BU-CERT – Page 6 – Bournemouth University Computer Emergency Response Team

CISA ADDS CISCO NX-OS COMMAND INJECTION BUG TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Posted on 8 July 2024

From securityaffairs.com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco NX-OS Command Injection Vulnerability, tracked as CVE-2024-20399, to its Known Exploited Vulnerabilities (KEV) catalog.

This week, Cisco addressed an NX-OS zero-day, tracked as CVE-2024-20399 (CVSS score of 6.0), that the China-linked group Velvet Ant exploited to deploy previously unknown malware as root on vulnerable switches.

The flaw resides in the CLI of Cisco NX-OS Software, an authenticated, local attacker can exploit the flaw to execute arbitrary commands as root on the underlying operating system of an affected device.

“This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command.” reads the advisory published by Cisco. “A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.”

Selfie-based authentication raises eyebrows among infosec experts

Posted on 8 July 2024

From theregister.com

The use of selfies to verify identity online is an emerging trend in some parts of the world since the pandemic forced more business to go digital. Some banks – and even governments – have begun requiring live images over Zoom or similar in order to participate in the modern economy. The question must be asked, though: is it cyber smart?

Just last Monday the Southeast Asian nation of Vietnam began requiring face scans on phone banking apps as proof of identity for all digital transactions of around $400 and above.

The nation’s residents are not able to opt out of the banking rules, despite Vietnam regularly finding itself ranked poorly when it comes to internet privacy or cyber security.

Local media has weighed in to suggest that selfies will not improve security. And just days into the new regime, some apps have already been called out for accepting still photos instead of a live image of the individual.

How MFA Failures are Fueling a 500% Surge in Ransomware Losses

Posted on 2 July 2024

From thehackernews.com

The cybersecurity threat landscape has witnessed a dramatic and alarming rise in the average ransomware payment, an increase exceeding 500%. Sophos, a global leader in cybersecurity, revealed in its annual “State of Ransomware 2024” report that the average ransom payment has increased 500% in the last year with organizations that paid a ransom reporting an average payment of $2 million, up from $400,000 in 2023. Separately, RISK & INSURANCE, a leading media source for the insurance industry reported recently that in 2023 the median ransom demand soared to $20 million in 2023 from $1.4 million in 2022, and payment skyrocketed to $6.5 million in 2023 from $335,000 in 2022, much more than 500%.

CapraRAT Mimics As Popular Android Apps Attacking Android Users

Posted on 2 July 2024

From gbhackers.com

Transparent Tribe (aka APT36) has been active since 2016, focusing on social engineering strategies to target Indian government and military personnel.

The CapraTube campaign of Transparent Tribe (aka APT36) was revealed in September 2023, in which threat actors employed weaponized Android apps posing as YouTube, mostly in dating scenarios.

Cybersecurity researchers at SentinelLabs recently discovered that the CapraRAT has been mimicking popular Android apps by attacking Android users.

These latest actions imply complex but relatively increased spyware conformity with older and modern versions of Android, revealing the group’s adaptability and continuous drive to widen its attack surface against Indian targets.

From the SOC to Everyday Success: Data-Driven Life Lessons from a Security Analyst

Posted on 2 July 2024

From securityweek.com

Many of you have likely noticed that I enjoy looking for life lessons in the real-world that we can apply to the challenges we face in the security domain. In this piece, I’d like to take the opposite approach. I’d like to try and take the lessons I learned during my time as a security analyst working in various Security Operations Centers (SOCs) and apply them to life. My reason for this is simple. I believe that as security professionals, the healthier and happier we are, the better able we are to protect our respective organizations.

In particular, I’d like to focus on the strong data-driven approach adopted by the teams I was fortunate enough to be a part of. I think that the timing is particularly good. Why? Unfortunately, it seems that we as a society are slowly losing our respect for truth and facts, and at the same time, we seem to be becoming aware of an epidemic of narcissism that is well underway. That lies and opinions are so readily accepted as truth is extremely dangerous. More troubling still are the behaviors and actions that are justified based upon them.

US Supreme Court Sidesteps Decision On Social Media Laws

Posted on 2 July 2024

From silicon.co.uk

US Supreme Court throws out lower court decisions on Florida, Texas laws imposing social media regulation, demands more research

The US Supreme Court has thrown out two separate decisions by lower courts involving social media censorship laws in Florida and Texas and told the lower courts to conduct further analysis.

In the decision on Monday, the last day of the top court’s session that began in October, judges said lower courts had not adequately addressed the First Amendment speech implications of the 2021 laws.

Passwordless Authentication

Posted on 2 July 2024

From cpl.thalesgroup.com

What is passwordless authentication?

Passwordless authentication offers users a way to verify themselves while not having to remember or manually type passwords. This provides stronger security and fewer breaches.

How does passwordless authentication work?

Passwordless Authentication and SSO (Single Sign On) Solutions with SafeNet Trusted Access and Authentication as a Service:

Quickly remove passwords from authentication and SSO flows via easy-to-use conditional access policies
Using a combination of Push OTP and Biometric PIN or Push OTP and PIN
- Support Windows 10, iOS & Android platforms with SafeNet MobilePASS+
- Use Biometric verification with facial recognition or fingerprint authentication to access a token on an iOS, Android or Windows 10 device
Support FIDO2 standard with FIDO2 certified devices on any SSO platform
Address digital signature and email encryption, physical access use cases with Certificate based PKI authenticators, USB or Smart Cards
Support Voice authentication where a 3rd Party SMS provider translates SMS OTP to voice audio