Security and FUD

posted by Roy Schestowitz on Jan 19, 2023

• Project Zero: Exploiting null-dereferences in the Linux kernel

  For a fair amount of time, null-deref bugs were a highly exploitable kernel bug class. Back when the kernel was able to access userland memory without restriction, and userland programs were still able to map the zero page, there were many easy techniques for exploiting null-deref bugs. However with the introduction of modern exploit mitigations such as SMEP and SMAP, as well as mmap_min_addr preventing unprivileged programs from mmap’ing low addresses, null-deref bugs are generally not considered a security issue in modern kernel versions. This blog post provides an exploit technique demonstrating that treating these bugs as universally innocuous often leads to faulty evaluations of their relevance to security.

• New Linux malware up 50 percent in 2022 [Ed: Linux-hostile people and Microsoft boosters like Ian Barker use this self-promotional (conflict of interest) claim to bash and scare people away from GNU/Linux]

  Data analyzed by the Atlas VPN team, based on malware threat statistics from AV-ATLAS, shows new Linux malware threats hit record numbers in 2022, increasing by 50 percent to 1.9 million.

• Security updates for Thursday [LWN.net]

  Security updates have been issued by Debian (firefox-esr, libitext5-java, sudo, and webkit2gtk), Fedora (firefox and qemu), Red Hat (java-11-openjdk and java-17-openjdk), Slackware (sudo), SUSE (sudo), and Ubuntu (python-urllib3 and sudo).

• CISA Releases One Industrial Control Systems Advisory | CISA

  CISA released one Industrial Control Systems (ICS) advisory on January 19, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• A hands-on approach to symmetric-key encryption - sergioprado.blog

  In this article, we will learn how symmetric-key encryption works from a practical perspective.

  In the “Introduction to encryption for embedded Linux developers” article, we learned the basic concepts, including an introduction to security, confidentiality and encryption, the main motivations and how encryption works, types of encryption (symmetric-key and asymmetric-key encryption), the most commonly used ciphers and the trade-offs between them.

  In this article, we will use OpenSSL to put into practice some concepts about symmetric-key encryption.

  To follow along with this article and run the commands on your machine, you just need a terminal with a recent version of OpenSSL.

  Have fun! :-)

• Stealthy malware distribution involves polyglot files [Ed: Windows TCO]

  Deep Instinct researchers discovered that the StrRAT payload has been deployed in a campaign leveraging both JAR and MSI file formats, indicating potential execution via Windows and Java Runtime Environments.

• Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar [Ed: Windows TCO]

  This is not the first time such malware-laced polyglots have been detected in the wild. In November 2022, Berlin-based DCSO CyTec unearthed an information stealer dubbed StrelaStealer that's spread as a DLL/HTML polyglot.