Security News

Cybersecurity researchers have demonstrated yet another variation of the Rowhammer attack affecting all DRAM chips that bypasses currently deployed mitigations, thereby effectively compromising the security of the devices. Originally disclosed in 2014, Rowhammer refers to a fundamental hardware vulnerability that could be abused to alter or corrupt memory contents by taking advantage of DRAM's tightly-packed, matrix-like memory cell architecture to repeatedly access certain rows that induces an electrical disturbance large enough to cause the capacitors in neighbouring rows to leak charge faster and flip bits stored in the "Victim" rows adjacent to them.

Researchers have developed a new fuzzing-based technique called 'Blacksmith' that revives Rowhammer vulnerability attacks against modern DRAM devices that bypasses existing mitigations. The emergence of this new Blacksmith method demonstrates that today's DDR4 modules are vulnerable to exploitation, allowing a variety of attacks to be conducted.

Boffins at ETH Zurich, Vrije Universiteit Amsterdam, and Qualcomm Technologies have found that varying the order, regularity, and intensity of rowhammer attacks on memory chips can defeat defenses, thereby compromising security on any device with DRAM. The vulnerability, tracked as CVE-2021-42114 with a severity of 9 out of 10, means that pretty much any shared workload on physical hardware is potentially susceptible to a rowhammer attack, even if the device in question relies on a memory defense known as Target Row Refresh. Around 2014 [PDF], computer researchers associated with Carnegie Mellon and Intel revealed that by "Hammering" RAM chips with write operations, they could flip bits stored in adjacent memory rows, creating errors that can be exploited to gain access to kernel memory, to elevate privileges, and to break the isolation between virtual machines and the host.

The US Department of Education and Department of Homeland Security were urged this week to more aggressively strengthen cybersecurity protections at K-12 schools across the nation to keep up with a massive wave of attacks. For context on the impact of ransomware on US education institutions throughout 2021, ransomware attacks have disrupted education at roughly 1,000 universities, colleges, and schools since the start of the year, according to Emsisoft threat analyst Brett Callow.

The US Federal Trade Commission has shared guidance for small businesses on how to secure their networks from ransomware attacks by blocking threat actors' attempts to exploit vulnerabilities using social engineering or exploits targeting technology.The first step businesses are advised to take to fend off such attacks is to ensure their tech teams follow the best practices outlined by CISA in this Ransomware Guide and the Fact Sheet on Rising Ransomware Threat to Operational Technology Assets.

Cybersecurity firm Palo Alto Networks warned over the weekend of an ongoing hacking campaign that has already resulted in the compromise of at least nine organizations worldwide from critical sectors, including defense, healthcare, energy, technology, and education. To breach the orgs networks, the threat actors behind this cyberespionage campaign exploited a critical vulnerability in Zoho's enterprise password management solution known as ManageEngine ADSelfService Plus which allows remotely executing code on unpatched systems without authentication.

US defense contractor Electronic Warfare Associates has disclosed a data breach after threat actors hacked their email system and stole files containing personal information. As detailed in a notice to the Montana Attorney General's office, EWA discovered that a threat actor took over one of their email accounts on August 2, 2021.

In a paper titled, The Security Risk of Lacking Compiler Protection in WebAssembly, distributed via ArXiv, the technical trio say that when a C program is compiled to WASM, it may lack anti-exploit defenses that the programmer takes for granted on native architectures. "We compiled 4,469 C programs with known buffer overflow vulnerabilities to x86 code and to WebAssembly, and observed the outcome of the execution of the generated code to differ for 1,088 programs," the paper states.

98% of U.S. executives report that their organizations experienced at least one cyber event in the past year, compared to a slightly lower rate of 84% in non-U.S. executives, according to a Deloitte survey. Further, COVID-19 pandemic disruption led to increased cyber threats to U.S. executives' organizations at a considerably higher rate than non-U.S. executives experienced.

It's very rare that the defense and intelligence community is vulnerable to file-based attacks. More commercial businesses should look to the defense and intelligence community for guidance on improving security posture.