Page 12 - Threat Intelligence 11-27-2019
P. 12

Internal Threats












        Cisco VoIP adapters have critical security flaws. While setting up a VoIP service in their home, security
        researchers at Tenable Research discovered a total of 19 vulnerabilities in VoIP adapters from Cisco's SPA100
        Series. If exploited, these vulnerabilities could allow an attacker to eavesdrop on a user's conversations,
        initiate fraudulent phone calls and even pivot further into their internal network. Upon further inspection, they
        found that leveraging the flaws they found in Cisco's devices would allow a cybercriminal to completely
        compromise the web interface of the adapters as well as the underlying operating system.

                Source: https://www.techradar.com/news/cisco-voip-adapters-have-critical-security-flaws



        The way Bluetooth devices ‘talk’ to apps leaves them vulnerable. The problem lies in the way Bluetooth Low
        Energy devices communicate with the mobile apps that control them, said Zhiqiang Lin, associate professor of
        computer science and engineering at The Ohio State University. “There is a fundamental flaw that leaves these
        devices vulnerable – first when they are initially paired to a mobile app, and then again when they are
        operating,” Lin said. “And while the magnitude of that vulnerability varies, we found it to be a consistent
        problem among Bluetooth low energy devices when communicating with mobile apps.”
                Source: https://www.helpnetsecurity.com/2019/11/19/vulnerable-bluetooth-devices/



        Nautilus ATM Flaws Could Allow Hackers Access to Cash, Data. A pair of security researchers has discovered
        two vulnerabilities in ATMs widely used across the U.S. that could allow a determined criminal to steal cash
        and customer data. Researchers. found the flaws in machines manufactured by Nautilus Hyosung America
        Inc., the largest provider of ATMs in the U.S. By gaining access to the same network as the target ATM, the
        researchers were able to obtain full control of the machine and bypass its security measures. In a joint
        statement Monday, Red Balloon and Nautilus Hyosung said they had no evidence anyone has ever taken
        advantage of the vulnerabilities. The researchers said the flaws only affected retail versions of Nautilus ATMs,
        not ones used in financial institutions. According to an estimate by Red Balloon, more than 80,000 machines
        are vulnerable. Nautilus has more than 150,000 installed ATMs in the U.S., according to the statement.
                Source: https://finance.yahoo.com/news/security-researchers-discover-flaws-u-110000512.html



        32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant. A newly discovered variant of the Gafgyt
        Internet of Things (IoT) botnet is attempting to infect connected devices, specifically small office and home
        wireless routers from brands that include Zyxel, Huawei, and Realtek. Gafgyt was first detected in 2014. Since
        then, it has become known for large-scale distributed denial-of-service attacks, and its many variants have
        grown to target a range of businesses across industries. When a botnet strikes, it can degrade the production
        network and reputation of a company's IP addresses. Botnets gain access to connected devices by using
        exploits instead of attempting to log in via unsecured services. As a result, a botnet can more easily spread
        through IoT devices even if a business's admins have disabled unsecured services and use strong login
        credentials.

                Source: https://www.darkreading.com/iot/32000+-wifi-routers-potentially-exposed-to-new-gafgyt-
                variant/d/d-id/1336238

                                                    www.accumepartners.com
                                                                                                                    11
   7   8   9   10   11   12   13   14   15   16   17