19th Ave New York, NY 95822, USA

INSIGHT WEEKLY SECURITY NEWS LETTER-19-SEP-2018

Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption.

A New Cold Boot Attack Unlocks Disk Encryption:

 Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption.

The attack is a new variation of a traditional Cold Boot Attack, which is around since 2008 and lets attackers steal information that briefly remains in the memory (RAM) after the computer is shut down.

 

How It Works?

 A cold boot attack refers to a side-channel attack when attackers can force a computer to reset or reboot itself, and then steal the information that was still in memory.

Because the computer was forced to boot up without going through the normal shutdown (or restart) process, sensitive data such as passwords, contents of sensitive files, and encryption keys are left behind in memory for several seconds or minutes.

By modifying the hardware and booting up the machine off a specially-crafted USB drive containing memory-dumping software. Cold boot attacks have been known for a decade, and most computers have a security feature that overwrites contents of memory when the system boots up.

Mitigation:

It is recommended that IT departments to configure all company computers to either shut down or hibernate (not enter sleep mode) and require users to enter their BitLocker PIN whenever they power up or restore their PCs.

Reference:

https://thehackernews.com/2018/09/cold-boot-attack-encryption.html

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras

Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability that allows hackers to access surveillance cameras, spy on and manipulate video feeds or plant malware.

According to Tenable, the bugs are rated critical and tied to firmware possibly used in one of 100 different cameras that run the affected software.

Affected Makes:

The company lists over a 100 different partners including Sony, Cisco Systems, D-Link and Panasonic. It’s unclear how many OEM partners may use the vulnerable firmware.

Vulnerabilities

The first vulnerability (CVE-2018-1149) is the zero-day.  The attacker can trigger a buffer-overflow attack that allows them to access the camera’s web server Common Gateway Interface (CGI), which acts as the gateway between a remote user and the web server.
The second bug (CVE-2018-1150) takes advantage of a backdoor functionality. Back door PHP code when enabled allows unauthenticated attacker to change a password for any registered user except administrator of the system.

Reference:

https://threatpost.com/zero-day-bug-allows-hackers-to-access-cctv-surveillance-cameras/137499/

What is DNS Attack & How it Works?

 DNS attacks happen when a hacker is able to find weaknesses to exploit in the DNS (Domain Name System).

 DNS Attack:

 The biggest issues with DNS system is that if on any account a hacker is able to find a way to replace the authorized IP address of a website with rogue IP address, then any person trying to access that website will be sent to a bogus address.

The user would not have any idea that he is accessing the wrong address.

Types of DNS Attacks:

Zero-day attack– The attacker exploits a formerly unknown vulnerability in the DNS server software or protocol stack.

Fast Flux DNSHackers swap DNS record in and out at high frequency to redirect DNS requests.

 DNS-Spoofing DNS spoofing is also known as DNS cache poisoning. Attackers or hackers corrupt the whole DNS server by replacing the authorized IP address with the bogus IP address in the server’s cache.

Mitigation:

Get regular insight into what is actually going on in a network through Netflow, IPFIX, etc.

Leave a comment