Paul’s Security Weekly #748
1. ICS Security – Lesley Carhart – PSW #748
We are thrilled to welcome Lesley (@hacks4pancakes) back to the show! In this segment, we'll dig into some ICS security topics including some recent threats, monitoring ICS networks for security, incident response for ICS, and more!
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
2. Linux Distros, The Linux Firewall, CIA Agents, Vault 7 Leaks, & The “Coolest” Laptop – PSW #748
In the Security News for this week: heat waves and outages, GPS trackers are vulnerable, cracks in the Linux firewall, bas password crackers, microcode decryptors, SATA antennas, Okta vulnerabilities not vulnerabilities, updates on former CIA agent and Vault 7 leaks, decompiler explorer, and Tuxedo brings to market a liquid cooled laptop, & more!
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
- 1. Critical flaws in GPS tracker enable “disastrous” and “life-threatening” hacksFrom the research report: "The exploitation of these vulnerabilities could have disastrous and even life-threatening implications. For example, an attacker could exploit some of the vulnerabilities to cut fuel to an entire fleet of commercial or emergency vehicles. Or, the attacker could leverage GPS information to monitor and abruptly stop vehicles on dangerous highways. Attackers could choose to surreptitiously track individuals or demand ransom payments to return disabled vehicles to working condition. There are many possible scenarios which could result in loss of life, property damage, privacy intrusions, and threaten national security." (Ref: https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf)
- 2. [CVE-2022-34918] A crack in the Linux firewall"To sum up, I found a heap buffer overflow within the Netfilter subsystem of the Linux kernel. This vulnerability could be exploited to get a privilege escalation on Ubuntu 22.04. The source code of the exploit is available on our GitHub (https://github.com/randorisec/CVE-2022-34918-LPE-PoC)."
- 3. Industrial control system password cracker may be bad, actually"Dragos is reporting that one such group offering password cracking for 15 vendors worth of PLCs and HMIs is using the password recovery software to install the Sality botnet. Sality is used for distributed criminal tasks, including cryptomining."
- 4. Unpatched Flaws in Popular GPS Devices Allow Adversaries to Disrupt and Track Vehicles
- 5. Maxim Goryachy on TwitterInteresting thread on the MicrocodeDecryptor
- 6. Binary Ninja – Introducing Decompiler Explorer"Today, we’re releasing a little side project a few of our developers have been working with the community on: the Decompiler Explorer! This new (free, open source) web service lets you compare the output of different decompilers on small executables. In other words: It’s basically the same thing as Matt Godbolt’s awesome Compiler Explorer, but in reverse."
- 7. MicrocodeDecryptor"At the beginning of 2020, we discovered the Red Unlock technique that allows extracting Intel Atom Microcode. We were able to research the internal structure of the microcode and then x86 instruction implementation. Also, we recovered a format of microcode updates, algorithm and the encryption key used to protect the microcode (see RC4)." Amazing: "Using vulnerabilities in Intel TXE we had activated undocumented debugging mode called red unlock and extracted dumps of microcode directly from the CPU. We found the keys and algorithm inside."
- 8. New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals"In the final data reception phase, the transmitted data is captured through a hidden receiver or relies on a malicious insider in an organization to carry a radio receiver near the air-gapped system. "The receiver monitors the 6GHz spectrum for a potential transmission, demodulates the data, decodes it, and sends it to the attacker," Dr. Guri explained." - NVME anyone? :)
- 9. Authentication Risks Discovered in Okta Platform"As responsible security researchers, we have reached out to Okta with our findings and confirmed that these risks do not represent vulnerabilities. Okta responded that the features are performing as designed and should not be categorized as vulnerabilities. It is important to note that while not categorized as vulnerabilities, these findings expose customers to potential attacks. As a vendor focused on securing the identity and access layer, we believe it is important to share our findings and to provide a way to detect and mitigate these risks."
- 10. Ex-CIA engineer convicted in massive theft of secret info"Schulte watched without visibly reacting as U.S. District Judge Jesse M. Furman announced the guilty verdict on nine counts, which was reached in mid-afternoon by a jury that had deliberated since Friday. The so-called Vault 7 leak revealed how the CIA hacked Apple and Android smartphones in overseas spying operations, and efforts to turn internet-connected televisions into listening devices. Prior to his arrest, Schulte had helped create the hacking tools as a coder at the agency’s headquarters in Langley, Virginia."
- 11. U.S. FTC Vows to Crack Down on illegal Use and Sharing of Citizens’ Sensitive Data
- 12. CVE-2022-32224: Ruby on Rails Remote Code Execution Vulnerability
- 13. Exploiting Arbitrary Object Instantiations in PHP without Custom Classes
- 14. Zero Day Initiative — CVE-2022-30136: Microsoft Windows Network File System v4 Remote Code Execution Vulnerability
- 15. TikTok is “unacceptable security risk” and should be removed from app stores, says FCC
- 16. GhostSec Raising the Bar
- 1. UK heat wave causes Google and Oracle cloud outages
- 2. Disentangling Debian derivatives to discern your default
- 3. Tavis Ormandy ports WordPerfect for UNIX to Linux
- 4. Apple to pay $50m settlement for rotten butterfly keyboards
- 5. Critical flaws in GPS tracker enable “disastrous” and “life-threatening” hacks
- 6. Tuxedo brings Linux support to liquid-cooled laptop