Security Leftovers
-
ISTIO-SECURITY-2022-007
The Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message, to crash the control plane process. This can be exploited when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from an attacker.
-
RedHat: RHSA-2022-7020:01 Important: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
-
iTWire - Cisco, Canberra uni to jointly address cyber-security skills shortage
Global networking giant Cisco has tied up with the University of Canberra to address the shortage of cyber security skills, with the focus to be on defence and critical infrastructure.
A statement from Cisco said the partnership would expand the National Industry Innovation Network which is focused on how digital technologies can help in Australia’s economic and social challenges.
"Cyber security is a major challenge for us at every level, and certainly for industry, government and universities – therefore, it is equally a major source of new jobs and innovation," University of Canberra vice-chancellor Professor Paddy Nixon said.
"There is enormous scope for Australia to improve its resilience against cyber attacks including the use of advanced digital technologies.
-
How Card Skimming Disproportionally Affects Those Most In Need
When people banking in the United States lose money because their payment card got skimmed at an ATM, gas pump or grocery store checkout terminal, they may face hassles or delays in recovering any lost funds, but they are almost always made whole by their financial institution. Yet, one class of Americans — those receiving food assistance benefits via state-issued prepaid debit cards — are particularly exposed to losses from skimming scams, and usually have little recourse to do anything about it.
-
Moto E20 Readback Vulnerability | Pen Test Partners
The Moto E20 from Lenovo phone uses a Unisoc T606 SoC. In common with all Unisoc SoCs, this uses a customised U-boot bootloader as a secondary bootloader which then loads Android. The bootloader can be communicated with using the Android fastboot protocol.
Analysis of the bootloader showed that there was an undocumented fastboot oem subcommand, pull, that could read data from the phone (i.e. could upload data from the phone to the fastboot client).
[...]
As the userdata partition is encrypted, PII cannot be stolen through method 2 by default. It is useful to extract the contents of the bootloader or Android to reverse engineer potential vulnerabilities. The uboot_log and miscdata partitions can contain information useful for potential future attacks.
Method 3 can allow cold boot attacks – where the device is booted into the bootloader and the RAM is then examined to look for confidential information from the Android operating system.
As a proof of concept, some canary values were set in the Android Settings and Contacts app. The device was booted into bootloader mode. 2 GB of memory was extracted from address 0x80000000 (which usually maps to RAM on ARM cores) and examined. All canaries were found within the memory, including a wireless PSK. Showing it could be possible to compromise user data.
Although this was discovered on the version of the firmware described above, the same command has been identified on other versions and software channels for the Moto E20.