NAT Slipstream v2 is firewalls’ worst nightmare

by Dan Florian | January 27, 2021 | Cybersecurity News

An updated slipstream technique spells danger for vulnerable firewalls.

Security researchers at Armis enhanced the old 2020 attack by leveraging protocols that evade port blocks. Previously, the initial attack could have been triggered by a malicious JavaScript code that first found the victim’s computer’s IP address and then tried to initiate a SIP video-conference session. This way, every connected device on the target’s network got exposed to the internet.

Researchers warned last year that protocols like WebRTC TURN could be used for attacks, and they managed to prove it with NAT Slipstream v2.

“The new variant to the NAT Slipstreaming attack is comprised of two primitives, the first explores the H.323 ALG, and the second expands the attack surface of the various NAT ALGs reachable from a browser, by abusing the WebRTC TURN server API via JavaScript,”
Ben Seri and Gregory Vishnepolsky, threat researchers at Armis

On a positive note, researchers disclosed the vulnerability to browser vendors back in November 2020, and most major browsers have been patched.

A demonstration of the attack can be found in the video bellow.

Check the source.

Read More

This Disney Plus Scam Is After Your Bank Info
A newly discovered Disney Plus scam is phishing for your banking information, using an e-mail with a very eye-catching … Read more
ChatGPT Might Boost Phishing Scams In 2023, Experts Warn
While AI’s immensely popular ChatGPT is a very useful tool for writers and creators worldwide, it might also help … Read more
Devastating Ransomware Attack: Oakland Declares State of Emergency
In the wake of a massive ransomware attack that left the city with no choice but to shut its … Read more
H0lyGh0st Ransomware After Small and Midsize Businesses
Microsoft has linked H0lyGh0st, a cyberthreat that emerged in June 2021 and targets small-to-midsized businesses, to North Korean state-sponsored … Read more
Popular NFT Marketplace Ravaged by $540M Phishing Scheme
In March, a North Korean APT netted $540 million thanks to a massive phishing operation carried out on the … Read more

Attribution:

Photo by Florian Olivo on Unsplash

by Dan Florian

Product owner and co-founder of ATTACK Simulator. Dan likes to code, is passionate about design, and loves running and swimming.

Holiday Scams: 5 Warning Signs and Essential Do’s & Don’ts To Keep Your Business Safe

Holiday Scams: 5 Warning Signs and Essential Do’s & Don’ts To Keep Your Business Safe

Dec 7, 2021

Oh, the weather outside is frightful, but the huge discounts are more than delightful. We're all...

Cyber Monday Scams: 8 Tips To Avoid Them

Cyber Monday Scams: 8 Tips To Avoid Them

Nov 29, 2021

Amid Black Friday and Cyber Monday online shopping craze, cybercrooks are jumping on every...

8 Tips To Avoid Black Friday & Cyber Monday Scams

8 Tips To Avoid Black Friday & Cyber Monday Scams

Nov 20, 2021

While shopping online on Black Friday and Cyber Monday helps you skip the crowds in malls and...

« Older Entries

Next Entries »

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.

Security Awareness Training