Security Boulevard

North Korean army of remote IT workers enabled by Matthew Isaac Knoot, alleges DoJ.

The post WTH? DPRK WFH Ransomware Redux: 3rd Person Charged appeared first on Security Boulevard.

via the comic & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Meteor Shower PSA’ appeared first on Security Boulevard.

Hackers, possibly from Iran, sent phishing emails to the Biden-Harris campaign and Trump operative Roger Stone hoping to gain access into the systems of both presidential campaigns. It worked with Stone, who compromised email account opened the door to the Trump campaign infrastructure.

The post Biden-Harris Campaign, Trump Operative Stone Also Target of Hackers appeared first on Security Boulevard.

Learn how to minimize the impact of vulnerabilities like social media use, private jet tracking, and more As an executive protection (EP) professional, you’re likely experiencing a rise in physical threats against your principal(s). You’re not alone. According to Ontic’s State of Protective Intelligence Report, 8 out of 9 EPs say their companies are experiencing…

The post 4 Executive Travel Vulnerabilities You May be Overlooking appeared first on Ontic.

The post 4 Executive Travel Vulnerabilities You May be Overlooking appeared first on Security Boulevard.

The Post-Quantum Cryptography Algorithms are finalized! Now what?
josh.pearson@t…
Tue, 08/13/2024 - 16:11

With the recent release from NIST about their final, published Post-Quantum Cryptography (PQC) algorithms (ML-KEM (formerly Kyber), ML-DSA (formerly Dilithium), SLH-DSA (formerly SPHINCS+) and with it the imminent end-of-life of the encryption foundations we have relied upon for decades, many organizations are left wondering exactly what they should do next.

Encryption Data Security

Todd Moore | Vice President, Data Security Products, Thales
More About This Author >

With the recent release from NIST about their final, published Post-Quantum Cryptography (PQC) algorithms (ML-KEM (formerly Kyber), ML-DSA (formerly Dilithium), SLH-DSA (formerly SPHINCS+) and with it the imminent end-of-life of the encryption foundations we have relied upon for decades, many organizations are left wondering exactly what they should do next.

To help our customers unravel this massive undertaking, Thales has been preparing for this moment for well over a decade. In this time, while learning to harness the power of Quantum computers, we recognize and are preparing for the new risks and dangers to guard against, particularly when it comes to data and identities, the core of our global digital society.

With great research, comes great responsibilities…

Thales researchers are playing a central role in the quantum revolution and are now developing the next generation of quantum solutions that will shape the Post-Quantum world. Broadly speaking this research can be grouped into 3 different categories: 1) quantum sensors, 2) quantum communications, and 3) post-quantum cryptography.

1) Quantum Sensors

Sensors have long been used but most recently they can be found in devices such as smart homes, self-driving cars, medical devices, etc. They also play a vital role in our defense and security systems, for land, sea, and air. New Quantum sensors, based off the principles of Quantum mechanics and principles, have been found to augment and expand the human senses so that we may better understand the environment around us. The principles of Quantum physics allow for devices to understand data inputs much faster and compute multiple different types of logic at the same time ensuring more efficient and more accurate sensing capabilities. From Superconducting devices to solid-state sensors to cold atom technology, Thales is at the forefront of imagining and designing new Quantum sensors that will impact everything from the medical world to military applications.

2) Quantum Communications

Quantum technologies are set to directly impact the speed and scale of digital communications. By harnessing the quantum properties of light, quantum technologies will make it possible to secure communications with Quantum-safe cryptographic keys across large-scale networks and the Internet of the future. Thales is pioneering the design of these future network architectures, both for ground-based network elements and for the space-based components needed to share cryptographic keys over long distances. To put this into practice, Thales is part of EuroQCI, a large-scale European project working to deploy a quantum secured Europe-wide network for sharing sensitive data.

3) Post-Quantum Cryptography

To assist our customers with their transformation to PQC, Thales is a participant in NIST’s National Cybersecurity Center of Excellence (NCCoE)’s Migration to PQC Project. By submitting our products to the NCCoE lab, Thales is helping to develop practices that will ease migration from current algorithms to replacement post-quantum algorithms, while also providing platforms for PQC interoperability testing. Of critical importance is crypto agility, which allows our customers to deploy flexible, upgradeable solutions that support classic crypto, emerging quantum-resistant crypto standards, and approved hybrid techniques.

Simultaneously, Thales is actively involved in Post-Quantum Cryptography (PQC) Research & Development, as well as participating in various standardization efforts with many industry regulatory bodies. The company is engaged in multiple research projects in the United States, France (RISQ) and across Europe, and is also financing numerous doctoral theses on the subject. Thales also co-authored the Falcon digital signature algorithm which was selected by NIST in 2022 as a candidate for PQC standardization. Additionally, Thales sits on several PQC Consortiums in North America and Europe, including RESQUE, the Post-Quantum Cryptography Alliance, PKI Consortium, CFDIR Quantum-Readiness Working Group, among others.

Strengthening Trust

With crypto agility implemented across its product lines, Thales has also actively prototyped NIST PQC algorithm finalists within its products and is now focusing on the selected PQC algorithms. With Quantum-safe network encryption solutions and Hardware Security Modules that are already available for purchase, with starter kits ready now for testing the impacts across applications and devices. In addition to the quantum resistant algorithms, Thales High Speed Encryptors are compatible with ESTI standard QKD devices and support QRNG, while our Hardware Security Modules have several partner integrations that can facilitate these additional capabilities. Thales is also accelerating practical Proof of Concepts with customers and partners, notably for hybrid algorithms in digital signatures and key exchange mechanisms.

Whether you are looking to strengthen and future-proof digital identities, such as with government electronic documents or solutions that facilitate, manage, and provide security for cellular connectivity with products such as SIM cards / eSIM, which are integral to the Internet of Things, or if you are needing a cybersecurity solution that will protect your data and applications – Thales is dedicated to supporting our customers today to protect against “Harvest Now, Decrypt Later (HNDL)” attacks, right through the Quantum revolution.

After all, as stewards of trust, Thales is right there alongside you as you evaluate risks and anticipate threats in a Post-Quantum era.

Explore how Thales can help your organization with Post-Quantum Cryptography Solutions.

Schema studio THALES BLOG The Post-Quantum Cryptography Algorithms are finalized! Now what?

August 13, 2024

The post The Post-Quantum Cryptography Algorithms are finalized! Now what? appeared first on Security Boulevard.

South Korea’s national security and intelligence agencies have recently issued a joint cybersecurity advisory highlighting a significant cyber threat. State-backed hackers from the Democratic People’s Republic of Korea (DPRK) have exploited vulnerabilities in a VPN software update to deploy sophisticated malware, aiming to breach secure networks. Read on to get the details.  Tell me more about the North Korean information ... Read More

The post North Korean Hackers Exploit VPN Update Flaw to Deploy Malware appeared first on Nuspire.

The post North Korean Hackers Exploit VPN Update Flaw to Deploy Malware appeared first on Security Boulevard.

A report published today by Cato Networks finds three years after its discovery in 2021 there was a 61% increase in attempts to exploit Log4j vulnerabilities in inbound traffic and a 79% increase in the attempted use of Log4j in WANbound traffic in the first half of this year.

The post Cato Network Reports Spike in Attempts to Exploit Log4j Vulnerabilities appeared first on Security Boulevard.

That’s a wrap for Black Hat 2024! We had a great show and met many of you at the booth or on the show floor. I hope you were able to come by, watched a session by Jason Kent, Hacker in Residence at Cequence, or Parth Shukla, Security Engineer at Cequence, and maybe even entered […]

The post Cequence Storms Black Hat with API Security Testing for Generative AI Applications appeared first on Cequence Security.

The post Cequence Storms Black Hat with API Security Testing for Generative AI Applications appeared first on Security Boulevard.

Compliance with SOC 2 assures that the company maintains a high standard of information security, and highlights it among market competitors.

The post How to Prepare for SOC 2 and ISO 27001 Audit? Tips for Jira Admins appeared first on Security Boulevard.

To stay future-proof, organizations are beginning to realize the value of adopting a new way of protecting data assets known as a cyber resilience approach.

The post Three Reasons to Take a New Cyber-Resilient Approach to Data Protection appeared first on Security Boulevard.

Really interesting article on the ancient-manuscript scholars who are applying their techniques to the Voynich Manuscript.

No one has been able to understand the writing yet, but there are some new understandings:

Davis presented her findings at the medieval-studies conference and published them in 2020 in the journal Manuscript Studies. She had hardly solved the Voynich, but she’d opened it to new kinds of investigation. If five scribes had come together to write it, the manuscript was probably the work of a community, rather than of a single deranged mind or con artist. Why the community used its own language, or code, remains a mystery. Whether it was a cloister of alchemists, or mad monks, or a group like the medieval Béguines—a secluded order of Christian women—required more study. But the marks of frequent use signaled that the manuscript served some routine, perhaps daily function...

The post On the Voynich Manuscript appeared first on Security Boulevard.

One often overlooked aspect in the aftermath of a breach is the meticulous examination of firewall rule histories. These records not only reveal how an attacker gained access but can illuminate the path they took within an organization’s network.

The post The Crucial Role of Firewall Rule Histories appeared first on Security Boulevard.

Several security issues have recently been discovered in OpenSSL that could result in denial-of-service attacks. OpenSSL is widely used to secure communications across the internet, making these vulnerabilities a significant concern. In response, Canonical has released security updates to address multiple OpenSSL vulnerabilities across different releases, including Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, and Ubuntu […]

The post Ubuntu Fixes Multiple OpenSSL Vulnerabilities appeared first on TuxCare.

The post Ubuntu Fixes Multiple OpenSSL Vulnerabilities appeared first on Security Boulevard.

This Article What is the Critical Pathway to Insider Risk (CPIR)? was first published on Signpost Six. | https://www.signpostsix.com/

Insider risk remains one of the most challenging threats for organisations to manage. The Critical Pathway to Insider Risk (CPIR) offers a structured approach to understanding and mitigating this threat by examining the pathway of events and factors leading to insider acts. This model is based on extensive research into the behaviours and characteristics of […]

This Article What is the Critical Pathway to Insider Risk (CPIR)? was first published on Signpost Six. | https://www.signpostsix.com/

The post What is the Critical Pathway to Insider Risk (CPIR)? appeared first on Security Boulevard.

PALO ALTO, Calif. – August 13, 2024 – TuxCare, a global innovator in cybersecurity for Linux, today announced the launch of its TuxCare Oracle Linux 7 Extended Lifecycle Support (ELS) that enables enterprises to confidently maintain the security of their systems for up to four years following Oracle Linux 7’s end of life that is […]

The post TuxCare Offers Four Years of Precision-Engineered Security Updates for Oracle Linux 7 appeared first on TuxCare.

The post TuxCare Offers Four Years of Precision-Engineered Security Updates for Oracle Linux 7 appeared first on Security Boulevard.

Application Security Posture Management (ASPM) arose a few years ago as a strategy to help software developers and security teams continually improve the security of business applications.

Related: Addressing rising cyber compliance pressures

At Black Hat USA 2024,… (more…)

The post Black Hat Fireside Chat: Here’s how ‘Active ASPM’ is helping to triage and remediate coding flaws first appeared on The Last Watchdog.

The post Black Hat Fireside Chat: Here’s how ‘Active ASPM’ is helping to triage and remediate coding flaws appeared first on Security Boulevard.

LAS VEGAS — Ransomware attacks are escalating in scale and frequency. But one recent payout, a record  $75 million by a victimized Fortune 50 company, trumped a surge in extortion attacks that are likely to only increase, according to a new report from Zscaler Inc.’s ThreatLabz research. “Stolen data and extortion is going up exponentially,”..

The post Ransomware Attack Fetched A Record $75 Million appeared first on Security Boulevard.

Authors/Presenters:Kevin Morio, Ilkan Esiyok, Dennis Jackson, Mozilla; Robert Künnemann

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Automated Security Analysis of Exposure Notification Systems appeared first on Security Boulevard.

The DOJ shut down another "laptop farm" link to a North Korean fake IT worker scam that the country uses to illegally bring in money for its nuclear and ballistic weapons program and to steal information from unsuspecting companies in the United States and elsewhere.

The post DOJ Shuts Down Another North Korean ‘Laptop Farm’ appeared first on Security Boulevard.

IntroductionOn August 5, 2024, researchers at SonicWall discovered a zero-day security flaw in Apache OFBiz tracked as CVE-2024-38856. The vulnerability, which has been assigned a CVSS score of 9.8, allows threat actors to perform pre-authentication remote code execution (RCE). While testing a patch for CVE-2024-36104, SonicWall researchers discovered that unauthenticated access was permitted to the ProgramExport endpoint, potentially enabling the execution of arbitrary code. These vulnerabilities arise from a flaw in the override view functionality, which can be exploited by unauthorized threat actors through maliciously crafted requests, leading to the remote code execution.

RecommendationsZscaler ThreatLabz strongly advises users of the Apache OFBiz application to promptly upgrade to version 18.12.15, as this version contains fixes to mitigate the security vulnerabilities identified in CVE-2024-38856 and CVE-2024-36104.

Affected VersionsThe following versions of Apache OFBiz are affected by the disclosed vulnerabilities and should be updated immediately:

All versions 18.12.13 and below are impacted by CVE-2024-36104
All versions 18.12.14 and below are impacted by CVE-2024-38856

BackgroundApache OFBiz is an open-source Enterprise Resource Planning (ERP) system that provides business solutions for various industries. This includes tools to manage operations like customer relationships, order processing, human resource functions, warehouse management, and more.

During the analysis of CVE-2024-36104, a vulnerability disclosed on June 3, 2024, SonicWall researchers discovered the ControlServlet and RequestHandler functions received different endpoints when handling the same request. Ideally, both functions should process the same endpoint. CVE-2024-38856 allows unauthenticated access to the ProgramExport endpoint, which should have been restricted.

How It WorksIn the previous vulnerability, CVE-2024-36104, Apache OFBiz was found to have a flaw that enabled remote attackers to access system directories due to inadequate validation of user requests. Exploiting this flaw involved sending a malformed URL containing '..' sequences, which could result in the execution of arbitrary code on the system.

An example of a malformed POST request and request-body is shown below.

POST /webtools/control/forgotPassword/;%2e%2e/ProgramExport

POST-Body: groovyProgram=throw new Exception('whoami'.execute().text);

In the figure below, the example malformed request is shown. This request includes a command 'whoami' that is being executed, and the resulting output of the command is displayed in the error message. The output of the command is highlighted in the green box.

Figure 1: An example of a POST request related to CVE-2024-36104. The request includes an encoded request body, along with its corresponding output.

The most recent vulnerability, CVE-2024-38856, permits unauthorized access to the ProgramExport endpoint without the need for a path traversal vector. This means that access is granted even when it should have been restricted.

The figure below shows an attack chain exploiting CVE-2024-38856.

Figure 2: The attack chain depicting an attacker exploiting CVE-2024-38856.

The figure below shows the malformed request, without a path traversal vector, being executed, and the resulting output of the command is displayed in the error message.

Figure 3: An example of a POST request related to CVE-2024-38856. The request includes an encoded request body, and the output associated with it.

Further investigation revealed that unauthenticated access to the ProgramExport endpoint was possible by combining it with any other endpoint that does not require authentication. Examples of such endpoints include:

forgotPassword
showDateTime
TestService
view
main

URLs that could be used to exploit this vulnerability are:

POST /webtools/control/forgotPassword/ProgramExport
POST /webtools/control/showDateTime/ProgramExport
POST /webtools/control/TestService/ProgramExport
POST /webtools/control/view/ProgramExport
POST /webtools/control/main/ProgramExport

ConclusionTo protect against CVE-2024-38856, it is important to update Apache OFBiz systems to version 18.12.15 as soon as possible. Neglecting to upgrade promptly exposes systems to significant security risks, which could enable threat actors to manipulate login parameters and execute arbitrary code on the target server.

Zscaler CoverageThe Zscaler ThreatLabz team has deployed the following.

Zscaler Advanced Threat Protection

App.Exploit.CVE-2024-38856
App.Exploit.CVE-2024-36104

Zscaler Private Access AppProtection

HTML.Exploit.CommandInjection:6000004

For more details, visit the Zscaler Threat Library.

The post CVE-2024-38856: Pre-Auth RCE Vulnerability in Apache OFBiz appeared first on Security Boulevard.