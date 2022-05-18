Security Leftovers
Kali Linux team announces free cyber security training delivered live on Twitch
Supply chain attacks will get worse: Microsoft Security Response Center boss [Ed: Many of these "supply chain" attacks are the fault of Microsoft since it bought GitHub and then NPN; but the media likes to blame the victims, to whom Microsoft ships malware]
As tech world weighs options for software supply chain security, a call for urgency [Ed: At least with Free software you can verify the integrity of what you are using]
The warning signs are hard to miss. The SolarWinds attack, which planted malicious code in software used by private and public sector organizations around the world, demonstrated the problems that can ensue when the supply chain is breached. More recently, the Apache Log4j vulnerability reported late last year exposed exploitable holes in the Java logging library, and a significant number of applications and servers still lack security patches.
Now Windows Follina zero-day exploited to infect PCs with Qbot [Ed: By intentional neglect, Microsoft enables other criminals to vandalise your life]
Miscreants are reportedly exploiting the recently disclosed critical Windows Follina zero-day flaw to infect PCs with Qbot, thus aggressively expanding their reach.
The bot's operators are also working with the Black Basta gang to spread ransomware in yet another partnership in the underground world of cyber-crime, it is claimed.
This combination of Follina exploitation and its use to extort organizations makes the malware an even larger threat for enterprises. Qbot started off as a software nasty that raided people's online bank accounts, and evolved to snoop on user keystrokes and steal sensitive information from machines. It can also deliver other malware payloads, such as backdoors and ransomware, onto infected Windows systems, and forms a remote-controllable botnet.
Symantec: More malware operators moving in to exploit Follina
Meanwhile Microsoft still hasn't patched the fatal flaw
While enterprises are still waiting for Microsoft to issue a fix for the critical "Follina" vulnerability in Windows, yet more malware operators are moving in to exploit it.
Microsoft late last month acknowledged the remote code execution (RCE) vulnerability – tracked as CVE-2022-30190 – but has yet to deliver a patch for it. The company has outlined workarounds that can be used until a fix becomes available.
Ukraine's secret cyber-defense that blunts Russian attacks: Excellent backups [Ed: Dumping Microsoft is the right approach, not more backups]
This attack – along with several other destructive data-wiping malware infections in Ukrainian government and private-sector networks – illustrates a couple of key cyber security takeaways about Russian cyber goons.
Morphisec Launches Knight for Linux to Prevent Advanced Cyberattacks [Ed: With proprietary software you must be an unverifiable assumption that this software itself isn't a security breach]
Apple gets lawsuit over Meltdown and Spectre dismissed [Ed: Apple knowingly sold defective products, but this is considered normal now]
A California District Court judge has dismissed a proposed class action complaint against Apple for allegedly selling iPhones and iPads containing Arm-based chips with known flaws.
The lawsuit was initially filed on January 8, 2018, six days after The Register revealed the Intel CPU architecture vulnerabilities that would later come to be known as Meltdown and Spectre and would affect Arm and AMD chips, among others, to varying degrees.
Apple M1 chip contains hardware vulnerability that bypasses memory defense [Ed: Than again, Apple gives your data to the NSA, so you know the company never really valued users' security]
Apple's M1 chip has been found to contain a hardware vulnerability that can be abused to disable one of its defense mechanisms against memory corruption exploits, giving such attacks a greater chance of success.
MIT CSAIL computer scientists on Friday said they have identified a way to bypass the M1 chip's pointer authentication, a security mechanism that tries to prevent an attacker from modifying memory references without being detected.
