WME Security Briefing 08 July 2024

WME Cybersecurity Briefings No. 017

SnailLoad: A New Stealthy Threat to Web Privacy

Overview:

Researchers discover a concerning new side-channel attack technique: SnailLoad. It exploits inherent weaknesses in the internet to potentially monitor a user’s web activity without requiring any direct access to their network.

Impact:

Unique Approach: SnailLoad does not require physical proximity or compromising a user’s connection.

Leveraging Network Bottlenecks: It analyzes variations in network latency caused by bottlenecks. Then it infers user activity i.e. watching videos, visiting websites, etc.

High Inference Accuracy: Research suggests SnailLoad can achieve high accuracy – 98% for videos and 63% for websites – through latency measurements and advanced analysis.

Privacy Breach: This capability to monitor web activity without user interaction poses a significant privacy risk.

Related Vulnerability: A separate vulnerability in router firmware handling of network address translation (NAT) could be exploited in conjunction with SnailLoad for further malicious activity.

Recommendations:

Regularly update your router firmware to ensure the latest security patches, and be particularly careful about addressing NAT mapping vulnerabilities. That said, implement advanced network monitoring tools to detect unusual latency patterns. We also need to raise awareness about these evolving vulnerabilities. Lastly, continued collaboration between security researchers and router manufacturers is essential.

Critical Vulnerabilities in Emerson Gas Chromatographs: Urgent Update Required

Overview

Researchers identify huge security vulnerabilities in Emerson Rosemount gas chromatographs. The technology is quite sensitive as it is widely used in the industrial sector for gas analysis. The flaws affect models GC370XA, GC700XA, GC1500XA, specifically in versions up to 4.1.5. Now, the security flaws could enable malicious exploitation of the system for unauthorized command execution, DDoS attacks, and more.

Impact

The disclosed vulnerabilities pose severe risks to industrial operations:

Command Injection Flaws: Two vulnerabilities (CVE-2023-46687 with CVSS 9.8 and CVE-2023-49716 with CVSS 6.9) allow both unauthenticated and authenticated users to execute arbitrary commands.

Authentication and Authorization Issues: Two additional flaws (CVE-2023-51761 and CVE-2023-43609) enable unauthenticated access to sensitive data and system control.

Recommendation

Firmware Updates: Upgrade to the latest firmware release from Emerson.

Network Security: Avoid direct exposure of affected devices to the internet.

Review and Audit: Conduct regular security audits and reviews of the systems using the affected gas chromatographs.

TeamViewer Confirms Security Breach in Corporate IT Systems

Overview

Event: TeamViewer announces a security breach in its internal corporate IT environment.

The company has activated its quick response and initiated an investigation with leading cybersecurity experts. Remediation measures were also promptly implemented.

Separation of Environments: The breach was contained within the corporate IT environment, which is isolated from the product environment. So, no customer data was compromised.

Disclosure: Details about the perpetrators or the method of the breach remain undisclosed.

Impact

Customer Data Safety: There is currently no indication that customer data has been affected.

Broader Concerns: The breach raises concerns about the security of remote management tools, especially given recent warnings about the misuse of such tools by actors like APT29.

Reputational Risk: TeamViewer, serving over 600,000 customers, faces potential reputational damage.

Recommendation

✓ Customers are advised to remain vigilant.

✓ All users of remote access tools should review and strengthen their security practices.

✓ Follow TeamViewer’s official communications for updates on the breach.

The Rise of the P2PInfect Botnet with New Capabilities

Overview

Botnet Evolution: P2PInfect was originally a dormant peer-to-peer botnet. Now, it targets Redis servers with enhanced functionalities i.e. ransomware, cryptocurrency mining payloads, etc. This shift marks its transformation into a financially driven malicious operation.

Malware Features: The Rust-based P2PInfect botnet has capabilities for internet-wide scanning. It can also conduct SSH password spraying and node transformation in the attacker’s network. It also includes a usermode rootkit that exploits the LD_PRELOAD variable to evade detection.

Recent Activities: It was detected nearly a year ago. Now, P2PInfect has received continuous updates. It now affects MIPS and ARM architectures. Recent uses of the malware demonstrate its role in delivering miner and ransomware payloads.

Impact

It enables attackers to execute arbitrary commands remotely by converting infected systems into follower nodes. Its peer-to-peer structure facilitates rapid propagation of updates across the network. This way, it increases its resilience and, on top of that, uses usermode rootkit to allow the malware to hide its processes and files. As it can mine cryptocurrency and demand ransoms, the botnet now poses a dual financial threat.

Recommendation

✓ Redis Server Security

✓ Enhanced monitoring of unusual node behavior

✓ Strengthened SSH authentication

✓ Robust data backup protocols

Vanna AI Security Breach: Urgent Prompt Injection Vulnerability Revealed

Overview

A significant security vulnerability has been reported in the Vanna AI library. It presents a serious remote code execution (RCE) risk. It stems from a prompt injection vulnerability in the “ask” function. This function is critical in transforming user inputs into SQL queries for data retrieval and visualization. So, it’s a prime target for exploitation.

Affected Software: Vanna AI ( A Python-based machine learning library.)

CVE ID: CVE-2024-5565.

Severity: High severity with a CVSS score of 8.1.

Impact

The exploitation of this flaw can lead to unauthorized command execution. So, it can compromise database integrity and system security. The flaw utilizes the library’s mechanism for generating SQL queries via textual prompts.

More Consequences Include:

⚠️ Unauthorized access and manipulation of database contents.

⚠️ Execution of arbitrary Python code through the visualization component.

⚠️ Exposure risk is particularly high for systems where Vanna AI directly interacts with operational databases.

Recommendation

Ensure that your system does not run a compromised version of Vanna AI. That said, promptly apply any updates or patches provided by Vanna.

Long-Term Strategies:

✓ Utilize sandboxed environments for running potentially vulnerable apps to limit the scope of possible attacks.

✓ Conduct regular audits of your systems to detect vulnerabilities related to AI.

✓ Follow robust security protocols when integrating machine learning libraries.

Share:

Facebook
Twitter
LinkedIn
Picture of Matt Tinney

Matt Tinney

Professional IT executive & business leader having decades of experience with Microsoft technologies delivering modern-day cloud & security solutions.

Contact Us

=
On Key

More Posts

E-Commerce Security - Solutions for Online Retailers
Azure

E-commerce Security – Solutions for Online Retailers

Today’s hyper-charged e-commerce landscape demands top-notch cybersecurity measures. Cybersecurity for this bustling sector isn’t just about ticking a technical box; it’s the cornerstone of building trust. As businesses and consumers flock to the online space, the

Read More »
WME Cybersecurity Briefings No. 017
Cyber Security

WME Security Briefing 08 July 2024

SnailLoad: A New Stealthy Threat to Web Privacy Overview: Researchers discover a concerning new side-channel attack technique: SnailLoad. It exploits inherent weaknesses in the internet to potentially monitor a user’s web activity without requiring any direct access to

Read More »
WME Cybersecurity Briefings No. 016
Cyber Security

WME Security Briefing 27 June 2024

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor Overview An unknown Golang-based backdoor GoRed is being employed by the cybercrime gang ExCobalt. This group has roots dating back to at least 2016 and possibly originates

Read More »
Top 7 Office 365 Backup Solutions
Cloud Computing

Top 7 Office 365 Backup Solutions

Let’s explore the top 7 Microsoft 365 (Office 365) backup and recovery solutions. These solutions feature, among others, automated backups, detailed reporting, and efficient deduplication. We will guide you through their pros and cons and what

Read More »
WME Cybersecurity Briefings No. 015
Cyber Security

WME Security Briefing 24 June 2024

Google’s Privacy Sandbox Faces Scrutiny Over User Tracking Allegations Overview Google’s Privacy Sandbox was initially designed to replace third-party cookies in Chrome. It was a more privacy-conscious solution, but the Austrian privacy group Noyb is now

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=