Cisco AnyConnect SSL VPN Flaw Let Attacker Launch DoS Attack

0
[ad_1]

A vulnerability of medium severity, identified as CVE-2023-20042, with a CVSS score of 6.8, was found in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defence (FTD) Software. 

This vulnerability could potentially enable an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Software patches from Cisco have been made available to fix this issue. There are no workarounds that address this vulnerability.

Details of the Cisco AnyConnect SSL VPN Flaw

An implementation issue in the SSL/TLS session handling procedure, which could prevent the release of a session handler under certain circumstances, is the cause of the vulnerability discovered.

Document
FREE Trial

Patch Manager Plus, our all-around patching solution, offers automated patch deployment for Windows, macOS, and Linux endpoints, along with patching support for 950+ third-party updates across 850+ third party applications..

An attacker might use this vulnerability to increase the likelihood of session handler leaks by sending crafted SSL/TLS traffic to a compromised device.

“A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition,” Cisco said in its advisory.

Affected Products

Cisco stated that this flaw impacted Cisco ASA and FTD software that had been configured for AnyConnect SSL/TLS VPN connections.

Indicators of Compromise

According to Cisco, the command shows SSL objects may be used to identify the presence of leaking session handlers. A high and rising number in the SSL: active counter suggests that sessions are being leaked.

As stated in the advisory, Cisco recommends that affected users apply software updates as early as possible. Cisco confirmed that there are no workarounds that address this vulnerability.

Protect vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a Free Trial to ensure 100% security.


[ad_2]
Source link

Samsung to remain world’s largest smartphone company in 2023

0
[ad_1]

Despite falling short of its sales target, Samsung may remain the world’s largest smartphone company in 2023. According to the Korean media, the company is on track to ship over 220 million Galaxy smartphones this year, 50 million fewer than its original target. Shipments of its closest rival Apple may not exceed 210 million units, giving Samsung a narrow victory.

Samsung to retain title of world’s largest smartphone company

Samsung has led annual smartphone sales charts for the past several years. Many companies came close but couldn’t dethrone the Korean firm from the top spot. It hasn’t enjoyed the same success in the market this year as it did in the past but Samsung may still come out at the top. The company reportedly sold 60 million smartphones in the first quarter of 2023, 53 million in the second quarter, and 59 million in the third quarter.

The shipment figures add up to 172 million in the first three quarters of the year. Samsung’s smartphone shipments in the fourth quarter are usually lower than in the third quarter and it will be no different this year. However, even if it ships around 50 million smartphones in the final three months of 2023, it will end up with an annual sales volume of more than 220 million. With 59 million shipments in Q4, the total will cross 230 million.

Apple, which launched the iPhone 15 series in September, will top the chart for the fourth quarter. However, for the full year, its total iPhone shipments may not reach Samsung’s Galaxy shipment volume. The company is expected to sell 200-210 million iPhones this year, The Elec reports. The report doesn’t talk about the shipments of Xiaomi, Oppo, and Vivo, the other three largest smartphone companies.

Samsung fails to achieve its sales target

Samsung may come out on top of the annual smartphone sales chart for another year but it’s failing to achieve its target this year. Back in October 2022, the Korean media reported that the company is expecting to sell around 270 million smartphones in 2023. Overall production volume was reported to cross 290 million.

However, it’s falling short of that target by a huge margin. With 220 million shipments, 2023 may be the worst year for Samsung’s smartphone division in a long time. Its shipment volume has been dipping consistently since peaking in 2017 when it sold 320 million smartphones globally. The company has yet to reach pre-COVID levels (sold 295 million Galaxy phones in 2019) in four years after the pandemic. Time will tell what 2024 has in store for Samsung.


[ad_2]
Source link

3nm Snapdragon 8 Gen 4 & Dimensity 9400 coming next year

0
[ad_1]

A well-known tipster has just confirmed that both the Snapdragon 8 Gen 4 and MediaTek Dimensity 9400 will be based on a 3nm manufacturing process. Both of those chips are set to launch next year.

The Snapdragon 8 Gen 4 & Dimensity 9400 will be made using a 3nm process

This information comes from Digital Chat Station, one of the most prominent tipsters from China. He also revealed that the Snapdragon 8 Gen 4 no longer has an ARM version. It will use the self-developed Oryon core.

The MediaTek Dimensity 9300 is set to launch in four days, on November 6. The Snapdragon 8 Gen 3, on the other hand, was announced last month. The Snapdragon 8 Gen 3 does seem to be a great chip on paper, actually.

It is made using a 4nm process, and is 30% more powerful than its predecessor. It is also 20% more power efficient than the Snapdragon 8 Gen 2. On top of that, it has a 25% more powerful GPU, and 40% better Ray Tracing.

The Snapdragon 8 Gen 3 has a lot to offer

That chip also supports 8K external display support, and has Unreal Engine 5 support with a Lumen lighting system. Those are only some of the improvements Qualcomm brought to the table.

The MediaTek Dimensity 9300, on the other hand, will be immensely powerful, based on everything we’ve seen thus far. It will also be a 4nm process. The heat that it produces is rumored to be an issue, though, but it remains to be seen.

We still don’t have any details on the Snapdragon 8 Gen 4 or Dimensity 9400, other than what the tipster shared. Both of those chips are expected to arrive in Q4 next year, so there’s still plenty of time before that happens. A lot more info will surface before then, that’s for sure.


[ad_2]
Source link

Boeing Confirms Cyberattack Amid Lockbit Ransomware Gang Claims

0
[ad_1]

Boeing mentioned that the cyberattack primarily affected its information systems, particularly within its parts business. However, the company did not confirm whether it was a ransomware attack or it paid a ransom to Lockbit.

Boeing confirmed on November 2, 2023, that it was the target of a cyberattack that occurred in late October 2023. The attack affected some of Boeing’s information systems, mainly in its parts business. Boeing is actively working with law enforcement and cybersecurity experts to investigate the incident and recover any impacted data.

The acknowledgement came after the Lockbit ransomware group claimed responsibility for a ransomware attack on Boeing a few days earlier. The Lockbit group is known for encrypting a victim’s data and demanding ransom for decryption. They had mentioned Boeing as their new target on their dark web blog but later removed the post, suggesting negotiations were underway.

Boeing listed as a victim on LockBit’s dark web site. – Screenshot credit: vx-underground

Speculation arose about whether Boeing was actually breached by the group. Some experts, like Jon DiMaggio, suggested that the LockBit Group might be in decline or compromised, but Boeing’s confirmation indicates the group is still active.

While discussing the LockBit ransomware group, vx-underground, an online repository for malware samples tweeted that, “Lockbit is not simply a group of individuals operating from a basement. They consist of administrators, developers, money launderers, and notably collaborate with affiliates and other threat groups.”

Ironically, the cyberattack on Boeing occurred just after the US announced an alliance of 40 countries to combat ransomware threats, emphasizing a stance against paying ransom to threat actors.

Boeing has not disclosed whether a ransom was paid. However, the company assured that it is working to restore affected systems without disrupting its business operations.

William Wright, CEO of Closed Door Security, suggested the cyberattack might have exploited a zero-day vulnerability. He stressed the importance of Boeing conducting thorough forensics into the attack promptly.

“Based on the information available, it looks like the incident was executed via a zero-day vulnerability. Which vulnerability remains to be seen, and we also don’t know if other criminal gangs are actively exploiting it as well,” Wright argued. “The sooner Boeing carries out its forensics into the attack the better.”

The story is still developing, so expect more updates soon. However, at the time of publishing this article, Boeing’s parts and distribution domain was offline due to technical issues.

Screenshot credit: Hackread.com

This incident isn’t the first time Boeing faced a cyber attack. In March 2018, a malware attack introduced the notorious WannaCry ransomware. In March 2020, the DoppelPaymer ransomware targeted several prominent companies, including SpaceX, Tesla, and a parts manufacturer associated with Boeing.

  1. Bangkok Airways hit by Lockbit ransomware; leaks 103GB of data
  2. Accenture claims to fight off LockBit ransomware gang with backup
  3. LockBit ransomware gang blames victim for DDoS attack on its website
  4. LockBit 3.0 Posts Dubious Claims of Breaching Darktrace Cybersecurity Firm
  5. Cyber Security Giant Mandiant Denies Hacking Claims By LockBit Ransomware

[ad_2]
Source link

Flipper Zero-style BLE spoofing brought to Android with new app

0
[ad_1]

A new Android app that can emulate Flipper Zero BLE advertisement spoofing has emerged. This technology, previously prevalent among Apple devices, has now found its way into the Android platform. At the heart of this attack lies Bluetooth Low Energy (BLE), a wireless communication protocol designed for low-power, short-range connections between devices.

BLE is made for devices with strict power requirements

BLE is tailor-made for devices with strict power requirements, such as fitness trackers and other devices that don’t involve audio and video transmission. In contrast, Bluetooth Classic primarily serves high-bandwidth communication needs, like audio and video.

BLE-enabled devices need to establish communication channels to exchange data. Your smartphone, acting as the central device, actively seeks advertisements from other devices interested in connecting. BLE-enabled peripherals broadcast advertisements in search of a connecting device. BLE advertisements primarily serve the purpose of device discovery, helping devices find and identify each other. They can also initiate connections between devices, allowing for data exchange or other interactions.

Enter the Flipper Zero, a versatile and programmable device designed for security and hacking enthusiasts. It features multiple functions including an RFID reader, signal transmitter, and microcontroller, enabling it to interact with various electronic systems. Notably, it also features BLE advertising capabilities.

Apple uses Bluetooth Low Energy (BLE) to enable devices to communicate within a certain proximity of each other. When devices are nearby, a pop-up appears, prompting the user to accept or deny the connection. A hacker could perform BLE spoofing by posing as an Apple device and sending requests to nearby devices in a crowded area. These requests trigger pop-ups on nearby devices, potentially tricking users into sharing their credentials.

The Flipper Zero’s capabilities are impressive and greatly simplify the process of spoofing BLE requests. Surprisingly, you don’t even need this specific device; a Raspberry Pi equipped with a Linux Bluetooth adapter and a portable battery can achieve the same results.

It is now possible to perform BLE spoofing directly from an Android app

A new Android app allows users to spoof BLE requests directly from their smartphones, eliminating the need for specialized hardware like the Flipper Zero or Raspberry Pi. Similar to the Flipper Zero’s abilities, this app broadcasts connection requests at specific intervals.

While the Android SDK supports BLE attacks, it comes with limitations, particularly in terms of the attack range when compared to the Flipper Zero. Reports have emerged that Bluetooth-connected mice and keyboards, essential peripherals, become unresponsive when bombarded with spam broadcasts. The most concerning aspect of this development is that the new app requires no hacking skills or prior knowledge. The app is still in development, but spoofing BLE requests is now almost foolproof.

As always, users should exercise caution when encountering BLE requests on their devices.


[ad_2]
Source link

News publications are pretty peeved about AI

0
[ad_1]

Right now, we’re all wary about AI’s effect on several industries. One industry that’s already feeling the effects is the news publication industry. Now, news publications say that AI violates copyright law, and there could be a case for legal action.

Normally, when you’d search for information on news topics in the past, you’d get a list of publications as search results that you can read. You read the articles and contribute the the publications’ ad revenue; the circle of life. However, search engines like Google and Bing now feed you AI-generated summaries of the stories you’re looking for.

What’s the point of clicking on a new article when the search engine just gave you the answer on a silver platter? Most people in the tech industry shy away from these results for fear of running into hallucinated results. However, the majority of the people who read these results aren’t as cautious.

News publications say that AI violated copyright law

We’re all still learning about the legal complexities surrounding AI. Can an AI violate copyright law (laws that were initially established for human beings)? If an LLM takes information from 10 sites and summarizes them in its own words, is that copyright infringement or just paraphrasing?

Squaring up against AI is a game of legal and ethical chess, and it’s only going to get more complicated. However, news publications are raising their concerns over AI. This technology has caused several news outlets to lose a ton of traffic due to AI. This affects larger news publications, but it also means doom for smaller publications just starting to get traffic.

According to Search Engine Land, a White Paper was submitted to the U.S. Copyright Office’s Artificial Intelligence Study. It outlines how AI being used to funnel generated news summaries constitutes a violation of copyright law.

It’s an extensive document with a ton of information, but the gist of it is how AI uses the already-written work from several news outlets and just reiterates this information in its summaries. This drives traffic away from the sites and impacts their revenue.

If news publications have a case for legal action, then we can expect a lengthy legal battle. This could be one of the first major legal battles over generative AI, and definitely not the last. We’ll need to wait for more information on this to be sure.


[ad_2]
Source link

Atlassian: “Take immediate action” to patch your Confluence Data Center and Server instances

0
[ad_1]

Atlassian has released an advisory about a critical severity authentication vulnerability in the Confluence Server and Data Center.

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Atlassian Cloud sites are not impacted by this vulnerability, so if your Confluence site is accessed via an atlassian.net domain, it is not vulnerable.

Fixes of Confluence Data Center and Server are available for the following versions:

  • 7.19.16 or later
  • 8.3.4 or later
  • 8.4.4 or later
  • 8.5.3 or later
  • 8.6.1 or later

Atlassian strongly advises you apply the patch, even for instances that are not exposed to the public internet.

Customers who are unable to immediately patch their Confluence Data Center and Server instances should back them up. Instances accessible over the public internet, including those with user authentication, should be restricted from external network access until they have been patched.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE patched in these updates is listed as:

CVE-2023-22518 (CVSS score 9.1 out of 10): a critical severity authentication vulnerability was discovered in the Confluence Server and Data Center. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data.

Atlassian has said it is unaware of any exploits. Other than that an attacker may bypass User Account Control (UAC) mechanisms to elevate process privileges on system there are no details available.

Atlassian CISO Bala Sathaimurthy stated:

“Confluence Data Center and Server customers are vulnerable to significant data loss if exploited by an unauthenticated attacker. There are no reports of active exploitation at this time; however, customers must take immediate action to protect their instances.”

Patching vulnerable Confluence servers is important, as cybercriminals have shown before that they make for an attractive target.


We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.


[ad_2]
Source link

New Nothing Phone (2) update brings widget changes & optimizations

0
[ad_1]

Nothing has started rolling out a new update for the Nothing Phone (2), Nothing OS 2.0.4. This update brings widget changes and various optimizations to the Nothing Phone (2), the company’s latest phone.

New Nothing Phone (2) delivers widget changes & various improvements

First and foremost, it’s worth saying that the Android security update for October is a part of the package here. In addition to that, some changes and improvements have been rolled out. Let’s first focus on what’s new, and we’ll talk about improvements later on.

Nothing has added a new Photos widget with this update. It allows you to display your favorite photos on your home or lock screen. The widget library interface has also been updated. It now displays Nothing widgets in categories.

On top of that, Nothing added the option to hide app icons in the app drawer. All you need to do is swipe right in the app drawer to reveal the hidden app icons.

That’s pretty much it when it comes to new stuff. In terms of improvements and bug fixes, well, there are several of them. Nothing made processing improvements for scenes with bright backlighting.

Some camera improvements are also included

On top of that, the company improved zoom consistency between previewed footage and captured footage. The speaker volume for “specific scenarios” has been improved too. Speaking of sound, it has been improved when simultaneously connecting to smartwatch and earbuds via Bluetooth.

That’s basically everything that Nothing listed in its changelog. This update weighs 87.14MB, and it is rolling out as we speak. It’s a staged rollout, though, of course, so keep that in mind. It’s coming, though not necessarily immediately.

The phone will let you know when an update is available. If not, you can always manually check. All you have to do is navigate to ‘Settings’, and then go to ‘System’ where you’ll notice the ‘System update’ submenu.

Nothing OS 2 0 4 Nothing Phone 2


[ad_2]
Source link

LinkedIn’s new AI job coach will help you summarize job listings

0
[ad_1]

Generative AI has quickly found its way into a lot of industries, ranging from music production to photo editing. Now, as part of its announcement of reaching a billion users, LinkedIn has introduced a new generative AI job coach aimed at assisting users in job applications.

Developed by Microsoft, the “job seeker coach” represents LinkedIn’s continued foray into the AI landscape, following a previous introduction of AI tools aimed at helping users craft more effective profiles. The primary objective of this coach is to offer AI-generated insights into the often lengthy and confusing job descriptions, assessing how well the role aligns with a user’s profile. However, it is important to note that the coach runs on OpenAI’s GPT-4 AI model and is exclusive to the Premium members.

How would the coach work?

When a user identifies a relevant job they wish to apply for but are uncertain about their suitability, they can ask questions to the AI, such as “Am I a good fit for this job?” or “How can I best position myself for this job?” The chatbot will then analyze both the job listing and the user’s profile to provide feedback and insights. Furthermore, the job coach can not only identify gaps in a person’s resume but can also help them connect with employees at the company.

“We had to build a lot of stuff on our end to work around that and to make this a snappy experience. When you’re having these conversational experiences, sometimes it’s almost like a search — you expect it to be instant. And so there’s real platform capabilities we had to develop to make that possible,” said Erran Berger, LinkedIn’s vice president of product engineering.

Concerns surrounding the AI

While AI can prove helpful for job seekers, previous implementations of such AIs have had a slew of concerns. For instance, when Amazon introduced its AI recruiting engine, biases within the system led to discriminatory practices against women and individuals from diverse ethnic backgrounds. However, when talking about this issue, Berger highlighted that they have invested substantial resources in upholding AI standards to ensure fairness and inclusivity.

“You couple that with our own AI models for matching jobs, again, which we’ve been doing for a long time, you get this super-personalized, equity-minded experience for our job seekers,” said Berger.


[ad_2]
Source link

Top 3 Cyber Threats That Attack Banks in 2023: Sandboxing Guide

0
[ad_1]

Bank robbers of today are nothing like their counterparts of the past. Modern-day Bonnie and Clyde operate remotely, carrying out their operations from hundreds of miles away, simply using their laptops. On top of that, every year, the barrier of entry for aspiring criminals is gradually getting lower, with malicious software becoming more accessible and cheaper. 

To effectively protect their infrastructure, financial institutions must prioritize attack prevention and timely detection of cyber threats. To this end, malware sandboxes are tools that can aid them in achieving these goals.

For Example, Recently, GBHackers reported that XWorm RAT (Remote Access Trojan), Sold Malware-as-a-Service, opens vast hacking opportunities.

What is a Malware Sandbox? 

A malware sandbox is an essential tool that offers users a secure and isolated environment for safely analyzing and evaluating malware. By executing malware within a sandbox, users can closely monitor its behavior and gain valuable insights into its functionality. It also makes it easier to gather indicators of compromise (IOCs), which are unique features of each piece of malware like file hashes, network signatures, and behavior patterns that can be used to identify and find it again.

Let’s take a closer look at the most common types of attacks against banks and what roles sandboxes can play in prevention and mitigation.

Ransomware 

Ransomware poses a significant threat to banks, with the ability to encrypt data and, thus, bring organizations’ operations to a complete halt. This not only causes financial losses but also damages the reputation of the institution.

One such example is LockBit, a notorious ransomware responsible for numerous bank attacks in the past year. Its sophisticated nature allows it to spread through entire networks, targeting Active Directory servers and infiltrating every corner of the organization.

While the average ransom demanded by the criminals behind LockBit is typically below $100,000, high-profile organizations like Royal Mail have been targeted with demands reaching millions of dollars

LockBit deployed in a malware sandbox

In the case of ransomware attacks, security experts can use malware sandboxes to safely execute any malicious program and observe its behavior without risking the actual network or data. This helps in understanding the propagation methods and identifying the actual weaknesses in the organization’s security infrastructure. 

Additionally, sandboxes are also useful for proactive security. For instance, the ANY.RUN sandbox offers real-time threat intelligence feeds that contain the latest IOCs collected from thousands of malicious files and URLs analyzed by ANY.RUN’s users in public mode. By using this service, banks can ensure timely detection of new threats.

Document
14 Days FREE Trial

Analyzing any suspicious attachment or URL in a free interactive malware sandbox like ANY.RUN can instantly provide you with a conclusive verdict.

Spear Phishing 

Email remains the most commonly exploited attack vector employed by threat actors. In this realm, one particular threat that poses a significant challenge to banks is spear phishing. Unlike traditional phishing attempts, spear phishing involves meticulous planning and a higher level of sophistication.

Attackers carefully craft targeted emails that appear genuine, with the intention of deceiving recipients within the company. These deceptive emails often contain attachments, which, when opened, can lead to the infection of the recipient’s computer with various types of malware.

To avoid falling victim to phishing campaigns, banks can introduce proper security measures, one of which can be the use of sandboxes. By uploading email attachments to a sandbox, it is possible to safely determine whether they are malicious or not.

At the same time, in many cases, attackers can employ various evasion techniques, including placing malware inside password-protected archives that automated sandboxing solutions may fail to analyze.

To overcome this limitation, services like ANY.RUN offer a fully interactive virtual machine environment. This allows for comprehensive investigation of files and links in a setup that closely resembles that of a regular computer, while ensuring safety from any potential harm.

Account Compromise 

Attackers also may attempt to gain access to bank employees’ accounts through fake web pages designed to trick unsuspecting users into entering their login credentials, which the attackers then capture and exploit.

Once inside, they can initiate fraudulent transactions, steal funds, or even manipulate account details to their advantage. The danger lies in the fact that these fake login screens appear genuine, often replicating the exact look and feel of the legitimate service.

An example of a fake login page deployed in ANY.RUN

Have a look at this example of a fake web page imitating the login screen of Microsoft Teams. Quite often, people find it challenging to differentiate between genuine and fraudulent websites, which unfortunately increases the chances of unsuspecting individuals becoming victims of such attacks.

In banking, if employees’ credentials are exposed to threat actors, it can lead to a wide range of problems, ranging from the theft of sensitive information to the infection of the organization’s key infrastructure. To avoid it, any suspicious link can be first checked by a malware sandbox.

Conclusion

To effectively defend against cyber attacks and ensure prompt detection, banks must implement a robust multi-layer defense system. An essential component of this system is sandboxing. By analyzing malware in a secure environment, organizations can acquire vital intelligence to safeguard their infrastructure. 

Discover how the ANY.RUN sandbox can enhance your organization’s security posture with a 14-day free trial that offers Windows 10 and 11 VMs, a private space for your team, extensive set of analysis tools, and comprehensive reports with IOCs and configs. 


[ad_2]
Source link