Aggregator

Похищение основателя Ledger привело к дебатам о безопасности крипторынка.

A vulnerability was found in Apple macOS up to 10.12.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Help Viewer. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2017-2361. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Backoffice 4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file reboot.ini of the component Installer. The manipulation leads to information disclosure. This vulnerability is known as CVE-1999-0372. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in M-Files Server. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Database Driver. The manipulation leads to uncaught exception. This vulnerability is known as CVE-2025-0648. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cyrus IMAP and classified as critical. This issue affects some unknown processing. The manipulation as part of HTTP Request leads to improper privilege management. The identification of this vulnerability is CVE-2019-18928. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cyrus IMAP up to 3.0.15/3.2.7/3.4.1. It has been declared as problematic. This vulnerability affects unknown code of the component Daemon. The manipulation leads to denial of service. This vulnerability was named CVE-2021-33582. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in htmldoc 1.9.15. Affected is the function gif_get_code of the component GIF File Handler. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2022-0534. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in htmldoc 1.9.16. Affected is the function image_load_jpeg of the file image.cxx. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2022-27114. The attack needs to be approached within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in HTMLDoc up to 1.9.12. It has been classified as critical. This affects the function e_node of the file htmldoc/htmldoc/html.cxx. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2022-34035. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as critical, was found in HTMLDOC up to 1.9.18. Affected is the function parse_paragraph of the file ps-pdf.cxx. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2024-45508. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in HTMLDoc 1.9.15 and classified as critical. Affected by this issue is the function write_header of the file /htmldoc/htmldoc/html.cxx. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2022-34033. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in htmldoc 1.9.14. This issue affects the function gif_read_lzw. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2022-24191. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in HTMLDOC up to 1.9.14 and classified as critical. This issue affects the function image_set_mask. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2022-0137. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle VM VirtualBox up to 7.0.23/7.1.5 and classified as critical. Affected by this issue is some unknown functionality of the component Core. The manipulation leads to Local Privilege Escalation. This vulnerability is handled as CVE-2025-21571. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

The recent cyber breach at the U.S. Treasury Department, linked to state-sponsored Chinese hacke

The recent cyber breach at the U.S. Treasury Department, linked to state-sponsored Chinese hackers, has set off alarm bells in the public sector. As the investigation continues, this incident reveals a pressing issue that all government agencies must confront: securing their APIs (Application Programming Interfaces).

APIs are essential connections within our digital infrastructure, facilitating communication and data sharing between systems. However, with their increasing usage comes a greater risk of them being exploited as attack points. This breach, believed to originate from a weakness in a third-party software vendor, specifically BeyondTrust, underscores the interconnectedness of today's IT networks and highlights the necessity for a robust, layered security strategy.

The Mechanics of a Breach: API Vulnerabilities Under Attack

While comprehensive details are still emerging, attackers capitalized on a vulnerability within BeyondTrust's software to infiltrate the Treasury's systems. This tactic of supply chain attacks is becoming more prevalent, as malicious actors often target the weakest links to achieve their goals.  In this case, the attackers exploited BeyondTrust's privileged remote access product, which Treasury employees used. Once inside, attackers might have used compromised API keys or taken advantage of other API flaws to access sensitive information.

Salt Security: Stopping Future Treasury Department Breaches

This event highlights the urgent need for strong API security solutions that instantly recognize and thwart attacks. At Salt Security, our API Protection Platform is specifically built to tackle these issues directly. Here's how Salt could have helped to prevent or lessen the impact of this breach:

Comprehensive API Visibility: Salt offers complete visibility into all API traffic, including shadow APIs and those controlled by third-party vendors like BeyondTrust. This enables organizations to pinpoint and rectify potential vulnerabilities before exploiting them. This capability is vital in complex settings like the Treasury Department, where many interconnected systems depend on APIs for communication.

Stolen API Key Detection: Our platform specializes in detecting compromised API keys. Here's how:

• SIEM Alerts and Attacker Dashboard: Salt generates alerts in your SIEM and our Attacker Dashboard, clearly marking the compromised API key as the source of malicious actions. This facilitates immediate correlation of related events, regardless of the attacker's attempts to disguise their origin.
• Robust Correlation: The compromised API key is the primary identifier, linking all the attacker's actions, even if they use proxies or VPNs to hide their IP address. This provides a clear and thorough understanding of the attack’s progression.
• Geolocation Data: If the attacker makes mistakes, Salt can utilize geolocation data to track unusual foreign connections tied to the compromised key, which is especially significant in a case involving a U.S. federal agency.

Real-time Threat Identification: Salt Security detects suspicious and malicious activities in real-time, such as:

• Parameter Tampering: Identifying unauthorized alterations to API parameters, signaling attempts to manipulate data or exploit vulnerabilities.
• Abnormal Responses: Recognizing unusual or unexpected responses from the API, potentially indicating an attacker probing for weaknesses.
• Injection Exploits: Detecting and blocking attempts to inject malicious code, such as SQL injection or cross-site scripting, without depending on known CVEs (Common Vulnerabilities and Exposures). This proactive strategy ensures protection against zero-day exploits.
• OWASP Attacks: Recognizing and addressing a broad range of attacks documented in the OWASP (Open Web Application Security Project) API Security Top 10, including broken authentication, sensitive data exposure, and security misconfigurations.

Advanced Threat Detection: In addition to fundamental security protocols, Salt employs AI-driven behavioral analytics to identify complex attacks that may evade traditional security measures. This encompasses spotting anomalies in API usage patterns, recognizing malicious behavior, and proactively blocking attacks before they inflict harm.

Key Lessons: Fortifying API Security Across the Public Sector

The breach at the Treasury Department is a critical lesson for the public sector as a whole. Here are essential takeaways for government agencies:

• Emphasize API Security: APIs are vital to government operations and are prime targets for cybercriminals. Agencies must focus on API security and enforce strong protective measures.
• Implement a Zero Trust Framework: Treat every API call as potentially harmful. Enforce rigorous authentication and authorization methods, and continuously surveil API traffic for signs of suspicious activity.
• Bolster Supply Chain Security: Diligently vet third-party vendors like BeyondTrust and confirm they maintain rigorous security standards. Don't just rely on vendor assurances; contractually obligate them to use approved API security tools for their software. Regular evaluations and monitoring of the security status of your entire supply chain are crucial.

Salt Security: Your Partner in API Protection

The increasing reliance on APIs across all industries underscores the urgent need for robust API security. Whether you're in government, finance, healthcare, e-commerce, or any other sector that leverages APIs to connect applications and data, Salt Security can help you safeguard your critical assets.

Our API Protection Platform provides the comprehensive visibility, posture governance, advanced threat detection, and real-time response capabilities needed to stay ahead of the curve in today's ever-evolving threat landscape.

If you want to learn more about Salt and how we can help you on your API Security journey through discovery, posture governance, and run-time threat protection, please contact us, schedule a demo, or check out our website.

The post Treasury Department Breach: A Crucial Reminder for API Security in the Public Sector appeared first on Security Boulevard.