Language Selection

English French German Italian Portuguese Spanish

Security

Security: Security Is Not an Absolute, Layered Insight, Windows Back Doors, and AutoSploit

Filed under
Security
  • Security Is Not an Absolute

    If there’s one thing I wish people from outside the security industry knew when dealing with information security, it’s that Security is not an absolute. Most of the time, it’s not even quantifiable. Even in the case of particular threat models, it’s often impossible to make statements about the security of a system with certainty.

  • Layered Insight Takes Aim at Container Security

    The market and competition for container security technology is continuing to grow. Among the newest entrants in the space is Layered Insight which announced its new CEO Sachin Aggarwal on Feb. 5.

    Layered Insight got started in January 2015 and has been quietly building its technology and a business ever since. The company has not announced any funding yet, though Layered Insight does already have product in-market as it aims to help organizations gain better visibility and control of container environments.

  • Leaked NSA hacking tools can target all Windows versions from the past two decades

    REMEMBER THOSE LEAKED NSA TOOLS? Well, they can now hack any version of Windows, not just the old version of Microsoft's operating system.

    Researcher Sean Dillon from cybersecurity firm RiskSense tweaked the source code of three nicked NSA exploits - EternalSynergy, EternalChampion and EternalRomance - to work against Windows versions dating back as far as Windows 2000.

    Going by the name of 'zerosum0x0' on GitHub and Twitter (hat tip to Betanews for that), Dillon noted his modifications to the code exploits the CVE-2017-0143 and CVE-2017-0146 vulnerabilities in numerous versions of unpatched Windows OS.

  • AutoSploit: Mass Exploitation Just Got a Lot Easier

    In the meantime, others in the open source community have stepped up to prevent some of the worst potential damage from AutoSploit. Security expert Jerry Gamblin posted to GitHub his own bit of code that he says will block Shodan from being able to scan your systems. However, it is questionable as to whether this response will be widely used, considering the generally poor performance of the software industry for implementing critical patches when they are announced from the project managers themselves.

Security: Updates and Flash/Windows Problems

Filed under
Security
  • Security updates for Tuesday
  • Attackers Exploiting Unpatched Flaw in Flash

    Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers. Adobe said it plans to issue a fix for the flaw in the next few days, but now might be a good time to check your exposure to this still-ubiquitous program and harden your defenses.

    Adobe said a critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could allow an attacker to take control of the affected system.

  • Scarabey: This ransomware threatens to slowly delete your files every 24 hours until you pay up [iophk: "Microsoft Windows TCO"]

    A new variant of the malicious Scarab ransomware has been uncovered in the wild that uses a different distribution method and threat to scare victims into paying up. While the original Scarab ransomware was distributed by a massive spam campaign hosted by the Necurs botnet, the new variant dubbed "Scarabey" targets Remote Desktop Protocol connections and is manually dropped on servers and systems.

  • [Old] Forgotten Conficker worm resurfaces to infect systems with WannaCry

    Simon Edwards, European cyber security architect at Trend Micro, told SC that one of the Shadow Broker releases included a ‘new' version of Conficker (Eclipsed Wing) which would connect it to the exploit used for WannaCry.

    [...]

    “However, Trend has seen samples of this onsite in the NHS; the samples use Domain Generation Algorithms to communicate to C&C servers so generate quite a lot of network traffic. Once again patching is critical, but once again (in the case of the NHS specifically) this might not be possible for systems running critical medical equipment.”

Security: Updates, Meltdown/Spectre and Microsoft/NSA Back Doors

Filed under
Security
  • Security updates for Monday
  • Meltdown/Spectre Status for Red Hat and Oracle
  • NetBSD Has SVS To Mitigate Meltdown, Still Working On Spectre

    The NetBSD project has issued an update concerning recent security efforts for this popular BSD operating system.

    NetBSD has landed "Separate Virtual Space" (SVS) within their development repository as their mitigation effort for the Meltdown CPU vulnerability. SVS unmaps kernel pages when running in user-space. Initially only the PTE area is being unmapped. After tuning the past month, NetBSD developers now consider SVS to be stable but at the moment has not yet been back-ported to their stable branches. SVS for now is only supported on x86 64-bit.

  • Talking to normal people about security
  • 3 leaked NSA exploits work on all Windows versions since Windows 2000

    Oh, good, three NSA exploits previously leaked by The Shadow Brokers have been tweaked so they now work on all vulnerable Windows 2000 through Server 2016 targets, as well as standard and workstation counterparts.

    Before this, EternalSynergy, EternalRomance, and EternalChampion had partially been used in the NotPetya cyber attack. However, they had not been used by malicious actors nearly as much as EternalBlue because they didn’t work on recent Windows versions. That has now changed thanks to RiskSense security researcher Sean Dillon, aka @zerosum0x0, who ported the Microsoft Server Message Block (SMB) exploits to work on Windows versions released over the past 18 years.

  • NSA exploits leaked by hackers tweaked to work on all versions of Windows since 2000

    A trio of NSA exploits leaked by hacking group TheShadowBrokers has been ported to work on all versions of Windows since Windows 2000.

    The EternalChampion, EternalRomance and EternalSynergy exploits were made public by the group last year, and now a security researcher has tweaked the source code so they will run on nearly two decades' worth of Microsoft operating systems -- both 32- and 64-bit variants.

  • Every NHS trust tested for cybersecurity has failed, officials admit

Latest on Meltdown/Spectre in Linux

Filed under
Linux
Hardware
Security

Security: Windows/NSA Back Doors and 'Joys' of Cryptocurrency Malware

Filed under
Microsoft
Security

Security: Linux Kernel Runtime Guard (LKRG), Windows Malware, and Black Duck's Latest FUD

Filed under
Security
  • OpenWall unveils kernel protection project

    The folk at OpenWall have called for assistance to create a security module to watch Linux kernels for suspicious activity.

    In the company's explanation, the Linux Kernel Runtime Guard (LKRG) is described as a module that “attempts to post-detect and hopefully promptly respond to unauthorised modifications to the running Linux kernel (integrity checking) or to credentials (such as user IDs) of the running processes (exploit detection).”

    Developed by Adam Zabrocki (@adam_pi3) and now championed by OpenWall, the first cut of the code landed last week.

  • Complex PZChao Windows malware has more than one string to its bow

    Security firm Bitdefender says it has been monitoring a complex custom-built piece of Windows malware, that it has named PZChao because of the name of the domain at which its command and control server resides.

  • Monero Cryptocurrency Miner Leverages NSA Exploit

    In a growing development, attackers have leveraged an exploit found in almost all generations of Microsoft Windows. EternalBlue is a security vulnerability that allowed WannaCry to run rampant in over 150 different countries and took down parts of the National Health Service (NHS), as well as Petya/NonPetya (a strain of ransomware that inspired NATO to assemble an entire cyber operation to combat it).

  • Monero mining botnet uses NSA exploit to infect Windows servers

    Microsoft Windows servers around the globe are playing host to a mining botnet known as Smominru Monero, which may have made as much as US$3.6 million for its operators based on the current value of the Monero cryptocurrency.

  • Health tech and open source– what should manufacturers do to keep medical devices safe? [Ed: Black Duck spreads FUD, as usual. Pretends to be doing journalism, but here it just promotes its proprietary things.]

SUSE releases live patching for big iron, real-time OS update

Filed under
Security
SUSE

Germany-based Linux vendor SUSE Linux has launched live patching for its enterprise Linux distribution that runs on IBM Power Systems and also a service pack for its real-tine enterprise distribution that will enable systems running it to handle both real-time and non-real-time workloads on a single virtual machine.

Read more

Security: The Internet of Connected Sex Toys, Gas Stations, Hospitals With Windows and More

Filed under
Security
  • The Internet of Connected Sex Toys is every bit as horrifyingly insecure and poorly thought out as you imagine

    The rush to put networked sensors and controllers into sex toys is grounded in foolish, convenient untruths, like the idea that the incredibly sensitive data generated by these systems can be anonymized and then analyzed for insights without exposing users to risk.

    The sex tech industry has been a top-to-bottom series of farces and catastrophes. [...]

  • These app-controlled sex toys can be 'remotely taken over by hackers'

    In an advisory published Thursday (1 January), researchers said bugs in a customer database meant that attackers could have easily accessed user details, including "names, cleartext passwords and explicit image galleries" being stored by the company.

  • Flaws in Gas Station Software Let Hackers Change Prices, Steal Fuel, Erase Evidence

    Gas stations lose millions of dollars annually to gas fraud. Most of this fraud occurs when thieves use stolen credit and debit cards to fuel vehicles, resulting in chargebacks to service stations.

    But gas station owners in the US and elsewhere may have to worry about a new kind of fraud after two security researchers in Israel discovered multiple vulnerabilities in one automated system used to control fuel prices and other information at thousands of gas stations around the world.

    The vulnerabilities would allow an attacker to shut down fuel pumps, hijack credit card payments, and steal card numbers or access backend networks to take control of surveillance cameras and other systems connected to a gas station or convenience store's network. An attacker could also simply alter fuel prices and steal petrol.

  • Healthcare IT Systems: Tempting Targets for Ransomware

    Well, there’s no use in waiting, I suppose. Two Thursdays ago, Chicago-based electronic health records provider Allscripts Healthcare Solutions suffered a ransomware attack that paralyzed some of its services. This past Friday, the company announced it had completely recovered from the cyberattack. But not before a class action lawsuit [pdf] was filed against it by an orthopedic non-surgery practice for failing to secure its systems and data from a well-known cybersecurity threat, i.e., a strain of SamSam.

    The ransomware attack impaired Allscripts’ data centers in Raleigh and Charlotte, North Carolina, affecting a number of applications, such as its Professional EHR and Electronic Prescriptions for Controlled Substances (EPCS) hosted services, which were mostly restored within five days, according to the company. Other services, like clinical decision support, analytics, data extraction, and regulatory reporting, took the longest to make operational again.

  • Pwn2Own 2018 Expands Targets and Raises Prize Pool to $2M

    The annual Pwn2own hacking competition run by Trend Micro's Zero Day Initiative (ZDI) is set to return for 2018, along with a longer list of targets and more money for security researchers, than ever before.

    Pwn2own is a security researcher contest that typically has two events a year, with the primary event focused on browser and server technologies and a second event just for mobile technologies. The first event of 2018 is set for March 14-16 and will have five targets: virtualization, web browsers, enterprise applications, servers and a new Windows Insider Preview Challenge category.

  • Disable Flash Player!! Critical Vulnerability Gives Away Your System Controls

Proprietary Security: Abobe, Windows, and Patching Buggy Chips

Filed under
Security
  • An Adobe Flash 0day is being actively exploited in the wild

    The critical, use-after-free vulnerability, which is indexed as CVE-2018-4877, resides in the latest version of the widely installed Flash, researchers from Cisco Systems' Talos group said in a blog post. Adobe said separately that versions earlier than current Flash 28.0.0.137 are also susceptible. The vulnerability came to light on Wednesday when South Korea's CERT issued an advisory warning that attack code was circulating in the wild that exploited the zeroday flaw.

    Talos said the exploit is being distributed through a Microsoft Excel document that has a malicious Flash object embedded into it. Once the SWF object is triggered, it installs ROKRAT, a remote administration tool Talos has been tracking since January 2017. Until now, the group behind ROKRAT—which Talos calls Group 123—has relied on social engineering or exploits of older, previously known vulnerabilities that targets hadn't yet patched. This is the first time the group has used a zeroday exploit.

  • Cryptocurrency botnets are rendering some companies unable to operate

    Like Zealot, Smominru uses other exploit techniques to infect targeted computers, but it can fall back on the NSA-developed EternalBlue in certain cases, presumably for spreading from machine to machine inside infected networks or when other infection techniques fail on a machine that hasn't been patched. Smominru also makes use of the Windows Management Interface. Proofpoint said that the botnet is also likely exacting a punishing performance impact on the business networks it infects by slowing down servers and driving up electricity costs.

  • 6 important security takeaways from applying Spectre and Meltdown patches

    A flurry of patching commenced across all industries once these vulnerabilities came to light due to the severity involved. Here are seven important lessons I took away from the process:]...

Meltdown-Spectre Latest

Filed under
Security
Syndicate content

More in Tux Machines

Linux: To recurse or not

Linux and recursion are on very good speaking terms. In fact, a number of Linux command recurse without ever being asked while others have to be coaxed with just the right option. When is recursion most helpful and how can you use it to make your tasks easier? Let’s run through some useful examples and see. Read more

Today in Techrights

Android Leftovers

today's leftovers

  • MX Linux Review of MX-17 – For The Record
    MX Linux Review of MX-17. MX-17 is a cooperative venture between the antiX and former MEPIS Linux communities. It’s XFCE based, lightning fast, comes with both 32 and 64-bit CPU support…and the tools. Oh man, the tools available in this distro are both reminders of Mepis past and current tech found in modern distros.
  • Samsung Halts Android 8.0 Oreo Rollouts for Galaxy S8 Due to Unexpected Reboots
    Samsung stopped the distribution of the Android 8.0 Oreo operating system update for its Galaxy S8 and S8+ smartphones due to unexpected reboots reported by several users. SamMobile reported the other day that Samsung halted all Android 8.0 Oreo rollouts for its Galaxy S8/S8+ series of Android smartphones after approximately a week since the initial release. But only today Samsung published a statement to inform user why it stopped the rollouts, and the cause appears to be related to a limited number of cases of unexpected reboots after installing the update.
  • Xen Project Contributor Spotlight: Kevin Tian
    The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project and how the Xen Project technology bolsters their business.
  • Initial Intel Icelake Support Lands In Mesa OpenGL Driver, Vulkan Support Started
    A few days back I reported on Intel Icelake patches for the i965 Mesa driver in bringing up the OpenGL support now that several kernel patch series have been published for enabling these "Gen 11" graphics within the Direct Rendering Manager driver. This Icelake support has been quick to materialize even with Cannonlake hardware not yet being available.
  • LunarG's Vulkan Layer Factory Aims To Make Writing Vulkan Layers Easier
    Introduced as part of LunarG's recent Vulkan SDK update is the VLF, the Vulkan Layer Factory. The Vulkan Layer Factory aims to creating Vulkan layers easier by taking care of a lot of the boilerplate code for dealing with the initialization, etc. This framework also provides for "interceptor objects" for overriding functions pre/post API calls for Vulkan entry points of interest.