Vraj Patel

Vulnerability within WPA 2

December 7, 2020 by Vraj Patel Leave a Comment

Cybersecurity researchers has found an high-severity hardware vulnerability in the widely-used Wi-Fi chip manufactured by Broadcom and Cypress. The vulnerability is called Kr00k an has CVE number CVE-2019-15126. It allows an attacker to remote intercept and decrypt some of the wireless network packets. The attacker doesn’t have to be connected to the same network as the victim. Attacker can communicate to the victims device through the vulnerability within the Wi-Fi chip using WPA 2-Personal or WPA2-Enterprise protocols. Researchers at ESET has said that devices such as “Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to Kr00k”.

References:

Kumar, M. 2020. New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices. Retrieved from: https://thehackernews.com/2020/02/kr00k-wifi-encryption-flaw.html

Spear-phishing Attack on Companies Involved in Covid-19 Vaccine Distribution

December 7, 2020 by Vraj Patel Leave a Comment

Hackers are targeting companies that are involved in distributing an Covid-19 Vaccines. Accordingly to a new research the attackers are performing an spear-phishing attack the organizations that are distributing Covid-19 vaccines since September 2020. IBM Security X-Force researchers said that the attacks are being aimed at vaccine cold chain. The companies are responsible for storing and delivering vaccines at a safe temperatures.

The US Cybersecurity and Infrastructure Security Agency (CISA) has also issued an alert informing an organizations that are involved in storing and delivering Covid-19 vaccines to review the indicator of compromise and increase their defenses. It has been unclear if there were any of the phishing attacks were successful. IBM has said that the attackers are trying to steal an credential for the companies to get access of their network and get unauthorized access to the sensitive information regarding to the Covid-19 vaccines.

References:

Lakshmanan, R. 2020. Hackers Targeting Companies Involved in Covid-19 Vaccine Distribution. Retrieved from: https://thehackernews.com/2020/12/hackers-targeting-companies-involved-in.html

Security flaw in WPA 3

December 3, 2020 by Vraj Patel Leave a Comment

Researchers has found vulnerabilities in WPA 3 that could be used by an attackers to gain the password for the Wi-Fi (Khandelwal, 2019). WPA is used to authenticate the device using a AES (Advanced Encryption Standards) protocol. It is being designed to prevent attackers from performing eavesdropping attack on wireless data. WAP 3 has been designed to b secure than WPA 2. WPA 3 uses a more secure handshake than WAP 2. Which is known as Dragonfly. It aim is to protect the Wi-Fi network from an offline directory attack. There are two types of attack that can be performed: downgrade attack and second to side channel leaks.

References:

Khandelwal, S. 2019. Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password. Retrieved from: https://thehackernews.com/2019/04/wpa3-hack-wifi-password.html

Zoom Credentials

November 17, 2020 by Vraj Patel Leave a Comment

Researcher at Cyble cyber security firm were able to find more that 500,000 credentials for zoom account on the dark web (Hamilton, 2020). Cyble stated that there were many account credentials that they were able to purchase it for less then a penny and other were just available publicly.

Cyble said that they were able to purchase around 530,000 Zoom account credentials as well as the meeting URLS and the host key. There were many account that belonged to the Chase and Citibank and there were couple for the education institutions.

References:

Hamilton, I. 2020. Researchers found and bought more than 500,000 Zoom passwords on the dark web for less than a cent each. Retrieved from: https://www.businessinsider.com/500000-zoom-accounts-sale-dark-web-2020-4

Credential Staffing Attack on The North Face

November 17, 2020 by Vraj Patel Leave a Comment

The North Face has reset all of their users passwords from their website after an attacker lunched a credential staffing attack. On Oct 9th the company has notified their customers regarding the unusual activity on their website.

Credential attack is accomplished by using a credential that were being compromised in the other data breaches and using those credentials to log in to other websites. Accordingly to the article, attacker were able to access to information saved within the account which of the account they were able to access it. The information they could have access is the billing address, shipping address, first and last name, email address, birthday, and phone number. Company does not hold any of the payment information on the portal which the customer has access to which means the attacker was not able to access the payment information such as debit/credit card number, CVV, or the expiration date.

References:

O’Donnell, L. 2020. Credential-Stuffing Attack Hits The North Face. Retrieved from: https://threatpost.com/credential-stuffing-attack-north-face/161190/

Accessing Google User’s Account Information using GHunt

November 2, 2020 by Vraj Patel Leave a Comment

GHunt is an open-source intelligence (OSINT) tool which can be used to explore the data that are created by the Google account (Pritchard, 2020). GHunt is an OSINT tool which uses an open source information to compile data of a user identities and activities. GHunt can be used to analyze the uses data by just having the users email address. GHunt can extract the users name, YouTube channel, and other Google Services.

GHunt tool was being developed by Thomas Hertzog. GHunt can be used by white hat and penetration tester to find out if the email address found during an testing can leak any other information. Individual and business can use this tool to identify how much of their information is available publicly.

References:

Pritchard, S. 2020. GHunt OSINT tool sniffs out Google users’ account information using just their email address. Retrived from: https://portswigger.net/daily-swig/ghunt-osint-tool-sniffs-out-google-users-account-information-using-just-their-email-address

Credential Stuffing Attacks

October 27, 2020 by Vraj Patel Leave a Comment

Credential stuffing attack is an form of an attack with uses the stolen username/password from one website and uses those credentials to login to other websites. Attackers uses an specific tools to send the stolen credentials from one website to other websites. This types of attacks are successful to gain access of other’s accounts since there are many people that uses an same credential for multiple websites.

Credential stuffing attack work by attacker first gaining access to the credential from the previous data breach. Then the attacker uses an specific software to inject those and other hundred or thousands of credentials to targeted websites. Once the attacker is able to obtain the access to the users account attacker would be able to get all the personal information of the user that is being saved on that account.

There are many ways to save your accounts from this credential stuffing attack. One of the way to protect the account is by using different password on all of the accounts. Another way to protect the account from this attack is to use the multi-factor authentication.

Reference:

Bannister, A. 2020. Credential stuffing attacks: How to protect your accounts from being compromised. Retrieved from: https://portswigger.net/daily-swig/credential-stuffing-attacks-how-to-protect-your-accounts-from-being-compromised

Vulnerabilities in Apple’s web Domain

October 10, 2020 by Vraj Patel Leave a Comment

Researcher at Apple has discovered 55 vulnerabilities in Apple’s web domain (Haworth, 2020). Research spent three months at Apple to discover the vulnerabilities and during the research they have found 11 critical bugs, 29 high severity, 13 medium, and 2 low severities bugs. The most critical bug that was found was able to executed remotely. It was also capable of storing a cross-site scripting that would have compromised customer’s iCloud accounts. Researcher were able to also access Apple’s internal projects sources codes. Accordingly to the article, most of the majority bugs has been fixed by the Apple (Haworth, 2020). The research were able to compromise the Apple Distinguished Educator (ADE) program using the bug that was able to executed remotely. The ADE program assigned an default password which then was used to perform an brutal force attack on other accounts and research were able to get access to an admin account. Which allowed them an access to the Apple’s network.

References:

Haworth, J. 2020. Researchers discover scores of security bugs in Apple’s stem and core. Retrieved from: https://portswigger.net/daily-swig/researchers-discover-scores-of-security-bugs-in-apples-stem-and-core

Facebook unpatched Apache library

September 29, 2020 by Vraj Patel Leave a Comment

One of the research was able to access the Facebook internal system by exploiting a vulnerability (Haworth, 2020). The research able to find an vulnerability within the Mobile Device Management (MDM) software and used that to gain access to the Facebook internal system. The researcher had find a bug within the MDM in 2018 which he reported and used that same bug to gain access to the Facebook system. MDM company was using older version of Apache Groovy library. This was a critical vulnerability since the research was able to gain access remotely. The researcher has reported this finding and MDM company has patched this issue.

References:

Haworth, J. 2020. Internal Facebook systems exposed via unpatched Apache library. Retrieved from: https://portswigger.net/daily-swig/internal-facebook-systems-exposed-via-unpatched-apache-library