-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Jun 01, 2023
> Chrome 114 stable brings 18 security fixes, including 13 for vulnerabilities reported by external researchers.
> A backdoor feature found in hundreds of Gigabyte motherboard models can pose a significant supply chain risk to organizations.
> [...]
> Researchers at firmware and hardware security company Eclypsium discovered that hundreds of motherboard models made by Taiwanese computer components giant Gigabyte include backdoor functionality that could pose a significant risk to organizations.
> Cybersecurity firm Eclypsium has discovered a backdoor in Gigabyte's firmware that puts 271 different motherboards at risk. These include models with Intel and AMD chipsets from the last several years, all the way up to today's Z790 and X670 SKUs. The vulnerability resides in a small updater program that Gigabyte employs to ensure that the motherboard's firmware is always current. Apparently, it's doing so via an unsecured implementation.
> Have you ever noticed that after a clean Windows installation, a program pops up offering to download the latest driver or firmware for you? Unfortunately, that little piece of code could provide a backdoor for criminals.
> Upon every system restart, a piece of code inside the firmware launches an updater program that connects to the Internet to check and download the latest firmware for the motherboard. Eclypsium assessed that Gigabyte's implementation is unsafe and cybercriminals can use the exploit to install malware on the victim's system. The big problem is that the updater program resides inside the motherboard's firmware, so consumers can't easily remove it.
> When teams have a way to break down enterprise silos and see and understand what is happening, they can improve protection across their increasingly dispersed and diverse environment.
> A decade-old critical vulnerability in Jetpack was force-patched on five million WordPress sites over the past few days.
> Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for stealing credentials and session cookies.
> Kubernetes Security Operations Center (KSOC) has published a list of the eight Kubernetes vulnerabilities that are most likely to be exploited. The list is based on an Exploit Prediction Scoring System (EPSS) created by FIRST, a community of cybersecurity professionals that provides members with access to a range of collaboration
> Thousands of Ring customers have been victims of cyberattacks that the commission alleged were in part due to poor data security practices.
> [...]
> According to a complaint filed on behalf of the FTC in a federal court, approximately 55,000 U.S. customers suffered serious account compromises over a period during which Ring failed to take necessary measures to prevent credential stuffing and brute force attacks. The attacks allowed hackers to try and access consumers’ accounts through a previously breached password or automated, repeated attempts at guessing credentials.
> Amazon will pay over $30 million to settle Federal Trade Commission (FTC) allegations that its Ring and Alexa divisions violated the privacy of users.
> Two weeks ago I wrote about the PDF Toolbox extension containing obfuscated malicious code. Despite reporting the issue to Google via two different channels, the extension remains online. It even gained a considerable number of users after I published my article.
> A reader tipped me off however that the Zoom Plus extension also makes a request to serasearchtop[.]com. I checked it out and found two other versions of the same malicious code. And I found more extensions in Chrome Web Store which are using it.
> So now we are at 18 malicious extensions with a combined user count of 55 million. The most popular of these extensions are Autoskip for Youtube, Crystal Ad block and Brisk VPN: nine, six and five million users respectively.
> Security researchers have discovered spyware code in 101 Android applications that had over 421 million downloads in Google Play.
> Safeguarding your digital assets is crucial for protecting sensitive data and preventing unauthorized access. It’s reported that security concerns remain a top concern related to container adoption. The most common container security incidents include vulnerabilities in container images, misconfigurations, unauthorized access, and attacks exploiting container runtime vulnerabilities.
> In this article, we’ll explore the underlying concepts, basic container security considerations, popular containerization platforms, security considerations for businesses, and more useful information on container security. So read on and explore how containerization shatters software deployment barriers.
> The recently discovered Barracuda zero-day vulnerability CVE-2023-2868 has been exploited to deliver malware and steal data since at least October 2022.
> From the proof files, it appears that RansomHouse accessed the imaging system and image files as well as employee-related files and some financial reports and files. The only patient references in the proof files were older files in backups. Whether they obtained any current patient information or the EMR system remains to be seen. DataBreaches has reached out to RansomHouse on their Telegram channel but they have not been responsive in the past, so they may not answer this time, either.
> Vice reports that in 2012, Maryland released a new license plate to commemorate the 200th anniversary of the War of 1812. That license plate was apparently the default license plate for Maryland cars between 2012 and 2016, and featured a URL at the bottom to www.starspangled200.org. Sometime last year, however, that URL began to redirect to globeinternational.info—the homepage of a Filipino online casino. There, a scantily-clad woman advertises “Phillippines Best Betting Site.”
> Scammers are trying to steal details via a spoofed Microsoft website
-- Response ended
-- Page fetched on Sat Jun 1 08:58:45 2024