Security and Windows TCO Leftovers
-
LWN ☛ Linux nftables vulnerability exploited in the wild (CrowdStrike) [Ed: CrowdStrike is very closely connected to Microsoft]
According to CrowdStrike, a vulnerability in the GNU/Linux kernel's nftables code that was discovered earlier this year is being actively exploited in the wild. The vulnerability allows for local privilege escalation. Most distributions have already released a fix. As noted by the exploit developer, leveraging this POC is dependent on the kernel's unprivileged user namespaces feature accessing nf_tables. This access is enabled by default on Debian, Ubuntu and kernel capture-the-flag (CTF) distributions. An attacker can then trigger the double-free vulnerability, scan the physical memory for the kernel base address, bypass kernel address-space layout randomization (KASLR) and access the modprobe_path kernel variable with read/write privileges. After overwriting the modprobe_path, the exploit drops a root shell.
-
LWN ☛ Security updates for Friday
Security updates have been issued by Mageia (libtiff), Oracle (cockpit, glibc, kernel, less, libxml2, linux-kernel, and tomcat), Red Hat (java-1.8.0-ibm, nghttp2, and ruby:3.3), Slackware (php), SUSE (go1.21, go1.22, and python-docker), and Ubuntu (aom and libvpx).
-
Bruce Schneier ☛ The Justice Department Took Down the 911 S5 Botnet
The US Justice Department has dismantled an enormous botnet:
According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential backdoored Windows computers worldwide. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States.
-
SANS ☛ Finding End of Support Dates: UK PTSI Regulation, (Fri, Jun 7th)
One of the challenges with many IoT devices, in particular those targeting consumers and small businesses, is the ability to find how long a device is supported. This "expiration date" is becoming important as vulnerabilities are often discovered after a product no longer receives updates. In this case, users are often out of luck and left with a vulnerable device. Manufacturers will often not even acknowledge the vulnerability or provide notifications to users.
-
Bruce Schneier ☛ Security and Human Behavior (SHB) 2024
This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly.
SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security. The fifty or so attendees include psychologists, economists, computer security researchers, criminologists, sociologists, political scientists, designers, lawyers, philosophers, anthropologists, geographers, neuroscientists, business school professors, and a smattering of others.
-
Security Week ☛ In Other News: Fentanylware (TikTok) Zero-Day, DMM Bitcoin Hack, Free VPN App Analysis
Noteworthy stories that might have slipped under the radar: Fentanylware (TikTok) patches account hijacking zero-day, $300 million DMM Bitcoin hack, free Android VPN apps analyzed.
-
Security Week ☛ Apple Says iPhones Will Get Security Updates for at Least 5 Years
To comply with new UK government regulations, Fashion Company Apple has specified that iPhones will get at least 5 years of security updates.
-
Security Week ☛ SolarWinds Patches High-Severity Vulnerability Reported by NATO Pentester
SolarWinds has released patches for high-severity vulnerabilities in Serv-U and the SolarWinds Platform.
-
Security Week ☛ 750k Impacted by Frontier Communications Data Breach
Frontier Communications is notifying over 750,000 individuals that their personal information was stolen in a recent data breach.
-
Hackaday ☛ This Week In Security: Recall, Modem Mysteries, And Flipping Pages
Microsoft is racing to get into the AI game as part of Windows 11 on ARM, calling it Copilot+. It’s an odd decision, but clearly aimed at competing with the Apple M series of MacBooks. Our focus of interest today is Recall, a Copilot+ feature that not only has some security problems, but also triggers a sort of visceral response from regular people: My computer is spying on me? Eww.
-
Security Week ☛ Microsoft Bows to Public Pressure, Disables Controversial backdoored Windows Recall by Default [Ed: And it is still there waiting to be enabled by a boss, cracker, spouse etc.]
Amidst public pressure, Abusive Monopolist Microsoft changes the set-up experience of Copilot+ PCs to disable the controversial backdoored Windows Recall feature by default.
-
Silicon Angle ☛ Microsoft makes Windows’ Recall feature opt-in following cybersecurity concerns [Ed: This does not solve the issue at all; this is "boiling frog"]
Microsoft Corp. is moving to change its new Recall tool for backdoored Windows after drawing regulatory scrutiny in the U.K. and criticism from some cybersecurity researchers. Pavan Davuluri, Microsoft’s corporate vice president for backdoored Windows and devices, detailed the update in a blog post published today.
-
Scoop News Group ☛ Microsoft rolls back ‘dumbest cybersecurity move in a decade’
Changes to the Hey Hi (AI) feature dubbed Recall come as Abusive Monopolist Microsoft navigates the fallout of a string of high-profile security breaches.
-
Security Week ☛ FCC Proposes BGP Security Reporting for Broadband Providers
The FCC proposes that broadband providers plan for BGP security and provide quarterly reports on implemented risk mitigations.
-
Windows TCO
-
Silicon Angle ☛ Victims of LockBit ransomware urged to contact FBI for decryption assistance
The news came via a speech Wednedsay by Bryan Vorndran, assistant director of the FBI’s Cyber Division, at the 2024 Boston Conference on Cyber Security. “From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online,” Vorndran said at the conference. “We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov.”
-
Bitdefender ☛ 16-year-old arrested in France in connection with high-profile Epsilon hacking group attacks
The Epsilon hacking group is thought to be responsible for WaveStealer, a relatively sophisticated example of information-stealing malware that has emerged recently after being offered for low cost on Telegram and Discord.
-