Cisco scored just 3% of organizations as having a ‘mature’ level of readiness to cyber threats, a significant decline from the previous year

Read More

It’s pretty devastating:

Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries. By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it.

Dormakaba says that it’s been working since early last year to make hotels that use Saflok aware of their security flaws and to help them fix or replace the vulnerable locks. For many of the Saflok systems sold in the last eight years, there’s no hardware replacement necessary for each individual lock. Instead, hotels will only need to update or replace the front desk management system and have a technician carry out a relatively quick reprogramming of each lock, door by door. Wouters and Carroll say they were nonetheless told by Dormakaba that, as of this month, only 36 percent of installed Safloks have been updated. Given that the locks aren’t connected to the internet and some older locks will still need a hardware upgrade, they say the full fix will still likely take months longer to roll out, at the very least. Some older installations may take years.

If ever. My guess is that for many locks, this is a permanent vulnerability.

Read More

Palo Alto Networks’ Unit 42 observed two Chinese-affiliated APT groups recently conducting cyber espionage campaigns targeting ASEAN organizations

Read More

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

Beyond its fundamental port scanning capabilities, Nmap offers a suite of advanced techniques designed to uncover vulnerabilities, bypass security measures, and gather valuable insights about target systems. Let’s take a look at these techniques:

1. Vulnerability Detection

Syntax: nmap -sV –script=vulners

Nmap’s vulnerability detection feature, facilitated by the ‘vulners’ script, enables users to identify outdated services susceptible to known security vulnerabilities. By querying a comprehensive vulnerability database, Nmap provides valuable insights into potential weaknesses within target systems.

2. Idle Scanning

Syntax: nmap -sI

Idle scanning represents a stealthy approach to port scanning, leveraging a “zombie” host to obfuscate the origin of scan requests. By monitoring changes in the zombie host’s IP identification number (IP ID) in response to packets sent to the target, Nmap infers the state of the target’s ports without direct interaction.

3. Firewall Testing (Source Port Spoofing)

Syntax: nmap –source-port

This technique involves testing firewall rules by sending packets with unusual source ports. By spoofing the source port, security professionals can evaluate the effectiveness of firewall configurations and identify potential weaknesses in network defenses.

4. Service-Specific Probes (SMB Example)

Syntax: nmap -sV -p 139,445 –script=smb-vuln*

Nmap’s service-specific probes enable detailed examination of services, such as the Server Message Block (SMB) protocol commonly used in Windows environments. By leveraging specialized scripts, analysts can identify vulnerabilities and assess the security posture of target systems.

5. Web Application Scanning (HTTP title grab)

Syntax: nmap -sV -p 80 –script=http-title

Web application scanning with Nmap allows users to gather information about web servers, potentially aiding in vulnerability identification and exploitation.

By analyzing HTTP response headers, Nmap extracts valuable insights about target web applications and server configurations.

Nmap Scripting Engine:

One of the standout features of Nmap is its robust scripting engine (NSE), which allows users to extend the tool’s functionality through custom scripts and plugins. NSE scripts enable users to automate tasks, perform specialized scans, gather additional information, and even exploit vulnerabilities in target systems.

nmap –script-help scriptname Shows help about scripts. For each script matching the given specification, Nmap prints the script name, its categories, and its description. The specifications are the same as those accepted by –script; so, for example if you want help about the ssl-enum-ciphers script, you would run nmap –script-help ssl-enum-ciphers

Users can leverage existing NSE scripts or develop custom scripts tailored to their specific requirements. For example, to perform a web vulnerability scan using Nmap’s NSE, one might use the following command:

Syntax: nmap –script http-vuln-* target_ip

Nmap’s advanced techniques represent a sophisticated toolkit for network reconnaissance and vulnerability assessment. From uncovering outdated services to bypassing security measures, these techniques empower security professionals to assess and protect network infrastructures effectively. However, it is imperative to use these techniques responsibly and ethically, ensuring compliance with legal and ethical guidelines. By mastering Nmap’s advanced capabilities, security professionals can enhance their ability to detect and mitigate potential threats, thereby strengthening the overall security posture of networked environments. As the cybersecurity landscape continues to evolve, Nmap remains a steadfast companion in the ongoing battle against emerging threats and vulnerabilities.

Read More

British police have swooped on 400 fraud suspects and seized £19m

Read More