Security Leftovers and Windows TCO
-
APNIC ☛ The evolution of network security
Guest Post: The evolution of network security and forthcoming challenges.
-
SANS ☛ Configuration Scanners Adding Java Specific Configuration Files, (Mon, Jun 24th)
Hunting for configuration files is one of the favorite tricks we typically see used against our honeypots. Traditionally, standard and more generic configuration files like ".env" or ".config" are the target, with some cloud-specific configuration files sprinkled in.
-
Silicon Angle ☛ Ollama addresses remote execution flaw following Wiz discovery
As generative artificial intelligence continues to grow in popularity and become mainstream, so do security issues surrounding large language models and their support services. A new report today from Wiz Inc. details one such vulnerability discovered in Ollama, the open-source infrastructure project designed to simplify the packaging and deployment of Hey Hi (AI) models.
-
LWN ☛ Security updates for Monday
Security updates have been issued by AlmaLinux (ipa and libreswan), Debian (netty), Fedora (python-PyMySQL, tomcat, and webkitgtk), Gentoo (Flatpak, GLib, JHead, LZ4, and RDoc), Mageia (thunderbird), Oracle (nghttp2 and thunderbird), Red Hat (dnsmasq, libreswan, pki-core, and python3.11), Slackware (emacs), SUSE (gnome-settings-daemon, libarchive, qpdf, vte, and wget), and Ubuntu (libhibernate3-java).
-
Mozilla ☛ Mozilla Attack & Defense: IPC Fuzzing with Snapshots
Process separation remains one of the most important parts of the Firefox security model and securing our IPC (Inter-Process Communication) interfaces is crucial to keep privileges in the different processes separated. Today, we will take a more detailed look at our newest tool for finding vulnerabilities in these interfaces – snapshot fuzzing.
Snapshot Fuzzing
One of the challenges when fuzzing the IPC Layer is that isolating the interfaces that are to be tested isn’t easily doable. Instead, one needs to run an entire Firefox instance to effectively fuzz these interfaces. However, having to run a Firefox instance for fuzzing comes with another set of downsides: First, we cannot easily reset the system back into a known-good state other than restarting the entire browser. This causes issues with reproducibility and breaks determinism required by coverage-guided fuzzing. And second, many errors in the parent process are still handled by crashing, again forcing a full and time consuming restart of the browser. Both cases are essentially a performance problem – restarting the browser is simply too slow to allow for efficient and productive fuzzing. This is where snapshot fuzzing comes into play – it allows us to take a snapshot at the point where we are “ready” to perform fuzzing and reset to that snapshot point after each fuzzing iteration at practically no cost. This snapshot technique even works when we find a bug in the parent process which would normally force us to restart the browser.
-
Security Week ☛ Chinese Hackers Have Stepped Up Attacks on Taiwanese Organizations, Cybersecurity Firm Says
A suspected Chinese state-sponsored hacking group has stepped up its targeting of Taiwanese organizations, particularly those in sectors such as government, education, technology and diplomacy.
-
Security Week ☛ New SnailLoad Attack Relies on Network Latency Variations to Infer User Activity
New attack named SnailLoad allows a remote attacker to infer websites and videos viewed by a user without direct access to network traffic.
-
Security Week ☛ EFF Issues New Warning After Discovery of Automated License Plate Reader Vulnerabilities
The EFF has issued a warning over the use of automated license plate readers following the discovery of serious vulnerabilities.
-
Security Week ☛ LivaNova USA Discloses Data Breach Impacting 130,000 Individuals
LivaNova USA says the personal and medical information of 130,000 individuals was compromised in an October 2023 data breach.
-
Security Week ☛ Push Notification Fatigue Leads to LA County Health Department Data Breach
The Los Angeles County Department of Health Services discloses a data breach caused by push notification spamming attack.
-
Security Week ☛ Vietnamese Members of FIN9 Hacking Group Charged in US
The US has announced charges against four Vietnamese nationals for hacking businesses and causing $71 million in losses.
-
Unveiling Network Weaknesses: Penetration Testing vs. the Cyber Kill Chain
Imagine a red team simulating a cyberattack, meticulously probing your defences. Now, picture a framework dissecting the attacker’s every move.
-
Prioritize Security Threats Effectively with CVSS (Common Vulnerability Scoring System)
The Forum of Incident Response and Security Teams (FIRST) developed the Common Vulnerability Scoring System (CVSS) to rate the severity of security vulnerabilities in software systems.
-
Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader
A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB bootloader that allows for local privilege escalation (LPE).
-
Windows TCO
-
Silicon Angle ☛ LockBit claims Federal Reserve breach, demands ransom not to release stolen data
Infamous ransomware gang LockBit is claiming to have breached the U.S. Federal Reserve and is threatening to release stolen banking information if a ransom payment is not made.
-