Hackers Hit Unpatched Pulse Secure and Fortinet SSL VPNs

By: Mathew J. Schwartz

Vendors Issued Security Updates to Fix Severe Flaws Several Months Ago

Hackers in recent days have been hunting for SSL VPNs manufactured by both Fortinet and Pulse Secure that have yet to be updated to fix serious security flaws, security experts warn.

There’s been a surge in scanning attempts by attackers to locate and automatically hack these devices, exploiting known flaws that allow them to steal passwords and other sensitive data. With stolen passwords in hand, attackers can potentially gain full, remote access to organizations’ networks.

The attacks come despite both vendors having released patches several months ago – Pulse Secure in April, Fortinet in May – via firmware updates that included security fixes. Both vendors warned that all customers should install the updates as quickly as possible, given the severity of the flaws. Many organizations, however, apparently have yet to install the updated software, and thus remain at elevated risk from escalating exploit attempts.

Internet scans count at least 480,000 Fortinet Fortigate SSL VPN endpoints connected to the internet, although it’s unclear how many remain unpatched. But experts say that of about 42,000 Pulse Secure SSL VPN endpoints seen online, more than 14,000 of them – a majority of which are located in the United States – remain unpatched.

Attacks Escalate

In recent days, reports of attacks against vulnerable Pulse Secure and Fortinet SSL VPNs have been escalating.

On Thursday, Troy Mursch of Chicago-based threat intelligence firm Bad Packets warned that his firm’s honeypots had detected opportunistic, large-scale mass scanning activity by hackers looking for Pulse Secure VPN SSL servers vulnerable to CVE-2019-11510. “This arbitrary file reading vulnerability allows sensitive information disclosure enabling unauthenticated attackers to access private keys and user passwords,” he said. “Further exploitation using the leaked credentials can lead to remote command injection (CVE-2019-11539) and allow attackers to gain access inside the private VPN network.”

More: https://www.bankinfosecurity.com/hackers-hit-unpatched-pulse-secure-fortinet-ssl-vpns-a-12958

Cyber Attack: Securing Digital Payments In The Age Of Emerging Technologies

By: Inc42

In recent times, India’s financial systems have been heavily targeted by malicious cyber actors due to an indefinite cyber framework. This can be further explained through the cyber attack instances of millions of debit cards being hacked in the past few years.

About 70% of the organizations have experienced some form of cyber-attack with phishing, Distributed Denial of Service (DDoS) or spam. The rising incidents of cyber frauds in digital payments, the Hitachi ATM data breach in 2016, surge in ransomware attacks such as Wannacry and Petya, Yahoo data breach etc. signifies that India requires updated technologies as well as policies to protect millions of personal data.

The breach of the latter isn’t just a done to hinder daily activities, but also a carry forward to activities such as cyber-espionage which are an attack to a country’s national security.

Global Systems Of Hacking

The attackers today are progressively building advanced technologies to target core banking systems especially concerned with payments. Their activities are becoming more and more aggressive and assertive than before to interrupt the victim’s capability to respond. They are further collaborating across multiple geographies heightening the attacker’s anonymity by requiring no additional resources to carry out the attacks.

As hackers are operating globally and collaborating across multiple geographies, it is therefore fundamentally critical to ensure that jurisdictions and organisations across the world collaborate to counter this growing threat. In the new era of digital payments, where technologies are constantly changing and evolving, there are numerous cybersecurity challenges to consider.

Cyber-attacks are more sophisticated and now target the entire payments life cycle.

Need For A Coordinated And Integrated Approach

Silos that exist between lines of business, payment operations (across payment types, business functions, and geographies), cybersecurity, risk, compliance, technology, treasury, and business continuity hamper the carefully coordinated response needed to prevent, detect and respond to attacks.

More: https://inc42-com.cdn.ampproject.org/c/s/inc42.com/resources/securing-digital-payments-from-cyber-threat-and-attacks/amp/

9 Popular Phishing Scams (Be Aware)

By: BroadbandSearch .net

Ever since the early days of the internet, scammers have been working to steal our money, and sometimes our identity. And while we as internet users have gotten more aware and are more capable of identifying scams, the bad guys have gotten better too, which means danger is still out there, lurking behind every digital corner.

However, the best defense against cybercrime is not to avoid using the internet. Doing that would be denying ourselves all the best things the internet has to offer, such as educational resources, social media, and, of course, pictures of cute dogs. Instead, the best thing you can do is to inform yourself about how hackers work and about the most common types of scams out there.

Email scams, also known as phishing, are some of the most prevalent threats, so it’s important to understand what they are as well as what they look like so that you can steer clear and stay safe while surfing the web. Read on to find everything you need to know.

Understand the Risk of Email Phishing

To help you understand the risk that email phishing poses, consider the following:

Email Phishing in 2019

[1], [2], [3], [4], [5], [6]

What is Phishing?

According to phishing.com, phishing is a type of cybercrime in which hackers contact you while posing as a legitimate institution or organization in an attempt to get you to provide sensitive or private information. Once they have this information, they most often use it to commit financial or identity theft, the consequences of which can be extremely severe.

This type of phishing can occur over the telephone, via SMS text message, or, as is most often the case, through email.

Other phishing attempts will ask you to download a file or click a link, and doing so will infect your computer with malicious software that can cause your personal information to end up in the wrong hands.


Integral to almost all phishing attempts is website or email spoofing. This is the practice of creating a website or email template that nearly perfectly mimics a legitimate website. These designs are very professionally done and can be almost impossible to distinguish from the real thing.

More: https://www.broadbandsearch.net/blog/popular-email-phishing-scams?msID=f33a51b6-f73c-4ff5-a286-d94f32e20160

Over 40 Drivers Could Let Hackers Install Persistent Backdoor On Windows PCs

By: Swati Khandelwal

If you own a device, or a hardware component, manufactured by ASUS, Toshiba, Intel, NVIDIA, Huawei, or other 15 other vendors listed below, you’re probably screwed.

A team of security researchers has discovered high-risk security vulnerabilities in more than 40 drivers from at least 20 different vendors that could allow attackers to gain most privileged permission on the system and hide malware in a way that remains undetected over time, sometimes for years.

For sophisticated attackers, maintaining persistence after compromising a system is one of the most important tasks, and to achieve this, existing hardware vulnerabilities sometimes play an important role.

One such component is a device driver, commonly known as a driver or hardware driver, a software program that controls a particular type of hardware device, helping it to communicate with the computer’s operating system properly.

Since device drivers sit between the hardware and the operating system itself and in most cases have privileged access to the OS kernel, a security weakness in this component can lead to code execution at the kernel layer.

This privilege escalation attack can move an attacker from user mode (Ring 3) to OS kernel-mode (Ring 0), as shown in the image, allowing them to install a persistent backdoor in the system that a user would probably never realize.

windows driver hacking

Discovered by researchers at the firmware and hardware security firm Eclypsium, some of the new vulnerabilities could allow arbitrary read/write of kernel memory, model-specific registers (MSRs), Control Registers (CR), Debug Registers (DR), and physical memory.

“All these vulnerabilities allow the driver to act as a proxy to perform highly privileged access to the hardware resources, which could allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host,” the researchers explain in their report titled ‘Screwed Drivers.’

More: https://thehackernews.com/2019/08/windows-driver-vulnerability.html?m=1

South Korea New Target for Payment Fraud

By: Suparna Goswam

Some Experts Say Merchants Are Slow to Implement Chip Cards, Security Measures

hreat actors are increasingly targeting the APAC region – especially South Korea – for payment card fraud, according to recent report from Gemini Advisory.

For example, a group of hackers recently stole information on more than 1 million credit cards in South Korea, targeting transactions made at point-of-sale terminals.

The Gemini Advisory report says more than 1 million credit card records from South Korea have been posted for sale on the dark web since May 29, 2019.

“South Korea’s high card-present fraud rates indicate a weakness in the country’s payment security that fraudsters are motivated to exploit,” says Stas Alforov, security researcher at Gemini Advisory. “As this global trend toward increasingly targeting non-Western countries continues, I feel both the supply and demand for South Korean-issued CP records in the dark web will likely increase.”

The statistics illustrate the growth of the problem. Alforov says 42,000 compromised South Korean-credit card records were posted for sale on the dark web in May. That number grew to 230,000 in June and 890,000 in July.

The graph shows spike in card fraud in South Korea in June. (Source: Gemini Advisory)

Missing Security Steps

Alforov tells Information Security Media Group that the failure of many South Korean merchants to shift to accepting EMV chip card transactions at their POS devices appears to have contributed to the surge in credit card information theft, along with a failure to take other security steps. Another factor, some experts say, is a lack of security measures at POS integrators. (see: Mastercard’s Ron Green on Payment Card Fraud)

“In this particular case, it appears that while South Korea mandated the switch to EMV at the end of 2018, there are still some merchants lagging behind, which is why we are seeing over 1 million card-present records compromised” because of data stolen from magnetic stripe card transactions, he says. EMV cards store encrypted data on a chip, making card-present data theft far more difficult.

More: https://www.bankinfosecurity.com/south-korea-new-target-for-payment-fraud-a-12897

A security firm says it has discovered a flaw in WhatsApp that would allow hackers to alter your messages

By: Mary Hanbury

A cybersecurity firm has discovered a flaw in WhatsApp that allows hackers to intercept and manipulate messages — potentially changing the identity of a message sender or altering their text.

Attackers could literally “put words in [someone’s] mouth,” Israeli firm Check Point Research said in a press release on Wednesday. It added that this gives the attacker the power to “create and spread misinformation from what appear to be trusted sources.”

Check Point reversed WhatsApp’s encryption algorithm and decrypted the data. Once it did so, it was able to see all the parameters that are sent between the web and mobile version of WhatsApp and manipulate this data.

So, for example, if it wanted to change your message, it captures the outgoing message from WhatsApp, decrypts the data, changes it to whatever it wants it to say, and then encrypts it back.

More: https://www.businessinsider.com/whatsapp-flaw-could-allow-hackers-to-alter-your-messages-2019-8

QualPwn vulnerabilities in Qualcomm chips let hackers compromise Android devices

By: Catalin Cimpanu

Patches for the QualPwn vulnerabilities have been released earlier today by both Qualcomm and the Android team.

The Android Security Bulletin for August 2019 is out today and this month’s Android security patches include a fix for two dangerous vulnerabilities that impact devices with Qualcomm chips.

Known collectively as QualPwn, these two vulnerabilities “allow attackers to compromise the Android Kernel over-the-air,” according to Tencent Blade, a cyber-security division at Tencent, one of China’s biggest tech firms.

The over-the-air attack is not a fully remote attack, meaning it can’t be executed over the internet. To launch a QualPwn attack, the attacker and the target must be on the same WiFi network.

Nonetheless, the QualPwn attacks don’t require user interaction, and Android users with affected Qualcomm chipsets will need to look into installing the August 2019 Android OS security patch.


The two QualPwn vulnerabilities are as follow:

  • CVE-2019-10538 – a buffer overflow that impacts the Qualcomm WLAN component and the Android Kernel. Can be exploited by sending specially-crafted packets to a device’s WLAN interface, which allows the attacker to run code with kernel privileges.
  • CVE-2019-10540 – a buffer overflow in the Qualcomm WLAN and modem firmware that ships with Qualcomm chips. Can be exploited by sending specially-crafted packets to an Android’s device modem. This allows for code execution on the device.

The first issue was patched with a code fix in the Android operating system source code, while the second bug was patched with a code fix in Qualcomm’s closed-source firmware that ships on a limited set of devices.

More: https://www.zdnet.com/article/qualpwn-vulnerabilities-in-qualcomm-chips-let-hackers-compromise-android-devices/


VPN flaw enables hackers to easily infiltrate corporate networks

By: INQUIRER staff

Vuln affects Palo Alto Networks, Fortinet and Pulse Secure

SECURITY FLAWS in three popular corporate VPNs that could enable attackers to steal confidential information from a company’s networks.

Researchers at Devcore claim to have discovered security flaws in three popular corporate VPNs that could enable attackers to steal confidential information from a company’s network.

The vulns affect three corporate virtual private networks (VPN) providers, namely, Palo Alto Networks, Fortinet, and Pulse Secure.

VPNs are used to encrypt traffic between points on the internet, extending a private network across a public network. They are often used to enable staff working remotely to access resources on their organisation’s corporate network.

Usually, companies provide their staff with a corporate username and password that need to be entered, along with a two-factor authentication code, before access to the company’s network can be granted for the VPN.

But range Tsai and Meh Chang, the security researchers who first noticed those bugs, claim that the flaws they unearthed could enable anyone to silently break into a company’s network without requiring a username/password.

“A few SSL VPN vendors dominate the market. Therefore, if we find any vulnerability on these vendors, the impact is huge,” Tsai told TechCrunch, ahead of a presentation at the Black Hat USA event in August.

In an online post, the researchers described the format string flaw affecting Palo Alto’s GlobalProtect portal and GlobalProtect Gateway products.

The company quickly updated its software when it was informed about the security vulnerability, but said that the majority of staff were not using the Palo Alto VPN as a primary VPN.

More: https://www.theinquirer.net/inquirer/news/3079463/vpn-flaw-coroprate-network

Rodrigo Maia e Davi Alcolumbre também foram alvo de hackers

By: Clébio Cavagnolle Caio Sandin

Além dos presidentes do Senado e da Câmara, Procuradora-Geral, Raquel Dodge e membros de STF tiveram celular invadidos

R7 Planalto confirmou que os hackers detidos na última terça-feira (23) acessaram os telefones dos presidente da Câmara, Rodrigo Maia, e do Senado, Davi Alcolumbre.

Além dos dois líderes das principais casas da política brasileira, a Procuradora-Geral da República, Raquel Dodge, o presidente do STJ (Superior Tribunal de Justiça), João Otávio de Noronha, e de ministros do STF (Supremo Tribunal Federal) também tiveram os celulares invadidos.

Após a prisão dos quatro suspeitos no interior paulista foi descoberto que o presidente da República, Jair Bolsonaro, também havia sido alvo dos hackers. Ele se defendeu dizendo que invadir seu telefone foi perda de tempo.

Mais: https://noticias.r7.com/prisma/r7-planalto/rodrigo-maia-e-davi-alcolumbre-tambem-foram-alvo-de-hackers-25072019

Celulares usados por Bolsonaro também foram alvo de hackers, diz Ministério da Justiça

By: G1 Rio

Operação Spoofing prendeu 4 pessoas na última terça (23) suspeitas de invadir o celular do ministro Sérgio Moro e outras autoridades.

A Polícia Federal (PF) informou ao Ministério da Justiça e Segurança Pública que celulares utilizados pelo presidente Jair Bolsonaro também foram alvos de ataque do grupo de hackers preso em operação da PF na última terça-feira (23).

Operação Spoofing, autorizada pelo juiz Vallisney de Oliveira, da 10ª Vara da Justiça Federal, em Brasília, investiga invasão do celular do ministro Sérgio Moro, de um desembargador, um juiz federal e dois delegados da Polícia Federal. A operação foi deflagrada nas cidades de São Paulo, Araraquara e Ribeirão Preto.

Por meio de nota, o Ministério da Justiça e Segurança Pública informou que Bolsonaro foi “devidamente comunicado” sobre o fato por uma “questão de segurança nacional”. A nota não informa se os hackers conseguiram obter alguma informação dos aparelhos usados pelo presidente.

“O Ministério da Justiça e Segurança Pública foi, por questão de segurança nacional, informado pela Polícia Federal de que aparelhos celulares utilizados pelo Sr. Presidente da República foram alvos de ataques pelo grupo de hackers preso na última terça feira. Por questão de segurança nacional, o fato foi devidamente comunicado ao Sr. Presidente da República.”

Mais: https://g1.globo.com/politica/noticia/2019/07/25/