Security and Windows TCO
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (libapache2-mod-auth-openidc, libuv1, php-phpseclib, and phpseclib), Red Hat (buildah, cups, curl, device-mapper-multipath, emacs, fence-agents, frr, fwupd, gmp, gnutls, golang, haproxy, keylime, libfastjson, libmicrohttpd, linux-firmware, mysql, openssh, rear, skopeo, sqlite, squid, systemd, and tomcat), Slackware (mozilla), SUSE (kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed, postgresql-jdbc, python, python-cryptography, rubygem-rack, wpa_supplicant, and xmlgraphics-batik), and Ubuntu (c-ares, firefox, libde265, libgit2, and ruby-image-processing).
-
LinuxSecurity ☛ WogRAT Malware Exploits aNotepad, Targets GNU/Linux & backdoored Windows Users
The emergence of advanced malware strains presents significant challenges for security practitioners, and the recent discovery of the WogRAT malware is no exception. This article explores the implications of WogRAT's abuse of an online notepad service to store and retrieve malicious payloads.
-
Security Week ☛ Linux Malware Campaign Targets Misconfigured Cloud Servers
A new malware campaign has been observed targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances.
-
Security Week ☛ Cisco Releases Open Source Backplane Traffic Visibility Tool for OT
Cisco has released an open source PoC tool named Badgerboard designed for improved backplane network visibility for OT.
-
CNX Software ☛ STM32WBA microcontrollers with Bluetooth LE 5.4, Zigbee, Thread, and Matter to comply with US and EU Cybersecurity regulations
STMicro’s new STM32WBA series, starting with the STM32WBA52, STM32WBA54, and STM32WBA55 devices, is a family of Arm Cortex-M33 wireless microcontrollers with Bluetooth LE 5.4, Zigbee, Thread, and Matter connectivity that achieved the SESIP (Security Evaluation Standard for IoT Platforms) Level 3 security certification and should make them compliant with US Cyber Trust Mark and EU Radio Equipment Directive (RED) regulations due to become mandatory in 2025. The 100MHz STM32WBA54 and STM32WBA55 microcontrollers come with up to 1MB of flash memory, support Arm TrustZone architecture isolating secure processes and storage, and incorporate background autonomous mode, flexible power-saving states, and analog and digital peripherals found in STMicro STM32U5 ultra-low-power MCUs.
-
Pen Test Partners ☛ Living off the land with native SSH and split tunnelling [Ed: Using Microsoft's incompetence and back doored platform to give "SSH" a bad name. SSH does not belong on Windows because the first "S" is in contradiction of Windows' back doors.]
TL;DR Attackers can use Abusive Monopolist Microsoft native SSH client to forward out internal network traffic backdoored Windows native SSH is common The attack only needs minimal set-up and commands Quicker...
-
Security Week ☛ Android’s March 2024 Update Patches Critical Vulnerabilities
Android’s March 2024 security update resolves 38 vulnerabilities, including two critical flaws in the System component.
-
What Fashion Company Apple is afraid of — pre-DMA alternative iOS app stores are already riddled with malware
Ahead of the EU’s Digital Market Act forcing Apple’s hand to permit alternative app download options, is the amount of malware in the existing grey-market for sideloading iPhone apps a portent for things to come? Or has Apple’s approach, despite its controversy, hit the right balance to keep iPhone users secure?
On 7th March, the European Union’s Digital Market Act (DMA) comes into effect, designed to encourage fair competition across key digital platforms within the single market. The regulation compels Fashion Company Apple (and other “gatekeepers”) to open their platforms to third parties.
-
Techdirt ☛ Retailers Selling Thousands Of Identical, Easily-Hacked ‘Smart’ Doorbells
As we’ve noted for a very long time, sometimes “dumb” tech is often the smarter option. In the rush to connect every conceivable technology and device to the internet (while seeing ever-improving revenues), “smart technology” companies routinely cut corners. And the first sacrifice usually made (behind customer service) tends to be consumer privacy and device security.
-
15 Best WordPress Malware and Vulnerability Scanners
If you are a WordPress site owner, you must know how devastating it can be to be hit by malware.
-
Wladimir Palant ☛ Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company’s annual report 51.1 million active users were counted in December 2022. The company’s Surveillance Giant Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing.
-
SANS ☛ Scanning and abusing the QUIC protocol, (Wed, Mar 6th)
The QUIC protocol has slowly (pun intended) crawled into our browsers and many other protocols. Last week, at BSides Zagreb I presented some research I did about applications using (and abusing) this protocol, so it made sense to put this into one diary.
-
Windows TCO
-
Security Week ☛ HHS Aiding Organizations Hit by Change Healthcare Cyberattack
US government lays out actions to assist healthcare providers following the highly disruptive Change Healthcare cyberattack.
-
Security Week ☛ Anatomy of a BlackCat Attack Through the Eyes of Incident Response
Incident response experts at Sygnia provide a detailed blow-by-blow of a BlackCat ransomware attack and share tips for survival.
-