#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Protocol Security | Breaking Cybersecurity News | The Hacker News

Category — Protocol Security
Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

Oct 09, 2024 Industrial Security / Critical Infrastructure
Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification ( MMS ) protocol that, if successfully exploited, could have severe impacts in industrial environments. "The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution," Claroty researchers Mashav Sapir and Vera Mens said in a new analysis. MMS is an OSI application layer messaging protocol that enables remote control and monitoring of industrial devices by exchanging supervisory control information in an application-agnostic manner. Specifically, it allows for communication between intelligent electronic devices ( IEDs ) and supervisory control and data acquisition (SCADA) systems or programmable logic controllers (PLCs). The five shortcomings identified by the operational technology security company impact MZ Automation's libIEC61850 library and Triangle MicroWorks' TMW IEC 61...
New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems

New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems

Mar 20, 2024 DoS Attack / Network Security
A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk. Called  Loop DoS attacks , the  approach  pairs "servers of these protocols in such a way that they communicate with each other indefinitely," researchers from the CISPA Helmholtz-Center for Information Security said. UDP, by design, is a  connectionless protocol  that does not validate source IP addresses, making it susceptible to IP spoofing. Thus, when attackers forge several UDP packets to include a victim IP address, the destination server responds to the victim (as opposed to the threat actor), creating a reflected denial-of-service (DoS) attack. The latest study found that certain implementations of the UDP protocol, such as DNS, NTP, TFTP, Active Users, Daytime, Echo, Chargen, QOTD, and Time, can be weaponized to create a self-perpetuating attack loop. "It p...
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Dec 04, 2024Risk Management / Zero Trust
Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and poor access management.  Privileged accounts with access to your critical systems and sensitive data are among the most vulnerable elements in cloud setups. When mismanaged, these accounts open the doors to unauthorized access, potential malicious activity, and data breaches. That's why strong privileged access management (PAM) is indispensable. PAM plays an essential role in addressing the security challenges of complex infrastructures by enforcing strict access controls and managing the life cycle of privileged accounts. By employing PAM in hybrid and cloud environments, you're not...
Expert Insights / Articles Videos
Cybersecurity Resources