The Official Internet/Computer Security News Discussion Thread
#521
https://www.bleepingcomputer.com/new...d-zte-devices/
VPNFilter Can Also Infect ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE Devices
June 6, 2018
The VPNFilter malware that infected over 500,000 routers and NAS devices across 54 countries during the past few months is much worse than previously thought.
According to new research technical details published today by the Cisco Talos security team, the malware —which was initially thought to be able to infect devices from Linksys, MikroTik, Netgear, TP-Link, and QNAP— can also infect routers made by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE.
The list of devices vulnerable to VPNFilter has seen a sharp jump from Cisco's original report, going from 16 device models to 71 —and possibly more. The full list is embedded at the bottom of this article.
New VPNFilter plugins
Furthermore, researchers have also discovered new VPNFilter capabilities, packed as third-stage plugins, as part of the malware's tri-stage deployment system.
Cisco experts said they discovered the following two new third-stage plugins.
These two new plugins add to the two already known.
Technical details about the VPNFilter malware, in general, are available in Cisco's first report. Details about the ssler, dstr, and ps third-stage plugins are available in a report published today.
. . . [ SNIP ] . . .
If users can't update their router's firmware, can't update to a new router, but would still like to wipe the malware from their devices, instructions on how to safely remove the malware are available in this article. Removing VPNFilter from infected devices is quite a challenge, as this malware is one of two malware strains that can achieve boot persistence on SOHO routers and IoT devices. Furthermore, there are no visible signs that a router has been infected with this malware, so unless you can scan your router's firmware, even knowing you're infected is a challenge. The best advice we can give right now is to make sure you're running a router with up-to-date firmware.
. . . [ SNIP ] . . .
June 6, 2018
The VPNFilter malware that infected over 500,000 routers and NAS devices across 54 countries during the past few months is much worse than previously thought.
According to new research technical details published today by the Cisco Talos security team, the malware —which was initially thought to be able to infect devices from Linksys, MikroTik, Netgear, TP-Link, and QNAP— can also infect routers made by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE.
The list of devices vulnerable to VPNFilter has seen a sharp jump from Cisco's original report, going from 16 device models to 71 —and possibly more. The full list is embedded at the bottom of this article.
New VPNFilter plugins
Furthermore, researchers have also discovered new VPNFilter capabilities, packed as third-stage plugins, as part of the malware's tri-stage deployment system.
Cisco experts said they discovered the following two new third-stage plugins.
ssler - plugin for intercepting and modifying web traffic on port 80 via man-in-the-middle attacks. Plugin also supports downgrading HTTPS to HTTP.
dstr - plugin to overwriting device firmware files. Cisco knew VPNFilter could wipe device firmware, but in its recent report pinpointed this function to this specific third-stage plugin.
dstr - plugin to overwriting device firmware files. Cisco knew VPNFilter could wipe device firmware, but in its recent report pinpointed this function to this specific third-stage plugin.
ps - plugin that can sniff network packets and detect certain types of network traffic. Cisco believes this plugin was used to look for Modbus TCP/IP packets, often used by industrial software and SCADA equipment, but in its most recent report claims the plugin will also look for industrial equipment that connects over TP-Link R600 virtual private networks as well.
tor - plugin used by VPNFilter bots to communicate with a command and control server via the Tor network.
tor - plugin used by VPNFilter bots to communicate with a command and control server via the Tor network.
. . . [ SNIP ] . . .
If users can't update their router's firmware, can't update to a new router, but would still like to wipe the malware from their devices, instructions on how to safely remove the malware are available in this article. Removing VPNFilter from infected devices is quite a challenge, as this malware is one of two malware strains that can achieve boot persistence on SOHO routers and IoT devices. Furthermore, there are no visible signs that a router has been infected with this malware, so unless you can scan your router's firmware, even knowing you're infected is a challenge. The best advice we can give right now is to make sure you're running a router with up-to-date firmware.
. . . [ SNIP ] . . .
#522
Sanest Florida Man
Thread Starter
I mean, it could be Russia, but it could also be China. It could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds, OK?
- Out President
- Out President
#523
Sanest Florida Man
Thread Starter
#524
Needs more Lemon Pledge
Netgear has updated firmware out (at least for my model router).
#526
Team Owner
https://www.intel.com/content/www/us...-sa-00161.html
Summary:
Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault (L1TF). This method impacts select microprocessor products supporting Intel® Software Guard Extensions (Intel® SGX). Further investigation by Intel has identified two related applications of L1TF with the potential to impact additional microprocessors, operating systems, system management mode, and virtualization software. If used for malicious purposes, this class of vulnerability has the potential to improperly infer data values from multiple types of computing devices.
Intel is committed to product and customer security and to coordinated disclosure. We worked closely with other technology companies, operating system, and hypervisor software vendors, developing an industry-wide approach to mitigate these issues promptly and constructively.
For facts about these new exploits, technical resources, and steps you can take to help protect systems and information please visit: https://www.intel.com/securityfirst.
Summary:
Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault (L1TF). This method impacts select microprocessor products supporting Intel® Software Guard Extensions (Intel® SGX). Further investigation by Intel has identified two related applications of L1TF with the potential to impact additional microprocessors, operating systems, system management mode, and virtualization software. If used for malicious purposes, this class of vulnerability has the potential to improperly infer data values from multiple types of computing devices.
Intel is committed to product and customer security and to coordinated disclosure. We worked closely with other technology companies, operating system, and hypervisor software vendors, developing an industry-wide approach to mitigate these issues promptly and constructively.
For facts about these new exploits, technical resources, and steps you can take to help protect systems and information please visit: https://www.intel.com/securityfirst.
#527
Team Owner
https://www.tomshardware.com/news/di...ity,37690.html
Theo de Raadt, founder of OpenBSD, which makes a free, multi-platform, UNIX-like operating system, recommended everyone completely disable Intel’s Hyper-Threading in BIOS before hackers start taking advantage of it.
Hyper-Threading Is Unsafe
In a post this week, de Raadt said that the Foreshadow and TLBleed flaws have made it mandatory to disable the Hyper-Threading technology on all Intel-based machines. He claimed mitigating these flaws requires a new CPU microcode and coding workarounds, but these alone are not sufficient to stop attackers; Hyper-Threading also has to be disabled.
OpenBSD version 6.4 and newer will disable Hyper-Threading completely.
Last edited by doopstr; 08-25-2018 at 11:37 AM.
#528
Needs more Lemon Pledge
Hmmmm. Not sure I am going to disable hyperthreading.
#529
Sanest Florida Man
Thread Starter
I just got a text message from Paypal that said "Paypal: Your security code is: 443162...."
Except I wasn't in front of a computer, I wasn't trying to access my account, I didn't have paypal tab open on another PC. I usually only get that when I sign in to Paypal which i wasn't doing. So was someone signing in to my account!? I use lastpass and my paypal password is 20 characters long, unique, gibberish password. It's not used anywhere else, and you can't brute force it.
I'm just assuming that something glitched with paypal's 2fa server and sent codes to the wrong person, or maybe someone typed my number into their account and now I'm getting their codes, Either way, I changed my Paypal password to a different 20 character unique complex pw. Still weird.
Anyone else with paypal 2fa just get a text from them?
Except I wasn't in front of a computer, I wasn't trying to access my account, I didn't have paypal tab open on another PC. I usually only get that when I sign in to Paypal which i wasn't doing. So was someone signing in to my account!? I use lastpass and my paypal password is 20 characters long, unique, gibberish password. It's not used anywhere else, and you can't brute force it.
I'm just assuming that something glitched with paypal's 2fa server and sent codes to the wrong person, or maybe someone typed my number into their account and now I'm getting their codes, Either way, I changed my Paypal password to a different 20 character unique complex pw. Still weird.
Anyone else with paypal 2fa just get a text from them?
#530
Go Giants
No but happened to me the other day with Amazon. I changed the password
#531
Senior Moderator
A while ago, a friend posted a white paper about why 2FA via text message is not secure due to the ability to hijack numbers. My 2FA method of choice is Google Authenticator but not all sites support a 3rd party code generator yet.
#532
Needs more Lemon Pledge
Yes they can spoof a cell number, but they have to know WHICH cell number to spoof. The concern is more of a targeted attack (where your cell number and various accounts may already be known) than random mass account hijacks. Unless, of course, the service is warehousing your account credentials AND your 2FA tel number in plain text on the same storage server...
#533
Senior Moderator
Yes they can spoof a cell number, but they have to know WHICH cell number to spoof. The concern is more of a targeted attack (where your cell number and various accounts may already be known) than random mass account hijacks. Unless, of course, the service is warehousing your account credentials AND your 2FA tel number in plain text on the same storage server...
#534
Sanest Florida Man
Thread Starter
I always use an app if it's available, unless something has changed they don't support 2FA apps
#535
Team Owner
https://www.bloomberg.com/news/featu...-top-companies
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
#536
Team Owner
https://www.supermicro.com/newsroom/..._Bloomberg.cfm
Supermicro Refutes Claims in Bloomberg Article
Supermicro along with Apple and Amazon refute claims in Bloomberg story
https://aws.amazon.com/blogs/securit...neous-article/
Supermicro Refutes Claims in Bloomberg Article
Supermicro along with Apple and Amazon refute claims in Bloomberg story
https://aws.amazon.com/blogs/securit...neous-article/
Last edited by doopstr; 10-04-2018 at 09:11 PM.
#537
Grandpa
Join Date: Dec 2003
Location: Virginia, Besieged
Age: 68
Posts: 7,596
Received 2,609 Likes
on
1,475 Posts
https://www.supermicro.com/newsroom/..._Bloomberg.cfm
Supermicro Refutes Claims in Bloomberg Article
Supermicro along with Apple and Amazon refute claims in Bloomberg story
https://aws.amazon.com/blogs/securit...neous-article/
Supermicro Refutes Claims in Bloomberg Article
Supermicro along with Apple and Amazon refute claims in Bloomberg story
https://aws.amazon.com/blogs/securit...neous-article/
That's not a validation of anything, just some weird, circumstantial and coincidental evidence.
I guess.
0_o
#538
Team Owner
Another Hyperthreading vulnerability. And WTF saying AMD likely impacted but they didn't bother to test.
https://www.zdnet.com/article/intel-...vulnerability/
https://www.zdnet.com/article/intel-...vulnerability/
Intel CPUs impacted by new PortSmash side-channel vulnerability
Vulnerability confirmed on Skylake and Kaby Lake CPU series. Researchers suspect AMD processors are also impacted.
#539
Needs more Lemon Pledge
Another Hyperthreading vulnerability. And WTF saying AMD likely impacted but they didn't bother to test.
https://www.zdnet.com/article/intel-...vulnerability/
https://www.zdnet.com/article/intel-...vulnerability/
Intel CPUs impacted by new PortSmash side-channel vulnerability
Vulnerability confirmed on Skylake and Kaby Lake CPU series. Researchers suspect AMD processors are also impacted.
Researchers say they notified Intel's security team last month, on October 1, but the company has not provided a patch until yesterday, the date on which researchers went public with their findings.
#540
Team Owner
New vulnerability found in Intel CPUs. Not present in AMD or ARM.
All Intel chips open to new Spoiler non-Spectre attack: Don't expect a quick fix
Researchers say Intel won't be able to use a software mitigation to fully address the problem Spoiler exploits.
https://www.zdnet.com/article/all-in...t-a-quick-fix/
All Intel chips open to new Spoiler non-Spectre attack: Don't expect a quick fix
Researchers say Intel won't be able to use a software mitigation to fully address the problem Spoiler exploits.
https://www.zdnet.com/article/all-in...t-a-quick-fix/
Last edited by doopstr; 03-05-2019 at 06:13 PM.
#541
Registered but harmless
Join Date: Aug 2005
Location: Los Angeles, CA
Age: 59
Posts: 14,842
Received 1,102 Likes
on
763 Posts
Kaspersky replacement?
I'm running Kaspersky Total Security on several computers.
Are there any good alternatives to Kaspersky Total Security which are both active and passive while combining security, anti-malware and anti-virus functions without a connection to the FSB and Internet Research Institute?
Are there any good alternatives to Kaspersky Total Security which are both active and passive while combining security, anti-malware and anti-virus functions without a connection to the FSB and Internet Research Institute?
#542
#543
Needs more Lemon Pledge
Company is based out of Romania.
#545
https://www.zdnet.com/article/dragon...wpa3-standard/
Dragonblood vulnerabilities disclosed in WiFi WPA3 standard
April 10, 2019
Two security researchers disclosed details today about a group of vulnerabilities collectively referred to as Dragonblood that impact the WiFi Alliance's recently launched WPA3 Wi-Fi security and authentication standard.
If ever exploited, the vulnerabilities would allow an attacker within the range of a victim's network to recover the Wi-Fi password and infiltrate the target's network.
The Dragonblood vulnerabilities
In total, five vulnerabilities are part of the Dragonblood ensemble --a denial of service attack, two downgrade attacks, and two side-channel information leaks.
While the denial of service attack is somewhat unimportant as it only leads to crashing WPA3-compatible access points, the other four are the ones that can be used to recover user passwords.
Both the two downgrade attacks and two side-channel leaks exploit design flaws in the WPA3 standard's Dragonfly key exchange --the mechanism through which clients authenticate on a WPA3 router or access point.
In a downgrade attack, WiFi WPA3-capable networks can be coerced in using an older and more insecure password exchange systems, which can allow attackers to retrieve the network passwords using older flaws.
In a side-channel information leak attack, WiFi WPA3-capable networks can trick devices into using weaker algorithms that leak small ammounts of information about the network password. With repeated attacks, the full password can eventually be recovered.
Downgrade to Dictionary Attack - works on networks where both WPA3 and WPA2 are supported at the same time via WPA3's "transition mode." This attack has been confirmed on a recently released Samsung Galaxy S10 device. Explainer below:
Group Downgrade Attack - works when WPA3 is configured to work with multiple groups of cryptographic algorithms, instead of just one. Basic downgrade attack. Explainer below:
Cache-Based Side-Channel Attack (CVE-2019-9494) - exploits the Dragonfly's protocol's "hunting and pecking" algorithm. High-level explainer below.
Timing-Based Side-Channel Attack (CVE-2019-9494) - exploits WPA3's "multiplicative groups" feature. Explainer below:
More detailed explanations for each of these vulnerabilities are available in an academic paper authored by Mathy Vanhoef and Eyal Ronen, titled "Dragonblood: A Security Analysis of WPA3's SAE Handshake" --or this website dedicated to the Dragonblood vulnerabilities.
Dargonblood also impacts EAP-pwd
Besides WPA3, researchers said the Dragonblood vulnerabilities also impact the EAP-pwd (Extensible Authentication Protocol) that is supported in the previous WPA and WPA2 WiFi authentication standards.
"We [...] discovered serious bugs in most products that implement EAP-pwd," the research duo said. "These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user's password."
The two researchers didn't publish details how the Dragonblood vulnerabilities impact EAP-pwd because the patching process is still in progress. They did, however, publish tools that can be used to discover if WPA3-capable devices are vulnerbale to any of the major Dragonblood flaws.
Fixes for WPA3 are available
On the other hand, the WiFi Alliance announced today a security update for the WPA3 standard following Vanhoef and Ronen's public disclosure of the Dragonblood flaws.
"These issues can all be mitigated through software updates without any impact on devices' ability to work well together," the WiFi Alliance said today in a press release. Vendors of WiFi products will now have to integrate these changes into their products via firmware updates.
Vanhoef is the same security researcher who in the fall of 2017 disclosed the KRACK attack on the WiFi WPA2 standard, which was the main reason the WiFi Alliance developed WPA3 in the first place.
April 10, 2019
Two security researchers disclosed details today about a group of vulnerabilities collectively referred to as Dragonblood that impact the WiFi Alliance's recently launched WPA3 Wi-Fi security and authentication standard.
If ever exploited, the vulnerabilities would allow an attacker within the range of a victim's network to recover the Wi-Fi password and infiltrate the target's network.
The Dragonblood vulnerabilities
In total, five vulnerabilities are part of the Dragonblood ensemble --a denial of service attack, two downgrade attacks, and two side-channel information leaks.
While the denial of service attack is somewhat unimportant as it only leads to crashing WPA3-compatible access points, the other four are the ones that can be used to recover user passwords.
Both the two downgrade attacks and two side-channel leaks exploit design flaws in the WPA3 standard's Dragonfly key exchange --the mechanism through which clients authenticate on a WPA3 router or access point.
In a downgrade attack, WiFi WPA3-capable networks can be coerced in using an older and more insecure password exchange systems, which can allow attackers to retrieve the network passwords using older flaws.
In a side-channel information leak attack, WiFi WPA3-capable networks can trick devices into using weaker algorithms that leak small ammounts of information about the network password. With repeated attacks, the full password can eventually be recovered.
Downgrade to Dictionary Attack - works on networks where both WPA3 and WPA2 are supported at the same time via WPA3's "transition mode." This attack has been confirmed on a recently released Samsung Galaxy S10 device. Explainer below:
If a client and AP both support WPA2 and WPA3, an adversary can set up a rogue AP that only supports WPA2. This causes the client (i.e. victim) to connect using WPA2's 4-way handshake. Although the client detects the downgrade-to-WPA2 during the 4-way handshake, this is too late. The 4-way handshake messages that were exchanged before the downgrade was detected, provide enough information to launch an offline dictionary attack.
For example, say a client supports the elliptic curves P-521 and P-256, and prefers to use them in that order. In that case, even thoug the AP also supports the P-521 curve, an adversary can force the client and AP into using the weaker P-256 curve. This can be accomplished by jamming the messages of the Dragonfly handshake, and forging a message that indicates certain curves are not supported.
If an adversary can determine which branch of the if-then-else branch was taken, they can learn whether the password element was found in a specific iteration of this algorithm. In practice we found that, if an adversary can run unprivileged code on the victim machine, we were able to use cache-based attacks to determine which branch was taken in the first iteration of the password generation algorithm. This information can be abused to perform a password partitioning attack (this is similar to an offline dictionary attack).
When the Dragonfly handshake uses certain multiplicative groups, the password encoding algorithm uses a variable number of iteratins to encode the password. The precise number of iterations depends on the password being used, and the MAC address of the AP and client. An adversary can perform a remote timing attack against the password encoding algorithm, to determine how many iterations were needed to encode the password. The recovered information can be abused to perform a password partitioning attack, which is similar to an offline dictionary attack.
Dargonblood also impacts EAP-pwd
Besides WPA3, researchers said the Dragonblood vulnerabilities also impact the EAP-pwd (Extensible Authentication Protocol) that is supported in the previous WPA and WPA2 WiFi authentication standards.
"We [...] discovered serious bugs in most products that implement EAP-pwd," the research duo said. "These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user's password."
The two researchers didn't publish details how the Dragonblood vulnerabilities impact EAP-pwd because the patching process is still in progress. They did, however, publish tools that can be used to discover if WPA3-capable devices are vulnerbale to any of the major Dragonblood flaws.
Fixes for WPA3 are available
On the other hand, the WiFi Alliance announced today a security update for the WPA3 standard following Vanhoef and Ronen's public disclosure of the Dragonblood flaws.
"These issues can all be mitigated through software updates without any impact on devices' ability to work well together," the WiFi Alliance said today in a press release. Vendors of WiFi products will now have to integrate these changes into their products via firmware updates.
Vanhoef is the same security researcher who in the fall of 2017 disclosed the KRACK attack on the WiFi WPA2 standard, which was the main reason the WiFi Alliance developed WPA3 in the first place.
#546
Race Director
#547
Team Owner
If you so desire, here is information on how to disable hyperthreading on mac, windows, redhat.
https://support.apple.com/en-us/HT210108
https://support.microsoft.com/en-us/...n-side-channel
https://support.microsoft.com/en-us/...n-side-channel
https://support.apple.com/en-us/HT210108
https://support.microsoft.com/en-us/...n-side-channel
https://support.microsoft.com/en-us/...n-side-channel
#548
Team Owner
https://mdsattacks.com/
RIDL and Fallout: MDS attacks
Attacks on the newly-disclosed "MDS" hardware vulnerabilities in Intel CPUs
#549
https://www.extremetech.com/computin...wn-mds-patches
Intel Performance Hit 5x Harder Than AMD After Spectre, Meltdown Patches
May 20, 2019
Ever since Spectre and Meltdown broke in January 2018, we’ve known that the combined impact of patching these security issues would impact raw performance. The question, especially as new disclosures have stacked up, is how large the impacts would be and how would they change the performance comparison between Intel and AMD?
Phoronix has put that question to the test with a substantial suite of benchmarks across multiple Intel platforms, including the 6800K (Broadwell-E), 8700K (Coffee Lake), 7980XE (Skylake-SP), Ryzen 7 2700X, and Threadripper 2990WX. These chips collectively represent all of the recent major architectures in play.
The collective impact of enabling all patches is not a positive for Intel. While the impacts vary tremendously from virtually nothing too significant on an application-by-application level, the collective whack is ~15-16 percent on all Intel CPUs without Hyper-Threading disabled. Disabling increases the overall performance impact to 20 percent (for the 7980XE), 24.8 percent (8700K) and 20.5 percent (6800K).
The AMD CPUs are not tested with HT disabled, because disabling SMT isn’t a required fix for the situation on AMD chips, but the cumulative impact of the decline is much smaller. AMD loses ~3 percent with all fixes enabled.
. . . .
[ SNIP ]
May 20, 2019
Ever since Spectre and Meltdown broke in January 2018, we’ve known that the combined impact of patching these security issues would impact raw performance. The question, especially as new disclosures have stacked up, is how large the impacts would be and how would they change the performance comparison between Intel and AMD?
Phoronix has put that question to the test with a substantial suite of benchmarks across multiple Intel platforms, including the 6800K (Broadwell-E), 8700K (Coffee Lake), 7980XE (Skylake-SP), Ryzen 7 2700X, and Threadripper 2990WX. These chips collectively represent all of the recent major architectures in play.
The collective impact of enabling all patches is not a positive for Intel. While the impacts vary tremendously from virtually nothing too significant on an application-by-application level, the collective whack is ~15-16 percent on all Intel CPUs without Hyper-Threading disabled. Disabling increases the overall performance impact to 20 percent (for the 7980XE), 24.8 percent (8700K) and 20.5 percent (6800K).
The AMD CPUs are not tested with HT disabled, because disabling SMT isn’t a required fix for the situation on AMD chips, but the cumulative impact of the decline is much smaller. AMD loses ~3 percent with all fixes enabled.
. . . .
[ SNIP ]
#550
Team Owner
Hey you know what stuff Intel said they fixed? They didn't fix it.
https://arxiv.org/abs/1905.12701
https://arxiv.org/abs/1905.12701
Recently, out-of-order execution, an important performance optimization in modern high-end processors, has been revealed to pose a significant security threat, allowing information leaks across security domains. In particular, the Meltdown attack leaks information from the operating system kernel to user space, completely eroding the security of the system. To address this and similar attacks, without incurring the performance costs of software countermeasures, Intel includes hardware-based defenses in its recent Coffee Lake R processors.
In this work, we show that the recent hardware defenses are not sufficient. Specifically, we present Fallout, a new transient execution attack that leaks information from a previously unexplored microarchitectural component called the store buffer. We show how unprivileged user processes can exploit Fallout to reconstruct privileged information recently written by the kernel. We further show how Fallout can be used to bypass kernel address space randomization. Finally, we identify and explore microcode assists as a hitherto ignored cause of transient execution.
Fallout affects all processor generations we have tested. However, we notice a worrying regression, where the newer Coffee Lake R processors are more vulnerable to Fallout than older generations.
In this work, we show that the recent hardware defenses are not sufficient. Specifically, we present Fallout, a new transient execution attack that leaks information from a previously unexplored microarchitectural component called the store buffer. We show how unprivileged user processes can exploit Fallout to reconstruct privileged information recently written by the kernel. We further show how Fallout can be used to bypass kernel address space randomization. Finally, we identify and explore microcode assists as a hitherto ignored cause of transient execution.
Fallout affects all processor generations we have tested. However, we notice a worrying regression, where the newer Coffee Lake R processors are more vulnerable to Fallout than older generations.
#551
Needs more Lemon Pledge
Crap, I was about to plunk down cash on a coffee lake hoping I had left these issues behind...
#552
Needs more Lemon Pledge
This video is NSFW (language) and cracked me up. it gets better and better as it plays...
#553
Needs more Lemon Pledge
SWAPGS vulnerability in all Ivy Bridge and later Intel Processors using speculative execution
https://www.bitdefender.com/business...ecommendations
https://www.bitdefender.com/business...ecommendations
#554
Sanest Florida Man
Thread Starter
this is just going to be an endless game of whack a mole from now on, isn't it
#555
Needs more Lemon Pledge
It makes me think that the CPUs themselves need to be separated (or integrated) into greater virtualization to prevent these types of attacks. A completely virtual OS of sorts...
Bitdefender has demonstrated how Hypervisor Introspection stops the attack by removing conditions it needs to succeed on unpatched Windows systems. This mitigation has introduced no noticeable performance degradation. While deploying the patch from Microsoft is highly recommended, Hypervisor Introspection provides an effective compensating control until systems can be patched.
#556
Needs more Lemon Pledge
Ran into an interesting phishing vector...
My wife had an event invitation appear in her google Calendar with a message saying something like "Accept: Pickup Free Samsung S9" and there was a link in the calendar invite.
She had not received any emails with an invitation, so this came directly through the Google Calendar interface.
This article has the info about it along with the remedy:
https://www.wired.com/story/phishing...endar-invites/
TLDR: Open Google Calendar's settings on a desktop browser and go to Event Settings > Automatically Add Invitations, and then select the option "No, only show invitations to which I've responded." Also, under View Options, make sure that "Show declined events" is unchecked, so malicious events don't haunt you even after you decline them.
My wife had an event invitation appear in her google Calendar with a message saying something like "Accept: Pickup Free Samsung S9" and there was a link in the calendar invite.
She had not received any emails with an invitation, so this came directly through the Google Calendar interface.
This article has the info about it along with the remedy:
https://www.wired.com/story/phishing...endar-invites/
TLDR: Open Google Calendar's settings on a desktop browser and go to Event Settings > Automatically Add Invitations, and then select the option "No, only show invitations to which I've responded." Also, under View Options, make sure that "Show declined events" is unchecked, so malicious events don't haunt you even after you decline them.
#557
Team Owner
https://www.us-cert.gov/ncas/current...curity-updates
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Security Advisories for CVE-2019-1367, CVE-2019-1255, and Microsoft’s Cumulative security update for Internet Explorer and apply the necessary updates.
Microsoft Releases Out-of-Band Security Updates
Microsoft has released out-of-band security updates to address vulnerabilities in Microsoft software. A remote attacker could exploit of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Security Advisories for CVE-2019-1367, CVE-2019-1255, and Microsoft’s Cumulative security update for Internet Explorer and apply the necessary updates.
#558
Team Owner
Microsoft Stops Trusting SSD Makers
https://www.tomshardware.com/news/bi...sds,40504.html
Windows ships with a full volume encryption tool called BitLocker. The feature used to trust any SSD that claimed to offer its own hardware-based encryption, but that changed in the KB4516071 update to Windows 10 released on September 24, which now assumes that connected SSDs don't actually encrypt anything.
"SwiftOnSecurity" called attention to this change on September 26. The pseudonymous Twitter user then reminded everyone of a November 2018 report that revealed security flaws, such as the use of master passwords set by manufacturers, of self-encrypting drives. That meant people who purchased SSDs that were supposed to help keep their data secure might as well have purchased a drive that didn't handle its own encryption instead.
Those people were actually worse off than anticipated because Microsoft set up BitLocker to leave these self-encrypting drives to their own devices. This was supposed to help with performance--the drives could use their own hardware to encrypt their contents rather than using the CPU--without compromising the drive's security. Now it seems the company will no longer trust SSD manufacturers to keep their customers safe by themselves.
"SwiftOnSecurity" called attention to this change on September 26. The pseudonymous Twitter user then reminded everyone of a November 2018 report that revealed security flaws, such as the use of master passwords set by manufacturers, of self-encrypting drives. That meant people who purchased SSDs that were supposed to help keep their data secure might as well have purchased a drive that didn't handle its own encryption instead.
Those people were actually worse off than anticipated because Microsoft set up BitLocker to leave these self-encrypting drives to their own devices. This was supposed to help with performance--the drives could use their own hardware to encrypt their contents rather than using the CPU--without compromising the drive's security. Now it seems the company will no longer trust SSD manufacturers to keep their customers safe by themselves.
#559
Sanest Florida Man
Thread Starter
#560
Team Owner
Patch your crap
https://arstechnica.com/information-...ion-is-broken/
https://arstechnica.com/information-...ion-is-broken/