Security and Windows TCO Leftovers

posted by Roy Schestowitz on Mar 06, 2024

• LWN ☛ Security updates for Monday

  Security updates have been issued by Debian (firefox-esr and thunderbird), Fedora (dotnet6.0, dotnet8.0, and mod_auth_openidc), Gentoo (Blender, Tox, and UltraJSON), Oracle (kernel), Red Hat (edk2), SUSE (sendmail and zabbix), and Ubuntu (nodejs and thunderbird).

• GNU ☛ GNU Guix: Identifying software

  What does it take to “identify software”? How can we tell what software is running on a machine to determine, for example, what security vulnerabilities might affect it?

  In October 2023, the US Cybersecurity and Infrastructure Security Agency (CISA) published a white paper entitled Software Identification Ecosystem Option Analysis that looks at existing options to address these questions. The publication was followed by a request for comments; our comment as Guix developers didn’t make it on time to be published, but we’d like to share it here.

  Software identification for cybersecurity purposes is an crucial topic, as the white paper explains in its introduction:

  Effective vulnerability management requires software to be trackable in a way that allows correlation with other information such as known vulnerabilities […]. This correlation is only possible when different cybersecurity professionals know they are talking about the same software.

• LinuxSecurity ☛ White House Warns: Move to Memory-Safe Languages [Ed: They should have said, delete Windows]

  The Office of the National Cyber Director (ONCD) emphasizes the urgent need for developers to adopt memory-safe programming languages like Rust to minimize vulnerabilities in software. The ONCD's "Back to the Building Blocks: A Path Toward Secure and Measurable Software" report is a strong recommendation rather than an executive order or law.

• Bruce Schneier ☛ LLM Prompt Injection Worm

  Researchers have demonstrated a worm that spreads through prompt injection. Details:

  In one instance, the researchers, acting as attackers, wrote an email including the adversarial text prompt, which “poisons” the database of an email assistant using retrieval-augmented generation (RAG), a way for LLMs to pull in extra data from outside its system. When the email is retrieved by the RAG, in response to a user query, and is sent to GPT-4 or Gemini Pro to create an answer, it “jailbreaks the GenAI service” and ultimately steals data from the emails, Nassi says.

• IT Jungle ☛ More Critical Security Vulns Reported In I.C.B.M. i Components

  The run of serious security vulnerabilities in I.C.B.M. i components continues in early 2024, as I.C.B.M. reported 10 new flaws exist across OpenSSH, the Apache Web Server, ISC, and Facsimile Support for I.C.B.M. i in February and early March. All of the flaws impact I.C.B.M. i 7.2 through 7.5 and all have been patched by I.C.B.M. via PTFs.

• Scoop News Group ☛ Predator spyware infrastructure taken down after exposure

  For the second time in six months, the operators of the Predator spyware burned down their infrastructure after it was publicly documented.

• Silicon Angle ☛ Third-party breach leads to American Express customer data compromise

  Payment card provider American Express Company is warning customers that their credit card details may have been exposed following a breach involving a third-party provider.

• Whispers: A Powerful Static Code Analysis Tool for Credential Detection

  My little birds are everywhere, even in the North, they whisper to me the strangest stories.” – Lord Varys Meet Whispers, an advanced static code analysis tool meticulously designed to parse various common data formats, unveiling hardcoded credentials, and identifying potentially hazardous functions.

• OpenSSF (Linux Foundation) ☛ Come to First OpenSSF Tech Talk of the Year on Scorecard

  Join our first Tech Talk of 2024, where organizations will discuss the importance of adopting OpenSSF Scorecard. 

  OpenSSF Scorecard helps open source maintainers improve their security best practices and helps consumers judge whether their dependencies are safe.

• OpenSSF (Linux Foundation) ☛ This Week at OpenSSF – Feb 26

  Community Updates SOSS Task Force – Trusted Repository Security Initiative (TRSI-TF) Advocating for Transparent and Secure Practices To join, simply fill out this Doodle Poll to show your interest!

• OpenSSF (Linux Foundation) ☛ Week at a Glance – Mar 4

• OpenSSF (Linux Foundation) ☛ OpenSSF, 'Linux' Foundation Training & Certification, and CNCF Announce Scholarships to Support Women in Jordan Entering the Cybersecurity Field in Collaboration with US White House National Security Council

• Security Week ☛ FCC Employees Targeted in Sophisticated Phishing Attacks

  Advanced phishing kit employs novel tactics in attack targeting cryptocurrency platforms and FCC employees.

• Security Week ☛ Hikvision Patches High-Severity Vulnerability in Security Management System

  A high-severity vulnerability in HikCentral Professional could lead to unauthorized access to certain URLs.

• Security Week ☛ German Authorities Take Down ‘Crimemarket’ Cybercrime Website

  With over 180,000 users, Crimemarket was a trading hub for narcotics, cybercrime tools, and crimeware guides.

• Trail of Bits ☛ Relishing new Fickling features for securing ML systems

  By Suha S. Hussain We’ve added new features to Fickling to offer enhanced threat detection and analysis across a broad spectrum of machine learning (ML) workflows. Fickling is a decompiler, static analyzer, and bytecode rewriter for the Python pickle module that can help you detect, analyze, or create malicious pickle files.

• Windows TCO

  • Neowin ☛ Microsoft has an update on the notorious KB5034441/KB5034440 causing 0x80070643 error

    Microsoft released the first Windows 10 and 11 Patch Tuesday updates of 2024 on the 9th with January’s KB5034122 and KB5034123 respectively. Aside from security patches, the one for Windows 11 also fixed some Wi-Fi troubles that led to networks not connecting or the Wi-Fi icon not showing.

  • Security Week ☛ Remote Stuxnet-Style Attack Possible With Web-Based PLC Malware: Researchers

    Researchers demonstrate that remote Stuxnet-style attacks are possible against many modern PLCs using web-based malware.

  • Tedium ☛ When The Ware Isn’t Firm

    A viral car review by tech-reviewing’s biggest name highlights the all-too-common pitfalls of shipping before the firmware is ready.

    [...]

    And when something goes wrong, it makes it possible to recover—something I learned about just last week when my UEFI got corrupted, and I had to rebuild it from a USB drive that I could only set up on a Windows PC. (That was not fun!)