GetVariable Strikes Again, Linux Santa, AMD Vulns, & Remote Computer Detonation – PSW #770
This week in the Security News: GetVariable strikes again, attackers could blow up your computer remotely, escaping containers, null-dereferences and faulty evaluations, 31 new CPU vulnerabilities for AMD, a look into Chrome, santa, not-so-secure secure booting, and malware included!
Announcements
Thank you for listening to or watching our podcasts! We want to ensure that we are creating the most relevant and useful content for our audience across our network! It is crucial to us that we are delivering to you more of what you want to hear and learn about. Please take a few minutes to complete our listener survey so that we can craft our content based on your needs. Visit https://securityweekly.com/survey to submit your feedback.
Hosts
- 1. Appliance makers sad that 50% of customers won’t connect smart appliances
- 2. US Marines Defeat DARPA Robot by Hiding Under a Cardboard Box
- 3. FAA finds outage was unintentionally caused by contractors
- 4. Breaking EA Desktop’s pathetic Encryption
- 5. Google plans AirTag clone, will track devices with 3 billion Android phones
- 6. Entire software suite of Israeli security firm Cellebrite leaks online
- 7. GhostSec Makes Big Claims on “RTU” ICS Hack
- 8. Embedded System Ransomware and the Meaning of Criminal Operations
- 9. Malware Comes Standard With This Android TV Box on Amazon
- 1. Former Senior F.B.I. Official in New York Charged With Aiding Oligarch
Charles McGonigal, who was chief of counterintelligence, worked secretly for Oleg Deripaska, a Russian oligarch associated with acts of bribery, extortion and violence.
Mr. McGonigal, while working for the bureau, took $225,000 in secret cash payments and concealed that relationship from the F.B.I.
Mr. Deripaska was a client of Paul Manafort, who for several months in 2016 served as Donald J. Trump’s campaign chairman and in 2018 was convicted of financial fraud and other crimes.
- 2. CNET’s AI Journalist Appears to Have Committed Extensive Plagiarism
CNET has been quietly publishing machine learning-generated stories. CNET's AI-written articles aren't just riddled with errors. They also appear to be substantially plagiarized.
- 3. New iOS Login Tech Makes It Super Hard to Hack Your iCloud Account
Apple now lets you protect your Apple ID and iCloud account with hardware security keys, a significant upgrade for those who want maximum protection from hackers, identity thieves, or snoops.
- 4. Botnets exploited Realtek SDK critical bug in millions of attacks
From August 2021 to December 2022, we have observed 134 million exploit attempts in total, targeting CVE-2021-35394. CVE-2021-35394 is a critical (CVSS v3: 9.8) vulnerability in Realtek Jungle SDK version 2.x to 3.4.14B, caused by multiple memory corruption flaws that allow remote unauthenticated attackers to perform arbitrary command injection. Realtek chipsets are omnipresent in the IoT world, and even when the Taiwanese chip maker pushes security updates to address problems in its products quickly, supply chain complexities delay their delivery to end users.