network security | Breaking Cybersecurity News | The Hacker News

If you have installed a network-attached storage device manufactured by LG Electronics, you should take it down immediately, read this article carefully and then take appropriate action to protect your sensitive data. A security researcher has revealed complete technical details of an unpatched critical remote command execution vulnerability in various LG NAS device models that could let attackers compromise vulnerable devices and steal data stored on them. LG's Network Attached Storage (NAS) device is a dedicated file storage unit connected to a network that allows users to store and share data with multiple computers. Authorized users can also access their data remotely over the Internet. The vulnerability has been discovered by the researcher at privacy advocate firm VPN Mentor, the same company that last month revealed severe flaws in three popular VPNs —HotSpot Shield, PureVPN, and ZenMate VPN. The LG NAS flaw is a pre-authenticated remote command injection vulnera

Since last week, a new hacking group, calling itself ' JHT ,' hijacked a significant number of Cisco devices belonging to organizations in Russia and Iran, and left a message that reads—" Do not mess with our elections " with an American flag (in ASCII art). MJ Azari Jahromi, Iranian Communication and Information Technology Minister, said the campaign impacted approximately 3,500 network switches in Iran, though a majority of them were already restored. The hacking group is reportedly targeting vulnerable installations of Cisco Smart Install Client, a legacy plug-and-play utility designed to help administrators configure and deploy Cisco equipments remotely, which is enabled by default on Cisco IOS and IOS XE switches and runs over TCP port 4786. Some researchers believe the attack involves a recently disclosed remote code execution vulnerability ( CVE-2018-0171 ) in Cisco Smart Install Client that could allow attackers to take full control of the network

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

Security researchers at Embedi have disclosed a critical vulnerability in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to execute arbitrary code, take full control over the vulnerable network equipment and intercept traffic. The stack-based buffer overflow vulnerability (CVE-2018-0171) resides due to improper validation of packet data in Smart Install Client, a plug-and-play configuration and image-management feature that helps administrators to deploy (client) network switches easily. Embedi has published technical details and Proof-of-Concept (PoC) code after Cisco today released patch updates to address this remote code execution vulnerability, which has been given a base Common Vulnerability Scoring System (CVSS) score of 9.8 (critical). Researchers found a total of 8.5 million devices with the vulnerable port open on the Internet, leaving approximately 250,000 unpatched devices open to hackers. To exploit this vulner

The growing popularity of Bitcoin and other cryptocurrencies is generating curiosity—and concern—among security specialists. Crypto mining software has been found on user machines, often installed by botnets. Organizations need to understand the risks posed by this software and what actions, if any, should be taken. To better advise our readers, we reached out to the security researchers at Cato Networks. Cato provides a cloud-based SD-WAN that includes FireWall as a Service (FWaaS) . Its research team, Cato Research Labs, maintains the company's Cloud IPS, and today released a list of crypto mining pool addresses that you can use as a blacklist in your firewall. (To download the list, visit this page .) Cato Research Labs determined crypto mining represents a moderate threat to the organization. Immediate disruption of the organization infrastructure or loss of sensitive data is not likely to be a direct outcome of crypto mining. However, there are significant risks of i

Security researchers have discovered several severe vulnerabilities and a secret hard-coded backdoor in Western Digital's My Cloud NAS devices that could allow remote attackers to gain unrestricted root access to the device. Western Digital's My Cloud (WDMyCloud) is one of the most popular network-attached storage devices which is being used by individuals and businesses to host their files, and automatically backup and sync them with various cloud and web-based services. The device lets users not only share files in a home network, but the private cloud feature also allows them to access their data from anywhere at any time. Since these devices have been designed to be connected over the Internet, the hardcoded backdoor would leave user data open to hackers. GulfTech research and development team has recently published an advisory detailing a hardcoded backdoor and several vulnerabilities it found in WD My Cloud storage devices that could allow remote attackers to

As governments and enterprises migrate toward controller-based architectures, the role of a core network engineer are evolving and more important than ever. There is a growing number of jobs in Networking, but if you lack behind, you need to pass some certification exams to enter into this industry and get a significant boost in your IT career. If you are looking forward to making career advancement in Networking, then Cisco Certifications — CCNA and CCNP — are one of the most highly reputed entry-level networking certifications in the industry. While CCNA, or Cisco Certified Network Associate, is for entry-level network engineers to maximise their foundational networking knowledge, CCNP or Cisco Certified Network Professional is intended for professionals to implement, maintain and plan Cisco's wide range of high-end network solution products. But how long have you wanted to take CCNA and CCNP training classes to achieve the certifications, only to realise the cost is simpl

DUHK — Don't Use Hard-coded Keys — is a new 'non-trivial' cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions. DUHK is the third crypto-related vulnerability reported this month after KRACK Wi-Fi attack and ROCA factorization attack . The vulnerability affects products from dozens of vendors, including Fortinet , Cisco, TechGuard, whose devices rely on ANSI X9.31 RNG — an outdated pseudorandom number generation algorithm — 'in conjunction with a hard-coded seed key.' Before getting removed from the list of FIPS-approved pseudorandom number generation algorithms in January 2016, ANSI X9.31 RNG was included into various cryptographic standards over the last three decades. Pseudorandom number generators (PRNGs) don't generate random numbers at all. Instead, it is a deterministic algorithm that produces a sequence of bits based on initial secret values called a

It's been close to five years since we last looked at Incapsula , a security-focused CDN service known for its DDoS mitigation and web application security features. As one would expect, during these five years the company has expanded and improved, introducing lots of new features and even several new products. Most recently, Incapsula underwent an extensive network expansion that includes new PoPs in Asia including two new data centers in New Delhi and Mumbai. This seems like an excellent opportunity to revisit the service and see how it has evolved. Acquisition, Award and Growth Before we jump into Incapsula's service upgrades, we want to mention the changes in the company itself briefly. The most notable of those is Incapsula's 2014 acquisition by Imperva—an authority in web application security and a four-time Gartner Magic Quadrant leader for web application firewalls. The acquisition boosted Incapsula's security capabilities, resulting in its own cloud

One of the most devastating aspects of the recent WannaCry ransomware attack was its self-propagating capability exploiting a vulnerability in the file access protocol, SMB v1. Most enterprises defences are externally-facing, focused on stopping incoming email and web attacks. But, once attackers gain a foothold inside the network through malware, there are very few security controls that would prevent the spread of the attack between enterprise locations in the Wide Area Network (WAN). This is partly due to the way enterprises deploy security tools, such as IPS appliances, and the effort needed to maintain those tools across multiple locations. It's for those reasons Cato Networks recently introduced a context-aware Intrusion Prevention System (IPS) as part of its secure SD-WAN service . There are several highlights in this announcement that challenge the basic concept of how IT security maintains an IPS device and sustains the effectiveness of its protection. Cato Network

Admit it. Who would not want their firewall maintenance grunt work to go away? For more than 20 years, companies either managed their edge firewall appliances or had service providers rack-and-stack appliances in their data centers and did it for them. This was called a managed firewall — an appliance wrapped with a managed service, often from a carrier or managed security service provider (MSSP). The provider assumed the management of the firewall box, its software, and even its policy and management from the over-burdened IT team. But customers ended up paying for the inefficiency of dealing with appliances (i.e. "grunt work") because the problem just shifted to the provider. A new architecture was needed - a transformation from an appliance form factor to a true cloud service. In a 2016 Hype Cycle for Infrastructure Protection report , Gartner analyst Jeremy D'Hoinne initiated the emerging category of Firewall as a Service (FWaaS). He defined FWaaS as " ...a fire

WikiLeaks has published a new batch of the ongoing Vault 7 leak , this time detailing a framework – which is being used by the CIA for monitoring the Internet activity of the targeted systems by exploiting vulnerabilities in Wi-Fi devices. Dubbed " Cherry Blossom ," the framework was allegedly designed by the Central Intelligence Agency (CIA) with the help of Stanford Research Institute (SRI International), an American nonprofit research institute, as part of its 'Cherry Bomb' project. Cherry Blossom is basically a remotely controllable firmware-based implant for wireless networking devices, including routers and wireless access points (APs), which exploits router vulnerabilities to gain unauthorized access and then replace firmware with custom Cherry Blossom firmware. "An implanted device [ called Flytrap ] can then be used to monitor the internet activity of and deliver software exploits to targets of interest." a leaked CIA manual  reads . "The wi

Nobody likes to do router and firewall management. It often requires a lot of hard labor just keeping the infrastructure up and running. If you ever had to set up IPsec tunnels between different firewall brands, change a firewall rule and hope nothing breaks, upgrade to the latest software or urgently patch a vulnerability – you know what I am talking about. All of these issues have been with us basically forever. Recently, the list of complex tasks extended to getting cloud infrastructure connected to the rest of the network, and secure access for mobile users. There seems to be a change coming to this key part of IT, a silver lining if you will. We decided to take a look at one solution to this problem – the Cato Cloud from Cato Networks. Founded in 2015, Cato Networks provides a software-defined and cloud-based secure enterprise network that connects all locations, people and data to the Cato Cloud – a single, global, and secure network. Cato promises to simplify netwo