Linux Distros, The Linux Firewall, CIA Agents, Vault 7 Leaks, & The “Coolest” Laptop – PSW #748
In the Security News for this week: heat waves and outages, GPS trackers are vulnerable, cracks in the Linux firewall, bas password crackers, microcode decryptors, SATA antennas, Okta vulnerabilities not vulnerabilities, updates on former CIA agent and Vault 7 leaks, decompiler explorer, and Tuxedo brings to market a liquid cooled laptop, & more!
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
From the research report: "The exploitation of these vulnerabilities could have disastrous and even life-threatening implications. For example, an attacker could exploit some of the vulnerabilities to cut fuel to an entire fleet of commercial or emergency vehicles. Or, the attacker could leverage GPS information to monitor and abruptly stop vehicles on dangerous highways. Attackers could choose to surreptitiously track individuals or demand ransom payments to return disabled vehicles to working condition. There are many possible scenarios which could result in loss of life, property damage, privacy intrusions, and threaten national security." (Ref: https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf)
"To sum up, I found a heap buffer overflow within the Netfilter subsystem of the Linux kernel. This vulnerability could be exploited to get a privilege escalation on Ubuntu 22.04. The source code of the exploit is available on our GitHub (https://github.com/randorisec/CVE-2022-34918-LPE-PoC)."
"Dragos is reporting that one such group offering password cracking for 15 vendors worth of PLCs and HMIs is using the password recovery software to install the Sality botnet. Sality is used for distributed criminal tasks, including cryptomining."
"Today, we’re releasing a little side project a few of our developers have been working with the community on: the Decompiler Explorer! This new (free, open source) web service lets you compare the output of different decompilers on small executables. In other words: It’s basically the same thing as Matt Godbolt’s awesome Compiler Explorer, but in reverse."
"At the beginning of 2020, we discovered the Red Unlock technique that allows extracting Intel Atom Microcode. We were able to research the internal structure of the microcode and then x86 instruction implementation. Also, we recovered a format of microcode updates, algorithm and the encryption key used to protect the microcode (see RC4)." Amazing: "Using vulnerabilities in Intel TXE we had activated undocumented debugging mode called red unlock and extracted dumps of microcode directly from the CPU. We found the keys and algorithm inside."
"In the final data reception phase, the transmitted data is captured through a hidden receiver or relies on a malicious insider in an organization to carry a radio receiver near the air-gapped system. "The receiver monitors the 6GHz spectrum for a potential transmission, demodulates the data, decodes it, and sends it to the attacker," Dr. Guri explained." - NVME anyone? :)
"As responsible security researchers, we have reached out to Okta with our findings and confirmed that these risks do not represent vulnerabilities. Okta responded that the features are performing as designed and should not be categorized as vulnerabilities. It is important to note that while not categorized as vulnerabilities, these findings expose customers to potential attacks. As a vendor focused on securing the identity and access layer, we believe it is important to share our findings and to provide a way to detect and mitigate these risks."
"Schulte watched without visibly reacting as U.S. District Judge Jesse M. Furman announced the guilty verdict on nine counts, which was reached in mid-afternoon by a jury that had deliberated since Friday. The so-called Vault 7 leak revealed how the CIA hacked Apple and Android smartphones in overseas spying operations, and efforts to turn internet-connected televisions into listening devices. Prior to his arrest, Schulte had helped create the hacking tools as a coder at the agency’s headquarters in Langley, Virginia."
In this panel discussion, we'll discuss the polarizing case of Joe Sullivan that has rattled the CISO community. Was the Sullivan case a rare anomaly? Were his actions in this scenario typical or unconscionable for the average CISO? Is it okay for Sullivan to take the fall while the rest of Uber and involved parties plead out with little to no puni...
Every penetration test should have specific goals. Coverage of the MITRE ATT&CK framework or the OWASP Top Ten is great, but what other value can a pentest provide by shifting your mindset further left or with a more strategic approach? How often do you focus on the overall ROI of your penetration testing program? This talk will explore what it...
Positive change is coming to cybersecurity. In this segment, John Grancarich, EVP of Strategy at Fortra, explains what it means when we say we’re tenacious in our pursuit of a stronger, simpler future for cybersecurity, and that our advanced threat research and intelligence informs everything we do. This segment is sponsored by Fortra. Visit https:...