Security Leftovers
-
GNOME ☛ Richard Hughes: Looking for LogoFAIL on your local system [Ed: IBM still promoting fake security. It is something along the lines of, "give us a back door to look after your security for you..."]
A couple of months ago, Binarly announced LogoFAIL which is a pretty serious firmware security problem. There is lots of complexity Alex explains much better than I might, but essentially a huge amount of system firmware running right now is vulnerable: The horribly-insecure parsing in the firmware allows the user to use a corrupted OEM logo (the one normally shown as the system boots) to run whatever code they want, providing a really useful primitive to do basically anything the attacker wants when running in a super-privileged boot state.
-
Security Week ☛ CISA Warns of Apache Superset Vulnerability Exploitation
CISA has added a critical-severity Apache Superset flaw (CVE-2023-27524) to its Known Exploited Vulnerabilities catalog.
-
Security Week ☛ Siemens, Schneider Electric Release First ICS Patch Tuesday Advisories of 2024
Industrial giants Siemens and Schneider Electric publish a total of 7 new security advisories addressing 22 vulnerabilities.
-
IT Wire ☛ Microsoft issues fixes for 48 CVEs on first Patch Tuesday for 2024
Microsoft has issued patches for 48 CVEs in its first Patch Tuesday release for the year, with no zero-day or publicly disclosed vulnerabilities among them.
Security vendor Tenable said this count did not include CVE-2022-35737, a vulnerability in SQLite called “Stranger Strings” that was assigned by MITRE and patched in July 2022.
-
Pen Test Partners ☛ Listening in at Latimer House. RF emissions and more
Loose lips sink ships, loose tweets sink fleets. Intelligence, espionage, technological advancements and other learnings from our annual company conference at the historic and underappreciated Latimer House.
-
Security Week ☛ Ransomware Gang Claims Attack on Capital Health
The LockBit ransomware gang claims to have stolen over 7 terabytes of data from hospital system Capital Health.
-
Security Week ☛ LoanDepot Takes Systems Offline Following Ransomware Attack
Mortgage lending firm LoanDepot has disclosed a cyberattack resulting in data encryption and system disruptions.
-
Security Week ☛ Bosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production Lines
Hackers can take complete control of Bosch Rexroth nutrunners, installing ransomware or altering settings to cause financial impact and brand damage.
-
Security Week ☛ Adobe Patches Code Execution Flaws in Substance 3D Stager [Ed: The media says "code execution risks on backdoored Windows and macOS," but any time it's some software that runs on GNU/Linux the media just blames "Linux"]
Patch Tuesday: Adobe patches six security flaws in the Substance 3D Stager product and warned of code execution risks on backdoored Windows and macOS.
-
Federal News Network ☛ What a cybersecurity company thinks of the new DoD cybersecurity rule
Industry and government alike have been pondering the new proposed rule on vendor cybersecurity that was published just a couple of weeks ago. The Defense Department wants to finally get its Cybersecurity Maturity Model Certification program off the ground. It would impose new requirements on contractors.
-
SANS ☛ Jenkins Brute Force Scans, (Tue, Jan 9th)
This URL has not been hit much lately, but was hit pretty hard last March. The URL is associated with Jenkins, and can be used to brute force passwords.
-
Bruce Schneier ☛ PIN-Stealing Android Malware
This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN:
The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication.
The malware captures any PINs and passwords the victim enters to unlock their device and can later use them to unlock the device at will to perform malicious activities hidden from view.