Security Leftovers
-
Chrome 114 Released With 18 Security Fixes
Chrome 114 stable brings 18 security fixes, including 13 for vulnerabilities reported by external researchers.
-
Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
A backdoor feature found in hundreds of Gigabyte motherboard models can pose a significant supply chain risk to organizations.
[...]
Researchers at firmware and hardware security company Eclypsium discovered that hundreds of motherboard models made by Taiwanese computer components giant Gigabyte include backdoor functionality that could pose a significant risk to organizations.
-
Firmware Backdoor Discovered in Gigabyte Motherboards, 250+ Models Affected
Cybersecurity firm Eclypsium has discovered a backdoor in Gigabyte's firmware that puts 271 different motherboards at risk. These include models with Intel and AMD chipsets from the last several years, all the way up to today's Z790 and X670 SKUs. The vulnerability resides in a small updater program that Gigabyte employs to ensure that the motherboard's firmware is always current. Apparently, it's doing so via an unsecured implementation.
Have you ever noticed that after a clean Windows installation, a program pops up offering to download the latest driver or firmware for you? Unfortunately, that little piece of code could provide a backdoor for criminals.
Upon every system restart, a piece of code inside the firmware launches an updater program that connects to the Internet to check and download the latest firmware for the motherboard. Eclypsium assessed that Gigabyte's implementation is unsafe and cybercriminals can use the exploit to install malware on the victim's system. The big problem is that the updater program resides inside the motherboard's firmware, so consumers can't easily remove it.
-
Breaking Enterprise Silos and Improving Protection
When teams have a way to break down enterprise silos and see and understand what is happening, they can improve protection across their increasingly dispersed and diverse environment.
-
Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
A decade-old critical vulnerability in Jetpack was force-patched on five million WordPress sites over the past few days.
-
Kali Linux 2023.2 Released with 13 New Tools, Pre-Built HyperV Image [Ed: Microsofters pushing Microsoft; Hyper-V is proprietary and back doored; there's no reason to choose Hyper-V for anything]
Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for stealing credentials and session cookies.
-
KSOC Shares List of Top Eight Kubernetes Vulnerabilities
Kubernetes Security Operations Center (KSOC) has published a list of the eight Kubernetes vulnerabilities that are most likely to be exploited. The list is based on an Exploit Prediction Scoring System (EPSS) created by FIRST, a community of cybersecurity professionals that provides members with access to a range of collaboration
-
FTC settles with Amazon Ring over hacking, security incidents
Thousands of Ring customers have been victims of cyberattacks that the commission alleged were in part due to poor data security practices.
[...]
According to a complaint filed on behalf of the FTC in a federal court, approximately 55,000 U.S. customers suffered serious account compromises over a period during which Ring failed to take necessary measures to prevent credential stuffing and brute force attacks. The attacks allowed hackers to try and access consumers’ accounts through a previously breached password or automated, repeated attempts at guessing credentials.
-
Amazon to pay over $30 million in FTC settlements over Ring, Alexa privacy violations
Amazon will pay over $30 million to settle Federal Trade Commission (FTC) allegations that its Ring and Alexa divisions violated the privacy of users.
-
More malicious extensions in Chrome Web Store
Two weeks ago I wrote about the PDF Toolbox extension containing obfuscated malicious code. Despite reporting the issue to Google via two different channels, the extension remains online. It even gained a considerable number of users after I published my article.
A reader tipped me off however that the Zoom Plus extension also makes a request to serasearchtop[.]com. I checked it out and found two other versions of the same malicious code. And I found more extensions in Chrome Web Store which are using it.
So now we are at 18 malicious extensions with a combined user count of 55 million. The most popular of these extensions are Autoskip for Youtube, Crystal Ad block and Brisk VPN: nine, six and five million users respectively.
-
Spyware Found in Google Play Apps With Over 420 Million Downloads [Ed: They only count the "unofficial" spyware, not GAFAM spyware and malware (which include Android OEM version too)]
Security researchers have discovered spyware code in 101 Android applications that had over 421 million downloads in Google Play.
-
Linux Container Security Primer
In today's rapidly evolving digital landscape, where agility and scalability are paramount, traditional software deployment methods often fall short. Container technology is a game-changing innovation that has revolutionized how software is deployed, managed, and scaled. It offers many benefits, ensuring that applications run consistently regardless of the hosting environment.
Safeguarding your digital assets is crucial for protecting sensitive data and preventing unauthorized access. It’s reported that security concerns remain a top concern related to container adoption. The most common container security incidents include vulnerabilities in container images, misconfigurations, unauthorized access, and attacks exploiting container runtime vulnerabilities.
In this article, we’ll explore the underlying concepts, basic container security considerations, popular containerization platforms, security considerations for businesses, and more useful information on container security. So read on and explore how containerization shatters software deployment barriers.
-
Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
The recently discovered Barracuda zero-day vulnerability CVE-2023-2868 has been exploited to deliver malware and steal data since at least October 2022.
-
Another hospital hit by ransomware: Mission Community Hospital
From the proof files, it appears that RansomHouse accessed the imaging system and image files as well as employee-related files and some financial reports and files. The only patient references in the proof files were older files in backups. Whether they obtained any current patient information or the EMR system remains to be seen. DataBreaches has reached out to RansomHouse on their Telegram channel but they have not been responsive in the past, so they may not answer this time, either.
-
URL on Hundreds of Thousands of Maryland License Plates Redirects to an Online Filipino Casino
Vice reports that in 2012, Maryland released a new license plate to commemorate the 200th anniversary of the War of 1812. That license plate was apparently the default license plate for Maryland cars between 2012 and 2016, and featured a URL at the bottom to www.starspangled200.org. Sometime last year, however, that URL began to redirect to globeinternational.info—the homepage of a Filipino online casino. There, a scantily-clad woman advertises “Phillippines Best Betting Site.”
-
Microsoft scam: Outlook and Hotmail users are being targeted by fake ‘fraud protection’ emails
Scammers are trying to steal details via a spoofed Microsoft website