Security Leftovers

posted by Roy Schestowitz on Jan 24, 2024

• Security Week ☛ Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets

  Hackers could exploit Lamassu Douro ATM vulnerabilities to take over devices, steal bitcoin from users.

• Security Week ☛ Cybercrime’s Silent Operator: The Unraveling of VexTrio’s Malicious Network Empire

  VexTrio is a traffic direction system (TDS) with more than 60 affiliates feeding an unknown number of malicious campaigns.

• Federal News Network ☛ For the Pacific Northwest National Laboratory cybersecurity starts with research and zero trust [Ed: They rely on gimmicks and buzzwords basically; security is not a matter of purchasing add-ons and stuff like OpenSSH is free, also free of charge]

  PNNL researchers are tasked with protecting critical infrastructure to prevent and mitigate the damage that could be done from a cyber-attack on software, firmware and the networks that they operate on. The laboratory’s goal is to create the ability to detect potential threats and protect systems from attacks that sometimes originate in the firmware directly from manufacturers.

• Federal News Network ☛ DoD’s new memo puts stricter requirements on cloud providers [Ed: Clown providers are, by definition, a data breach; people's and companies' data is given away directly to spies, to reside on bloated junk that is full of holes, shared with other "tenants"]

  DoD’s new guidance clarifies what FedRAMP equivalency means and requires cloud service providers handling controlled unclassified information to get a letter of attestation from a third-party organization that says they meet the FedRAMP Moderate baseline standards without plans of action and milestones.

• Security Week ☛ SEC Says X Account Hacked via SIM Swapping [Ed: It's the SEC's fault for playing games like "X" (Twitter) instead of getting real work done like grown-ups]

  SEC says hackers used SIM swapping to take over its X (formerly Twitter) account on January 9.

• Bruce Schneier ☛ Side Channels Are Common

  Really interesting research: “Lend Me Your Ear: Passive Remote Physical Side Channels on PCs.”

  Abstract:

  We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation. Moreover, this information is often conveyed by supposedly-benign channels such as audio recordings and common Voice-over-IP applications, even after lossy compression.

  Thus, we show, it is possible to conduct physical side-channel attacks on computation by remote and purely passive analysis of commonly-shared channels. These attacks require neither physical proximity (which could be mitigated by distance and shielding), nor the ability to run code on the target or configure its hardware. Consequently, we argue, physical side channels on PCs can no longer be excluded from remote-attack threat models...

• SANS ☛ Update on Atlassian Exploit Activity , (Tue, Jan 23rd)

  Exploit activity against Atlassian Confluence servers has exploded since we first discussed it yesterday. The combination of a simple-to-exploit vulnerability and a potential set of high-value targets makes this an ideal vulnerability for many attackers.

• App Security Testing in Containerized Environments: Tips and Tricks

  Development teams should prioritize application security testing, whether their applications are monoliths or containerized.

• Windows TCO

  • Aviation Leasing Giant AerCap Hit by Ransomware Attack

    AerCap, the largest aviation leasing company in the world, was hit by a ransomware attack on January 17th.

  • High-Severity Vulnerability Patched in Splunk Enterprise

    The latest Splunk Enterprise releases patch multiple vulnerabilities, including a high-severity flaw in the backdoored Windows version.