscreen notification dialogs, potentially tricking users into performing unintended actions.
Similarly, CVE-2024-7519 involves out-of-bounds memory access, which could lead to memory corruption and sandbox escapes. Given the high impact of these vulnerabilities, users are strongly advised to update their Firefox browsers to version 129 immediately.
This update enhances security and ensures a safer browsing experience by mitigating the risks associated with these vulnerabilities.
Mozilla’s proactive approach to addressing these issues underscores the importance of regular software updates and vigilance in cybersecurity practices. Users should remain informed about such updates and apply them promptly to protect their data and privacy.
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access
The post Firefox Patches Multiple High Severity Vulnerabilities appeared first on Cyber Security News.
Hackers Exploit Pre-Authentication RCE Vulnerabilities in Adobe ColdFusion
Adobe ColdFusion is a Java-based, commercial web app development platform using CFML for server-side programming.
ColdFusion is primarily known for its tag-based approach, which is unique. Besides this, it is also popular among developers for its adaptability across various industries.
The cybersecurity researchers at Fortinet recently uncoverd that Windows and macOS users face risk from Adobe ColdFusion vulnerabilities, targeted by remote attackers for pre-authentication RCE exploits.
Hackers target the URI ‘/CFIDE/adminapi/accessmanager.cfc,’ injecting payloads via a POST request into the ‘argumentCollection’ parameter.
By using the interactsh tool, researchers spotted probing activities in July. While this tool generates domain names for testing exploits and monitoring vulnerabilities.
Attacker’s webpage at different times on 8/24
Threat actors can misuse it to validate the vulnerabilities by monitoring the domains, and here are the related domains collected by security experts:-
mooo-ng[.]com
redteam[.]tf
h4ck4fun[.]xyz
Probing activities involving other domains (Source – Fortinet)
Attackers employ reverse shells for exploiting system vulnerabilities, like in Adobe ColdFusion, using Base64-encoded payloads.
It’s been identified that from several IP addresses, all these attacks originated, and here below we have mentioned them:-
81[.]68[.]214[.]122
81[.]68[.]197[.]3
82[.]156[.]147[.]183
The malware was distributed from a publicly accessible HTTP file server:-
103[.]255[.]177[.]55[:]6895
Here below, we have mentioned all the malware variants that the security analyst discovered:
XMRig Miner: It’s a software program that uses CPU cycles for Monero mining for both legitimate and malicious purposes.
DDoS/Lucifer: It’s a hybrid bot with cryptojacking, DDoS, C2, vulnerability exploitation, and DDoS capabilities, which was reported in 2020.
RudeMiner: It’s also a hybrid version of a malware bot that targets the crypto wallet and carries out DDoS attacks.
BillGates/Setag: This backdoor version is mainly known for hijacking, C2 server communication, and attacks. However, in this scenario, through the checking procedure with the file “bill.lock,” this malware could be detected.
Researchers have been monitoring this flaw for weeks and have seen many attacks against Adobe ColdFusion. They continue to be exploited in the wild despite introducing fixes to address these flaws. Users should upgrade affected systems to prevent threat probing.
Attacker’s IP Address:
81[.]68[.]214[.]122
81[.]68[.]197[.]3
82[.]156[.]147[.]183
Malware Server’s IP Address:
103[.]255[.]177[.]55:6895
Files:
7c6f0bae1e588821bd5d66cd98f52b7005e054279748c2c851647097fa2ae2df
590d3088ed566cb3d85d48f4914cc657ee49b7d33e85c72167e7c72d81d4cb6c
808f0f85aee6be3d3f3dd4bb827f556401c4d69a642ba4b1cb3645368954622e
4f22fea4d0fadd2e01139021f98f04d3cae678e6526feb61fa8a6eceda13296a
The post Hackers Exploit Pre-Authentication RCE Vulnerabilities in Adobe ColdFusion appeared first on Cyber Security News.
Cyber Security News