Security and Windows TCO Leftovers

posted by Roy Schestowitz on Feb 14, 2025

• Citizen Lab ☛ Network Security Issues in RedNote

  Our network security analysis of the popular social control media app, RedNote, revealed a number of issues with both the Android and iOS versions of the app.

• Tom's Hardware ☛ Emojis can be hacked to hide data or messages, unicode Characters also susceptible

  Paul Butler tests and demonstrates the flexibility of encoding hidden messages within Unicode characters, including emoji.

• Silicon Angle ☛ New phishing campaign exploits immigration arrival card process to steal personal data

  A new report out today from phishing defense company Cofense Inc. is warning of a new phishing campaign that is exploiting immigration arrival card processes to steal personal data.

• Security Week ☛ GAO Tells Coast Guard to Improve Cybersecurity of Maritime Transportation System

  A new GAO report assesses that the Coast Guard needs to improve Maritime Transportation System (MTS) cybersecurity.

• Security Week ☛ Ivanti, Fortinet Patch Remote Code Execution Vulnerabilities

  Ivanti and Fortinet on Tuesday released patches for multiple critical- and high-severity vulnerabilities in their products.

• Tom's Hardware ☛ Intel roasts AMD and Nvidia in its latest product security report, claiming AMD has vulnerabilities with no fix planned, Nvidia has only high-severity security bugs [Updated]

  Intel says that AMD and Nvidia had more vulnerabilities versus its products.

• Open Source Security (Audio Show) ☛ Josh Bressers: Why do we keep ignoring CI security with François Proulx

  When I started Open Source Security I knew one of those topics that could use more attention was the security of CI/CD systems. All the talk about securing the supply chain seems to almost exclusively focus on the development stage as well as the deployment stage.

• Security Week ☛ Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities

  Chipmakers Intel, AMD and Nvidia on Tuesday published new security advisories to inform customers about vulnerabilities found in their products. 

• Silicon Angle ☛ AI aggregator OmniGPT reportedly breached, leaking sensitive user data online

  Artificial intelligence aggregator OmniGPT Inc. has reportedly been breached, as a hacker released more than 34 million lines of user conversations and 30,000 user emails and phone numbers on a popular hacking forum.

• SANS ☛ DShield SIEM Docker Updates, (Thu, Feb 13th)

  Over the past several weeks, I have been testing various enhancements to the DShield SIEM, to process DShield sensor log from local and cloud sensors with Filebeat and Filebeat modules to easily send Zeek and NetFlow logs back to a local network ELK stack via home router natting.

• Security Week ☛ ICS Patch Tuesday: Vulnerabilities Addressed by Schneider Electric, Siemens

  Industrial giants Schneider Electric and Siemens have released February 2025 Patch Tuesday ICS security advisories.

• Eric Hameleers ☛ Let’s Encrypt SSL certificate expiry warning emails

  If you use Let’s Encrypt to secure the traffic to your web server, mailserver or other situations where you need a SSL-encrypted data exchange, you are probably using the dehydrated script to manage those certificates to ensure that they will be renewed on time (Let’s Encrypt SSL certificates only have a 90-day lifespan).

• Security Week ☛ Cisco Says Ransomware Group’s Leak Related to Old Hack

  A fresh post on the Kraken ransomware group’s leak website refers to data stolen in a 2022 cyberattack, Cisco says.

• Bruce Schneier ☛ Delivering Malware Through Abandoned Amazon S3 Buckets

  Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don’t realize that they have been abandoned, and still ping them for patches, updates, and etc.

• Windows TCO / Windows Bot Nets

  • Bleeping Computer ☛ Windows 10 KB5051974 update force installs new Abusive Monopolist Microsoft Outlook app

    Microsoft has released the KB5051974 cumulative update for Windows 10 22H2 and Windows 10 21H2, which automatically installs the new Outlook for Windows app and fixes a memory leak bug. The Windows 10 KB5051974 update is mandatory as it contains Microsoft’s January 2025 Patch Tuesday security updates.

  • Bleeping Computer ☛ Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws

    Today is Microsoft’s February 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks. This Patch Tuesday also fixes three “Critical” vulnerabilities, all remote code execution vulnerabilities.