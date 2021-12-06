Security Leftovers
Many Gaps In The Jenkins Software System Discovered – And Not Yet Closed [Ed: Those servers are usually firewalled]
Anyone who uses the Jenkins software system for development should carefully study the current security warning from the developer. There you will find information about recently discovered security gaps and patches. However, some security updates are still a long way off.
Raspberry Pi uses field analyzers to detect malware on computers: Research
In a recent study, researchers have been able to detect the presence of malware with the help of electromagnetic waves and the popular portable chipset called Raspberry Pi. A new device has been developed along with Raspberry Pi by the Research Institute of Computer Science and Random Systems in France. Along with the portable processor, the device uses an H-field probe and a Picoscope 6407 to find out the presence of malware on devices.
In the research paper that was published last month, the team wrote, "Our method does not require any modification on the target device.
Thus, it can be deployed independently from the resources available without any overhead. Moreover, our approach has the advantage that it can hardly be detected and evaded by the malware authors." During the study, the researchers used a design developed by Convolution Neural Networks to measure the traces of malware from a device. The team says that it was successfully able to detect the presence of malware with nearly perfect accuracy of 99.82%.
Researcher discloses alleged zero-day vulnerabilities in NUUO NVRmini2 recording device | The Daily Swig
A critical ‘zero-day’ vulnerability in network video recording equipment made by NUUO has been made public, as a researcher claims unpatched issues could lead to remote code execution (RCE).
Discovered by Agile Information Security founder Pedro Ribeiro, the issues have allegedly been present in the NUUO NVRmini2 device since 2016.
Apple to Attend White House Meeting to Discuss Security Risks of Open-Source Software [Ed: Foes of Open Source are not experts in it?]
White House convenes open-source security summit amid Log4j risks
White House hosts tech summit to discuss open-source security after Log4j
Backdoor for Windows, macOS, and Linux went undetected until now [Ed: More sensationalist garbage from Dan Goodin right now and a very misleading headline, distracting from actual back doors]
Iran-Based APT35 Group Exploits Log4J Flaw [Ed: This headline is somewhat misleading; this is a Windows problem]
Google calls for govt help to secure critical open-source software [Ed: This is the same Google that has put NSA back-doored crypto inside Linux]
Four million outdated Log4j downloads were served from Apache Maven Central alone despite vuln publicity blitz [Ed: Seems like a human error as the patched software has been available for a month]
Avira also mines imaginary internet money on customers' PCs
Many Reg readers probably won't have user fleets running on the legacy AV, however, as highlighted by security researcher Brian Krebs earlier today, the feature was added to Avira's product set late last year, just days after Norton360 started to hit the headlines for doing the same.
Perhaps we shouldn't be too surprised, as the same company, NortonLifeLock, owns both brands. NortonLifeLock is what's left of Symantec after it spun off Veritas and then got bought by Broadcom.
No defence for outdated defenders as consumer AV nears RIP
Game knows game. Thus it came as little surprise that Norton's consumer security software not only sprouted a cryptominer that slurps your computer's life essence and skims a cut, but that it's hard to turn it off.
A marriage not made in heaven but the other place: consumer-grade antivirus software has always had an uneven reputation, much of which it richly deserves. But how did we come to carry such a high parasitical load in 2022?
Some of this is technical. Early generations of PC malware established standard techniques to propagate and protect themselves. Rootkit methods were common, monitoring and modifying operating system calls to defect target files and infect them, and to deflect scans or probes by returning false information. This means sinking hooks into the operating system at its lowest levels and taking control – which is precisely the same techniques early AV software used to detect and nullify viruses while defending itself from attacks in turn.
Russo-Ukrainian tension and the future of open source software security.
Cyberattacks of unclear (but probably Russian) origin hit Ukrainian websites. The FSB "liquidates" REvil. And the US moves toward an approach to open-source software security.
Software supply chain security. A new backdoor. An intelligence agency fumbles a RAT. A warning on commercial surveillance.
