Image for post
Image for post

Positive Technologies researcher Nikita Ambramov reported the finding of a critical vulnerability in F5 Networks BIG-IP products that could be exploited to launch denial of service attacks remotely. Ambramov mentions that the flaw lies in some versions of Access Policy Manager (APM), a product that centralizes access to applications, APIs, and data.

In this regard, the company mentions that this flaw is related to Traffic Management Microkernel (TMM), a component that processes all load-balanced traffic from BIG-IP systems: “If an APM virtual server processes unidentified traffic, TMM will stop responding and a restart will be forced,” the report says.

The researcher points out that exploiting this flaw does not require the use of hacking tools, as threat actors simply need to send specially designed HTTP requests to the server hosting the BIG-IP configuration utility, resulting in the DoS condition. …

Image for post
Image for post

Cybersecurity specialists revealed the finding of a cross-site scripting (XSS) vulnerability in Apache Velocity Tools that could be exploited by threat actors to compromise U.S. government websites, including NASA. The flaw was reported 90 days ago, although it appears to have not been corrected to date. This is a Java-based template engine and used by developers to design views in a Model-View-Controller architecture. Velocity Tool is a subproject that comprises classes that make it even easier to integrate Velocity into web applications.

Experts mention that the flaw is present in all versions of Velocity Tools even though a fix has been released for months. Although the formal disclosure process has not been formally completed, the flaw was identified as CVE-2020–13959. …

Image for post
Image for post

Although it is underestimated, router security is vital to protect our networks from intruders and take the most out of their features, as network security experts from the International Institute of Cyber Security (IICS) mention.

Manufacturers also don’t care about this, as many routers are launched with multiple easy to exploit vulnerabilities, such as remote access errors or default passwords usage.

To check if our home or small business router is vulnerable to the most common attack variants, network security experts recommend using RouterSploit, a utility available in Termux. …

Image for post
Image for post

After the last privacy policy update, hundreds of thousands of people are considering switching from WhatsApp to other messaging platforms friendlier with their users’ data.

Signal is a relatively popular platform and way better than WhatsApp in terms of privacy but, did you know it can become even more secure with just little setting modifications? Today we will show you how to use Signal at its maximum potential to keep your conversations and personal data away from intruders.

First, we must go to the Settings screen. Tap the top-left corner on the screen to open this menu. Once there, we will find four settings to modify (three, in case you’re an iOS user), most of them are really…

Image for post
Image for post

Cybersecurity specialists reported the finding of a severe vulnerability in the chips installed in the Google Titan and YubiKey security keys. Reported vulnerabilities would allow malicious hackers to obtain the primary encryption keys used by these devices to generate encryption tokens and solve multi-factor authentication challenges or, in other words, clone security keys.

Although the flaw, tracked as CVE-2021–3011, sounds serious, the experts who discovered it report that it is not really such a severe problem. The first problem for potential threat actors is that this attack requires physical access to the device, making it impossible to compromise remotely. …

Image for post
Image for post

Ho.Mobile, the low-cost operator for telecomm giant , has announced that a hacking group managed to compromise part of its customer database, which stored personal information, SIM details, among other data. This information has been posted on several hacking forums in since December 2020 and cybersecurity experts estimate that it contains over 2.5 million registers.

Infosec researcher Bank Security first reported the leaking and selling of the database last December 28. In response, the company issued a statement mentioning that they were not aware of such situation. Nonetheless, everything changed last Monday, when ho.Mobile …

Image for post
Image for post

Cybersecurity experts have just discovered a new variant of Golang based malware capable of being automatically distributed via Windows and Linux servers. This is a multi platform malware with worm capabilities that allow it to be deployed through brute force attacks against services such as Tomcat, Jenkins, WebLogic, among others, especially if they have weak passwords.

Hackers also have a C&C server through which they constantly release updates, indicating active maintenance of this malware variant. …

Image for post
Image for post

Security teams at Kawasaki Heavy Industries, a Japanese multinational focused on manufacturing for multiple industries, announced that their information systems were compromised during a security incident that could lead to exposure of employee and customer data.

In its statement the company highlights some details about the incident: “As a result of an exhaustive investigation, we have determined that some of the information in several overseas offices could have been leaked to external platforms.” Although Kawasaki argues that no evidence has been found to claim that a data breach has occurred, the incident is being monitored to prevent further damage.

The company’s IT area detected unauthorized access to a server in Japan from an office in Thailand on June 11, so all communications in Kawasaki were interrupted: “In the end we detected other unauthorized access to servers from locations abroad; in response we have improved access monitoring operations, as well as strengthening restrictions to prevent and detect unauthorized…

Image for post
Image for post

A recent cybersecurity report reveals that up to 5% or all web servers worldwide could be exposed to a kernel security weakness. The issue could also be affecting millions of OS users, which suppose a critical risk.

Successful exploitation would allow threat actors to deploy a variant of the so-called “cross-layer” attacks targeting the Linux kernel with a security problem in the Pseudo Random Number Generator (PRNG). The attack is possible due to the UDP source port generation algorithm, the IPv6 flow label generation algorithm and the IPv4 generation algorithm on some Linux systems.

All this information could be used by threat actors in order to predict the random number value in other OSI layer implementations. …

Image for post
Image for post

Chad Wolf, Acting Secretary for the Department of Homeland Security , has recently mentioned that the agency has commanded a strict scrutiny over the security measures in Chinese-made smart TVs TCL, as well as over the alleged included in these devices: “We are reviewing TCL and entities as such”, Wolf stated.

According to Wolf, this year the Agency experts discovered that TCL has incorporated backdoors into all of its TV sets, exposing users to a wide variety of cyberattacks and data leaking incidents: “The company also gets Chinese Communist Party support to fulfill its global demand, which has constantly grown during the last years to become the third largest TV manufacturer worldwide”. …

About

Eli Cyber Security

Knowledge belongs to the world

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store