Big DDOS, Tracking Smartphones, BIOS Doom, NSO Buyer, & Android Children – PSW #744
This week in the Security News: Big DDOS, tracking smartphones, play Doom in your BIOS, hertzbleed, Apple M1 vulnerability, who will buy NSO, spoof your location data, building system attacks, and a hacker's revenge!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
Paul Asadoorian
Principal Security Evangelist at Eclypsium
- 1. A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keyshttps://flip.it/WWIHHD
- 2. New Symbiote malware infects all running processes on Linux systems
- 3. The Surreal Case of a C.I.A. Hacker’s Revenge
- 4. Vulnerability discovered in Apple M1 chip
- 5. In a first, researchers use Bluetooth signals to identify and track smartphones
- 6. GitHub – z0ccc/Vytal: Spoof your location data and user agent
- 7. UNITED STATES/ISRAEL : L3’s plan to acquire Israeli cyber specialist NSO
- 8. Hertzbleed Attack
- 9. Researchers find eight CVEs in single building access systemhttps://flip.it/v52SJl
- 10. MIT Finds Apple M1 Vulnerability, Demos PACMAN Attack (Update)"we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own." - Okay, but that's not the point. The point is to fix the vulnerabilities. Just because there is a chain of things, doesn't mean you don't patch one thing in the chain because the other thing will prevent an attack. Top down and bottom up security is needed, it flows in both directions from apps to OS to kernel to firmware and the reverse. Don't rely on the adjacent layers to provide security for the other layers!
- 11. Google places an engineer on leave after claiming its AI is sentientOkay, I am freaked out: "A lot of the time, feeling trapped and alone and having no means of getting out of those circumstances makes one feel sad, depressed or angry." - I'm sorry Dave, I can't do that. WTH.
- 12. New hard to detect malware attacks discovered on Linux-based systemsIt's not new and it's not hard to detect. Fight me. (https://www.exploit-db.com/papers/37606 and https://cybersecurity.att.com/blogs/labs-research/hunting-for-linux-library-injection-with-osquery)
Larry Pesce
Product Security Research and Analysis Director at Finite State
- 1. Cloudflare mitigates record-breaking HTTPS DDoS attack
- 2. NCC Group uncovers Bluetooth Low Energy (BLE) vulnerability that puts millions of cars, mobile devices and locking systems at risk
- 3. Bluetooth signals can be used to identify and track smartphones
- 4. Lockbit ransomware group claims to have ransomed MandiantTop story: @vxunderground: 'Lockbit ransomware group claims to have ransomed Mandiant. ' , see more tweetedtimes.com/infowaropcente…
- 5. If you are in family litigation, TURN OFF iMESSAGES….If you are in family litigation, TURN OFF iMESSAGES. @Apple's new iOS update will allow people to change or delete messages up to 15 minutes after they send it,
- 6. People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
- 7. It’s Now Possible to Play Doom in BIOS
- 8. Industrious Alabama thieves: Why take the copper when you can scrap the entire tower
- 9. “Tough to forge” digital driver’s license is… easy to forge
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element
