-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Jul 14, 2023
> Installed on more than one million WordPress sites, the security and firewall plugin was designed to prevent cyberattacks such as brute-force attempts, warn when the default admin username is used for login, prevent bot attacks, log user activity, and eliminate comment spam.
> It was discovered that AIOS version 5.1.9 writes plaintext passwords from login attempts to the database, which essentially provides any privileged user with access to the login credentials of all other administrator users.
> [This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.]
> The attack was targeted, according to a person briefed on the intrusion into the government networks, with the hackers going after specific accounts rather than carrying out a broad-brush intrusion that would suck up enormous amounts of data. Adam Hodge, a spokesman for the White House’s National Security Council, said no classified networks had been affected. An assessment of how much information was taken is continuing.
> Nevertheless, Senate intelligence committee chair Mark Warner issued a statement saying it was “closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence” that shows China is “steadily improving its cyber collection capabilities directed against the U.S. and our allies.”
> Beside the State Department, it wasn’t known which other US agencies were impacted by the breach. A senior official said the number of agencies was in the single digits.
> Citing a statement from US officials, the Washington Post reported that Storm-0558 also breached unclassified email accounts linked to the US government.
> The US had detected the breach of federal government accounts "fairly rapidly" and had managed to prevent further breaches, White House national security adviser Jake Sullivan said in an interview with ABC television.
> Internet access is growing rapidly across Africa. Although [Internet] penetration is 28% continentwide, it is more than 50% in Nigeria and more than 85% in Kenya, which are two of the continent’s top targets for cyberattacks.
> South Africa, where nearly 72% of the population is online, spends a larger share of its economy on cybersecurity than any other African country, yet its citizens remain at risk of abuse by scam artists, criminals and other cybercriminals, according to Kearney, a global management company with an office in Johannesburg.
> The FTC earlier this week sent a 20-page request for records about how OpenAI addresses risks related to its AI models. The agency is investigating whether the company engaged in unfair or deceptive practices that resulted in “reputational harm” to consumers, according to the letter, which was reported by the Washington Post.
> A civil investigative demand letter has been sent and the investigation is now underway, per the source familiar.
> The FTC called on OpenAI to provide detailed descriptions of all complaints it had received of its products making “false, misleading, disparaging or harmful” statements about people. The FTC is investigating whether the company engaged in unfair or deceptive practices that resulted in “reputational harm” to consumers, according to the document.
> BlackLotus burst on the scene last fall when it was spotted for sale on the Dark Web for $5,000. It has the dubious distinction of being the first in-the-wild malware to successfully bypass to Microsoft's Unified Extensible Firmware Interface (UEFI) Secure Boot protections.
> UEFI is the firmware that's responsible for the booting-up routine, so it loads before the operating system kernel and any other software. BlackLotus — a software, not a firmware threat, it should be noted — takes advantage of two vulnerabilities in the UEFI Secure Boot function to insert itself into the earliest phase of the software boot process initiated by UEFI: CVE-2022-21894, aka Baton Drop, CVSS score 4.4; and CVE-2023-24932, CVSS score 6.7. These were patched by Microsoft in January 2022 and May 2023 respectively.
> But the country's top technology intelligence division warned that applying the available Windows 10 and Windows 11 patches is only a "a good first step."
> BlackLotus targets Windows boot by exploiting a flaw in older boot loaders, or boot managers, to set off a chain of malicious actions that compromise endpoint security. This is achieved by exploiting the Baton Drop vulnerability to strip the Secure Boot policy and prevent its enforcement.
> BlackLotus shares some characteristics with Boot Hole, a vulnerability discovered in 2020. Unlike Boot Hole, however, BlackLotus targets vulnerable boot loaders that have not been added to the Secure Boot Deny List Database (DBX) revocation list.
> Then, in research published in March, ESET malware analyst Martin Smolár confirmed the myth of an in-the-wild bootkit bypassing Secure Boot "is now a reality," as opposed to hypothetical threats raised by some experts and the usual slew of fake bootkits criminals attempted to trick fellow miscreants into buying.
> No Linux-targeting variant of the malware has been observed; BlackLotus strictly nobbles Microsoft Windows machines.
> QuickBlox’s video and chat features are commonly used in mainstream telemedicine applications and platforms. The researchers analyzed a mobile telemedicine application from an undisclosed organization that uses QuickBlox’s framework to provide chat and video services for patients to connect with physicians. The research revealed existing vulnerabilities that worsened when combined with QuickBlox’s framework.
-- Response ended
-- Page fetched on Sat Jun 1 09:10:19 2024