0 Comments
0 Shares
8 Views
Directory
Directory
-
Please log in to like, share and comment!
-
THEHACKERNEWS.COMOver Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points Patch ASAPNov 28, 2024Ravie LakshmananIoT Security / VulnerabilityNearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges."These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality, integrity, and availability of the affected devices," cybersecurity company Nozomi Networks said in a Wednesday analysis.Following responsible disclosure, the weaknesses have been addressed in the following firmware versions -1.6.5 (for EKI-6333AC-2G and EKI-6333AC-2GD)1.2.2 (for EKI-6333AC-1GPO)Six of the identified 20 vulnerabilities have been deemed critical, allowing an attacker to obtain persistent access to internal resources by implanting a backdoor, trigger a denial-of-service (DoS) condition, and even repurpose infected endpoints as Linux workstations to enable lateral movement and further network penetration.Of the six critical flaws, five (from CVE-2024-50370 through CVE-2024-50374, CVSS scores: 9.8) relate to improper neutralization of special elements used in an operating system (OS) command, while CVE-2024-50375 (CVSS score: 9.8) concerns a case of missing authentication for a critical function.Also of note is CVE-2024-50376 (CVSS score: 7.3), a cross-site scripting flaw that could be chained with CVE-2024-50359 (CVSS score: 7.2), another instance of OS command injection that would otherwise require authentication, to achieve arbitrary code execution over-the-air.That said, in order for this attack to be successful, it requires the external malicious user to be in physical proximity to the Advantech access point and broadcast a rogue access point.The attack gets activated when an administrator visits the "Wi-Fi Analyzer" section in the web application, causing the page to automatically embed information received through beacon frames broadcasted by the attacker without any sanitization checks."One such piece of information an attacker could broadcast through its rogue access point is the SSID (commonly referred to as the 'Wi-Fi network name')," Nozomi Networks said. "The attacker could therefore insert a JavaScript payload as SSID for its rogue access point and exploit CVE-2024-50376 to trigger a Cross-Site Scripting (XSS) vulnerability inside the web application."The result is the execution of arbitrary JavaScript code in the context of the victim's web browser, which could then be combined with CVE-2024-50359 to achieve command injection at the OS level with root privileges. This could take the form of a reverse shell that provides persistent remote access to the threat actor."This would enable attackers to gain remote control over the compromised device, execute commands, and further infiltrate the network, extracting data or deploying additional malicious scripts," the company said.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE0 Comments 0 Shares 9 Views
-
THEHACKERNEWS.COMThe Future of Serverless Security in 2025: From Logs to Runtime ProtectionNov 28, 2024The Hacker NewsCloud Security / Threat DetectionServerless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is the issue with that:1. Logs Only Tell Part of the StoryLogs can track external-facing activities, but they don't provide visibility into the internal execution of functions. For example, if an attacker injects malicious code into a serverless function that doesn't interact with external resources (e.g., external APIs or databases), traditional log-based tools will not detect this intrusion. The attacker may execute unauthorized processes, manipulate files, or escalate privilegesall without triggering log events.2. Static Misconfiguration Detection is IncompleteStatic tools that check for misconfigurations are great for detecting issues such as overly permissive IAM roles or sensitive environment variables exposed to the wrong parties. However, these tools cannot account for what happens in real-time, detect exploitations as they happen, or detect deviations from expected behavior.Real-World Implications of the Limited Cloud Security Available for Serverless Environments Example 1: Malicious Code Injection in a Lambda FunctionAn attacker successfully injects malicious code into a Lambda function, attempting to spawn an unauthorized subprocess or establish a connection to an external IP address.Problem: Traditional security tools relying on log monitoring will likely miss this attack. Logs typically track external-facing events like API calls or network connections, but they won't capture internal actions, such as code execution within the function itself. As a result, the attacker's actionswhether manipulating files, escalating privileges, or executing unauthorized processesremain invisible unless they trigger an external event like an outbound API call.Solution: To effectively detect and prevent this attack, security teams need tools that provide visibility into the function's internal operations in real time. A sensor monitoring runtime activity can identify and terminate rogue processes before they escalate, offering proactive, real-time protection.Example 2: Exploiting Vulnerable Open-Source LibrariesA Lambda function relies on an open-source library with a known vulnerability, which an attacker can exploit to execute remote code.Problem: While static analysis tools can flag known vulnerabilities in the library itself, they don't have visibility into how the library is used in the runtime environment. This means that even if a vulnerability is identified in code scans, the real-time exploitation of that vulnerability might go undetected if it doesn't involve an external event (such as a network request or API call).Solution: A sensor designed to monitor the function's internal operations can detect when the library is being misused or actively exploited at runtime. By continuously analyzing function behavior, the sensor can identify anomalous actions and block the exploit before it compromises the system.The Shift that Needs to Happen for 2025 Cloud security is expanding rapidly, providing organizations with increased protection and detection and response measures against sophisticated cloud attacks. Serverless environments need this same type of protection because they are built on the cloud. By shifting from reactive, log-based security measures to proactive, runtime-focused protection, security teams can begin to implement modern cloud security practices into their serverless environments. Introducing Sweet's AWS Lambda Serverless Sensor Recognizing the limitations of traditional security tools, Sweet Security has developed a groundbreaking sensor for serverless environments running AWS Lambda. This sensor addresses the blind spots inherent in log-based and static analysis methods by offering deep, real-time monitoring of Lambda functions.Runtime monitoring and visibility Sweet's sensor monitors the runtime activity of serverless functions. By observing system calls, internal function behavior, and interactions within the Lambda environment, the sensor provides full visibility into how the function is behaving at any given moment. Blocking malicious behavior in real-time Sweet identifies suspicious activity, such as spawning unauthorized processes or connecting to external IPs, and blocks them before harm is done.Detecting anomalies in function behavior Sweet's Lambda sensor monitors the function's internal operations in real-time, detects any misuse of the library, and blocks the exploit before it can compromise the system.In an age where serverless computing is becoming the backbone of cloud-native architectures, the ability to secure these environments in real time is paramount. Traditional log-based and static security tools are no longer enough to safeguard against sophisticated, dynamic attacks. With Sweet Security's innovative sensor, organizations now have the ability to proactively monitor, detect, and prevent threats in real timegiving them the confidence to embrace serverless computing while keeping their environments secure.Want to prepare for 2025? Contact Sweet Security today!Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE0 Comments 0 Shares 9 Views
-
WWW.INFORMATIONWEEK.COMWhy Are Organizations Still Getting Hacked?E-mails and pop-up messages encouraging the use of multi-factor authentication or complex passwords made users throughout the world aware that last month was cybersecurity awareness month. Many are also still being reminded of -- and becoming numb to -- the personal stakes of cybersecurity breaches, thanks to free credit monitoring offers in the aftermath of far-too-regular personal data theft from the financial, healthcare, and human resources institutions that we trust to keep our information safe. But just as we didnt address the automotive safety threats addressed in Unsafe at Any Speed through either blind trust in existing safety features or a defeatism around the hazards of automotive accidents, we shouldnt allow the mounting stakes of cybersecurity to go unchecked.Given the pervasiveness of personal data theft as a cybercrime, its easy to believe that the consequences of a cyberattack would be limited to individual harm that can be detected and remedied through free credit monitoring and a messy-but-doable identity recovery process following a breach. Its equally easy to believe that the nation-state hackers who use sophisticated attacks that can cause not only individual financial and corporate reputational damage, but also massive societal impact, have limited their hacking to high-level government-controlled systems. However, recent events have proven that this is not the case.Related:Americans got their first taste of the potential physical and economic impact of a cyberattack in May 2021, when Eastern European cyber criminals caused the shutdown of Colonial Pipelines operations due to ransomware in its IT systems -- a breach that did not even directly impact the critical operational technology (OT) systems that control the pipeline itself. The criminal actors responsible were able to extract a multimillion-dollar ransom, most of which was recovered thanks to law enforcement collaboration. Criminal attacks against utilities remain ongoing, as evidenced by the August cyberattack against Halliburton; moreover, utilities and even the government wont always be able to pay their way out of a cyberattack.The next time America, or one of its close allies, experiences a major infrastructure attack, our credibility on the world stage and the sovereignty of our partners abroad may be at stake. A China-affiliated cyber actor, codenamed Volt Typhoon, was conducting low-profile hacks to be able to orchestrate a massive everything, everywhere, all at once cyberattack that could impact the availability of power and water across the United States. Such an attack would be used to weaken American resolve to support Taiwan in the event of an invasion or other hostile action, warned US Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly in January 2025.Related:CISA, in partnership with US law enforcement and intelligence agencies, has built unprecedented intelligence sharing and cybersecurity collaboration mechanisms with critical infrastructure providers to mitigate this capability, but the drumbeat of attacks has not stopped. In the midst of Cybersecurity Awareness Month, an unattributed attack on American Water and a China-linked attack against US telecom providers that may have targeted lawful intercept capabilities were potent reminders that hackers arent just after our money --theyre also trying to jeopardize access to basic necessities and invade our privacy, even if theyre holding their full capabilities in reserve to strike at the moment thats most advantageous for them.As strong as the collaboration between government and critical infrastructure in the cybersecurity space has made us, its not enough to overcome the threat of highly sophisticated attackers using AI to target industrial systems, but also personal accounts and devices to gain a foothold in corporate networks. Software companies must incorporate more secure coding practices as CISA is encouraging with its Secure by Design and Default initiatives. Cybersecurity companies must keep innovating to create technologies that can defuse new types of attacks, like a browser-based attack developed in mid-2024 that could compromise a computer if a user so much as viewed a compromised image file.Related:But at the end of the day, its not enough that the US Government and corporations -- both those that deploy enterprise software and those who develop it -- emphasize cybersecurity. Each of us must realize that cybersecurity is a fundamental safety concern that merits due diligence in our day-to-day lives. In the automotive world, more than 60 years of life-threatening accidents occurred between the production of the Model T and the requirements for safety belts; it took 20 more years for laws requiring drivers and passengers to use them. Its been 30 years since the introduction of the World Wide Web to the public, and its evident that we dont have 80 years to only create, but also embrace, technology to enforce internet security and safety. The threats are accelerating, and neither the US Government nor free credit monitoring alone can save us.0 Comments 0 Shares 9 Views
-
WWW.INFORMATIONWEEK.COM5 Tips for Optimizing Multi-Region Cloud ConfigurationsManaging a network of region-specific cloud environments comes with its own set of challenges.0 Comments 0 Shares 9 Views
-
WEWORKREMOTELY.COMGlobe life: AIL Division: Benefits Advisor - No Experience necessary!Time zones: EST (UTC -5), CST (UTC -6), MST (UTC -7), PST (UTC -8), AKST (UTC -9), HST (UTC -10)Our Benefits Advisor assist union employees, existing clienteles, and new members understand voluntary group benefits, insurance benefits and signing up qualified candidates during the annual enrollment period.Responsibilities:Explain benefits to new employees and existing clients via zoomDevelop and calculate suitable plans based on clients' needsSpecializes in mortgage protection, final expense, college education, paycheck protection etcResolve client inquiries and complaintsExpand business reach through networking techniquesComply with insurance standards and regulationsTrack and identify areas of improvementAttend ongoing training sessionQualifications:Previous experience in customer service, customer Representative, or other related HR fields is a plusAbility to build rapport with clientsStrong negotiation skillsExcellent written and verbal communication skillsAbility to prioritize and multitaskBenefits:Work from homeWeekly compensationWeekly BonusesHealth Insurance - upon qualificationEmployee Life InsuranceResidual IncomeLeadership Career Track0 Comments 0 Shares 8 Views
-
WEWORKREMOTELY.COMSmile.io: Head of Growth MarketingTime zones: EST (UTC -5), CST (UTC -6), MST (UTC -7), PST (UTC -8), AST (UTC -4), NST (UTC -3:30)About Smile.ioSmile.io is the worlds largest provider of loyalty programs, powering programs for over 100,000 eCommerce merchants around the world. Our globally distributed team is dedicated to creating rewarding experiences for merchants and their customers alike. We offer a culture that fosters growth, and collaboration. Were in a constant state of evolution, and we're here to support each other's growth.About the RoleThe Head of Growth Marketing will lead our growth strategy, managing initiatives that drive user acquisition, retention, and revenue expansion across all digital channels. This senior-level role is perfect for a dynamic & analytical marketer with expertise in data-driven decision-making, performance marketing, and growth experimentation. Youll collaborate closely with our content team & other teams across the company while overseeing the performance of campaigns to ensure our brand reaches the right audience with compelling, high-impact messages. Smile.io is a fully remote company looking to hire within Canada for this remote role. Overlap with core EST working hours is required.What Youll Help Us AchieveMarketing Campaigns: Develop and execute a comprehensive growth marketing strategy focused on Smile Plus installs, leads, and conversations with our Sales team. Run high-impact campaigns across digital channels, including organic, paid media, SEO, events, and email marketing.Growth Experiments: Design and implement experiments to optimize conversion funnels. Identify growth opportunities with existing channels, as well as potential new channels that might be profitable for usResults: Partner with Product, Sales, Content, and Data teams to coordinate effort to get the desired results. Work with our Head of Content, CEO, COO, and CPO to align on messaging while focusing on optimizing organic & paid channels and campaigns for growth.Analytics & Reporting: Own & report on key growth metrics and KPIs, regularly reporting on the performance and ROI of campaigns. These metrics will include qualified installs, leads, and conversations. Make data-driven adjustments and maximize campaign effectiveness.Requirements & SkillsProven track record in growth marketing, preferably within SaaS or eCommerce.Expertise in driving installs, leads, or meeting bookings via digital channels (e.g., PPC, SEO, app store optimization, email marketing, social media) and familiarity with modern marketing toolsStrong analytical skills, with experience interpreting data to inform marketing decisionsAbility to lead digital marketing campaigns, focusing on optimizing growth metricsStrong collaborator, able to work with teams across Product, Sales, and Content.Self-motivated, adaptable, and results-driven, with a proactive approach to challenges.Our Commitment to Candidates:At Smile, we understand that finding a new role is challenging and that self-doubt or imposter syndrome can prevent you from applying to a role, dont let it! You have a ton to offer and we want you to feel encouraged to apply, even if you dont check all of the boxes. If you are passionate about eCommerce and helping merchants grow through loyalty and reward, connect with us.At Smile, we rely on a range of backgrounds, experiences, and ideas. We value diversity, and were proud to be an inclusive, equal opportunity workplace. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Smile welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.AI Disclaimer: At Smile, were strong advocates for using AI to help speed up iteration, increase productivity, and save our human brainpower for the really challenging problems. While were happy for AI to help you generate or tailor your resume, wed ask that you please refrain from using AI to answer any of the questions on this application form, or to answer questions during the interview process itself.0 Comments 0 Shares 9 Views
-
WWW.FACEBOOK.COMCette appli va BOULEVERSER votre vieCette appli va BOULEVERSER votre vie0 Comments 0 Shares 8 Views
-
WWW.YOUTUBE.COMHow To Make Money From Python - A Complete GuideHow To Make Money From Python - A Complete Guide0 Comments 0 Shares 8 Views
-
WWW.YOUTUBE.COMIntro to Biome Toolset | SideFX LabsIntro to Biome Toolset | SideFX Labs0 Comments 0 Shares 8 Views