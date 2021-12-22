Security Leftovers
Industrial Control System Malware Discovered
The Department of Energy, CISA, the FBI, and the NSA jointly issued an advisory describing a sophisticated piece of malware called Pipedream that’s designed to attack a wide range of industrial control systems.
Project Zero: CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers
This blog post is my analysis of a vulnerability exploited in the wild and patched in early 2021. Like the writeup published last week looking at an ASN.1 parser bug, this blog post is based on the notes I took as I was analyzing the patch and trying to understand the XNU vouchers subsystem. I hope that this writeup serves as the missing documentation for how some of the internals of the voucher subsystem works and its quirks which lead to this vulnerability.
Updates: Digital rights in the Russia-Ukraine conflict: April 14, 2022: Cyberattacks on Ukraine continue
WIRED reported that Russia’s Sandworm hacking group recently attempted a third blackout in Ukraine, years after its historic cyberattacks on the Ukrainian power grid in 2015 and 2016. Malware, inserted in the IT system of a high-voltage electrical substation in Ukraine months ago, was due to be activated late on April 8. The attack could have left two million people living in the region without energy.
Security updates for Thursday [LWN.net]
Security updates have been issued by Debian (lrzip), Fedora (community-mysql, expat, firefox, kernel, mingw-openjpeg2, nss, and openjpeg2), Mageia (ceph, subversion, and webkit2), openSUSE (chromium), Oracle (httpd:2.4), Red Hat (kpatch-patch), Slackware (ruby), SUSE (kernel and netatalk), and Ubuntu (gzip and xz-utils).
Open Source Firmware on TigerLake platforms - part 1
If somebody would tell 7 years ago that Intel will support open source firmware, he would be laughed at instantly. If we recall time, like 15 years ago where the datasheets were more open and were sufficient to write open source firmware, today it is not possible. Silicon vendors are hiding the intellectual property contained in the processors. It would seem like the open source firmware is doomed, but… Thankfully there are companies and Intel employees that try to make impact and change this situation. For example Google supporting the coreboot project on their Chromebooks encourage Intel to release the Firmware Support Package (FSP). The FSP is a bundled silicon initialization code in a binary form with well documented interface and configuration options. It simplifies new hardware enabling and reduces cost of overall firmware development. While it doesn’t solve all problems and sometimes causes issues, kudos should go to Intel for supporting the open source firmware. Special credits should go to the open source firmware community members from Intel: Nathaniel DeSimone, Vincent Zimmer, Brian Richardson and Isaac Oram. Also: Open Source BIOS Runs on Alder Lake Motherboard for the First Time
Software: FitoTrack, Reproducible Builds/Projects, and hledger
Devices: e-con Systems and Arduino Projects
Updates on Boatswain
Since I wrote the announcement of Boatswain, things have progressed quite a lot. As I prepare for the 1.0 release, more features and bugfixes get in, and it’s getting dangerously close to achieving all features I personally want from it. Stream Deck Mini & Original (v1) Thanks to a generous Stream Deck Mini donation, I managed to fix a couple of bugs in the HID code that controls is. It is now able to upload icons to buttons, and properly fetch the serial number of the device. Later on, a kind individual helped testing and debugging the Stream Deck Original (v1) code. I only have a 2nd generation Original, and the HID protocol changed significantly between them, so this testing was invaluable. There were another couple of bugs specific to Original v1 fixed in no time after they were reported. Because Stream Deck Original (v2), XL, and MK.2 seem to share the same HID protocol, I’m cautiously confident that they all should be fine.
Cisco
Cisco Releases Security Updates for Multiple Products | CISA