home.social

#domainfronting — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #domainfronting, aggregated by home.social.

  1. "🚨 CVE-2023-28807 - Domain Fronting Evasion in ZIA 🚨"

    An evasion technique identified as CVE-2023-28807, allows attackers to bypass Zscaler Internet Access (ZIA)'s domain fronting detection by exploiting a mismatch between Connect Host and Server Name Indication (SNI) in Client Hello messages. The vulnerability exploits how ZIA handles the SNI field during the TLS handshake process. The SNI is intended to indicate which host the client wants to connect to within a shared hosting environment, allowing the server to present the correct certificate for that host. However, due to this vulnerability, an attacker can manipulate the SNI in such a way that the security mechanisms fail to correctly identify and filter malicious traffic, enabling the attacker to hide malicious activities within what appears to be legitimate traffic.
    This vulnerability, discovered and addressed by Zscaler. Users are urged to upgrade to version 6.2r.290 to mitigate this risk. 🛡️💻🔐

    Source: Zscaler & VulDB

    Tags: #Cybersecurity #CVE2023 #DomainFronting #Zscaler #NetworkSecurity #EvasionTechniques #MITREATTACK MITRE - T1587.003 🌍🔒🔍

  2. "🚨 CVE-2023-28807 - Domain Fronting Evasion in ZIA 🚨"

    An evasion technique identified as CVE-2023-28807, allows attackers to bypass Zscaler Internet Access (ZIA)'s domain fronting detection by exploiting a mismatch between Connect Host and Server Name Indication (SNI) in Client Hello messages. The vulnerability exploits how ZIA handles the SNI field during the TLS handshake process. The SNI is intended to indicate which host the client wants to connect to within a shared hosting environment, allowing the server to present the correct certificate for that host. However, due to this vulnerability, an attacker can manipulate the SNI in such a way that the security mechanisms fail to correctly identify and filter malicious traffic, enabling the attacker to hide malicious activities within what appears to be legitimate traffic.
    This vulnerability, discovered and addressed by Zscaler. Users are urged to upgrade to version 6.2r.290 to mitigate this risk. 🛡️💻🔐

    Source: Zscaler & VulDB

    Tags: #Cybersecurity #CVE2023 #DomainFronting #Zscaler #NetworkSecurity #EvasionTechniques #MITREATTACK MITRE - T1587.003 🌍🔒🔍

  3. "🚨 CVE-2023-28807 - Domain Fronting Evasion in ZIA 🚨"

    An evasion technique identified as CVE-2023-28807, allows attackers to bypass Zscaler Internet Access (ZIA)'s domain fronting detection by exploiting a mismatch between Connect Host and Server Name Indication (SNI) in Client Hello messages. The vulnerability exploits how ZIA handles the SNI field during the TLS handshake process. The SNI is intended to indicate which host the client wants to connect to within a shared hosting environment, allowing the server to present the correct certificate for that host. However, due to this vulnerability, an attacker can manipulate the SNI in such a way that the security mechanisms fail to correctly identify and filter malicious traffic, enabling the attacker to hide malicious activities within what appears to be legitimate traffic.
    This vulnerability, discovered and addressed by Zscaler. Users are urged to upgrade to version 6.2r.290 to mitigate this risk. 🛡️💻🔐

    Source: Zscaler & VulDB

    Tags: #Cybersecurity #CVE2023 #DomainFronting #Zscaler #NetworkSecurity #EvasionTechniques #MITREATTACK MITRE - T1587.003 🌍🔒🔍

  4. Azure Networking has released an update which includes a feature that blocks domain fronting behavior on newly created customer resources, as well as feature enhancements to Azure Web Application Firewall (WAF). techcommunity.microsoft.com/t5 #AzureNetworking #DomainFronting #AzureWAF

  5. Aaaaaaand there goes #DomainFronting on #Amazon:
    arstechnica.com/information-te

    I remember people telling me domain fronting will solve all problems, and me feeling queasy about relying on big players so much.

    Google killed it last month, Amazon is killing it now.

    #FML

    Also, interesting: a)> there had to be a misconfiguration in Amazon/Google infras; b). #Signal was using it apparently without Amazon/Google approval?

    #InfoSec

  6. Über Domain Fronting konnten Signal-Nutzer bisher die Zensur in Ländern wie Ägypten und den Vereinigten Arabischen Emiraten umgehen. Das ist Google und Amazon ein Dorn im Auge, die nun den Signal-Entwicklern diese Möglichkeit nehmen. www.heise.de/newsticker/meldun… #AWS #Amazon #AppEngine #DomainFronting #Google #Messenger #SSL #Signal #TLS #Verschlüsselung