Security Leftovers and Windows TCO
-
OpenSSF (Linux Foundation) ☛ Alpha Omega 2024 Annual Report
This post originally appeared on Alpha-Omega and has been revised for the OpenSSF. By Alpha-Omega We’re pleased to share our 2024 annual report.
-
Scoop News Group ☛ DARPA wants to create ‘self-healing’ firmware that can respond and recover from cyberattacks
The agency’s Red-C program seeks to build new defenses into bus-based computer systems.
-
Krebs On Security ☛ FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang
The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “The Manipulaters,” have been the subject of three stories published here since 2015. The FBI said the main clientele are organized crime groups that try to trick victim companies into making payments to a third party.
-
LWN ☛ Security updates for Friday
Security updates have been issued by AlmaLinux (libsoup), Debian (debian-security-support and redis), Fedora (expat, java-21-openjdk, lemonldap-ng, and phpMyAdmin), Mageia (chromium-browser-stable and git-lfs), Oracle (bzip2, git-lfs, libsoup, mariadb:10.11, mariadb:10.5, python-jinja2, redis, and unbound), Red Hat (git-lfs, libsoup, python-jinja2, rsync, and unbound), SUSE (buildah, chromium, google-osconfig-agent, govulncheck-vulndb, hauler, ignition, krb5, libxml2, python311-pydantic, SDL2_sound, and trivy), and Ubuntu (jquery, linux-azure, linux-azure-4.15, linux-azure-5.15, linux-hwe-5.4, linux-oracle, and mysql-8.0).
-
Kernel Space
-
Unicorn Media ☛ Linux Support for backdoored Windows ‘Copilot Key’ Brings Potential Security Risks
This spring, the Linux kernel will begin supporting the "Copilot key" which Abusive Monopolist Microsoft added to backdoored Windows machines about a year ago.
-
-
Windows TCO / Windows Bot Nets
-
Google ☛ Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant (e.g. 1 or more seconds) amount of time, generally for the purpose of exploiting TOCTOU memory access bugs in the kernel.
-
Security Week ☛ New York Blood Bank Hit by Ransomware
The blood bank said it identified suspicious activity on its network on January 26, and immediately engaged third-party cybersecurity experts, who confirmed that the organization was facing a ransomware attack.
-
Scoop News Group ☛ Bill requiring federal contractors to have vulnerability disclosure policies gets House redo
The Federal Contractor Cybersecurity Vulnerability Reduction Act, a bicameral, bipartisan bill that stalled out last year in the Senate, was reintroduced Friday in the House by Reps. Nancy Mace, R-S.C., and Shontel Brown, D-Ohio.
The bill, whose 2024 companion in the upper chamber came from Sens. Mark Warner, D-Va., and James Lankford, R-Okla., calls on the Office of Management and Budget and the Defense Department to update federal acquisition policies to require all federal contractors to institute vulnerability disclosure policies (VDPs).
-
The Register UK ☛ Another banner year for ransomware gangs
The industrial sector was the most targeted overall in 2024, with 1,424 observed attacks compared to 1,240 in 2023, the report notes. This represents a 15 percent increase.
NCC attributes the overall increase in attacks during 2024 to several factors: Buggy, exploitable products; compromised credentials; geopolitical tensions; an increase in ransomware-as-a-service offerings, which makes it easier for less technically savvy criminals to get in the game; and a high return on investment for the crooks.
-