Tag Archives: cyberattacks

Cyber-attack brings the Indian stock exchange to a grinding halt

The National Stock Exchange (NSE) of India was down for almost an entire day on February 24, 2021. The Nifty, Bank Nifty, and other indices stopped across all brokerage firms in India. An NGO foundation, Moneylife Foundation, has come forward and alleged that the NSE was under attack by cybercriminals.

Although NSE has informed that the blackout was due to “issues with the links with telecom service providers,” Moneylife Foundation claims that it has evidence that this was indeed a cyberattack.MoneyLife Foundation claims that a cyberattack was the reason for the attack and that the attack targeted the collocation servers functioning inside the NSE’s building. The identity of the attacker(s) is still unknown. However, it is also important to note that the Chinese intelligence might have had a hand in this since they were the ones involved in the attack on a power grid in Mumbai on the very same day of February 2021.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Attackers turn to fake reCAPTCHA to con Microsoft 365 users in a new phishing attack

Microsoft 365 users saw a slew of phishing emails, thanks to an ongoing attack aiming at stealing Microsoft 365 credentials. To make the emails look more realistic and legitimate, attackers are adding a fake Google reCAPTCHA system in addition to their company logos in the mails. Security researchers indicate that over 2500 such emails have been unsuccessfully sent to senior-level employees in the banking and IT sector, over the past three months.

These phishing emails first take the receiver to a fake Google reCAPTCHA page upon clicking a link in the mail. Once the recipient take the test, they are redirected to a bogus landing page from where their Microsoft 365 credentials are stolen. Another common method that attackers seem to apply is by sending senior members of an organization, emails about voicemail attachment. The modus operandi is similar in such attacks too.

Researchers are concerned that attackers are putting more work in to making the phishing attack look more legitimate and the landing pages fit the victim profile. The attacks are also targeting senior business leaders increasingly as such people have the most privileges and access to sensitive data.

Researchers also noted that, most phishing pages associated with the campaign were hosted using generic top level domains such as .xyz, .reset and .online. These domains are usually used by cybercriminals in spam and phishing attacks owing to its cheap availability

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Firewall vendor rolls out fix to a critical flaw before it’s too late

Cybersecurity firm Genua has issued a fix for a risky flaw in in it’s two-tier firewall product, GenuGate High Resistance Firewall. The vulnerability could have enabled attackers to bypass authentication measures and log in as root users within a company’s internal network.  

“An unauthenticated attacker is able to login as an arbitrary user in the admin web interface successfully, the side channel interface and user web interface, even as root with highest privileges, by manipulating certain HTTP POST parameters during login,” according to security and application consultation company SEC Consult on Monday.

What does the GenuGate High Resistance Firewall do?

According to Genua, the firewall protects internal networks from unauthorized access and lets organizations create an intranet with various domains, each with it’s own protection measures.

Has the flaw been fixed in all versions of the firewall?

Versions below 10.1p4, 9.6p7 and versions 9.0, and those below Zp19 are vulnerable.

The flaw has been fixed in GenuGate versions 10.1 p4 (G1010_004); 9.6 p7 (G960_007); 9.0 and 9.0 Z p19 (G900_019).

What do experts have to say?

“The vendor provides a patched version for the affected products which should be installed immediately,” says SEC Consult, a security and application consultancy company. “Customers should also adhere to security best practices such as network segmentation and limiting access to the admin panel. This is also a requirement for certified and approved environments.”

The flaw

The firewall has different authentication methods for the admin web interface, sidechannel web and user web interface. These many authentication methods make the authentication bypass vulnerability (CVE-2021027215) dangerous.

Due to the flaw, certain HTTP POST parameters passed to the server go unchecked, and hence any authentication request is allowed.

Rigging a specific parameter method would enable an attacker to bypass authentication and login as an arbitrary user. They could even login as non-existing user, said SEC Consult researchers.

SEC researchers even released a high-level proof-of-concept exploit of the bug, including a video. However, given the critical nature of the flaw, they did not release any specific POC details that might help the attackers themselves.

The only silver lining was, to exploit the flaw an attacker would’ve needed network access to the admin interface.

“Certified and approved environments mandate that the admin interface is only reachable through a strictly separated network,” according to SEC Consult. “Nevertheless, it is a highly critical security vulnerability and must be patched immediately.”

Quick response by Genua saves the day    Genua was notified about the vulnerability by researchers on Jan 29. The company confirmed the issue the same day and rolled out the fix on Feb 2. The public disclosure of the vulnerability (in coordination with CERT-Bund and CERT) was published on Monday. SEC Consult said,  the patch can be downloaded in GenuGate GUI or by calling “getpatches” on the command line interface.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)