Vulnerability discovered: CDU files a complaint against a hacker

Vulnerability discovered: CDU files a complaint against a hacker

Vulnerability discovered

An IT expert discovered a security gap in a CDU election campaign app and reported it to those responsible. A little later, Lilith Wittmann announced on Twitter that the party had filed a complaint against the expert. As a result, the Chaos Computer Club directly announced in a public message that the CDU will no longer be reported to any more security gaps with immediate effect.

The CCC also invokes what is known as Responsible Disclosure. This agreement actually protects IT people from legal consequences if they make companies aware of weaknesses. Because the CDU has now terminated this agreement with its notification, the CCC will refrain from reporting in the future. A few hours after the reports were posted on the Internet, the party withdrew the complaint and apologized. However, the process will not be discontinued, which is why Lilith Wittmann has already received financial support from followers. She had to pay a total of 2,000 euros for the criminal defense. The public prosecutor's office in Berlin could still stop the investigation. So far, however, there has been no statement from those responsible.

Read also 0

YouTube: Lawsuit against data transfer in Germany

YouTube is suing the Federal Government's Network Enforcement Act, which in future provides for an obligation to report to the Federal Criminal Police Office. 0

EU Commission: Plans for digital tax off the table

Plans for a digital tax in Europe were terminated prematurely. Instead, the G20 countries want to introduce a global minimum tax. 0

Cryptocurrencies: pressure from the federal government increases, providers should collect data

According to a current draft of the federal government, cryptocurrency providers may soon have to save and transmit personal data. var lstExcludedArticleTicker = '1377228,1376840,1375783,1374352'; Recommended editorial content Here you will find external content from [PLATTFORM]. To protect your personal data, external integrations are only displayed if you confirm this by clicking on "Load all external content": Load all external content I consent to external content being displayed to me. This means that personal data is transmitted to third-party platforms. Read more about our privacy policy . External content More on this in our data protection declaration. In addition to the CDU, Wittmann also informed the CERT Association and Berlin's data protection officer about the security gaps. The expert discovered the problems in the "CDU connect app" back in May. Datasets from over 18,000 election campaigners could be found unprotected on the Internet. In the meantime the apps for iOS and Android have been removed and the respective databases with the information taken offline.

via Golem & Heise




INFRA:HALT Vulnerabilities Affect NicheStack: Industrial Devices Compromised

Researchers have discovered 14 bugs and stated them in a report, known as INFRA:HALT vulnerabilities. Their target is none other than a popular proprietary TCP/IP stack. More exactly the NicheStack variants that rank below 4.3 are subjects to threat. Who uses this kind of library? The industrial sector, counting over 200 vendors.

How Can an Attack Due to INFRA:HALT Vulnerabilities Work?

All vulnerabilities were CVE classified. The ones who discovered them are the researchers from Forescout Labs and JFrog, the Forescout researchers having a project named Project Memoria that handles these issues.


According to Bleeping Computer, one of them, by his name Stanislav Dashevskyi, made a demonstration by taking one of the INFRA:HALT vulnerabilities and demonstrating how can it be exploited.

  • He took CVE-2020-25928.
  • What he did is to attack the PLC (programmable logical controller) that controls an industrial fan.
  • The vulnerable device transmits, as usual, a DNS request to the DNS server.
  • Though the DNS that responds to this request is controlled by the attacker, so it’s compromised with a bad shellcode.
  • Then it’s time for the device to take action: it analyses the DNS response it receives.
  • This is the time when the threat actors could execute remote control over the appliance.
  • The hacker will make the affected machine initiate a TCP connection with another device, the inside PLC will then be linked with an HVAC.
  • The compromised device sends then an FTP packet to exploit the found vulnerability in that PLC.
  • The result? The PLC has no power to make the fan active anymore.
  • INFRA:HALT vulnerabilities demonstration image

    INFRA:HALT vulnerabilities demonstration image

    Image Source

    The 14 Vulnerabilities: What They Do and How Dangerous They Are

    The new vulnerabilities allow for remote code execution, denial of service, information leak, TCP spoofing, or DNS cache poisoning.

    Source


    The vulnerabilities pose a real threat to impacted devices. Most of them are high-security risks, but only 2 of them are critical. CVE-2020-25928 has a CVS score of 9.8 and CVE-2020-31226 has a score of 9.1.


    However, they can be exploited only if hackers manage to get access to the internal network of the organizations. Granting access to the office network is not enough, but managing to connect to the OT section makes way for their malicious actions. Why? Because all the industrial equipment is deployed on that network.


    INFRA:HALT vulnerabilities Image List

    INFRA:HALT vulnerabilities Image List

    Image Source

    How Many and What Devices Are Exposed?

    The number of affected industrial devices that use NicheStack raise to 6400.


    Among targeted companies, these can be mentioned, that are NicheStack’s clients, known as InterNiches now because it’s under HCC Embedded at the present moment: Schneider Electric, Rockwell Automation, Honeywell, Emerson, Mitsubishi Electric, and Siemens.


    According to the Forescout report, 21 vendors’ systems (2500) are impacted by these vulnerabilities.

    What Measures Have Been Taken?

    HCC Embedded has taken the necessary measures and provided the proper patches that customers are urged to immediately apply. In short, all devices should be updated with the NicheStack 4.3 version.


    Researchers from JFrog and Forescout also shared their mitigation recommendations where the above-mentioned patches cannot function:


    INFRA:HALT vulnerabilities mitigation measures

    INFRA:HALT vulnerabilities mitigation measures

    Image source


    Also, according to the same report, researchers recommend to device vendors, network operators, and the cybersecurity community in general to:

  • Perform an audit in order to detect the NicheStack running machines. They can do this by using the script provided by Forescout.
  • External communication should be restricted and detected vulnerable devices should be kept apart from those running well until they are patched.
  • Keep up to date with the patches.
  • The traffic should be monitored: because hackers can use data packets to exploit o-day bugs.
  • A tool that performs an audit on code can be also useful.




  • Powered by Blogger.