Security Leftovers
-
Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials
Thousands of messages are being sent weekly in a campaign that uses links hosted on legitimate websites to evade natural language processing and URL-scanning email protections.
-
Zenbleed vulnerability fix for Ubuntu
On 24 July 2023, security researchers from Google’s Information Security Engineering team disclosed a hardware vulnerability affecting AMD’s Zen 2 family of microprocessors. They dubbed this vulnerability “Zenbleed” (CVE-2023-20593), evoking memories of previous vulnerabilities like HeartBleed and hinting at its possible impact.
-
Android’s October 2023 Security Updates Patch Two Exploited Vulnerabilities
The October 2023 security update for Android patches two vulnerabilities exploited in attacks, both likely linked to spyware vendors.
-
Mercenary spyware: Defending against what’s next – iMEdD International Journalism Forum 2023
-
Are Local LLMs Useful in Incident Response, (Tue, Oct 3rd)
-
Hacking Gas Pumps via Bluetooth
Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. No details in the article, but it seems that it's easy to take control of the pump and have it dispense gas without requiring payment.
It's a complicated crime to monetize, though. You need to sell access to the gas pump to others.
-
NSA AI Security Center
The NSA is starting a new artificial intelligence security center:
The AI security center's establishment follows an NSA study that identified securing AI models from theft and sabotage as a major national security challenge, especially as generative AI technologies emerge with immense transformative potential for both good and evil.
-
Commission recommends carrying out risk assessments on four critical technology areas: advanced semiconductors, artificial intelligence, quantum, biotechnologies
European Commission Press release Strasbourg, 03 Oct 2023 Today, the Commission adopted a Recommendation on critical technology areas for the EU's economic security, for further risk assessment with Member States.
-
Synqly Joins Race to Fix Security, Infrastructure Product Integrations
Silicon Valley startup lands $4 million in seed funding from SYN Ventures, Okta Ventures and Secure Octane.
-
Dozens of Malicious NPM Packages Steal User, System Data [Ed: Microsoft is serving malware again. Of course they're failing to point out that Microsoft is the supply chain menace.]
Fortinet warns of multiple malicious NPM packages that include install scripts designed to steal sensitive information.
-
Motel One Discloses Ransomware Attack Impacting Customer Data
Motel One says customer addresses and credit card information were compromised in a recent ransomware attack.
-
ZDI Discusses First Automotive Pwn2Own
The Zero Day Initiative (ZDI) will host a new Automotive Pwn2Own at the Automotive World Conference in Tokyo, January 24 to 26, 2024.
-
Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies
ShellTorch attack chains critical TorchServe vulnerabilities and could completely compromise the AI infrastructure of major companies.
-
US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform
An open redirection vulnerability in the popular job search platform Indeed has been exploited in a series of phishing attacks.
-
X.Org Security Advisory: October 3, 2023
Multiple issues have been found in the libX11 & libXpm libraries published by X.Org for which we are releasing security fixes in libX11 1.8.7 & libXpm 3.5.17.
The first issue (CVE-2023-43785) can be triggered by connecting to an X server that sends specially crafted replies to X11 protocol requests.
The other 4 issues can be triggered by opening specially crafted XPM format image files via libXpm. Two of the four issues have root causes in the libX11 library and are fixed there, but patches have also been applied to libXpm to avoid passing the invalid data to libX11 in the first place.
-
CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so
The GNU C Library's dynamic loader "find[s] and load[s] the shared objects (shared libraries) needed by a program, prepare[s] the program to run, and then run[s] it" (man ld.so). The dynamic loader is extremely security sensitive, because its code runs with elevated privileges when a local user executes a set-user-ID program, a set-group-ID program, or a program with capabilities. Historically, the processing of environment variables such as LD_PRELOAD, LD_AUDIT, and LD_LIBRARY_PATH has been a fertile source of vulnerabilities in the dynamic loader.
Recently, we discovered a vulnerability (a buffer overflow) in the dynamic loader's processing of the GLIBC_TUNABLES environment variable (https://www.gnu.org/software/libc/manual/html_node/Tunables.html). This vulnerability was introduced in April 2021 (glibc 2.34) by commit 2ed18c ("Fix SXID_ERASE behavior in setuid programs (BZ #27471)").
We successfully exploited this vulnerability and obtained full root privileges on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, Debian 12 and 13; other distributions are probably also vulnerable and exploitable (one notable exception is Alpine Linux, which uses musl libc, not the glibc). We will not publish our exploit for now; however, this buffer overflow is easily exploitable (by transforming it into a data-only attack), and other researchers might publish working exploits shortly after this coordinated disclosure. -
FDA cyber mandates for medical devices goes into effect
The Biden administration is pushing the manufacturers of medical devices to take on greater responsibility to ensure that they are secure.
-
Call centres. Outbound call verification
TL;DR: Stop asking customers to verify themselves
-
Barring Huawei Out of Portugal Unreasonable: CCILC
Previously, the Security Assessment Committee released a deliberation on the "high risk" for 5G networks from suppliers that are from outside the EU.