A vulnerability (CVE-2020-12695) in Universal Plug and Play (UPnP), which is implemented in billions of networked and IoT devices – personal computers, printers, mobile devices, routers, gaming consoles, Wi-Fi access points, and so on – may allow unauthenticated, remote attackers to exfiltrate data, scan internal networks or make the devices participate in DDoS attacks.
UPnP is a set of networking protocols that allows networked devices to automatically discover and interact with each other when on the same network.
UPnP is intended primarily for residential and SOHO wireless networks. It is designed to be used in a trusted local area network (LAN) and so the protocol does not implement any form of authentication or verification. That’s one of the reasons why some UPnP devices are shipped with the protocol turned off by default and it’s on administrators to enable it, if needed.
The development of the UPnP protocol is managed by the Open Connectivity Foundation (OCF), a standards organization whose goal is to promote the interoperability of connected devices.
About the vulnerability (CVE-2020-12695)
CVE-2020-12695 (aka “CallStranger”) was discovered by security researcher Yunus Çadırcı and privately reported to the OFC in late 2019.
“The vulnerability (…) is caused by Callback header value in UPnP SUBSCRIBE function can be controlled by an attacker and enables an SSRF-like vulnerability which affects millions of Internet facing and billions of LAN devices,” Çadırcı explained.
Know more about the remote freelance jobs.
More technical details are available here but, in short, the vulnerability can be used to bypass DLP and network security devices to exfiltrate data, scan internal ports, and force millions of Internet-facing UPnP devices to become a source of amplified reflected TCP DDoS.
In a series of data breach notifications, IT services giant Cognizant has stated that unencrypted data was most likely accessed and stolen during an April Maze Ransomware attack.
Know more: computer hardware engineer salary
Cognizant is one of the largest IT managed services company in the world with close to 300,000 employees and over $15 billion in revenue.
As a managed service provider (MSP), Cognizant remotely manages many of its clients to fix issues, install patches, and monitor their security.
On April 17th, Cognizant began emailing their clients to warn them that they were under attack by the Maze Ransomware so that they could disconnect themselves from Cognizant and protect themselves from possibly being affected.
This email also contained indicators of compromise that included IP addresses utilized by Maze and file hashes for the kepstl32.dll, memes.tmp, and maze.dll files. These IP addresses and files are known to be used in previous attacks by the Maze ransomware actors.
While Cognizant stated that it was an attack by Maze, the Maze operators told BleepingComputer at the time that they weren't behind the attack.
I strongly recommend using SELinux which provides a flexible Mandatory Access Control (MAC). Under standard Linux Discretionary Access Control (DAC), an application or process running as a user (UID or SUID) has the user’s permissions to objects such as files, sockets, and other processes. Running a MAC kernel protects the system from malicious or flawed applications that can damage or destroy the system. See the official Redhat documentation which explains SELinux configuration.
Linux User Accounts and Strong Password Policy
Use the useradd / usermod commands to create and maintain user accounts. Make sure you have a good and strong password policy. For example, a good password includes at least 8 characters long and mixture of alphabets, number, special character, upper & lower alphabets etc. Most important pick a password you can remember. Use tools such as “John the ripper” to find out weak users passwords on your server. Configure pam_cracklib.so to enforce the password policy.
Know more @ certified Linux administrator salary
Set Up Password Aging For Linux Users For Better Security
The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password. The /etc/login.defs file defines the site-specific configuration for the shadow password suite including password aging configuration.
As well as targeting companies through Zoom, cybercriminals are trying different cyber scams to trick companies. These scams include impersonation on social media platforms or phishing emails.
The scams are aimed at tricking employees into giving money away, provide the credentials to cloud-based applications, or pay fake invoices. This increase in online fraud is a significant threat that most companies are not prepared for.
Know more: Switch Network
Yoav Keren, CEO, BrandShield, said: “With global businesses big and small become increasingly reliant on video conferencing facilities like Zoom, sadly, cybercriminals are trying to capitalise. Businesses need to educate their employees quickly about the risks they may face, and what to look out for. The cost of successful phishing attacks is bad for a company’s balance sheet in the best of times, but at the moment it could be fatal.
“BrandShield protects some of the biggest corporations in the world and we takedown thousands of threats across websites and social media. We are getting companies approaching us all the time asking for our help. This problem is only going to get bigger as people spend more time transacting and interacting online.”
Even before offices began sending employees home, digital nomads, as well as employees working remotely on occasion, have been increasingly common, using conferencing tech to communicate with colleagues.
With this in mind, we look at some conferencing platforms that are on the market currently, and the benefits they offer self-isolating employees.
Know more: what does contingent mean?
One of the many prominent conferencing platforms is Microsoft Teams, which offers video and audio calls, as well as chatroom capabilities between two people as well as groups.
Calls can be recorded, and documents can be shared over chat.
The platform recently announced the possibility of coexistence and interoperability with Skype for Business.
Cisco’s offering to conferencing, Cisco Webex, allows for video conferencing with possible integration of other applications, such as Outlook, Google Drive and Salesforce.
The platform has seen seven times more usage recently, and chief technologist at Cisco, Chintan Patel, said: “While there is no replacement for meeting face-to-face and being in the same room as a colleague or customer, video meetings are proven to be more effective than voice calls.
“In fact, 93% of employees say video calls improve interactions and client relationships.”
Suivre le flux RSS des articles
Suivre le flux RSS des commentaires