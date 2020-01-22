Security Leftovers
Design Weaknesses Expose Industrial Systems to Damaging Attacks [iophk: Windows TCO]
On the 10,000 industrial endpoints it has analyzed, PAS discovered a total of more than 380,000 known vulnerabilities, a majority impacting software made by Microsoft. However, the company found not only typical vulnerabilities that can be patched with a software or firmware update, but also weaknesses introduced by the existence of legitimate features and functionality that can be abused for malicious purposes.
GMP don't know exactly what crimes were committed in the second half of 2019 - because of its computer system
The force’s new computer system, which prompted a flood of frustrated whistleblowers to come forward over the summer, is preventing GMP from providing the government with up-to-date crime figures
250 million Microsoft customer service records briefly exposed online: report
Consumer research group Comparitech found that records of conversations between Microsoft support employees and customers around the world spanning 14 years, from 2005 through the end of 2019, were left exposed on five separate servers between Dec. 28 and 29.
This information was accessible during that time to anyone with a web browser, and included customer email addresses, locations, IP addresses, case numbers and confidential internal notes on cases.
Looking for silver linings in the CVE-2020-0601 crypto vulnerability
The scene stealer in January’s Patch Tuesday updates from Microsoft was CVE-2020-0601, a very serious vulnerability in the crypt32.dll library used by more recent versions of Windows.
The flaw, which also goes by the names Chain of Fools and Curveball, allows an attacker to fool Windows into believing that malicious software and websites have been digitally vouched for by one of the root certificate authorities that Windows trusts (including Microsoft itself).
An attacker could exploit the flaw to disguise malware as legitimate – Microsoft-approved – software, to conduct silent Man-in-the-Middle attacks or to create more realistic phishing websites.
Critical MDhex Vulnerabilities Shake the Healthcare Sector
Critical vulnerabilities have been discovered in popular medical devices from GE Healthcare that could allow attackers to alter the way they function or render them unusable.
A set of six security flaws, they have been collectively named MDhex. Five of them received the highest severity rating on the Common Vulnerability Scoring System, 10 out of 10.
Investigating a Backdoor.SH.SHELLBOT.AA Infection
Surprisingly, it's not obfuscated beyond the initial packing. I've made it available here, albeit with anything that could identify the botmaster redacted.3 I believe the language here is Portuguese. The code disguises itself by setting argv to "rsync" and forking into the background. It then connects to an IRC C&C server and waits for commands.
Android Leftovers
Open-spec SBC serves up 4k camera-oriented Allwinner V536 SoC
The open-spec “Lindenis V536” SBC runs Linux on the Cortex-A7-based Allwinner V536, a 4k camera-oriented SoC with integrated ISP and VPU. The 130 x 85mm SBC design is built in an SoM plus baseboard configuration. Lindenis Tech Ltd., a Shenzhen, China startup staffed by former Allwinner employees, has released the Lindenis V536, an open spec, single board computer based on Allwinner’s V536 4k mobile camera SoC. In August 2018, we covered a previous camera-oriented SBC from Lindenis, the Lindenis V5 based on the Allwinner’s V5 SoC. It’s only natural that the company would now follow up with this new open-spec 130 x 85mm SBC based on Allwinner’s new V536 SoC. The V536 SoC is a high-performance, low-power mobile camera SoC developed for the new generation of intelligent driving recorders. The Lindenis V536 board supports Linux-4.9 and its homegrown Lindenis Video OS.
7 Best Free Web-Based Git Clients
Git is an open source distributed version control system which was originally designed by Linus Torvalds, the creator of Linux, in 2005 for Linux kernel development. This control system is widely used by the open source community, handling small to extremely large projects with an emphasis on speed and efficiency, but maintaining flexibility, scalability, and guaranteeing data integrity. Git is one of a number of open source revision control systems available for Linux. Other popular tools in this field include Subversion, Bazaar, Mercurial, Monotone, CVS, and SVN. However, Git is frequently regarded by many developers to be the finest version control tool available.
