Security Leftovers

posted by Roy Schestowitz on Oct 28, 2023

• Security Week ☛ Hackers Earn $350k on Second Day at Pwn2Own Toronto 2023

  Smart speakers, printers, routers, NAS devices, and mobile phones were hacked on the second day at Pwn2Own Toronto 2023.

• FOSSLinux ☛ 15 key practices & tools to bolster Node.js application security

  Node.js applications, while powerful, can be vulnerable if not properly secured. This guide provides 15 indispensable security best practices and tools to protect your applications from potential threats and vulnerabilities.

• NVISO Labs ☛ Introducing CS2BR pt. III – Knees deep in Binary

  Introduction Over the span of the previous two blog posts in the series, I showed why the majority of Cobalt Strike (CS) BOFs are incompatible with Brute Ratel C4 (BRC4) and what you can do about it.

• Security Week ☛ Google Announces Bug Bounty Program and Other Initiatives to Secure AI [Ed: Securing buzzwords for PR "points"]

  Google announces a bug bounty program and other initiatives for increasing the safety and security of AI.

• Silicon Angle ☛ Google expands Vulnerability Rewards Program to include generative AI threats

• Security Week ☛ Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools

  The StripedFly malware has APT-like capabilities, but remained unnoticed for five years, posing as a cryptocurrency miner.

• Silicon Angle ☛ Hollywood strike provides window for cyber criminals to target streaming users

  A new report from cybersecurity company Inky Technology Corp. released today warns that bad actors are targeting streaming platforms amid the Hollywood actor’s strike. The Hollywood writers and actors’ strike, which started in July, has led to significant financial issues for many in the entertainment industry.

• Silicon Angle ☛ Latest Cloudflare distributed denial-of-service report details record-setting attack [Ed: They do not try to solve the issue but create a new issue, which is themselves]

  Cloudflare Inc. today released its quarterly distributed denial-of-service report, which is led by yet another record-high DDoS attack. The record-breaking attack in question hit an unprecedented 201 million requests per second.

• Three Newly-Discovered Kubernetes Ingress Vulnerabilities Create Security Challenge

  Three vulnerabilities were disclosed that impact ingress controllers based on open source Nginx software embedded within Kubernetes clusters.

• NVISO Labs ☛ Most common Active Directory misconfigurations and default settings that put your organization at risk [Ed: The biggest mistake is using it in the first place, as it's controlled by the NSA's biggest back doors facilitator]

  Introduction In this blog post, we will go over the most recurring (and critical) findings that we discovered when auditing the Active Directory environment of different companies, explain why these configurations can be dangerous, how they can be abused by attackers and how they can be mitigated or remediated.

• TechRepublic ☛ New Cyberattack From Winter Vivern Exploits a Zero-Day Vulnerability in Roundcube Webmail

  After reading the technical details about this zero-day that targeted governmental entities and a think tank in Europe and learning about the Winter Vivern threat actor, get tips on mitigating this cybersecurity attack.

• Silicon Angle ☛ A new and dangerous malware infects Roundcube webmail

  A malware group has been busy creating a dangerous new vulnerability in the Roundcube webmail service, which is popular in European government circles. The group goes by Winter Vivern and has been on the radar of several security researchers, including DomainTools, Sentinel One and Proofpoint. It targets numerous government workers by sending malicious phishing documents, emails and websites.

• 3 New Express Learning Courses on Security for Cloud Pros

  Security is the key theme throughout the three new free Express Learning courses launched by Linux Foundation Training & Certification for cloud professionals. The courses include: Security Self-Assessments for Open Source Projects (LFEL1005), Securing Projects with OpenSSF Scorecard (LFEL1006), Automating Supply Chain Security: SBOMs and Signatures (LFEL1007).

• Security Week ☛ Key Learnings from “Big Game” Ransomware Campaigns [Ed: Windows TCO]

  There are key steps every organization should take to leverage threat and event data across the lifecycle of a cyber incident.

• Security Week ☛ Kansas Court System Down Nearly 2 Weeks in ‘Security Incident’ That Has Hallmarks of Ransomware [Ed: Also Windows TCO]

  Kansas is calling a massive computer outage that’s kept most of the state’s courts offline for 2 weeks a “security incident” and experts say it's likely ransomware.

• Security Week ☛ CISA, HHS Release Cybersecurity Healthcare Toolkit

  CISA and the HHS have released resources for healthcare and public health organizations to improve their security.

• APNIC ☛ Vulnerability disclosure: A firsthand view

  Guest Post: Documenting ethical considerations, potential consequences, and lessons learned from public disclosure.

• Silicon Angle ☛ Microsoft warns ‘Octo Tempest’ is one of the most dangerous financial criminal groups [Ed: Microsoft is a far worse criminal group and its back doors help various criminals around the world. In this case, Microsoft is simply trying to shift the blame for expensive, high-profile breaches from itself to those who exploit the holes. siliconangle.com is funded by Microsoft, so it is hardly surprising that it unquestionably relays Microsoft lies, spin etc.]

• Security Week ☛ iLeakage Attack Exploits Safari to Steal Sensitive Data From Macs, iPhones [Ed: Apple works for the NSA, so this is "supposed" to happen one way or another]

  New iLeakage side-channel speculative execution attack exploits Safari to steal sensitive information from Macs and iPhones.

• Security Week ☛ Japanese Watchmaking Giant Seiko Confirms Personal Data Stolen in Ransomware Attack

  Japanese watchmaking giant Seiko has confirmed that personal information was stolen in a recent ransomware attack.

• Scoop News Group ☛ CISA budget cuts would be “catastrophic,” official says

  Eric Goldstein says U.S. adversaries “would unequivocally exploit” security gaps created by House Republicans’ proposed 25% cut to cyber agency.

• Silicon Angle ☛ Newly discovered ‘iLeakage’ exploits speculative execution in Apple devices

  A team of academic researchers has published a paper and website warning users about a security threat that exploits weaknesses in recent Apple Inc. devices that can be used to extract sensitive information from Apple’s Safar web browser.

• Security Week ☛ Weapons Systems Provide Valuable Lessons for ICS/OT Security

  Cybersecurity techniques and penetration testing used in the field of weapons systems can provide valuable lessons for ICS/OT security.

• Bruce Schneier ☛ Messaging Service Wiretap Discovered through Expired TLS Cert

  Fascinating story of a covert wiretap that was discovered because of an expired TLS certificate:

  The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired.

  However, jabber.ru found no expired certificates on the server, ­ as explained in a blog post by ValdikSS, a pseudonymous anti-censorship researcher based in Russia who collaborated on the investigation.

  The expired certificate was instead discovered on a single port being used by the service to establish an encrypted Transport Layer Security (TLS) connection with users. Before it had expired, it would have allowed someone to decrypt the traffic being exchanged over the service...

• Ubuntu ☛ Running OpenSSL 1.1.1 after EOL? Stay secure with Ubuntu Pro. [Ed: Canonical: pay us for security patches]

  A few months ago, the OpenSSL Project announced the end of life of OpenSSL 1.1.1. It is used by thousands of software components included in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, with many organisations relying on version 1.1.1.

• Security Week ☛ F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP

  A critical-severity vulnerability in F5 BIG-IP CVE-2023-46747 allows unauthenticated attackers to execute code remotely.

• Security Week ☛ Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data

  Mirth Connect versions prior to 4.4.1 are vulnerable to CVE-2023-43208, a bypass for an RCE vulnerability.

• The Register UK ☛ Apple Private Wi-Fi hasn't worked for the past three years • The Register

• The Kent Stater ☛ University looks to tighten technology safety during Cybersecurity Awareness Month

  October marks Cybersecurity Awareness Month, and across the university, the Information Technology and Information Security departments took the time to spread messaging around cybersecurity. Since 2004, the United States has recognized October as Cybersecurity Awareness Month in an effort to bring awareness to the subject across all sectors.