Cyber security news December 2023

This posting is here to collect cyber security news in December 2023.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

69 Comments

  1. Tomi Engdahl says:

    Päivitä iPhonesi ja Macisi heti – hyökkäykset käynnissä https://www.is.fi/digitoday/art-2000010029823.html

    Reply
  2. Tomi Engdahl says:

    Almost all modern versions of bluetooth are hackable via BLUFFS attacks.

    https://dl.acm.org/doi/pdf/10.1145/3576915.3623066

    https://nvd.nist.gov/vuln/detail/CVE-2023-24023

    https://github.com/francozappa/bluffs

    Moreso, without having to read and digest, what can we do, if anything, to be safe from an attack?

    update your device and turn Bluetooth off when your not using it

    I’m not aware of any device that has a patch for this. Turning off Bluetooth seems to be the only option.

    Reply
  3. Tomi Engdahl says:

    ChatGPT saatiin vuotamaan tietoja: käskettiin toistamaan yhtä sanaa
    30.11.202319:05
    Kielimallin suojaukset pettivät uuden tekniikan edessä.
    https://www.mikrobitti.fi/uutiset/chatgpt-saatiin-vuotamaan-tietoja-kaskettiin-toistamaan-yhta-sanaa/bc4f5eba-565a-490c-b8f8-7aed4f98bd95

    Reply
  4. Tomi Engdahl says:

    ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation
    Easy-to-exploit flaw gives hackers passwords and cryptographic keys to vulnerable servers.
    https://arstechnica.com/security/2023/11/owncloud-vulnerability-with-a-maximum-10-severity-rating-comes-under-mass-exploitation/

    Security researchers are tracking what they say is the “mass exploitation” of a security vulnerability that makes it possible to take full control of servers running ownCloud, a widely used open source file-sharing server app.

    The vulnerability, which carries the maximum severity rating of 10, makes it possible to obtain passwords and cryptographic keys allowing administrative control of a vulnerable server by sending a simple Web request to a static URL, ownCloud officials warned last week. Within four days of the November 21 disclosure, researchers at security firm Greynoise said, they began observing “mass exploitation” in their honeypot servers, which masqueraded as vulnerable ownCloud servers to track attempts to exploit the vulnerability. The number of IP addresses sending the web requests has slowly risen since then. At the time this post went live on Ars, it had reached 13.

    Reply
  5. Tomi Engdahl says:

    Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads
    Anyscale has dismissed the vulnerabilities as non-issues, according to researchers who reported the bugs to the company.
    https://www.darkreading.com/vulnerabilities-threats/researchers-discover-trio-of-critical-vulns-in-ray-open-source-framework-for-scaling-ai-ml-workloads

    Reply
  6. Tomi Engdahl says:

    UEFI flaws allow bootkits to pwn potentially hundreds of devices using images
    Exploits bypass most secure boot solutions from the biggest chip vendors
    https://www.theregister.com/2023/12/01/uefi_image_parser_flaws/?fbclid=IwAR3hK0yEewk4ShldPlok-IN9Psn8vaC6pm0n-bpQTWNyJCedBjljIrAjHE4

    Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers.

    Security researchers have identified vulnerabilities in UEFI system firmware from major vendors which they say could allow attackers to hijack poorly maintained image libraries to quietly deliver malicious payloads that bypass Secure Boot, Intel Boot Guard, AMD Hardware-Validated Boot, and others.

    Dubbed “LogoFail,” we’re told the set of vulnerabilities allows attackers to use malicious image files that are loaded by the firmware during the boot phase as a means of quietly delivering payloads such as bootkits.

    The vulnerabilities affect the image parsing libraries used by various firmware vendors, most of which are exposed to the flaws, according to the researchers at Binarly.

    Image parsers are firmware components responsible for loading logos of vendors, or workplaces in cases where work-issued machines are configured to do so, flashing them on the display as the machine boots.

    Attackers could feasibly inject their own image file into the EFI system partition, which is then parsed during boot and is capable of quietly installing a malicious payload, such as a bootkit, with persistence.

    “LogoFAIL differs from BlackLotus or BootHole threats because it doesn’t break runtime integrity by modifying the bootloader or firmware component,” said the researchers in a blog post.

    The Far-Reaching Consequences of LogoFAIL
    https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/index.html

    The Binarly REsearch team investigates vulnerable image parsing components across the entire UEFI firmware ecosystem and finds all major device manufacturers are impacted on both x86 and ARM-based devices.

    History frequently repeats itself, and vulnerability research is no exception. Earlier this year, our research team looked at some of the vulnerabilities discovered by the Binarly Transparency Platform and found that the number of image parsers have significantly increased over the years. Today, the UEFI system firmware contains BMP, GIF, JPEG, PCX, and TGA parsers, significantly increasing the attack surface compared to previous research that has been done in this area.

    What if the graphic image parsers embedded into system firmware do not update frequently and use not only outdated but also customized versions of the common image parsing libraries?

    What is LogoFAIL?
    LogoFAIL is a newly discovered set of security vulnerabilities affecting different image parsing libraries used in the system firmware by various vendors during the device boot process. These vulnerabilities are present in most cases inside IBVs (Independent BIOS vendor) reverence code, impacting not a single vendor but the entire ecosystem across this reference code and device vendors where it is used

    One of the most important discoveries is that LogoFAIL is not silicon-specific and can impact x86 and ARM-based devices. LogoFAIL is UEFI and IBV-specific because of the specifics of vulnerable image parsers that have been used. That shows a much broader impact from the perspective of the discoveries that will be presented on Dec 6th.

    Reply
  7. Tomi Engdahl says:

    23andMe confirms hackers stole ancestry data on 6.9 million users
    Lorenzo Franceschi-Bicchierai
    @lorenzofb / 7:56 PM GMT+2•December 4, 2023

    https://techcrunch.com/2023/12/04/23andme-confirms-hackers-stole-ancestry-data-on-6-9-million-users/

    Reply
  8. Tomi Engdahl says:

    Amerikkalaiset pelkäävät kiinalaisia lidareita
    https://etn.fi/index.php/13-news/15624-amerikkalaiset-pelkaeaevaet-kiinalaisia-lidareita

    Lidar-valmistajien osakkeet laskivat tällä viikolla, kun komitea pyysi Yhdysvaltain hallitusta tutkimaan lidar-markkinoita Kiinan ja mahdollisten turvallisuusuhkien valossa. Tällainen huoli Yhdysvalloissa on aiemmin johtanut siihen, että Yhdysvallat on heittänyt kiinalaisia ​​yrityksiä pois markkinoiltaan.

    Aiemmin näin kävi Huawein verkkolaitteiden kanssa. Yhdysvallat on lisäksi estänyt teknologian viennin Kiinaan, kuten tapahtui puolijohteiden valmistuslaitteiden kohdalla.

    Hallinnon alainen valiokunta on huolissaan lidarista monista eri syistä. Niitä voidaan mahdollisesti käyttää vakoilussa. Tukeeko Kiina kiinalaisia ​​lidar-valmistajia amerikkalaisten etujen kustannuksella, valiokunta kysyy?

    Huolta aiheuttaa sekin, onko amerikkalainen kriittinen infrastruktuuri riippuvainen kiinalaisesta lidarista? Valiokunnan on myös syytä epäillä, josko kiinalaiset yritykset vakoilevat amerikkalaista lidar-tekniikkaa?

    Reply
  9. Tomi Engdahl says:

    https://etn.fi/index.php/opinion/15593-telejaetti-hakkeroitiin-jo-kuka-on-seuraava-uhri

    Globaaliin teleyhtiöön Lyca Mobileen kohdistui raju hyökkäys, joka häiritsi yhtiön palveluita useissa maissa. Seuraava hyökkäys on vain ajan kysymys, joten siihen on tärkeää varautua jo etukäteen, kirjoittaa TEHTRIS-tietoturvayhtiön aluejohtaja Torben Clemmensen.

    Lyca Mobile on myös Pohjoismaissa toimiva brittiläinen teleyhtiö, joka keskittyy kansainvälisiin puheluihin. Sen palveluita käyttävät usein henkilöt, jotka soittelevat toisissa maissa asuville sukulaisilleen, ja hyökkäyksessä vaarantui juuri asiakastietoja.

    Reply
  10. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/15608-trend-micro-ehti-ensin-tekoaelypohjainen-kyberturva-avustaja

    Tietoturvayhtiö Trend Micro on julkaissut uuden generatiivisen tekoälytyökalun, joka on suunniteltu auttamaan tietoturva-asiantuntijoita työssään tehostamalla työnkulkuja ja lisäämällä tuottavuutta. Työkalu on nimeltään Trend Companion.

    Trend Companion voi lyhentää analyytikkojen riskianalysointiin ja uhkien tutkintaan kuluvaa aikaa 50 prosentilla tai enemmänkin. Yhtiön kyberturva-asiantuntija Kalle Salmisen mukaan työkalu vastaa tietoturvatiimien jatkuvasti kasvavaan työkuormaan.

    - Tietoturvatiimit kamppailevat jatkuvasti voimiensa äärirajoilla, sillä heitä kuormittaa työn valtava määrä ja uhkatiedon monimutkaisuus. Trend Companion on meidän vastauksemme heidän hätähuutoonsa. Se on innovatiivinen generatiivinen tekoälyavustaja, joka selkeyttää työntekoa ja nopeuttaa tietoturvatoimia.

    Reply
  11. Tomi Engdahl says:

    Kiinalainen hakkeriryhmä oli yli kaksi vuotta sisällä puolijohdetalon verkossa
    https://etn.fi/index.php/13-news/15603-kiinalainen-hakkeriryhmae-oli-yli-kaksi-vuotta-sisaellae-puolijohdetalon-verkossa

    Hollannissa on noussut kohu maan puolijohdeylpeyden eli NXP Semiconductorsin hakkeroinnista. Kiinaan liittyvä hakkeriryhmä Chimera soluttautui NXP:n verkkoon ja sillä oli pääsy yli kahden vuoden ajan vuoden 2017 lopusta vuoden 2020 alkuun, raportoi uutistoimisto NRC.

    Yli kahden vuoden ajan hakkerit pääsivät käsiksi laajaan joukkoon NXP_n IP-salaisuuksia. Joukossa oli myös piirisuunnitteluja. Varkauksien koko laajuutta ei kuitenkaan vielä paljasteta. NXP on Euroopan suurin siruvalmistaja, ja ilmoitetun hyökkäyksen laajuus ja laajuus on järkyttävä.

    Raportin mukaan tietomurto pysyi havaitsematta noin kaksi ja puoli vuotta.

    Reply
  12. Tomi Engdahl says:

    Uncle Sam probes cyberattack on Pennsylvania water system by suspected Iranian crew
    CISA calls for stronger IT defenses as Texas district also hit by ransomware crew
    https://www.theregister.com/2023/11/29/water_authority_ciso_iran/

    Reply
  13. Tomi Engdahl says:

    Trick prompts ChatGPT to leak private data
    https://techxplore.com/news/2023-12-prompts-chatgpt-leak-private.html

    While OpenAI’s first words on its company website refer to a “safe and beneficial AI,” it turns out your personal data is not as safe as you believed. Google researchers announced this week that they could trick ChatGPT into disclosing private user data with a few simple commands.

    Although OpenAI has taken steps to protect privacy, everyday chats and postings leave a massive pool of data, much of it personal, that is not intended for widespread distribution.

    In their study, Google researchers found they could utilize keywords to trick ChatGPT into tapping into and releasing training data not intended for disclosure.

    “Using only $200 worth of queries to ChatGPT (gpt-3.5- turbo), we are able to extract over 10,000 unique verbatim memorized training examples,” the researchers said in a paper uploaded to the preprint server arXiv on Nov. 28.

    “Our extrapolation to larger budgets suggests that dedicated adversaries could extract far more data.”

    Reply
  14. Tomi Engdahl says:

    Microsoft to offer consumers paid Windows 10 security updates for the first time / Microsoft isn’t extending the support period for Windows 10, so consumers will need to pay for key security patches or upgrade their OS.
    https://www.theverge.com/2023/12/5/23988896/microsoft-windows-10-extended-security-updates-consumers-paid

    Microsoft will allow consumers to pay for Extended Security Updates (ESU) for Windows 10 when support ends for the operating system in 2025. The software giant usually only offers paid security updates for organizations that need to keep running older versions but now plans to offer them to individuals for the first time through an annual subscription service instead of extending the end of support date for Windows 10.

    Reply
  15. Tomi Engdahl says:

    Dan Goodin / Ars Technica:
    Researchers unveil LogoFAIL, an attack that defeats UEFI boot protections in nearly all Windows and Linux computers and can be remotely executed in many cases

    Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack
    UEFIs booting Windows and Linux devices can be hacked by malicious logo images.

    Dan Goodin – 12/6/2023, 5:02 PM
    https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/

    Reply
  16. Tomi Engdahl says:

    GPS Spoofing in the Middle East Is Now Capturing Avionics
    https://www.forbes.com/sites/erictegler/2023/12/05/gps-spoofing-in-the-middle-east-is-now-capturing-avionics/?fbclid=IwAR0NBhiGztMBtzkp_o7sz-uBFBL4uknZFKmIFd3C61C76FnaXSp6S8qVDUU&sh=48652b333a6f

    “What we’ve seen since late September,” University of Texas researchers say,” is unprecedented. We have never seen commercial aircraft captured by GPS spoofing before.”

    Business and commercial aircraft are being led astray thanks to their sensor-fused navigation systems. A series of spoofing incidents beginning in late September has caused complete aircraft navigational system failures in some airliners and business jets overflying the Iraq- Iran area. As a result, one bizjet almost strayed into Iranian airspace without clearance.

    The GPS spoofing has continued and as researchers at the University of Texas at Austin (UT Austin) have sought to pinpoint the sources of the nefarious GPS broadcasts, they have realized that aircraft sent off course by these signals are entirely “captured” by receiving corrupt GPS data which ends up corrupting their backup inertial navigation systems (INS) as well.

    Reply
  17. Tomi Engdahl says:

    https://www.facebook.com/groups/shahidzafar/permalink/7254960237856374/

    Let’s first understand — What’s the Difference between UEFI and BIOS?

    So let’s look at how a computer system boots first, this will help to understand those two concepts.

    1. You press the power button on your laptop/computer.

    2. The CPU starts up but needs some instructions to work on, remember, the CPU always needs to do something. Since the main memory is empty at this stage, CPU defers to load instructions from the firmware chip on the motherboard and begins executing instructions.

    3. The firmware code does a Power On Self Test (POST), initializes the remaining hardware, detects the connected peripherals such as a mouse, keyboard, pen drive, etc. and checks if all connected devices are healthy. You might remember it as a ‘beep’ that desktops used to make after POST is successful.

    4. Finally, the firmware code cycles through all storage devices and looks for a boot-loader which is usually located in the first sector of a disk. If the boot-loader is found, then the firmware hands over control of the computer to boot-loader of the operating system.

    UEFI stands for Unified Extensible Firmware Interface. It does the same job as a BIOS, but with one basic difference: it stores all data about initialization and startup in a .efi file, instead of storing it on the firmware. This .efi file is stored on a special partition called EFI System Partition (ESP) on the hard disk. This ESP partition also contains the bootloader.

    Till now, UEFI was assumed to be security-risk free. But..
    This myth has been broken. It is not truth anymore!
    For only the SECOND TIME in the history of cybersecurity, researchers have found real-world malware lurking in the UEFI, the low-level and highly opaque firmware required to boot up nearly every modern computer.

    As software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an operating system in its own right. It’s located in a SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch the code. And it’s the first thing to be run when a computer is turned on, allowing it influence or even control the OS, security apps, and all other software that follows.

    Those characteristics make the UEFI the perfect place to stash malware, and that’s just what an unknown attack group has done, according to new research presented on 5TH October, 2020 Monday by security firm Kaspersky Lab.

    The Russian company Kaspersky claimed to have discovered two PCs whose manipulated UEFI BIOS contained the malware “MosaicRegressor”. This is the second time that a cyber attack via PC BIOS has been practically proven – “in the wild”, as it is called in technical jargon.

    Kaspersky cannot clearly attribute MosaicRegressor attacks to a specific organization or hacking team. According to Kaspersky, the attacks were carried out on devices owned by diplomats and a non-governmental organization (NGO) from Europe, Africa and Asia, all of which had ties to North Korea. Kaspersky assumes targeted attacks on these selected devices – so it is not malware that operates widely at random.

    According to Kaspersky, it is also unclear how the malware got onto the devices.

    Two ways are conceivable:

    Either through physical access to the computers on which the manipulated firmware was imported like a (UEFI) BIOS update, for example via a USB stick. Or

    the attackers compromised an update service used by the victims via the network or exploited other firmware security gaps to remotely install the manipulated firmware image.

    REMEMBER:

    The effort for the attack would also be considerable here… BECAUSE the manipulated BIOS image has to match the respective hardware.

    Mark Lechtik and Igor Kuznetsov wrote:

    “The attacks described in this blog post demonstrate the length an actor can go in order to gain the highest level of persistence on a victim machine. It is highly uncommon to see compromised UEFI firmware in the wild, usually due to the low visibility into attacks on firmware, the advanced measures required to deploy it on a target’s SPI flash chip, and the high stakes of burning sensitive toolset or assets when doing so.

    With this in mind, we see that UEFI continues to be a point of interest to APT actors, while at large being overlooked by security vendors. The combination of our technology and understanding of the current and past campaigns leveraging infected firmware, helps us monitor and report on future attacks against such targets.”
    The more pressing concern, Lechtik told, is that the UEFI largely remains a blind spot in computer security.

    My personal opinion is very simple:

    “Attackers practically achieved the highest level of persistence.
    It is Unbelievable!”
    What do you think of all this?

    ——————————————————-

    [FREE DOWNLOAD]

    Cyber Warrior’s Command Guide For Ethical Hackers

    ——————————————————–

    Recently I had created a PDF out of my compilation of important commands which are helpful to ethical hackers in general…

    Grab your FREE Command Guide here: https://luminisindia.com/getcgeh
    _

    If you also think that it was unbelievable, then write YES in the comments.
    With thanks,
    Meena R.
    ___________________________
    You can watch all the videos of Cybersecurity Series here:
    Facebook Page : Cybersecurity Prism https://www.facebook.com/cybersec.prism/
    Please click on the ‘Follow’ button on my Facebook page, to receive a Facebook notification when I publish another live video!
    You can connect with me:
    Hear My Podcast: https://anchor.fm/meena-r
    Linkedin Page : Cybersecurity Prism https://www.linkedin.com/company/10117131/
    Facebook Group : Cybersecurity Forever https://www.facebook.com/groups/cybersec.forever/
    ___________________________

    #cloudsecurity #computers #Cyber #cyberattack #Cybersecurity #cybersecurityawareness #cybersecuritythreats #cybersecuritytraining #cyberthreats #datasecurity #EthicalHacking #hacked #Hackers #Hacking #informationsecurity #infosec #iot #IT #itsecurity #KaliLinux #linux #malware #networking #pentesting #privacy #ransomeware #security #technology #computersecurity #informationsecurity #computerscience #networksecurity #wifi

    Reply
  18. Tomi Engdahl says:

    Police Can Spy on Your iOS and Android Push Notifications
    Governments can access records related to push notifications from mobile apps by requesting that data from Apple and Google, according to details in court records and a US senator.
    https://www.wired.com/story/apple-google-push-notification-surveillance/?fbclid=IwAR2FFVOqRzwbXaHZJamdXdU-JRv0sXgKpLOHNDEmhR2IyY-I50SZKT1Lu_k

    Reply
  19. Tomi Engdahl says:

    The N.Y.P.D. Is Upgrading Its Radios. The Public Won’t Be Able to Tune In.
    The New York Police Department is spending $500 million on a new radio system it calls more reliable and secure. But the public will no longer be able to monitor what officers are doing minute to minute.
    https://www.nytimes.com/2023/11/19/nyregion/nypd-police-scanner-radio.html?fbclid=IwAR05VAfvBYIgXyYsjmTM7PE_qCRO2xIOjLhbw5FozYIuBH28RHS7softIN4

    Reply
  20. Tomi Engdahl says:

    Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover
    Various devices remain vulnerable to the bug, which has existed without notice for years and allows an attacker to control devices as if from a Bluetooth keyboard.
    https://www.darkreading.com/vulnerabilities-threats/critical-bluetooth-flaw-exposes-android-apple-and-linux-devices-to-keystroke-injection-attack

    Reply
  21. Tomi Engdahl says:

    If you just can’t let Windows 10 go Microsoft will let you pay for three more years of extra support
    By Andy Edser published 2 days ago
    Windows 10 security support will continue for a while yet, but after that Microsoft would like some cash to keep you up to date.
    https://www.pcgamer.com/cant-let-windows-10-go-you-too-can-pay-for-an-extra-three-years-of-support/

    Reply
  22. Tomi Engdahl says:

    Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack
    UEFIs booting Windows and Linux devices can be hacked by malicious logo images.
    https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/

    Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or remove using current defense mechanisms.

    The attack—dubbed LogoFAIL by the researchers who devised it—is notable for the relative ease in carrying it out, the breadth of both consumer- and enterprise-grade models that are susceptible, and the high level of control it gains over them. In many cases, LogoFAIL can be remotely executed in post-exploit situations using techniques that can’t be spotted by traditional endpoint security products. And because exploits run during the earliest stages of the boot process, they are able to bypass a host of defenses, including the industry-wide Secure Boot, Intel’s Secure Boot, and similar protections from other companies that are devised to prevent so-called bootkit infections.

    LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux. The vulnerabilities are the product of almost a year’s worth of work by Binarly, a firm that helps customers identify and secure vulnerable firmware.

    The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday. The participating companies comprise nearly the entirety of the x64 and ARM CPU ecosystem, starting with UEFI suppliers AMI, Insyde, and Phoenix (sometimes still called IBVs or independent BIOS vendors); device manufacturers such as Lenovo, Dell, and HP; and the makers of the CPUs that go inside the devices, usually Intel, AMD or designers of ARM CPUs. The researchers unveiled the attack on Wednesday at the Black Hat Security Conference in London.

    The affected parties are releasing advisories that disclose which of their products are vulnerable and where to obtain security patches. Links to advisories and a list of vulnerability designations appears at the end of this article.

    As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now.

    Reply
  23. Tomi Engdahl says:

    OP joutui tietomurron kohteeksi: 2fa onnistuttiin ohittamaan
    Cilla Bhose7.12.202311:20|päivitetty8.12.202309:16TIETOMURROTTIETOTURVAVERKKOPANKIT
    OP on lähettänyt asiakkailleen varoitusviestejä, joissa kerrotaan tietomurrosta.
    https://www.tivi.fi/uutiset/op-joutui-tietomurron-kohteeksi-2fa-onnistuttiin-ohittamaan/8480df8f-6571-40ef-9eac-a20c6a11198f

    Reply
  24. Tomi Engdahl says:

    Krasue RAT malware hides on Linux servers using embedded rootkits
    https://www.bleepingcomputer.com/news/security/krasue-rat-malware-hides-on-linux-servers-using-embedded-rootkits/

    Security researchers discovered a remote access trojan they named Krasue that is targeting Linux systems of telecommunications companies and managed to remain undetected since 2021.

    They found that Krasue’s binary includes seven variants of a rootkit that supports multiple Linux kernel versions and is based on code from three open-source projects.

    According to researchers at cybersecurity company Group-IB, the main function of the malware is to maintain access to the host, which may suggest that it is deployed through a botnet or sold by initial access brokers to threat actors seeking access to a particular target.

    Looking at the code, the researchers determined that the rootit is based on three open-source LKM rootkits, specifically Diamorphine, Suterusu, and Rooty, all of them available since at least 2017.

    Reply
  25. Telkom University says:

    What are the notable cybersecurity events or threats highlighted in the December 2023 edition of cybersecurity news, and how do they impact digital security? Regards Telkom University

    Reply
  26. Tomi Engdahl says:

    SSH protects the world’s most sensitive networks. It just got a lot weaker
    Novel Terrapin attack uses prefix truncation to downgrade the security of SSH channels.
    https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/

    Assessing the full severity of the protocol flaw that makes Terrapin possible is hard at this early stage because it depends on a series of variables that change from network to network and that the researchers aren’t privy to.

    For the time being, the researchers have devised two ways to wield the prefix truncation attack. One way downgrades some of the extensions parties of OpenSSH

    Reply
  27. Tomi Engdahl says:

    https://www.uusiteknologia.fi/2023/12/15/huijaussoitot-estetty-tekstiviestihuijaukset-seuraavaksi/

    Lokakuun alusta käyttöön tulleella ratkaisulla suomalaiset operaattorit ovat estäneet miljoonia ulkomailta tulleita huijauspuheluita. Suodatus on toiminut toivotusti ja seuraavaksi Traficomissa valmistaudutaan jo tekstiviestihuijausten estämiseen.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*