#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Claroty | Breaking Cybersecurity News | The Hacker News

Category — Claroty
New Admin Takeover Vulnerability Exposed in Synology's DiskStation Manager

New Admin Takeover Vulnerability Exposed in Synology's DiskStation Manager

Oct 18, 2023 Vulnerability / Data Security
A medium-severity flaw has been discovered in Synology's DiskStation Manager ( DSM ) that could be exploited to decipher an administrator's password and remotely hijack the account. "Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, and remotely take over the admin account," Claroty's Sharon Brizinov  said  in a Tuesday report. The flaw, assigned the identifier CVE-2023-2729, is rated 5.9 for severity on the CVSS scoring scale. The flaw was addressed by Synology as part of  updates  released in June 2023. The problem is rooted in the fact that the software uses a weak random number generator that relies on the JavaScript  Math.random() method  to programmatically construct the admin password for the network-attached storage (NAS) device. Referred to as insecure randomness, it  arises  when a function that can produce predictable values, or doe
High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security

High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security

Oct 09, 2023 Vulnerability / IoT Security
Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO's ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data. "An attacker could have leveraged these flaws to fully compromise the cloud infrastructure, remotely execute code, and leak all customer and device information," Claroty's Noam Moshe  said  in an analysis published last week. Vulnerabilities in 3G/4G routers could expose thousands of internal networks to severe threats, enabling bad actors to seize control, intercept traffic, and even infiltrate Extended Internet of Things (XIoT) things. The shortcomings impacting the ConnectedIO platform versions v2.1.0 and prior, primarily the 4G ER2000 edge router and cloud services, could be chained, permitting attackers to execute arbitrary code on the cloud-based devices without requiring direct access to them. Flaws have also been unea
Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes

Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes

Oct 28, 2024Operational Technology / Cybersecurity
Operational Technology (OT) security has affected marine vessel and port operators, since both ships and industrial cranes are being digitalized and automated at a rapid pace, ushering in new types of security challenges. Ships come to shore every six months on average. Container cranes are mostly automated. Diagnostics, maintenance, upgrade and adjustments to these critical systems are done remotely, often by third-party vendor technicians. This highlights the importance of proper secure remote access management for industrial control systems (ICS).  Learn more in our Buyer's Guide for Secure Remote Access Lifecycle Management .  We at SSH Communications Security (SSH) have been pioneering security solutions that bridge the gap between IT and OT in privileged access management . Let's investigate how we helped two customers solve their critical access control needs with us. Secure Remote Access Around the Globe to 1000s of Ships  In the maritime industry, ensuring secure and e
Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

Dec 10, 2022 Web App Firewall / Web Security
A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information. Web application firewalls are a  key line of defense  to help filter, monitor, and block HTTP(S) traffic to and from a web application, and safeguard against attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection (SQLi). The generic bypass "involves appending  JSON syntax  to SQL injection payloads that a WAF is unable to parse," Claroty researcher Noam Moshe  said . "Most WAFs will easily detect SQLi attacks, but prepending JSON to SQL syntax left the WAF blind to these attacks." The industrial and IoT cybersecurity company said its technique successfully worked against WAFs from vendors like Amazon Web Services (AWS), Cloudflare, F5, Imperva, and Palo Alto Networks, all of whom have since released updates
cyber security

AWS EKS Security Best Practices [Cheat Sheet]

websiteWiz.ioCloud Security / Kubernetes
Unlock this one-stop resource for mastering EKS security best practices and safeguarding your cloud-native applications.
New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks

New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks

Aug 16, 2022
Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers ( PLCs ) to gain an initial foothold in engineering workstations and subsequently invade the operational technology (OT) networks. Dubbed " Evil PLC " attack by industrial security firm Claroty, the issue impacts engineering workstation software from Rockwell Automation, Schneider Electric, GE, B&R, Xinje, OVARRO, and Emerson. Programmable logic controllers are a crucial component of industrial devices that control manufacturing processes in critical infrastructure sectors. PLCs, besides orchestrating the automation tasks, are also configured to start and stop processes and generate alarms. It's hence not surprising that the entrenched access provided by PLCs have made the machines a focus of sophisticated attacks for more than a decade, starting from  Stuxnet to PIPEDREAM  (aka INCONTROLLER), with the goal of causing physical disruptions.  "The
New 'ParseThru' Parameter Smuggling Vulnerability Affects Golang-based Applications

New 'ParseThru' Parameter Smuggling Vulnerability Affects Golang-based Applications

Aug 02, 2022
Security researchers have discovered a new vulnerability called  ParseThru  affecting Golang-based applications that could be abused to gain unauthorized access to cloud-based applications. "The newly discovered vulnerability allows a threat actor to bypass validations under certain conditions, as a result of the use of unsafe URL parsing methods built in the language," Israeli cybersecurity firm Oxeye said in a report shared with The Hacker News. The issue, at its core, has to do with inconsistencies stemming from changes introduced to Golang's URL parsing logic that's implemented in the "net/url" library. While versions of the programming language prior to 1.17 treated semicolons as a valid query delimiter (e.g., example.com?a=1;b=2&c=3), this behavior has since been modified to throw an error upon finding a query string containing a semicolon. "The net/url and net/http packages used to accept ";" (semicolon) as a setting separat
Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code

Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code

Apr 01, 2022
Two new security vulnerabilities have been disclosed in Rockwell Automation's programmable logic controllers ( PLCs ) and engineering workstation software that could be exploited by an attacker to inject malicious code on affected systems and stealthily modify automation processes. The flaws have the potential to disrupt industrial operations and cause physical damage to factories in a manner similar to that of Stuxnet and the  Rogue7 attacks , operational technology security company Claroty said. "Programmable logic and predefined variables drive these [automation] processes, and changes to either will alter normal operation of the PLC and the process it manages," Claroty's Sharon Brizinov  noted  in a write-up published Thursday. The list of two flaws is below – CVE-2022-1161  (CVSS score: 10.0) – A remotely exploitable flaw that allows a malicious actor to write user-readable "textual" program code to a separate memory location from the executed c
Expert Insights / Articles Videos
Cybersecurity Resources