Security Leftovers
-
Tim Retout: Data Diodes
At ArgoCon today, Thomas Fricke gave a nice talk on Cloud Native Deployments in Air Gapped Environments describing container vulnerability scanning in the German energy sector… and since he didn’t mention data diodes, and since some of my colleagues at Oakdoor/PA Consulting make data diodes for a living, I thought this might be interesting to write about!
-
Cameron Kaiser: Power Mac ransomware? Yes, but it's complicated
Can that file run on a Power Mac? It appears it's indeed a PowerPC binary, but the executable format is ELF and not Mach-O, so the file can only run natively on Linux or another ELF-based operating system, not PowerPC Mac OS X (or, for that matter, Mac OS 9 and earlier). Even if the raw machine code were sprayed into memory for an exploitable Mac application to be tricked into running, ELF implies System V ABI, which is similar but different from the PowerOpen ABI used for PowerPC-compatible versions of Mac OS, and we haven't even started talking about system calls. Rather than a specific build targetting Power Macs, most likely this is evidence that the LockBit builders simply ran every crosscompiler variation they could find on their source code: there are no natively little-endian 32-bit PowerPC CPUs, for example, yet there's a ppcle build visible in the screenshot. Heck, there's even an s390x build. Parents, don't let your mainframes out unsupervised. This is probably a good time to mention that I've been working on security patches for TenFourFox and a couple minor feature adjustments, so stay tuned. It's been awhile but such are hobbies.
-
Scammers are targeting Microsoft users with ‘storage full’ emails [Ed: People who use Microsoft and Windows already suffered security breaches; their equipment is remotely controlled by criminals (Microsoft) and spies]
The email leads to a dodgy phishing website
-
Microsoft Isn’t Done Shoving Ads Into Windows 11 [Ed: Criminals (Microsoft) spy on your desktop usage in order to sell information about you and to manipulate you. Even the Stasi did not go this far.]
The company wrote that its latest Windows 11 preview build will have even more ‘badging’ on the Start menu for Microsoft 365 and OneDrive.
-
ARMO Employs eBPF to Identify Severe Kubernetes Vulnerabilities
ARMO today announced it has added a capability to its Kubernetes security platform that makes it simpler to prioritize remediation of vulnerabilities based on their relevancy. Ben Hirschberg, ARMO CTO, says this capability takes advantage of extended Berkeley Packet Filtering (eBPF) in the Linux kernel to scan running Kubernetes pods
-
The State of Kubernetes Security in 2023
Despite Kubernetes still being a relatively young technology, adoption rates have soared over the past several years as the container orchestration platform has become the cornerstone for many digital transformation initiatives. Even as organizations settle in with their use of the technology in production, however, there still remains concern around the best ways to secure containerized workloads.
-
Red Hat Survey Surfaces Cloud-Native Cybersecurity Challenges
A global survey of 600 DevOps, engineering and security professionals published today by Red Hat finds more than two-thirds (67%) have delayed or slowed down deployment of Kubernetes clusters because of a cybersecurity issue. More than half (53%) experienced a software supply chain issue related to cloud-native and containerized development
-
Speech by Executive Vice-President Vestager on strengthening cybersecurity resilience [Ed: You need to ban proprietary software with back doors]
European Commission Speech Strasbourg, 18 Apr 2023 Today we put on the table two initiatives: a proposal for a European Cyber Solidarity Act, and a European Cybersecurity Skills Academy.
-
Report: [Cr]ackers Use ‘Backdoor’ Attacks to Access Computer Networks
As Africa’s online community continues to grow, hackers and other malicious actors are waiting to invade those expanding networks to steal valuable data. A recent study by IBM’s Security X-Force cyberthreat analysts showed that so-called “backdoor” attacks were among the most popular way for hackers to gain access to computer systems across Africa.
-
How Mexico Became the Biggest User of the Pegasus Spyware
A Times investigation reveals the story behind how Mexico became the first and most prolific user of Pegasus. It’s still using it, despite promising to stop.