Security bug left over 1,000 organizations open to ransomware, device hijacking

Security researchers have discovered two major flaws in FileWave’s endpoint management software which could have given threat actors a way...

Security researchers have discovered two major flaws in FileWave’s endpoint management software which could have given threat actors a way to circumvent authentication measures and completely take over the affected devices.

The flaws affected more than 1,100 internet-accessible FileWave management instances, used by large government entities, schools, small businesses, and many other firms. Besides fully taking over the instances, threat actors could have used the backdoor to launch ransomware attacks, or steal sensitive data. 

Found by security firm Claroty, the vulnerabilities are being tracked as CVE-2022-34907 and CVE-2022-34906.

Patched flaws

CVE-2022-34907 is described as an authentication bypass, not unlike the flaw recently found in F5 BIG-IP WAF. The researchers explained that the scheduler service running on the mobile device management (MDM) server authenticates to the web server using a hardcoded shared secret. But this secret doesn’t change between different MDM installations, or versions. 

"This means that if we know the shared secret and supply it in the request, we do not need to supply a valid user's token or know the user's username and password," researcher Noam Moshe told the publication, also stating that a threat actor could use this flaw to access the target system with elevated privileges. 

These privileges would give them power over other internet-connected devices: "This enables us to control all of the servers' managed devices, exfiltrate all sensitive data being held by the devices, including usernames, email addresses, IP addresses, geo-location etc, and install malicious software on managed devices," Moshe added.

CVE-2022-34906, on the other hand, is a flaw discovered in the hardcoded cryptographic key. The flaw could be used to decrypt sensitive data found in FileWave, as well as send crafted requests to the devices associated with the MDM platform.

The flaws have since been patched, so if you’re affected, make sure you’re running versions 14.6.3 and 14.7.2, or 14.8 and newer.

  • Keep your internet activities to yourself with the best firewalls around

Via: The Register



from TechRadar - All the latest technology news https://ift.tt/lPmdI7J
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Security bug left over 1,000 organizations open to ransomware, device hijacking
Security bug left over 1,000 organizations open to ransomware, device hijacking
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/07/security-bug-left-over-1000.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/07/security-bug-left-over-1000.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy