Vulnerability management, Malware

Big DDOS, Tracking Smartphones, BIOS Doom, NSO Buyer, & Android Children – PSW #744

This week in the Security News: Big DDOS, tracking smartphones, play Doom in your BIOS, hertzbleed, Apple M1 vulnerability, who will buy NSO, spoof your location data, building system attacks, and a hacker's revenge!

Full episode and show notes

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Join us June 29th for a webcast with Tyler Robinson and Beau Bullock to learn how to pivot into the world of Crypto security. Visit https://securityweekly.com/webcasts to register with only your name and email! Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
  1. 1. A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys - https://flip.it/WWIHHD
  2. 2. New Symbiote malware infects all running processes on Linux systems
  3. 3. The Surreal Case of a C.I.A. Hacker’s Revenge
  4. 4. Vulnerability discovered in Apple M1 chip
  5. 5. In a first, researchers use Bluetooth signals to identify and track smartphones
  6. 6. GitHub – z0ccc/Vytal: Spoof your location data and user agent
  7. 7. UNITED STATES/ISRAEL : L3’s plan to acquire Israeli cyber specialist NSO
  8. 8. Hertzbleed Attack
  9. 9. Researchers find eight CVEs in single building access system - https://flip.it/v52SJl
  10. 10. MIT Finds Apple M1 Vulnerability, Demos PACMAN Attack (Update) - "we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own." - Okay, but that's not the point. The point is to fix the vulnerabilities. Just because there is a chain of things, doesn't mean you don't patch one thing in the chain because the other thing will prevent an attack. Top down and bottom up security is needed, it flows in both directions from apps to OS to kernel to firmware and the reverse. Don't rely on the adjacent layers to provide security for the other layers!
  11. 11. Google places an engineer on leave after claiming its AI is sentient - Okay, I am freaked out: "A lot of the time, feeling trapped and alone and having no means of getting out of those circumstances makes one feel sad, depressed or angry." - I'm sorry Dave, I can't do that. WTH.
  12. 12. New hard to detect malware attacks discovered on Linux-based systems - It's not new and it's not hard to detect. Fight me. (https://www.exploit-db.com/papers/37606 and https://cybersecurity.att.com/blogs/labs-research/hunting-for-linux-library-injection-with-osquery)
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element
prestitial ad