FortiGuard Labs has recently observed a detection spike in DVR Authentication Bypass Vulnerability (CVE-2018-9995). This indicates that attackers tried to exploit the vulnerability potentially resulting in attackers gaining unauthorized access to vulnerable DVR devices.Why is this Significant?This is significant because FortiGuard Labs has recently observed increased exploit attempts for unpatched TBK DVR4104 and DVR4216 Digital Video Recorder (DVR) devices as well as rebranded devices. Proof-of-Concept (PoC) code is readily available, and the vulnerability is trivial to exploit.What is CVE-2018-9995?CVE-2018-9995 is an authentication bypass vulnerability that affects DVR4104 and DVR4216 manufactured by TBK and their rebranded devices. The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted HTTP cookie. A remote attacker may be able to exploit this to bypass authentication and obtain administrative access.CVE-2018-9995 has a CVSS basic score of 9.8 and is rated critical by NIST.Has the Vendor Released an Advisory for CVE-2018-9995?FortiGuard Labs is not aware of a vendor advisory.Has the Vendor Released a Patch for CVE-2018-9995?FortiGuard Labs is not aware of a vendor patch for CVE-2018-9995.What is the Status of Protection?FortiGuard Labs has the following IPS signature in place for CVE-2018-9995:DVR.Cookie.Authentication.BypassAny Suggested Mitigation?Configure DVR’s management interface to be accessible only from trusted IPs.
Daily Archives: May 1, 2023
Exploitation Spike Observed for Ruckus Wireless Admin RCE Vulnerability (CVE-2023-25717)
FortiGuard Labs has recently observed a spike in our detection for the Ruckus Wireless Admin RCE vulnerability (CVE-2023-25717). Ruckus Wireless Admin version 10.4 and earlier are vulnerable affecting multiple Ruckus wireless Access Point (AP) devices. Successful exploitation could result in total compromise of the vulnerable devices.Why is this Significant?This is significant because Fortinet telemetry indicates the Ruckus Wireless Admin RCE Vulnerability (CVE-2023-25717) is being exploited in the wild, potentially resulting in attackers taking control of the vulnerable Ruckus wireless AP devices. Also, Proof-of-Concept (PoC) code is publicly available. As such, a patch should be applied as soon as possible.What is CVE-2023-25717?CVE-2023-25717 is a Remote Code Execution vulnerability that affects Ruckus Wireless Admin version 10.4 and earlier. The advisory published by Ruckus lists multiple wireless Access Point (AP) devices that are susceptible to the vulnerability. Successful exploitation could result in total compromise of the vulnerable devices.The vulnerability is due to improper handling of a crafted HTTP request. A remote authenticated attacker could exploit the vulnerability by sending crafted HTTP requests to the target server. Successful exploitation could result in total compromise of the affected devices. The vulnerability has a CVSS base score of 9.8.Has the Vendor Released an Advisory for CVE-2023-25717?Yes. Please refer to the Appendix for a link to “Security Bulletin 20230208”.Has the Vendor Released a Patch for CVE-2023-25717?Yes, a vendor patch is available.Which Ruckus Devices are Vulnerable to CVE-2023-25717?The list of affected devices is available in the vendor advisory. Please refer to the Appendix for a link to “Security Bulletin 20230208”.What is the Status of the Protection?FortiGuard Labs released the following IPS signature in version 23.531 for CVE-2023-25717:Ruckus.Wireless.Admin.Remote.Code.Execution (default action is set to “pass”)
Critical Infrastructure Organizations Compromised through Trojanized X_Trader Software
FortiGuard Labs is aware of reports that several organizations worldwide downloaded and installed trojanized versions of X_Trader software, which is believed to be the infection vector of the 3CX breach. Some of the reported victims are in critical infrastructure sectors in the United States and Europe. The malicious installers deployed the Veiledsignal backdoor to targeted machines.Why is this Significant?This is significant because several unnamed organizations worldwide, including those in critical infrastructure sector, downloaded and installed malicious versions of the X_Trader software believed to be the attack vector used in the recent 3CX incident. The infection allowed the alleged attacker Lazarus, the infamous North Korean threat actor, to have backdoor access to affected organizations through the deployed Veiledsignal malware.X_Trader software is a trading platform developed by Trading Technologies. How did the Attack Occur?Reports indicate that the trojanized versions of X_Trader software installers were hosted on the official Trading Technologies Web site, which appears to have been compromised in early 2022. CVE-2022-0609 (Use After Free Vulnerability in Google Chrome). was reportedly leveraged in the compromise. The malicious installers are digitally signed using a Trading Technologies’ signing certificate. There is no indication that the installers were actively distributed, rather they had to be manually downloaded and installed.Once the installers are executed, they copy the legitimate X_Trader executable and drop two malicious DLLs that are then sideloaded by the executable. One DLL acts as a loader of the other DLL containing Veiledsignal backdoor payload.Veiledsignal backdoor injects a module into the Chrome, Firefox, or Edge web browsers, which connects to the attacker’s C2 (Command-and-Control) server for commands.What is the Status of Protection?FortiGuard Labs has the following AV signatures in place for the known available trojanized X_Trader installers:Riskware/NukeSpedW32/Sphone_XC3.Q!trFortiGuard Labs has the following AV signatures in place for other known available files used in the attack:W64/NukeSped.PB!trRiskware/NukeSpedW64/BURNTCIGAR.84DB!trW64/ShellcodeRunner.KZ!trW32/Kryptik.F5ED!trW32/Shellcode.RDI!trW64/Agent.203F!trW32/PossibleThreatC2 of of the Veiledsignal backdoor is blocked by Webfiltering.FortiGuard Labs has the following IPS signature in place for CVE-2022-0609:Google.Chrome.UpdateAnimationTiming.Use.After.Free
ChatGPT returns to Italy after OpenAI tweaks privacy disclosures, controls
ChatGPT is again available to users in Italy, after being temporarily banned by the country’s data privacy authority for possible violations of the EU’s General Data Protection Regulation (GDPR).
Italy’s Guarantor for the Protection of Personal Data announced the reinstatement of ChatGPT Friday, after Microsoft-backed OpenAI, the creator of the generative AI service, made changes requested by the government body.
USN-6052-1: Linux kernel vulnerability
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel did not properly perform filter deactivation in some
situations. A local attacker could possibly use this to gain elevated
privileges. Please note that with the fix for this CVE, kernel support for
the TCINDEX classifier has been removed.
USN-6051-1: Linux kernel vulnerabilities
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel did not properly perform filter deactivation in some
situations. A local attacker could possibly use this to gain elevated
privileges. Please note that with the fix for this CVE, kernel support for
the TCINDEX classifier has been removed. (CVE-2023-1829)
It was discovered that a race condition existed in the io_uring subsystem
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1872)
Is misinformation the newest malware?
Misinformation and cybersecurity incidents have become the top scourges of the modern digital era. Rarely does a day go by without significant news of a damaging misinformation threat, a ransomware attack, or another malicious cyber incident.
As both types of threats escalate and frequently appear simultaneously in threat actors’ campaigns, the lines between the two are getting fuzzy. At this year’s RSA Conference, information security experts appeared on a panel entitled “Misinformation Is the New Malware” to hammer out the distinctions.
The role of AI in healthcare: Revolutionizing the healthcare industry
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Introduction
Artificial Intelligence (AI) is the mimicry of certain aspects of human behaviour such as language processing and decision-making using Large Language Models (LLMs) and Natural Language Processing (NLP).
LLMs are specific type of AI that analyse and generate natural language using deep learning algorithms. AI programs are made to think like humans and mimic their actions without being biased or influenced by emotions.
LLMs provide systems to process large data sets and provide a clearer view of the task at hand. AI can be used to identify patterns, analyse data, and make predictions based on the data provided to them. It can be used as chatbots, virtual assistants, language translation and image processing systems as well.
Some major AI providers are ChatGPT by Open AI, Bard by Google, Bing AI by Microsoft and Watson AI by IBM. AI has the potential to revolutionize various industries including transportation, finance, healthcare and more by making fast, accurate and informed decisions with the help of large datasets. In this article we will talk about certain applications of AI in healthcare.
Applications of AI in healthcare
There are several applications of AI that have been implemented in healthcare sector which has proven quite successful.
Some examples are:
Medical imaging: AI algorithms are being used to analyse medical images such as x-ray, MRI scans and CT scans. AI algorithms can help radiologists identify abnormalities – assisting radiologists to make more accurate diagnoses. For example, Google’s AI powered Deepmind has shown similar accuracy when compared to human radiologists in identifying breast cancer.
Personalised medicine: AI can be used to generate insights on biomarkers, genetic information, allergies, and psychological evaluations to personalise the best course of treatment for patients.
This data can be used to predict how the patient will react to various courses of treatment for a certain condition. This can minimize adverse reactions and reduce the costs of unnecessary or expensive treatment options. Similarly, it can be used to treat genetic disorders with personalised treatment plans. For example, Deep Genomics is a company using AI systems to develop personalised treatments for genetic disorders.
Disease diagnosis: AI systems can be used to analyse patient data including medical history and test results to make more accurate and early diagnosis of life-threatening conditions like cancer. For example, Pfizer has collaborated with different AI based services to diagnose ailments and IBM Watson uses NLP and machine learning algorithms for oncology in developing treatment plans for cancer patients.
Drug discovery: AI can be used in R&D for drug discovery, making the process faster. AI can remove certain constraints present in drug discovery processes for novel chronic diseases. It can lead to saving millions of patients worldwide with a sped-up process, making it both cost and time efficient.
Per McKinsey research, there are around 270 companies working in AI-driven discovery with around 50% situated in the US. In addition, they have identified Southeast Asia and Western Europe as emerging hubs in this space. For example, Merck & Co. are working to develop a new treatment with the help of AI for Alzheimer’s.
What to expect in the future
We are seeing a revolution in the field of Machine Learning and AI happen in the past few years. Now we have LLMs and Image Processing Systems which can be used for faster, more efficient and prioritized results to make decisions more accurately and provide the best possible patient care.
Properly trained AIs are not biased – it’s important to develop these AI systems ethically. The efficiency of these systems depends on specific application and implementation.
AI systems can be biased if they are trained on biased data, so it is important to ensure that the data these models are trained on is diverse and representative. Implementation of AI in healthcare is still in early stages in drug discovery and it’ll see a continued growth going forward.
USN-6050-1: Git vulnerabilities
It was discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to overwriting some paths.
(CVE-2023-25652)
Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly
handled some gettext machinery. An attacker could possibly use this issue
to allows the malicious placement of crafted messages. (CVE-2023-25815)
André Baptista and Vítor Pinho discovered that Git incorrectly handled
certain configurations. An attacker could possibly use this issue
to arbitrary configuration injection. (CVE-2023-29007)
The hidden security risks in tech layoffs and how to mitigate them
In the shadowy corners of the tech world, there are plenty of stories of admins locking organizations out of their own IT environment, greedy employees selling data, or security engineers backdooring the network. The motivations for these acts can touch on anything from financial gain to revenge, and the consequences are generally disastrous for everyone involved.
The recent tech layoffs that have swept across various industries have only heightened the phenomenon. “Very large organizations only need one poorly vetted and treated [employee] to inflict a lot of harm,” says Frank Price, CTO of CyberGRX, a company that helps organizations manage, monitor, and mitigate risk in their partner ecosystems.