7″ Laptop, Trojans in Chips, Samsung’s Faux Moon, & The 4 C’s – PSW #777
In the Security News: Windows MSI tomfoolery, curl turns 8...point owe, who doesn't need a 7" laptop, glitching the ESP, your image really isn't redacted or cropped, brute forcing pins, SSRF and Lightsail, reversing D-Link firmware for the win, ICMP RCE OMG (but not really), update your Pixel and Samsung, hacking ATMs in 2023, breaking down Fortinet vulnerabilities, Jamming with an Arduino, it 315 Mega hurts, analyzing trojans in your chips, and the 4, er 1, er 3, okay well how to suck at math and the 4 Cs of Cybersecurity! All that, and more, on this episode of Paul’s Security Weekly!
Announcements
Security Weekly listeners save $100 on their RSA Conference 2023 Full Conference Pass! RSA Conference will take place April 24-27 in San Francisco and on demand. To register using our discount code, please visit https://securityweekly.com/rsac2023 and use the code 53UCYBER! We hope to see you there!
Hosts
- 1. Debugging D-Link: Emulating firmware and hacking hardware
- 2. Cyberattackers Continue Assault Against Fortinet Devices
- 3. Building a 315 MHz Jammer with an Arduino
- 4. Ferrari discloses data breach after receiving ransom demand
- 5. Oops! ChatGPT Shares AI Chat Histories with the Wrong Crowd
- 6. What are the 4 C’s of Cyber Security?
- 7. Researchers Spot Silicon-Level Hardware Trojans in Chips, Release Their Algorithm for All to Try
- 8. Federal agency hacked by 2 groups thanks to flaw that went unpatched for 4 years
- 9. Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems
- 10. CrowdStrike Discovers First-Ever Dero Cryptojacking Campaign Targeting Kubernetes
- 11. Google Pixel flaw allowed recovery of redacted, cropped images
- 12. Attackers are starting to target .NET developers with malicious-code NuGet packages
- 13. Beloved hacking veteran Kelly ‘Aloria’ Lum passes away at 41
- 1. Flaw in Pixel’s Markup tool allows hackers to un-redact edited screenshots
A security flaw in Pixel’s Markup utility allows hackers to un-redact and uncrop edited screenshots. Google has fixed this and released an update to AOSP 13
- 2. Best and worst data breach responses highlight the do’s and don’ts of IR
- 3. Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace
Mandiant tracked 55 zero-day vulnerabilities that we judge were exploited in 2022. Although this count is lower than the record-breaking 81 zero-days exploited in 2021, it still represents almost triple the number from 2020.
- 4. UT Southwestern scientists discover agent that reverses effects of intoxication
Hormone called FGF21 (undrunk.io) speeds recovery from alcohol poisoning in mice, has potential to save countless lives, researchers say
- 1. Dark Reading https://www.darkreading.com › zer… Zero-Day Bug Allows Crypto Hackers to Drain $1.6M From Bitcoin ATMs
In what the ATM owner called a security incident of the highest severity, threat actors were able to exploit a zero-day flaw by uploading "his own java application remotely via the master service interface used by terminals to upload videos, and run it using batm user privileges," the advisory released by General Bytes stated.