https://blog.acolyer.org/2017/06/22/iot-goes-nuclear-creating-a-zigbee-chain-reaction/ The popular Philips Hue smart lamps use ZigBee for example. Suppose you could build a worm that jumps directly from one lamp to another using their ZigBee wireless connectivity and their physical proximity. If the install base of lamps in a city is sufficiently dense, you could take them all over in no time, →
https://www.theregister.co.uk/2017/06/23/windows_10_leak Exclusive A massive trove of Microsoft’s internal Windows operating system builds and chunks of its core source code have leaked online. →
http://thehackernews.com/2017/06/windows-10-redstone3-smb.html?m=1 The Server Message Block version 1 (SMBv1) — a 30-year-old file sharing protocol which came to light last month after the devastating WannaCry outbreak — will be removed from the upcoming Windows 10 (1709) Redstone 3 Update. The WannaCry ransomware wreaked havoc last month. You can find more information on WannaCry at http://www.epanorama.net/newepa/2017/05/12/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide/ →
http://www.commitstrip.com/en/2017/06/19/security-too-expensive-try-a-hack/ Sadly so true. →
https://www.cyberciti.biz/faq/howto-patch-linux-kernel-stack-clash-vulnerability-cve-2017-1000364/ A very serious security problem has been found in the Linux kernel called “The Stack Clash.” The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library (CVE-2017-1000366) which allow local privilege escalation by clashing the stack including Linux kernel. This bug affects Linux, OpenBSD, NetBSD, FreeBSD and Solaris, →
http://www.zdnet.com/article/how-to-use-linuxs-built-in-usb-attack-protection/ USB is insecure. There are USB sticks that will destroy your computer, USB sticks loaded with spyware, and even official enterprise USB sticks infected with malware. Windows and Macs are easy to crack with USB-borne tools. There are devices like the USG USB stick firewall, which can protect you. Linux users can stop attackers armed with USB sticks with USBGuard software. →
http://securityaffairs.co/wordpress/60013/hacking/ics-cybersecurity.html The equipment was expected to be installed and left alone for a long time. Pressures to reduce operating costs led to this equipment being connected, and the easiest networking equipment to find was designed for convenience in a corporate environment — not security in an ICS environment. This has led to the current situation where malware →
http://www.visualcapitalist.com/worlds-biggest-data-breaches/?utm_source=facebook&utm_medium=social&utm_campaign=SocialWarfare Before 2009, the majority of data breaches were the fault of human errors like misplaced hard drives and stolen laptops, or the efforts of “inside men” looking to make a profit by selling data to the highest bidder. Since then, the volume of malicious hacking has exploded relative to other forms of data loss. →
https://www.cyberciti.biz/faq/how-to-prevent-unprivileged-users-from-viewing-dmesg-command-output-on-linux/ One can use dmesg command see or control the kernel ring buffer. The kernel syslog contains debugging information that is often useful during exploitation of other vulnerabilities, such as kernel heap addresses. There is an option that prevents unprivileged users from reading the syslog. sudo sysctl -w kernel.dmesg_restrict=1 →
http://www.zdnet.com/article/why-you-must-patch-the-new-linux-sudo-security-hole/ Ironically, only the most secure Linux server setups are vulnerable to this newly discovered hole. If you want your Linux server to be really secure, you defend it with SELinux. Many sysadmins don’t bother because SELinux can be difficult to set up. This makes the newly discovered Linux security hole — with the sudo command that only hits →