FreeBSD, Steam Decks, Ancient Computers, UEFI Rootkits, & Office Macro Saga Continues – PSW #749
In the Security News FreeBSD and the software supply chain, open-source implies that its open, hardcoded passwords are always bad, on-again, off-again, on-again, privilege escelation defined, preparing for quantum, so many vulnerabilities, CosmicStrand another UEFI firmware rootkit, & reviving ancient computers!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
Larry Pesce
Product Security Research and Analysis Director at Finite State
- 1. GPSJam GPS/GNSS Interference MapGPSJam Daily maps of GPS interference "You can always tell where Putin is"
- 2. Elescope: tracking .ru drones through RF telemetryElescope was not developed by local team or opportunistic SIGINT vendor. One DSP wizard, one RE/hacking freak, and a bunch of other folks. All foreign. The true
Lee Neely
Senior Cyber Advisor at Lawrence Livermore National Laboratory
- 1. Hardcoded password in Confluence app has been leaked on TwitterAtlassian disclosed several vulnerabilities, including a hard-coded password issue affecting the Questions for Confluence app. Atlassian has since reported that the password has been leaked online, which makes patching the app even more urgent. Username: disabledsystemuser Email: [email protected] Password: disabled1system1user6708 Update Questions for Confluence app ver 2.7.x >= 2.7.38 or > 3.0.5 https://twitter.com/therceman/status/1550791890026565638
- 2. Apple Releases Security Patches for all Devices Fixing Dozens of New VulnerabilitiesIn addition to fixing almost 40 flaws, Apple has addressed a memory corruption vulnerability (CVE-2022-2294) impacting its WebRTC component, which was disclosed by Google last week as part of its release of software fixes for iOS, iPadOS, tvOS, and WatchOS.
- 3. SonicWall Warns of Critical GMS SQL Injection VulnerabilitySonicWall has released "urgent patches" to address a critical vulnerability (CVE-2022-22280) impacting Global Management System (GMS) installations before 9.3.1-SP2-Hotfix-2 that could be exploited by remote, unauthenticated attackers to send a specially crafted request to the impacted application and execute arbitrary SQL commands in the applications database.
- 4. Rare ‘CosmicStrand’ UEFI Rootkit Swings into Cybercrime OrbitThe "CosmicStrand" Windows firmware rootkit is reportedly being used in attacks targeting the Unified Extensible Firmware Interface (UEFI) in order to remain undetected and maintain persistence on targeted systems.
- 5. Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system. default policy for Windows 11 builds – particularly, Insider Preview builds 22528.1000 and newer – will automatically lock accounts for 10 minutes after 10 invalid sign-in attempts.
- 6. FileWave MDM offered attackers superuser privilegeThe Filewave mobile device management suite had a pair of vulnerabilities which security researchers have shown could let attackers push malware out as a phone update or obtain access to enterprise networks.
- 7. Digital security giant Entrust breached by ransomware gangEntrust has revealed it suffered a June 18, 2022, "cyberattack" during which hackers managed to breach its network and steal data, which could affect an array of critical and sensitive organizations using Entrust solutions for authentication and identity management.