IOWN APN, Trends, Airport and Port security, OSCP+, Aug 25th - Aug 31st - This Week In Security

 

This Week in Security (TWIS)

Aug 25th - Aug 31st 2024

"IOWN APN, Trends, Airport and Port security, OSCP+"

 

Hello Everyone, This week Koichi is back as editor for another round-up of the news. This time I chose these security topics: IOWN APN, Trends, Airport and Port security, OSCP+ .

 

All-Photonics Networks had activated between Japan and Taiwan

The Nippon Telegraph and Telephone (NTT) had activated Innovative Optical and Wireless Network (IOWN) All-Photonics Network (APN) between Japan and Taiwan, and demonstrated the low-latency communication by the all photonics network.

The IOWN API is a major part of IOWN initiative, which is to create a prosperous society using state-of-the-art optical technology. The IOWN APN reduces latency significantly by using optical signals, which are relayed by routers dedicated to optical signals. 

NTT showed that data can be sent between NTT’s research center in Musashino City, Tokyo, and Chunghwa Telecom’s data center in Taiwan. The distance between them is about 3,000 kilometers, and the delay is about 15-17 milliseconds. The conventional optic-electrical line would have taken 200 to 500 milliseconds to relay this distance, so 1/200 latency. NTT demonstrated a real-time rock-paper-scissors game between Japan and Taiwan.

• Chunghwa Telecom and NTT activate the world's first International IOWN APN between Taiwan and Japan Take only 17 msec in 3,000 km with an ultra-low latency network
• What is the IOWN Initiative?
• What is the All-Photonics Network?
• Japanese telecom NTT deploys all-optical system IOWN with Taiwan

 

Trend of the published vulnerabilities in 2024

According to a report published by Forescout, the number of vulnerabilities published in the first half of 2024 increased by 43% compared to the first half of 2023, and the number of vulnerabilities (CVE) added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA)'s Catalog of Known Exploited Vulnerabilities (KEV) decreased by 23%, to 87.  The majority of vulnerabilities published in the first half of 2024 had a severity score (CVSS) of “medium” (39%) or “low” (25%), with only 9% having a “critical” score. Microsoft (17%) was the most commonly affected company, followed by Google (8%), Apple (6%), D-Link (6%), Ivanti (6%), Android (5%), and Cisco (5%). The threat sources active in the first half of 2024 were China (65%), Russia (36%), and Iran (21%), with China surpassing Russia in the first half of 2023.

Roughly 20% of new exploited vulnerabilities in CISA KEV and Vulnerability KEV catalogs targeted VPN or network infrastructure appliances.
Ransomware attacks in the first half of 2024 increased 6% compared to the first half of 2023, reaching 3085 attacks. In terms of the number of ransomware actors, Lockbit was followed by Play (6%), RansomHub (6%), Cactus (5%), Akira (5%), Hunters (5%), and Blackbuster (5%).

• Perils in the Periphery : 2024H1 Threat Review
• Published Vulnerabilities Surge by 43%

 

SQL injection attack is possible to Airport security check

Cybersecurity researchers say they've found a vulnerability that allowed them to skip US airport security checks and even fly in the cockpit on some scheduled flights via SQL injection. 
The security checks we all go through at the airport before boarding an airplane have a way for aircrew and pilots to skip them. By registering with Known Crewmember (KCM) or Cockpit Access Security System (CASS), aircrew and pilots can be authorized to skip security checks.
However, KCM and CASS certification and registration can be a significant cost burden for small-sized airlines, so they are sometimes supported by third-party services, such as the FlyCASS system. Researchers discovered that some basic SQL injection methods works to log in FlyCASS login page and possible to get administrative privileges. After logging in, the researchers were able to register a new fictitious pilot as a legitimate user.
Aeronautical Radio, Incorporated (ARINC) and the Federal Aviation Administration(FAA) were notified of this vulnerability, as well as the Department of Homeland Security (DHS) and Transportation Security Administration (TSA), and FlyCASS was disconnected from the system.
TSA gives a statement for this: "TSA does not solely rely on this database to verify the identity of crewmembers. TSA has procedures in place to verify the identity of crewmembers and only verified crewmembers are permitted access to the secure area in airports. TSA worked with stakeholders to mitigate against any identified cyber vulnerabilities." 

• Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers
• Bypassing airport security via SQL injection

 

Cyber Security Exercise conducted by DHS and Japanese MLIT

The U.S. Department of Homeland Security (DHS) and the Ports and Harbors Bureau of the Ministry of Land, Infrastructure, Transport and Tourism (MLIT) of Japan, had conducted a virtual exercise focused on enhancing maritime cybersecurity and incident response capabilities.  The exercise simulated a major cyber incident impacting operations at a Japanese port, testing incident response policies and procedures, and fostered conversations between the DHA and MLIT on how to enhance mutual preparedness for threats to interconnected critical infrastructure.
It is assumed that this exercise was prompted by last year's high-impact cyber attack on the Port of Nagoya, a major port in Japan.
On July 4, 2023,  A ransomware attack caused a disruption in the Port of Nagoya's unified container terminal system, forcing the shutdown of all terminals at the Port of Nagoya. This is the first major incident in Japan to attack a port and has generated interest from government agencies and the cybersecurity community in Japan. 

• DHS Partners with Japanese Counterparts to Strengthen Maritime Cybersecurity Cooperation
• Report of Incident Response to Cyber Attack at Port of Nagoya Container Terminal (Japanese)

 

Changes to the OSCP and introducing a new certification category OSCP+

The OffSec Certified Professional (OSCP)  is a security certification, developed and maintained by Offensive Security, specializing in penetration testing. The OSCP is unique in that there are no questions of knowledge test, only a hands-on exam, and the certification has no expiration date. The OSCP has announced that it will update the certification scheme. According to the Changes to the OSCP, starting November 1, 2024, bonus points will be eliminated, the problem of AD portion will be enhanced, and, a new certification, OSCP+ will be granted with an expiration date of three years in addition to the current OSCP (The article says the current OSCP certification has no expiration date and continues to be valid indefinitely).