Leaky Buddies: Cross-Component Covert Channels on Integrated CPU-GPU Systems
arxiv.org/pdf/2011.09642.pdf Integrated GPUs share some resources with the CPU and as a result, there is a potential for microarchitectural attacks from the GPU to the CPU or vice versa. We believe this type of attack, crossing the component boundary (GPU to CPU or vice versa) is novel, introducing unique challenges, but also providing the. attacker with new capabilities that must be considered when we design defenses against microarchitectrual attacks in these environments.
Botnets have been silently mass-scanning the internet for unsecured ENV files
www.zdnet.com/article/botnets-have-been-silently-mass-scanning-the-internet-for-unsecured-env-files/ Threat actors are looking for API tokens, passwords, and database logins usually stored in ENV files.
Abusive add-ons arent just a Chrome and Firefox problem. Now its Edges turn
arstechnica.com/gadgets/2020/11/fraudulent-add-ons-infiltrate-the-official-microsoft-edge-store/ Over the past several days, people in website forums have complained of the Google searches being redirected to oksearch[.]com when they use Edge. Often, the searches use cdn77[.]org for connectivity.. After discovering the redirections werent an isolated incident, participants in this Reddit discussion winnowed the list of suspects down to five. All of them are knockoffs of legitimate add-ons. That means that while the extensions bear the names of legitimate developers, they are, in fact, imposters with no relation.
Hundreds of Facebook moderators complain: AI content moderation isn’t working and we’re paying for it
www.theregister.com/2020/11/21/hundreds_of_facebook_moderators_complained/ In an open letter to the social media giant, over 200 content moderators said that the companys technology was futile. It is important to explain that the reason you have chosen to risk our lives is that this year Facebook tried using AI to moderate contentand failed, it said.
Mount Locker ransomware now targets your TurboTax tax returns
www.bleepingcomputer.com/news/security/mount-locker-ransomware-now-targets-your-turbotax-tax-returns/ The Mount Locker ransomware operation is gearing up for the tax season by specifically targeting TurboTax returns for encryption.. Stolen data and the encrypted files are then used in a double-extortion scheme where victims are warned that their stolen files will be published on a data leak site if a ransom is not paid.. When encrypting a computer, Mount Locker only encrypts files that have certain file extensions. With the latest version, the ransomware developers are now targeting the .tax, .tax2009, .tax2013, and .tax2014 file extensions associated with the TurboTax tax preparation software.
Raytheon Employee Jailed for Exporting Missile Data to China
www.infosecurity-magazine.com/news/wei-sun-jailed-for-exporting/ Chinese national Wei Sun was employed in Tucson, Arizona, as an electrical engineer with Raytheon Missiles and Defense for 10 years. In February 2020, the 49-year-old pled guilty to violating the Arms Export Control Act (AECA) by taking a company-issued laptop containing sensitive information to China during a vacation.
Exploiting dynamic rendering engines to take control of web apps
r2c.dev/blog/2020/exploiting-dynamic-rendering-engines-to-take-control-of-web-apps/ If a web page is generated dynamically on the client but needs to be properly indexed by search engines, a common approach is to catch a request from the crawler or bot, render it server-side, and output the pretty HTML with all the content. . Its easy to take advantage of a dynamic rendering app when it is publicly available because it allows you to interact with the app directly and send arbitrary requests, including to local endpoints. There are some restrictions for accessing local infrastructure, but depending on the version of the dynamic rendering app, they can be bypassed.
Consul by HashiCorp: from Infoleak to RCE
lab.wallarm.com/consul-by-hashicorp-from-infoleak-to-rce/ An attacker can use public access to the system to obtain information about the infrastructure and its configuration.. How to protect yourself. Set the EnableLocalScriptChecks and EnableRemoteScriptChecks options to false. … Make sure Consul is on the local network and isnt exposed.
Purgalicious VBA: Macro Obfuscation With VBA Purging
www.fireeye.com/blog/threat-research/2020/11/purgalicious-vba-macro-obfuscation-with-vba-purging.html Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss “VBA Purging”, a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in February 2020. We will explain how VBA purging works with Microsoft Office documents in Compound File Binary . Format (CFBF), share some detection and hunting opportunities, and introduce a new tool created by Mandiants Red Team: OfficePurge.. [VBA purging] removes strings usually found in PerformanceCache that many AV engines and YARA rules depend on for detection. Once removed, attackers are able to use more standard methodologies and execute suspicious functions (i.e. CreateObject) without being detected.
Kybervaaran kohtaamista voi harjoitella simulaatiolla: Harjoitusten avulla oikeat toimintamallit menevät selkäytimeen
www.kauppalehti.fi/uutiset/kybervaaran-kohtaamista-voi-harjoitella-simulaatiolla-harjoitusten-avulla-oikeat-toimintamallit-menevat-selkaytimeen/0ca46a3f-b23c-41f0-a192-69ade175ae19 Harjoitusten osanottajilla ei ole ollut vaikeuksia eläytyä tilanteisiin, vaan niin oma väki kuin yhteistyökumppanitkin ovat ryhtyneet viipymättä toimiin. Simulaatioissa vastuut, päätöksentekoketjut ja roolit ovat selkiytyneet. Fingridin sisäisissä harjoituksissa on kiertävä vastuunjako, sillä niin kuin tosielämässäkin, keskeinen vastuuhenkilö voi olla vaaratilanteessa poissa . töistä. Mukana on tyypillisesti johtoa, teknisiä asiantuntijoita ja viestinnän edustajia.
ImageMagick – Shell injection via PDF password
insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html mageMagick is an awesome tool to convert files. It supports some really weird old file types (often via external programs) and is trying to be as user friendly as possible, maybe a little too much
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services
krebsonsecurity.com/2020/11/godaddy-employees-used-in-attacks-on-multiple-cryptocurrency-services/ Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the worlds largest domain name registrar, KrebsOnSecurity has learned.