Oracle Identity Manager Hacked through a Critical Flaw

 

Based in Redwood, California, Oracle Corporation is the largest software company whose primary business is database products. Historically, Oracle has targeted high-end workstations and minicomputers as the server platforms to run its database systems. Its relational database was the first to support the SQL language, which has since become the industry standard.

A exploit was found in Oracle’s identity management system. This exploix has been marked as CVE-2017-10151, it has been assigned the highest CVSS score of 10 and is easy to exploit without any user interaction.

This CVE is due to a security loophole involving a default account that allows an unathenticated attacker on the same network to compromise the Oracle Identity Manager through HTTP.

The full details of this vulnerability have not yet been released by Oracle.

“This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials,” Oracle’s advisory reads.

The easily exploitable vulnerability affects Oracle Identity Manager versions 11.1.1.7, 11.1.1.9, 11.1.2.1.0, 11.1.2.2.0, 11.1.2.3.0 and 12.2.1.3.0.

Oracle has already released patches for all versions of the products that were affected by this CVE. all users should update to the latest version of Oracle to patch the vulnerability before a hacker has the chance to exploit it.

Justin Palmer

Sources:

https://thehackernews.com/2017/10/oracle-identity-manager.html

https://www.oracle.com/index.html

 

Advertisements

Smartwatches designed for children have become a target for hackers.

Smartwatches are becoming more and more popular to the general population. However did you know even young children are starting to wear smartwatches. In theory this sounds like not such a bad idea they give the parent a way to see where their young child is and communicate with them if need be. These watches also offer a way for the child to quickly call their parents in case of an emergency. This all sound good until you realize a hacker can get into the watch and do the same things.

The Norwegian Consumer Council tested some of these watches and found that some were transmitting the GPS data without encryption. This allows for hackers with basic tools to get into the watch and track the movements of the child wearing the watch, which is an incredibly dangerous problem. The hacker could also spoof the location and make it look like the child is in a completely different place. They also found that the hacker could communicate with the child and eavesdrop on the conversations the child is having with others on the watch. Thankfully many of the company’s who designed and produce the watches have recalled the watches and started to fix the problems and make them more secure.

-Levi Walker

Sources:

http://www.bbc.com/news/technology-41652742?intlink_from_url=http://www.bbc.com/news/topics/62d838bb-2471-432c-b4db-f134f98157c2/cybersecurity&link_location=live-reporting-story

 

Reaper Botnet Dwarfs Mirai

Mirai-botnet-diagram-1


By this point everyone and their mother has heard of the botnet dubbed ‘Mirai’, an infamous botnet infrastructure from last year that managed to take down a good chunk of the internet by attacking Dyn, a DNS provider. Well as of this September, weak passwords might have become the least of your worries if you’re like 60% of Check Point’s ThreatCloud covered corporations, and have un-patched vulnerabilities on your network.

Dubbed Reaper, or IOTroop by some, a new IoT botnet is propagating, and shows no sign of slowing down. Today, researchers have ruled out the possibility that Mirai and Reaper are connected, at least on a technical level, due to the superiority that Reaper has displayed in its intrusion and propagation techniques. Whereas Mirai was spread through the exploitation of default passwords across IoT devices, Reaper utilizes a specialized strand of malware that exploits well known vulnerabilities (such as those present in many printers and IoT toasters) to gain entry to a device, and further uses that device to spread itself to others connected.

With near exponential growth, Qihoo 360 Netlab witnessed approximately 2 million newly infected devices waiting to be processed by a C&C server, of which there are several that have thus been identified. The best thing that any concerned corporation or user can do at this point in time, would be to ensure that every machine on their network has updated firmware, and software in an attempt to limit the spread of this variable plague infecting IoT networks worldwide.

Currently, it appears as if we all might be witnessing a ‘calm before the storm’, situation, with this botnet ramping up massively in numbers and, according to Check Point, updating its capabilities on a daily basis. What else can I say but stay safe, and brace for impact, as when this thing hits, it’ll make the Dyn attack look like a birthday party.

– Kenneth Nero

Sources: Here, and Here, also Here

Major Accounting Firm Deloitte Hit by Extensive Cybersecurity Data Breach

Similar to Equifax’s data breach, Deloitte with $37B in annual revenues, suffered an extensive cybersecurity data breach that led to a lot of things being compromised. Moreover, Deloitte did not tell anyone similar to Equifax, both of the company’s data had been compromised months ago before reported. Deloitte kept the hack internally secret, only informing “a handful” of senior partners and lawyers, as well as six clients. The company is one of the world’s Big Four accounting firms — which works with large banks, global firms, and government agencies, among others, provides tax and auditing services, operations consulting, merger and acquisition assistance and, ironically cybersecurity advice.

The hackers compromised confidential emails, sensitive attachments, the hackers may have gotten their hands on usernames, passwords, IP addresses, business information and workers’ health records. The Guardian reported that six Deloitte clients have already confirmed that the hack had impacted their data. Deloitte has yet to establish whether a lone wolf, business rivals, or state-sponsored hackers were responsible.

The cause of the data breach was apparently stemmed from an administrator’s account that was protected by a single password and did not have multi-factor authentication setup. The attack was discovered back in March 2017, but the attackers could have gained access as early as October 2016. The emails were stored in Microsoft Azure; some 5 million emails were said to have been stored in the cloud when it was compromised. Compromised email servers are usually filled with very sensitive information that hackers can exploit and even spear phish people with. However, Deloitte told The Guardian that only a fraction were actually at risk. Deloitte’s internal review is still ongoing.

-Matthew Brown

Sources:

https://www.engadget.com/2017/09/25/deloitte-reports-extensive-cybersecurity-breach/

http://www.bbc.com/news/technology-41385951

http://www.techrepublic.com/article/deloitte-hacked-cybersecurity-attack-compromises-client-emails-and-plans/

https://boingboing.net/2017/09/25/uh-oh.html

BlueBorne, a Bluetooth Vulnerability

Armis has identified a new threat to almost every device we own. There are eight vulnerabilities that have been identified, four of which are critical. These vulnerabilities affect over 5 billion Android, Windows, iOS, and Linux devices. This vulnerability is known as BlueBorne.

What makes this vulnerability different than most cyber attacks is that there is no link that a user has to click on or a malicious file that the user has to download to become a victim. The user doesn’t even have to be connected to the internet. Instead, BlueBorne is spread through a devices Bluetooth connection. The attack doesn’t require the targeted device to be paired to the attackers device or even for the targeted device to be set to discoverable mode.

Image result for BlueBorne

This all contributes to BlueBorne being easily spread to devices at a possible unprecedented rate. Bluetooth processes have high privileges on all operating systems which allows this exploit to completely take over the device. Android devices are vulnerable to remote code execution, information leaks, and Man-in-The-Middle attacks. Windows devices are vulnerable to the Man-in-The-Middle attack. Linux devices running BlueZ are affected by the information leak vulnerability, and Linux devices from version 3.3-rc1 (released in October 2011) are affected by the remote code execution vulnerability (This includes many smart watches, smart tvs, and smart refrigerators). iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected by the remote code execution vulnerability, but this vulnerability was already patched for users running iOS 10. Even networks that are “air gapped” are at risk of this attack, and includes industrial systems, government agencies, and critical infrastructure.

Examples of attacks:

  • Taking a picture on a phone and sending it to the hacker
  • Listening to a conversation through a wearable device
  • Redirecting a user to a fake login page to steal their login information
  • Cyber espionage
  • Data theft
  • Ransomware
  • Creating large botnets out of IoT devices

Many companies are pushing out updates for their users, but for many it is too late, and for others they have older devices that will not receive the updates.

As of 9/13/17:

  • Apple users with iOS 10 are safe
  • Google has released a patch for this vulnerability for Android Marshmallow and Nougat, but it might be weeks before the patch is available to some Android users
  • Microsoft patched the vulnerabilities in July
  • A patch for Linux is expected to be released soon

The problem is that even with these patches, there are many users who are unaware of this exploitation and/or do not update their devices regularly. For users that haven’t updated their devices or do not have an update for their device, the safest thing to do is to turn Bluetooth off on your phone and leave it off until there is a patch for your device

 

Source: https://www.armis.com/blueborne/

 

-Matthew Smith