"One of the vulnerabilities uncovered by security researcher Ryan Stevenson centered on an in-home authentication portal that lets customers pay bills without signing in with their credentials." via Jeff Baumgartner, writing at Light Reading
Liam Tung, writing at ZDNet, regales us with a brief soliloquy on Microsoft Corporation's ((NASDAQ: MSFT) unpatched Windows 10 Lockdown Bypass flaw, and news of Google's (NASDAQ:GOOG) Project Zero denial of an extension-to-fix (addressed-ever-so-nicely to Microsoft's powers-that-be) of said unpatched pernicious flaw. Microsoft required an additional 90 days to fix the issue... Must be quite busy in Redomond with the re-org and demotion (and disruption) of the Windows product line, into - fundamentally - a non-business line (should have been executed years ago).
Dan Goodin, writing at ArsTechnica, provides us with the surreptitious history of the malice-filled code-miscreant APT monikered Slingshot; of which, is apparently an alternatative mwthod of describing the devil's offspring in code-complete form. More, here.
"The researchers still don't know precisely how Slingshot initially infected all its targets. In several cases, however, Slingshot operators got access to routers made by Latvian manufacturer MikroTik and planted a malicious code in it." - via Dan Goodin, slaving away over a sizziling keyboard at ArsTechica
As is typical of Intel Corporation (Nasdaq: INTC) the firm is attempting to shirk responsability for this attack and transfer the blame onto the company's vendors, not to mention the glad-handing exhibited by the company's CEO at CES.
It's time to rein in Intel Corporation's significantly flawed software development practice (as evidenced by the output), as the ramifications for the company's vulnerability touch many - if not all - systems worldwide. Further, what else is flawed in the company's other products (for example, automotive chips, medical device systems where the firm's hardware and software reside)?
'But the latest vulnerability—discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post—is more of a feature than a bug. Notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer—even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords—by rebooting the computer, entering its BIOS boot menu, and selecting configuration for Intel’s Management Engine BIOS Extension (MEBx).' - via Sean Gallagher - writing at Ars Technica
Via Catalin Cimpanu, writing at Bleeping Computer, comes one of today's most interesting - yet innocuous (thus far) - flaws, targeting the speaker products of both Sonos and Bose Corporation. Apparently, the flaws are of the remote exploit variety, of which, permits remote attackers to execute sounds upon command. The possibilites, therefore, are significant (considering the Children of the Script out there...). So far, the reports have noted pranking connected to the flaw.
Well crafted reportage by David Bisson, writing at Graham Cluley's GCHQ blog, detailing a new paper published by Israel's Ben-Gurion University of the Negev's Cyber-Security Research Centers' Mordechai Guri, Yisroel Mirsky, and Yuval Elovici. The fragility of these systems are, for a reasonable person, simply astounding; especially considering the significant capabilities to deploy hardened communications infrastructures in this epoch. As always, you be the judge.
News, via Dan Goodin, writing at Ars Technica, details a seven year old, pernicious bug in Xen virtualiztion wares. In which, users can exploit the bug to breakout of their local machines, thence into the underlying hypervisor layer. FYI - One high profile customer of the Xen Hypervisor is Amazon Web Services. Time to Patch, eh?
"Admittedly this is subtle bug, because there is no buggy code that could be spotted immediately. The bug emerges only if one looks at a bigger picture of logic flows (compare also QSB #09 for a somehow similar situation). On the other hand, it is really shocking that such a bug has been lurking in the core of the hypervisor for so many years. In our opinion the Xen project should rethink their coding guidelines and try to come up with practices and perhaps additional mechanisms that would not let similar flaws to plague the hypervisor ever again (assert-like mechanisms perhaps?). Otherwise the whole project makes no sense, at least to those who would like to use Xen for security-sensitive work." - via Dan Goodin, writing at Ars Technica.
via DarkMatters at Norse Corporation, and written by Anthony Freed, comes this troubling post detailing the true scope of Industrial Control Systems (ICS) security fails in the previous twelve month period... Astounding.
"Of the reported attacks, 32% targeted the Energy Sector, with attacks against Critical Manufacturing systems following up at a close second place at 27%, Healthcare with 6%, Water supply systems and Communications each with 6%, and Government Facilities at just over 5%." - via DarkMatters writer Anthony Freed
"They exposed weaknesses in the armor, illustrating that "we as scientists and engineers think we have a great solution and ha-ha moments, thinking Soldiers will love this" new piece of gear. Then the Red Team would show up and show all the weaknesses, she said, so "we started solving those problems." From that point on, anything deployed to small forward operating outposts of 300 people or less gets a Red Team going over from "the construct of the operational perspective, technology perspective, and how we could integrate it in such a way not to create inherent vulnerabilities. It's been very effective." - via David Vergun writing at the United States Army
'Security researchers from FireEye recently examined the most popular apps on Google Play and the Apple App Store and found 1,999 titles that left users wide open to the encryption downgrade attack. Specifically, 1,228 Android apps with one million or more downloads were vulnerable, while 771 out of the top 14,079 iOS apps were susceptible. Vulnerable apps were those that used—or in the case of iOS, could use—an affected crypto library and connected to servers that offered weak, 512-bit encryption keys. The number of vulnerable apps would no doubt mushroom when analyzing slightly less popular titles.' - via Ars Technica's Dan Goodin