space.com
By Tereza Pultarova published 2 days ago

An AI start-up has found a vulnerability in security software protecting NASA's ground control communications with satellites in space.
"A vulnerability in this software poses a threat to billions of dollars in space infrastructure and the scientific missions they enable."

Communications between Earth and NASA spacecraft were critically vulnerable to hacking for years until an AI found the flaw and fixed it in just four days.

The vulnerability was sniffed out by an AI cybersecurity algorithm developed by California-based start-up AISLE and resides in the CryptoLib security software that protects spacecraft-to-ground communications. The vulnerability could have enabled hackers to seize control over countless space missions including NASA's Mars rovers, according to the cybersecurity researchers.

"For three years, the security system meant to protect spacecraft-to-ground communications contained a vulnerability that could undermine that protection." the AISLE cyber-security researchers wrote in a blog post on the company's website describing the vulnerability. "A vulnerability in this software poses a threat to billions of dollars in space infrastructure and the scientific missions they enable."

The researchers said the vulnerability was found in the authentication system and could have been exploited through compromised operator credentials. For example, the attackers could have gained access to user names and passwords of NASA employees through social engineering, methods such as phishing or infecting computers with viruses uploaded to USB drives and left where personnel could find them.

"The vulnerability transforms what should be routine authentication configuration into a weapon," the researchers wrote. "An attacker … can inject arbitrary commands that execute with full system privileges."

In other words, an attacker could remotely hijack the spacecraft or just intercept the data it is exchanging with ground control.

Fortunately, to gain access to the spacecraft through the CryptoLib vulnerability would require the attackers to, at some point, have local access to the system, which "reduces the attack surface compared to a remotely exploitable flaw," the researchers said in the blog post.

In iOS 18, Apple spun off its Keychain password management tool—previously only tucked away in Settings—into a standalone app called...

Microsoft discovered a vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s internal data storage directory, which could lead to arbitrary code execution and token theft, among other impacts. We have shared our findings with Google’s Android Application Security Research team, as well as the developers of apps found vulnerable to this issue. We anticipate that the vulnerability pattern could be found in other applications. We’re sharing this research more broadly so developers and publishers can check their apps for similar issues, fix as appropriate, and prevent them from being introduced into new apps or releases.

The Shadowserver Foundation identifies thousands of Ivanti VPN instances likely impacted by a recent remote code execution flaw.

Two years after the Log4Shell vulnerability in the open source Java-based Log4j logging utility was disclosed, circa one in four applications are dependent on outdated libraries, leaving them open to exploitation.

Research from security shop Veracode revealed that the vast majority of vulnerable apps may never have updated the Log4j library after it was implemented by developers as 32 percent were running pre-2015 EOL versions.

Kazakhstan - the world's last SSLv2 superpower... and a country with potentially vulnerable last-mile internet infrastructure, Author: Jan Kopriva

A ransomware affiliate is targeting publicly exposed Veritas installations to gain access to organizations.

Pulse Connect Secure is a low-cost and widely-deployed SSL VPN solution for remote and mobile users. Over the years, researchers have found several significant vulnerabilities in the server software, some even resulting in the active exploitation of critical infrastructure by malicious threat actors. In April of 2021, CISA released a report detailing some of these activities, which included exploiting several unknown (at the time) vulnerabilities and resulted in swift action from Ivanti, the Pulse Connect Secure software developer.

We recently began scanning for middlebox devices that are vulnerable to Middlebox TCP reflection, which can be abused for DDoS amplification attacks.  Our results are now shared daily, filtered for your network or constituency in the new Vulnerable DDoS Middlebox report. We uncover over 18,800,000 IPv4 addresses responding to our Middlebox probes. In some cases the amplification rates can exceed 10,000!