RCE in Muddy Waters, Hacking Smart Watches, FCC Bans Stuff, & When BMC’s Attack – PSW #765
This week in the Security News: When you just wanna hurl, malicious containers, FCC bans stuff, these are not the CVE's you're looking for, Linux password mining, mind the gap, hacking smart watches, & more!
Announcements
Dive deeper into the world of cybersecurity with Security Weekly on Instagram! Follow us @SecWeekly to find exclusive clips, hilarious memes, behind-the-scenes sneak peeks, and more! Stay connected, stay informed, and join our growing community!
Hosts
- 1. Dropbox acquires Boxcryptor assets to bring zero-knowledge encryption to file storage
Dropbox has announced plans to bring end-to-end encryption to its business users, and it’s doing so through acquiring “key assets” from Germany-based cloud security company Boxcryptor.
- 2. Hijacking service workers via DOM Clobbering
This attack exploits websites that use the importScripts() function to retrieve JavaScript from a different domain. It performs "DOM Clobbering"--using an anchor element to overwrite a global variable, which is then used by the application in an unsafe way, such as generating a dynamic script URL. This enables three key outcomes: HTML filter evasion, Bypassing CSP, and Escalating XSS.
- 3. Vulnerability affects Hyundai and Genesis vehicles made after 2012
We could remotely control the locks, engine, horn, headlights, and trunk. We did it by adding a CRLF character at the end of an already existing victim email address during registration, which bypassed authentication on the website.
- 4. Integration of Zeek into Microsoft Defender for Endpoint
We extended Zeek to support Windows-based systems. This can detect attacks on Azure, including PrintNightmare and password spray attacks.
- 5. Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks
Over a dozen security flaws have been discovered in baseboard management controller (BMC) firmware from Lanner that could expose operational technology (OT) and internet of things (IoT) networks to remote attacks.
- 6. MIT Researchers Solve Dendrites Mystery To Creating Smaller & Lighter Batteries
A breakthrough study finds the root cause of dendrite formation in lithium batteries, which cause them to short out and catch fire. The root cause is fractures deep in the electrolyte, and can be prevented by putting pressure on the electrolyte layer. This opens the way make a new type of rechargeable lithium battery that is safer, lighter, and more compact than existing models.
- 7. Embrace what may be the most important green technology ever. It could save us all
Precision fermentation is a refined form of brewing, and is being applied to create a new generation of staple foods. The microbes they breed feed on hydrogen or methanol and produce high-protein flour, proteins, and fats which can replace meat, fish, milk and eggs. Precision fermentation using methanol needs 1,700 times less land than the most efficient agricultural means of producing protein: soy grown in the US.