Daily NCSC-FI news followup 2020-11-21

Leaky Buddies: Cross-Component Covert Channels on Integrated CPU-GPU Systems

arxiv.org/pdf/2011.09642.pdf Integrated GPUs share some resources with the CPU and as a result, there is a potential for microarchitectural attacks from the GPU to the CPU or vice versa. We believe this type of attack, crossing the component boundary (GPU to CPU or vice versa) is novel, introducing unique challenges, but also providing the. attacker with new capabilities that must be considered when we design defenses against microarchitectrual attacks in these environments.

Botnets have been silently mass-scanning the internet for unsecured ENV files

www.zdnet.com/article/botnets-have-been-silently-mass-scanning-the-internet-for-unsecured-env-files/ Threat actors are looking for API tokens, passwords, and database logins usually stored in ENV files.

Abusive add-ons arent just a Chrome and Firefox problem. Now its Edges turn

arstechnica.com/gadgets/2020/11/fraudulent-add-ons-infiltrate-the-official-microsoft-edge-store/ Over the past several days, people in website forums have complained of the Google searches being redirected to oksearch[.]com when they use Edge. Often, the searches use cdn77[.]org for connectivity.. After discovering the redirections werent an isolated incident, participants in this Reddit discussion winnowed the list of suspects down to five. All of them are knockoffs of legitimate add-ons. That means that while the extensions bear the names of legitimate developers, they are, in fact, imposters with no relation.

Hundreds of Facebook moderators complain: AI content moderation isn’t working and we’re paying for it

www.theregister.com/2020/11/21/hundreds_of_facebook_moderators_complained/ In an open letter to the social media giant, over 200 content moderators said that the companys technology was futile. It is important to explain that the reason you have chosen to risk our lives is that this year Facebook tried using AI to moderate contentand failed, it said.

Mount Locker ransomware now targets your TurboTax tax returns

www.bleepingcomputer.com/news/security/mount-locker-ransomware-now-targets-your-turbotax-tax-returns/ The Mount Locker ransomware operation is gearing up for the tax season by specifically targeting TurboTax returns for encryption.. Stolen data and the encrypted files are then used in a double-extortion scheme where victims are warned that their stolen files will be published on a data leak site if a ransom is not paid.. When encrypting a computer, Mount Locker only encrypts files that have certain file extensions. With the latest version, the ransomware developers are now targeting the .tax, .tax2009, .tax2013, and .tax2014 file extensions associated with the TurboTax tax preparation software.

Raytheon Employee Jailed for Exporting Missile Data to China

www.infosecurity-magazine.com/news/wei-sun-jailed-for-exporting/ Chinese national Wei Sun was employed in Tucson, Arizona, as an electrical engineer with Raytheon Missiles and Defense for 10 years. In February 2020, the 49-year-old pled guilty to violating the Arms Export Control Act (AECA) by taking a company-issued laptop containing sensitive information to China during a vacation.

Exploiting dynamic rendering engines to take control of web apps

r2c.dev/blog/2020/exploiting-dynamic-rendering-engines-to-take-control-of-web-apps/ If a web page is generated dynamically on the client but needs to be properly indexed by search engines, a common approach is to catch a request from the crawler or bot, render it server-side, and output the pretty HTML with all the content. . Its easy to take advantage of a dynamic rendering app when it is publicly available because it allows you to interact with the app directly and send arbitrary requests, including to local endpoints. There are some restrictions for accessing local infrastructure, but depending on the version of the dynamic rendering app, they can be bypassed.

Consul by HashiCorp: from Infoleak to RCE

lab.wallarm.com/consul-by-hashicorp-from-infoleak-to-rce/ An attacker can use public access to the system to obtain information about the infrastructure and its configuration.. How to protect yourself. Set the EnableLocalScriptChecks and EnableRemoteScriptChecks options to false. … Make sure Consul is on the local network and isnt exposed.

Purgalicious VBA: Macro Obfuscation With VBA Purging

www.fireeye.com/blog/threat-research/2020/11/purgalicious-vba-macro-obfuscation-with-vba-purging.html Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss “VBA Purging”, a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in February 2020. We will explain how VBA purging works with Microsoft Office documents in Compound File Binary . Format (CFBF), share some detection and hunting opportunities, and introduce a new tool created by Mandiants Red Team: OfficePurge.. [VBA purging] removes strings usually found in PerformanceCache that many AV engines and YARA rules depend on for detection. Once removed, attackers are able to use more standard methodologies and execute suspicious functions (i.e. CreateObject) without being detected.

Kybervaaran kohtaamista voi harjoitella simulaatiolla: Harjoitusten avulla oikeat toimintamallit menevät selkäytimeen

www.kauppalehti.fi/uutiset/kybervaaran-kohtaamista-voi-harjoitella-simulaatiolla-harjoitusten-avulla-oikeat-toimintamallit-menevat-selkaytimeen/0ca46a3f-b23c-41f0-a192-69ade175ae19 Harjoitusten osanottajilla ei ole ollut vaikeuksia eläytyä tilanteisiin, vaan niin oma väki kuin yhteistyökumppanitkin ovat ryhtyneet viipymättä toimiin. Simulaatioissa vastuut, päätöksentekoketjut ja roolit ovat selkiytyneet. Fingridin sisäisissä harjoituksissa on kiertävä vastuunjako, sillä niin kuin tosielämässäkin, keskeinen vastuuhenkilö voi olla vaaratilanteessa poissa . töistä. Mukana on tyypillisesti johtoa, teknisiä asiantuntijoita ja viestinnän edustajia.

ImageMagick – Shell injection via PDF password

insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html mageMagick is an awesome tool to convert files. It supports some really weird old file types (often via external programs) and is trying to be as user friendly as possible, maybe a little too much

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

krebsonsecurity.com/2020/11/godaddy-employees-used-in-attacks-on-multiple-cryptocurrency-services/ Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the worlds largest domain name registrar, KrebsOnSecurity has learned.

You might be interested in …

Daily NCSC-FI news followup 2020-03-18

Spanish operators beg customers not to screw the network up telecoms.com/503106/spanish-operators-beg-customers-not-to-screw-the-network-up/ All the major Spanish telcos have unveiled a joint statement to customers, asking for fair and reasonable use of the internet during over the foreseeable future. […] Microsoft has said it has seen a 100% growth in usage of its enterprise productivity application Teams. […]

Read More

Daily NCSC-FI news followup 2019-07-22

Fuzz rising www.cloudatomiclab.com/fuzz/ – From the Debian stats, of the billion or so lines of code, 43% is ANSI C and 24% is C++ which has many of the same problems in many codebases. So 670 million lines of code, in general without enough maintainers to deal with the existing and coming waves of security […]

Read More

Daily NCSC-FI news followup 2020-05-27

Choosing 2FA authenticator apps can be hard. Ars did it so you don’t have to arstechnica.com/information-technology/2020/05/choosing-2fa-authenticator-apps-can-be-hard-ars-did-it-so-you-dont-have-to/ Losing your 2FA codes can be bad. Having backups stolen can be worse. What to do? New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD www.zdnet.com/article/new-fuzzing-tool-finds-26-usb-bugs-in-linux-windows-macos-and-freebsd/ Eighteen of the 26 bugs impact Linux. Eleven have […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.