FreeBSD, Steam Decks, Ancient Computers, UEFI Rootkits, & Office Macro Saga Continues – PSW #749
Full episode and show notes
In the Security News FreeBSD and the software supply chain, open-source implies that its open, hardcoded passwords are always bad, on-again, off-again, on-again, privilege escelation defined, preparing for quantum, so many vulnerabilities, CosmicStrand another UEFI firmware rootkit, & reviving ancient computers!
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Founder at Security Weekly
- 1. Zyxel authentication bypass patch analysis (CVE-2022-0342) – hn securityGreat research post.
- 2. Zero Day Initiative — Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP StackSoftware supply chain anyone? - "The most interesting outcome of this analysis is that ESXi’s TCP/IP stack is based on FreeBSD 8.2 and does not include security patches for the vulnerabilities disclosed over the years since that release of FreeBSD. This result also prompted us to analyze the nature of vulnerabilities disclosed in other open-source components used by VMware, such as OpenSLP and ISC-DHCP. Once again, we observed that most of the disclosed vulnerabilities had upstream patches before the disclosure." Also, this post is amazing. They go on to identify which FreeBSD version VMware is using, identify the missing patches and so forth.
- 3. Securing Open-Source Software – Schneier on Security"Designing an institutional framework that would secure open source requires addressing adverse incentives, ensuring efficient resource allocation, and imposing minimum standards." - I take issue with this. One of the things that make open-source software so amazing is the fact that it's OPEN. The incentives, adverse or otherwise, should only be that software is made available to everyone for free. Who decides who gets more or fewer resources? This should be left to the community. And don't even talk about minimum standards because then the software is not truly open.
- 4. Increased Use Of Windows BitLocker Is Causing Headaches For Linux Dual Booting – Phoronix
- 5. Hardcoded password in Confluence app has been leaked on TwitterWhoa: "The company warned that even when Confluence installations don't actively have the app installed, they may still be vulnerable. Uninstalling the app doesn't automatically remediate the vulnerability because the disabledsystemuser account can still reside on the system."
- 6. T-Mobile to pay $500M for one of the largest data breaches in US history [Updated]
- 7. Office macro security: on-again-off-again feature now BACK ON AGAIN!This is getting crazy, also: "Organisations that relied on sharing documents via cloud services, and who hadn’t taken the appropriate precautions to denote which external servers should be treated as official company sources found their macros blocked by default, and voiced their displeasure loudly enough that Microsoft officially relented around the middle of 2022." - Look, just turn this off. Easy for me to say...
- 8. Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits – Microsoft Security Blog
- 9. Serious Privilege Escalation Vulnerability Found In Zyxel FirewallWe need to level set on the language: "Security researchers discovered a serious vulnerability in the Zyxel Firewall, allowing for local privilege escalation. However, a remote attacker could also exploit the flaw, adding to the severity of the issue." - privilege escalation and authentication bypass needs more explaining, no more Jedi mind tricks!
- 10. Senators Introduce Quantum Encryption Preparedness LawBetter hope they protect his list very well: "The Act, co-sponsored by senators Rob Portman (R-OH) and Maggie Hassan (D-NH), calls for every executive agency to create an inventory of all the cryptographic systems in use, along with the IT systems that they will prioritize for migration to post-quantum cryptography. They will also define processes for evaluating the process of that migration."
- 11. Critical Vulnerabilities Exposed Nuki Smart Locks to a Plethora of Attack OptionsSo many vulnerabilities: https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/
- 12. Threat of Firmware Attacks on Firms GrowsI was hoping for more than a sponsored article for HP Wolf.
- 13. Is Your Home or Small Business Built on Secure Foundations? Think Again…This is a plug for this: https://www.iotsecurityfoundation.org/ - Great idea, lots of challenges.
- 14. Newly found Lightning Framework offers a plethora of Linux hacking capabilities
- 15. For SMBs, Microsoft offers a new layer of server protection
- 16. Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple productsThis is great research, and all too common in embedded systems. Turns out multiple projects/vendors re-used vulnerable code from Broadcom in their web servers.
- 17. Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to usThis is just one really awesome thing about this: "This specific point in the execution was chosen because at this stage the boot manager is loaded in memory, but isn’t yet running." - So each time the system boots up, at the point when the bootloader is loaded into memory, the bootloader is modified, then the kernel is modified. SO AWESOME (I mean for the attacker, not for defenders...).
- 18. CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
- 19. FOISted: a MikroTik remote jailbreakNeat stuff, more info here: https://margin.re/blog/pulling-mikrotik-into-the-limelight.aspx
- 20. How I revived three ancient computers with ChromeOS FlexI really want to try this and see how it works. Curious if anyone else has?
Product Security Research and Analysis Director at Finite State
- 1. GPSJam GPS/GNSS Interference MapGPSJam Daily maps of GPS interference "You can always tell where Putin is"
- 2. Elescope: tracking .ru drones through RF telemetryElescope was not developed by local team or opportunistic SIGINT vendor. One DSP wizard, one RE/hacking freak, and a bunch of other folks. All foreign. The true
Information Assurance APL at Lawrence Livermore National Laboratory
- 1. Hardcoded password in Confluence app has been leaked on TwitterAtlassian disclosed several vulnerabilities, including a hard-coded password issue affecting the Questions for Confluence app. Atlassian has since reported that the password has been leaked online, which makes patching the app even more urgent. Username: disabledsystemuser Email: [email protected] Password: disabled1system1user6708 Update Questions for Confluence app ver 2.7.x >= 2.7.38 or > 3.0.5 https://twitter.com/therceman/status/1550791890026565638
- 2. Apple Releases Security Patches for all Devices Fixing Dozens of New VulnerabilitiesIn addition to fixing almost 40 flaws, Apple has addressed a memory corruption vulnerability (CVE-2022-2294) impacting its WebRTC component, which was disclosed by Google last week as part of its release of software fixes for iOS, iPadOS, tvOS, and WatchOS.
- 3. SonicWall Warns of Critical GMS SQL Injection VulnerabilitySonicWall has released "urgent patches" to address a critical vulnerability (CVE-2022-22280) impacting Global Management System (GMS) installations before 9.3.1-SP2-Hotfix-2 that could be exploited by remote, unauthenticated attackers to send a specially crafted request to the impacted application and execute arbitrary SQL commands in the applications database.
- 4. Rare ‘CosmicStrand’ UEFI Rootkit Swings into Cybercrime OrbitThe "CosmicStrand" Windows firmware rootkit is reportedly being used in attacks targeting the Unified Extensible Firmware Interface (UEFI) in order to remain undetected and maintain persistence on targeted systems.
- 5. Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system. default policy for Windows 11 builds – particularly, Insider Preview builds 22528.1000 and newer – will automatically lock accounts for 10 minutes after 10 invalid sign-in attempts.
- 6. FileWave MDM offered attackers superuser privilegeThe Filewave mobile device management suite had a pair of vulnerabilities which security researchers have shown could let attackers push malware out as a phone update or obtain access to enterprise networks.
- 7. Digital security giant Entrust breached by ransomware gangEntrust has revealed it suffered a June 18, 2022, "cyberattack" during which hackers managed to breach its network and steal data, which could affect an array of critical and sensitive organizations using Entrust solutions for authentication and identity management.
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element