Skip to main content

Time to Update your AWS Application Load Balancer Configuration

According to researchers at Miggo, many Amazon AWS customers may have misconfigured their security when they added Application Load Balancer services.

An attacker can configure their Application Load Balancer can change their token configuration so it appears that their target's authentication service issued the token. After AWS signs the tokethey can use it to attack the target application.

Research suggests, "more than 15,000 [web applications] appear to have vulnerable configurations."

Read more at WIRED

Is it the End for Virtual Private Networks?

A novel attack on the DHCP server may be the end for Virtual Private Networks (or a new beginning), as virtually any Windows VPN can be attacked by diverting traffic through the DHCP server. Most VPN's use a CIDR /0, however using a rogue DHCP server and multiple /1 routes, traffic can be forced out of the VPN tunnel, while the control channels continue to show the VPN as secure.

VPN DiagramIt's called DHCP option 121 and Android is the only operating system that doesn't implement the protocol, so it's currently the only guaranteed VPN platform. Linux mitigates the problem, but may still allow side-channel attacks. Network firewall rules have similar side-channel issues.

The attack has been named, TunnelVision, and it takes advantage of a bridged network interface. VPN's bridge the remote network with the local network to allow authorized users remote access.

What this means is that it may be possible to mitigate the vulnerability by running the VPN on a virtual machine whose interface isn't set to bridge, at least that's what Ars Technica advises, but I'm skeptical about that solution, because although the VM's network interface is virtual, it's implementation is through a device's physical ethernet interface.

Learn more at Ars Technica, with Dan Goodin's great coverage.

Estimates suggest there are at least 1.5 billion VPN users globally, so this vulnerability threatens the world's most secure applications.

Takedown Notices from Fake Companies add Legitimacy to Bunk Websites

If you've received a lawsuit threat or a payment request for a "DMCA Copyright Infringement Notice," you'll want to check if the company actually exists. Here's a twist on the old takedown notice DMCA scheme, but it's actually an SEO strategy to generate hits for fake websites.

Read more at Ars Technica.

Cisco switch logoEmergency Zero-Day Exploit threatens Cisco switches running IOS XE

43.3% of the world runs on Cisco switches. 80,000 devices are potentially at risk from a zero-day exploit active on switches running IOS XE. The vulnerability grants hackers superadmin privileges on the switch.

This crisis is rated at the highest threat level. The implant is saved in the file path “/usr/binos/conf/nginx-conf/cisco_service.conf.” It contains two variable strings of hexadecimals.

You can check if the implant is running using the command line interface, where the "DEVICEIP” portion is a placeholder for the IP address of the device to check:

curl -k -X POST "https[:]//DEVICEIP/webui/logoutconfirm.html?logon_hash=1"

Learn more at Ars Technica with Dan Goodin.

hackedSprySOCKS malware targets Linux systems

There's a new malware targeting cryptocurrency enthusiasts and gamblers. It's been going after Windows users, but it now has a Linux variant.
The payload is typically delivered through a phishing e-mail or message that directs to a compromised site.

"SprySOCKS implements the usual backdoor capabilities, including collecting system information, opening an interactive remote shell for controlling compromised systems, listing network connections, and creating a proxy based on the SOCKS protocol for uploading files and other data between the compromised system and the attacker-controlled command server."

Learn more at Ars Technica with Dan Goodin.

"US copyright law protects only works of human creation"

The philosophical question is "Can an AI make art?" Are AIs truly creative, or do they steal techniques from other artists? Artificial creators analyze millions of images from other artists, so are their creations unique? Does the machine's process duplicate what humans do when they learn about art? Humans study past art for inspiration. Human artists tend to develop a style or styles that define the scope of their work.

So does the work of a human have more value than the work of an AI? I don't think there's an easy answer to that question. People have vastly different systems of value that may preference art made by machines, but copyright law was made to protect humans and to preserve the value of their creations. If AIs become citizens, maybe they will qualify for protections. According to this early but pivotal case, only human creations can be copyrighted.

Read Ars Technica on this pivotal case defending the value of human creativity.

Personal Data Compromised for Millions in Oregon and Louisiana

A cyberattack on Oregon and Louisiana driver's license databases could lead to identity theft and worse as personal information from millions of people may have been stolen. While the company responsible for the software claims the vulnerabiulity has been patched, it's clear that other targets may have been compromised with an attack through the file-transfer system. Once again, we are reminded that no security system is foolproof, and that we need to work harder to protect people's personal data.

Read more about the latest cyberattack on driver's license databases in Oregon and Louisiana.

Critical Vulnerability patch for Windows Zero-Day: CVE-2023-23397

Critical VulnerabilityWhat if you could subvert Microsoft Outlook by sending a carefully-crafted e-mail? That's what Microsoft patched today (3/15/2023). You don't even have to open the e-mail for the corrupt code to execute. All you have to do is open Outlook, or potentially Mail. There are several other critical vulnerabilities that Tuesday's patches remediate. Please make sure your Windows operating system is up-to-date with all current patches.

Read more about the issue on Dark Reading.

ESXI logoIs your ESXI patched? 2/7/2023

Are you running VMWare ESXI? It's time to patch. If you haven't installed two-year old CVE-2021-21974, you need to do it now. It's common that administators patch OS vulnerabilities, but neglect to patch the ESXI itself, because that may require taking critical systems offline. Because so many ESXI servers are unpatched, this attack has infected thousands of systems worldwide. It's ransomware that can theoretically take down all of your virtual machines. Here's coverage from Ars Technica:

Hackers are mass infecting servers worldwide by exploiting a patched hole

Moving to Mastodon

Mastodon logoDid you leave Twitter? Did you migrate to the Mastodon commons? It looks a lot like Twitter, but it's a distributed network that isn't collecting your data or marketing products. It's not a company, it's a non-profit, open source, federated social media service. Will Mastodon be able to welcome former tweeters and can admins change the "toot" button to "bellow?"

Read WIRED on the Great Migration

The APPLE Logo – Station HYPOThe Limits of Privacy on Apple Devices

I trust Apple's privacy promise to not sell my data to everyone, however I wasn't surprised that Apple continues to collect data for their own use, even with device privacy enabled. Learn more about the data they collect from you on a constant basis. 

Apple Location Tracking and more on Gizmodo