Nov 23, 2020

AWS API脆弱性、Palo Alto 5G セキュリティ機能、SAD DNS、PAN-OS auth bypass 他

Hackers Stealing and Selling VoIP Access (11/09)

https://www.bankinfosecurity.com/hackers-stealing-selling-voip-access-a-15325
Check Point Research has uncovered a large and likely profitable business model that involves hackers attacking and gaining control of certain VoIP services, which enables them to make phone calls through a company's compromised system.

Xiaomi says fixed glitch on weather app (10/19)

https://telecom.economictimes.indiatimes.com/news/xiaomi-says-fixed-glitch-on-weather-app/78751344
Chinese phone brand, on Monday, claimed that it has fixed the technical glitch on its weather app because of which Xiaomi smartphones were not displaying the weather of Arunachal Pradesh.

AWS Flaw Allows Attackers to Find Users' Access Codes (11/20)

https://www.bankinfosecurity.com/aws-flaw-allows-attackers-to-find-users-access-codes-a-15408

Researchers have uncovered a vulnerability in 22 application programming interfaces across 16 Amazon Web Services products that can be exploited to compromise basic information on the user and gain access to details of cloud accounts, according to researchers at Palo Alto Networks' Unit 42.

Mitigation Steps

Because there are no observable logs in a potential victim's account, it's difficult to restrict fraudsters from cataloging identities, but using good IAM security measures can help in addressing such threats, Unit 42 notes. 

..

Unit 42 recommends the following several steps to mitigate this issue:

  • 非アクティブなユーザーやロールをブロックすることで攻撃の対象を減らす。
  • ユーザ名やロール名にランダムコードを追加して推測しにくくする
  • IDプロバイダとフェデレーションでログインしてAWSアカウントに追加ユーザーが作成されないようにする。
  • すべてのアイデンティティ認証活動を監視する
  • すべてのユーザーとIAMロールに二要素認証を実装する。


AWS APIs can be abused to leak information (11/19)

https://www.techradar.com/news/aws-apis-can-be-abused-to-leak-information



Amazon Web Services APIs can allegedly be exploited to steal user data (11/17)

https://siliconangle.com/2020/11/17/amazon-web-services-apis-can-allegedly-exploited-steal-user-data/


Palo Alto Networks 5G Security Fuses Firewalls, SDN

https://www.sdxcentral.com/articles/news/palo-alto-networks-5g-security-fuses-firewalls-sdn/2020/11/

Palo Alto Networks today rolled out new 5G security capabilities for enterprises and service providers. Specifically, it added understanding of 5G protocols and network interfaces to its firewalls, and says this, combined with its SDN and distributed cloud security, allows it to secure 5G networks, services, applications, and devices.


Palo Alto Networks and PwC deliver MDR services to Hong Kong enterprises (11/19)

https://securitybrief.asia/story/palo-alto-networks-and-pwc-deliver-mdr-services-to-hong-kong-enterprises

Palo Alto Networks and PwC have expanded their partnership with the shared goal of delivering managed detection and response (MDR) services to enterprises in Hong Kong.


Palo Alto Networks and PwC extend partnership, deliver cyber defence solution (11/03)

https://securitybrief.asia/story/palo-alto-networks-and-pwc-extend-partnership-deliver-cyber-defence-solution


Brace for DNS Spoofing: Cache Poisoning Flaws Discovered (11/18)

https://www.bankinfosecurity.com/brace-for-dns-spoofing-cache-poisoning-flaws-discovered-a-15389

Fixes Arriving to Safeguard DNS Against Newly Found 'SAD DNS' Side-Channel Attack


Serious VPN vulnerability found in popular business networking software (11/12)

https://www.techradar.com/news/serious-vpn-vulnerability-found-in-popular-business-networking-software

During an internal security review, Palo Alto Networks discovered an authentication bypass vulnerability in some versions of their PAN-OS software. The vulnerability can be exploited to gain access to restricted VPN network resources.


CVE-2020-2022 PAN-OS: Panorama session disclosure during context switch into managed device (11/11)

https://security.paloaltonetworks.com/CVE-2020-2022

An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacker to gain privileged access to the Panorama web interface. An attacker requires some knowledge of managed firewalls to exploit this issue.

Severity: HIGH

Solution: This issue is fixed in PAN-OS 8.1.17, PAN-OS 9.0.11, PAN-OS 9.1.5, and all later PAN-OS versions.


No comments: