1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Security bug left over 1,000 organizations open to ransomware, de

    From TechnologyDaily@1337:1/100 to All on Thu Jul 28 19:15:03 2022
    Security bug left over 1,000 organizations open to ransomware, device hijacking

    Date:
    Thu, 28 Jul 2022 18:06:38 +0000

    Description:
    Two major FileWave flaws exposed hundreds of large firms to big security risks.

    FULL STORY ======================================================================

    Security researchers have discovered two major flaws in FileWaves endpoint management software which could have given threat actors a way to circumvent authentication measures and completely take over the affected devices.

    The flaws affected more than 1,100 internet-accessible FileWave management instances, used by large government entities, schools, small businesses, and many other firms. Besides fully taking over the instances, threat actors
    could have used the backdoor to launch ransomware attacks, or steal sensitive data.

    Found by security firm Claroty, the vulnerabilities are being tracked as CVE-2022-34907 and CVE-2022-34906. Patched flaws

    CVE-2022-34907 is described as an authentication bypass, not unlike the flaw recently found in F5 BIG-IP WAF. The researchers explained that the scheduler service running on the mobile device management (MDM) server authenticates to the web server using a hardcoded shared secret. But this secret doesnt change between different MDM installations, or versions.

    "This means that if we know the shared secret and supply it in the request,
    we do not need to supply a valid user's token or know the user's username and password," researcher Noam Moshe told the publication, also stating that a threat actor could use this flaw to access the target system with elevated privileges. Read more

    Major F5 exploit has been used to attack and wipe devices


    This F5 security flaw is one of the most dangerous ever seen


    Here's what we think are the best antivirus solutions right now

    These privileges would give them power over other internet-connected devices: "This enables us to control all of the servers' managed devices, exfiltrate all sensitive data being held by the devices, including usernames, email addresses, IP addresses, geo-location etc, and install malicious software on managed devices," Moshe added.

    CVE-2022-34906, on the other hand, is a flaw discovered in the hardcoded cryptographic key. The flaw could be used to decrypt sensitive data found in FileWave, as well as send crafted requests to the devices associated with the MDM platform.

    The flaws have since been patched, so if youre affected, make sure youre running versions 14.6.3 and 14.7.2, or 14.8 and newer. Keep your internet activities to yourself with the best firewalls around

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/security-bug-left-over-1000-organizations-open- to-ransomware-device-hijacking/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)