POPULARITY
8 episodes with rowhammer
5 episodes with rowhammer
4 episodes with rowhammer
3 episodes with rowhammer
3 episodes with rowhammer
3 episodes with rowhammer
3 episodes with rowhammer
2 episodes with rowhammer
2 episodes with rowhammer
British and Romanian authorities make arrests in a major tax fraud scheme. The Interlock ransomware gang has a new RAT. A new vulnerability in Google Gemini for Workspace allows attackers to hide malicious instructions inside emails. Suspected Chinese hackers breach a major DC law firm. Multiple firmware vulnerabilities affect products from Taiwanese manufacturer Gigabyte Technology. Nvidia warns against Rowhammer attacks across its product line. Louis Vuitton joins the list of breached UK retailers. Indian authorities dismantle a cyber fraud gang. CISA pumps the brakes on a critical vulnerability in American train systems. Our guest is Cynthia Kaiser, SVP of Halcyon's Ransomware Research Center and former Deputy Assistant Director at the FBI's Cyber Division, with insights on Scattered Spider. Hackers ransack Elmo's World. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Cynthia Kaiser, SVP of Halcyon's Ransomware Research Center and former Deputy Assistant Director at the FBI's Cyber Division, discussing "Scattered Spider and Other Criminal Compromise of Outsourcing Providers Increases Victim Attacks." You can check out more from Halcyon here. Selected Reading Romanian police arrest 13 scammers targeting UK's tax authority (The Record) Interlock Ransomware Unleashes New RAT in Widespread Campaign (Infosecurity Magazine) Google Gemini flaw hijacks email summaries for phishing (Bleeping Computer) Chinese hackers suspected in breach of powerful DC law firm (CNN Politics) Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment (Security Week) Nvidia warns of Rowhammer attacks on GPUs (The Register) Louis Vuitton UK Latest Retailer Hit by Data Breach (Infosecurity Magazine) Indian Police Raid Tech Support Scam Call Center (Infosecurity Magazine) Security vulnerability on U.S. trains that let anyone activate the brakes on the rear car was known for 13 years — operators refused to fix the issue until now (Tom's Hardware) End-of-Train and Head-of-Train Remote Linking Protocol (CISA) Hacker Makes Antisemitic Posts on Elmo's X Account (The New York Times) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Experimental Suspicious Domain Feed Our new experimental suspicious domain feed uses various criteria to identify domains that may be used for phishing or other malicious purposes. https://isc.sans.edu/diary/Experimental%20Suspicious%20Domain%20Feed/32102 Wing FTP Server RCE Vulnerability Exploited CVE-2025-47812 Huntress saw active exploitation of Wing FTP Server remote code execution (CVE-2025-47812) on a customer on July 1, 2025. Organizations running Wing FTP Server should update to the fixed version, version 7.4.4, as soon as possible. https://www.huntress.com/blog/wing-ftp-server-remote-code-execution-cve-2025-47812-exploited-in-wild https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ FortiWeb Pre-Auth RCE (CVE-2025-25257) An exploit for the FortiWeb RCE Vulnerability is now available and is being used in the wild. https://pwner.gg/blog/2025-07-10-fortiweb-fabric-rce NVIDIA Vulnerable to Rowhammer NVIDIA has received new research related to the industry-wide DRAM issue known as Rowhammer . The research demonstrates a potential Rowhammer attack against an NVIDIA A6000 GPU with GDDR6 Memory. The purpose of this notice is to reinforce already known mitigations to Rowhammer attacks. https://nvidia.custhelp.com/app/answers/detail/a_id/5671/~/security-notice%3A-rowhammer---july-2025
An analysis of Telegram Messenger's crypto. A beautiful statement of the goal of modern crypto design. Who was behind Twitter's recent outage trouble? An embedded Firefox root certificate expired. Who was surprised? AI-generated Github repos, voice cloning, Patch Tuesday and an Apple 0-day. The FBI warns of another novel attack vector that's seeing a lot of action. Google weighs in on the Age Verification controversy. In a vacuum, Kazakhstan comes up with their own solution. Was Google also served an order from the UK? Can they say? A serious PHP vulnerability you need to know you don't have. A bunch of great listener feedback, some Sci-Fi content reviews and... A new tool allows YOU to test YOUR PCs for their RowHammer susceptibility Show Notes - https://www.grc.com/sn/SN-1017-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW bitwarden.com/twit threatlocker.com for Security Now veeam.com
An analysis of Telegram Messenger's crypto. A beautiful statement of the goal of modern crypto design. Who was behind Twitter's recent outage trouble? An embedded Firefox root certificate expired. Who was surprised? AI-generated Github repos, voice cloning, Patch Tuesday and an Apple 0-day. The FBI warns of another novel attack vector that's seeing a lot of action. Google weighs in on the Age Verification controversy. In a vacuum, Kazakhstan comes up with their own solution. Was Google also served an order from the UK? Can they say? A serious PHP vulnerability you need to know you don't have. A bunch of great listener feedback, some Sci-Fi content reviews and... A new tool allows YOU to test YOUR PCs for their RowHammer susceptibility Show Notes - https://www.grc.com/sn/SN-1017-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW bitwarden.com/twit threatlocker.com for Security Now veeam.com
An analysis of Telegram Messenger's crypto. A beautiful statement of the goal of modern crypto design. Who was behind Twitter's recent outage trouble? An embedded Firefox root certificate expired. Who was surprised? AI-generated Github repos, voice cloning, Patch Tuesday and an Apple 0-day. The FBI warns of another novel attack vector that's seeing a lot of action. Google weighs in on the Age Verification controversy. In a vacuum, Kazakhstan comes up with their own solution. Was Google also served an order from the UK? Can they say? A serious PHP vulnerability you need to know you don't have. A bunch of great listener feedback, some Sci-Fi content reviews and... A new tool allows YOU to test YOUR PCs for their RowHammer susceptibility Show Notes - https://www.grc.com/sn/SN-1017-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW bitwarden.com/twit threatlocker.com for Security Now veeam.com
An analysis of Telegram Messenger's crypto. A beautiful statement of the goal of modern crypto design. Who was behind Twitter's recent outage trouble? An embedded Firefox root certificate expired. Who was surprised? AI-generated Github repos, voice cloning, Patch Tuesday and an Apple 0-day. The FBI warns of another novel attack vector that's seeing a lot of action. Google weighs in on the Age Verification controversy. In a vacuum, Kazakhstan comes up with their own solution. Was Google also served an order from the UK? Can they say? A serious PHP vulnerability you need to know you don't have. A bunch of great listener feedback, some Sci-Fi content reviews and... A new tool allows YOU to test YOUR PCs for their RowHammer susceptibility Show Notes - https://www.grc.com/sn/SN-1017-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW bitwarden.com/twit threatlocker.com for Security Now veeam.com
An analysis of Telegram Messenger's crypto. A beautiful statement of the goal of modern crypto design. Who was behind Twitter's recent outage trouble? An embedded Firefox root certificate expired. Who was surprised? AI-generated Github repos, voice cloning, Patch Tuesday and an Apple 0-day. The FBI warns of another novel attack vector that's seeing a lot of action. Google weighs in on the Age Verification controversy. In a vacuum, Kazakhstan comes up with their own solution. Was Google also served an order from the UK? Can they say? A serious PHP vulnerability you need to know you don't have. A bunch of great listener feedback, some Sci-Fi content reviews and... A new tool allows YOU to test YOUR PCs for their RowHammer susceptibility Show Notes - https://www.grc.com/sn/SN-1017-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW bitwarden.com/twit threatlocker.com for Security Now veeam.com
An analysis of Telegram Messenger's crypto. A beautiful statement of the goal of modern crypto design. Who was behind Twitter's recent outage trouble? An embedded Firefox root certificate expired. Who was surprised? AI-generated Github repos, voice cloning, Patch Tuesday and an Apple 0-day. The FBI warns of another novel attack vector that's seeing a lot of action. Google weighs in on the Age Verification controversy. In a vacuum, Kazakhstan comes up with their own solution. Was Google also served an order from the UK? Can they say? A serious PHP vulnerability you need to know you don't have. A bunch of great listener feedback, some Sci-Fi content reviews and... A new tool allows YOU to test YOUR PCs for their RowHammer susceptibility Show Notes - https://www.grc.com/sn/SN-1017-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW bitwarden.com/twit threatlocker.com for Security Now veeam.com
An analysis of Telegram Messenger's crypto. A beautiful statement of the goal of modern crypto design. Who was behind Twitter's recent outage trouble? An embedded Firefox root certificate expired. Who was surprised? AI-generated Github repos, voice cloning, Patch Tuesday and an Apple 0-day. The FBI warns of another novel attack vector that's seeing a lot of action. Google weighs in on the Age Verification controversy. In a vacuum, Kazakhstan comes up with their own solution. Was Google also served an order from the UK? Can they say? A serious PHP vulnerability you need to know you don't have. A bunch of great listener feedback, some Sci-Fi content reviews and... A new tool allows YOU to test YOUR PCs for their RowHammer susceptibility Show Notes - https://www.grc.com/sn/SN-1017-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW bitwarden.com/twit threatlocker.com for Security Now veeam.com
An analysis of Telegram Messenger's crypto. A beautiful statement of the goal of modern crypto design. Who was behind Twitter's recent outage trouble? An embedded Firefox root certificate expired. Who was surprised? AI-generated Github repos, voice cloning, Patch Tuesday and an Apple 0-day. The FBI warns of another novel attack vector that's seeing a lot of action. Google weighs in on the Age Verification controversy. In a vacuum, Kazakhstan comes up with their own solution. Was Google also served an order from the UK? Can they say? A serious PHP vulnerability you need to know you don't have. A bunch of great listener feedback, some Sci-Fi content reviews and... A new tool allows YOU to test YOUR PCs for their RowHammer susceptibility Show Notes - https://www.grc.com/sn/SN-1017-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW bitwarden.com/twit threatlocker.com for Security Now veeam.com
In der ersten Folge des Jahres meldet sich Christopher aus dem Hamburger Außenstudio. Mit zwei Gästen, nämlich Linus Neumann vom CCC und Prof. Florian Adamsky von der Hochschule Hof, spricht er über vier aktuelle Themen, die auch Gegenstand von 38C3-Vorträgen sind: Die Rowhammer-Sicherheitslücke in DRAM, das Datenleck bei VW, unsichere Wahlsoftware und aus China gesteuerte Fake-Shops. - 38C3-Talk zu FlippyRAM: https://media.ccc.de/v/38c3-ten-years-of-rowhammer-a-retrospect-and-path-to-the-future - FlippyRAM: https://flippyr.am/ - 38C3-Talk zu Volkswagen-Leck: https://media.ccc.de/v/38c3-wir-wissen-wo-dein-auto-steht-volksdaten-von-volkswagen - SRLabs zu BogusBazaar: https://www.srlabs.de/blog-post/bogusbazaar - Fakeshop-Finder der Verbraucherzentrale: https://www.verbraucherzentrale.de/fakeshopfinder-71560 - 38C3-Talk zu BogusBazaar: https://media.ccc.de/v/38c3-fake-shops-von-der-stange-bogusbazaar - 38C3-Talk zum Thüring-Test: https://media.ccc.de/v/38c3-der-thring-test-fr-wahlsoftware Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://pro.heise.de/passwort
On this week's show Patrick and Adam discuss the week's security news, including: FVEY protests China's widespread hacking of western politicians China bans western CPUs, Windows and databases Apple's leaky M-chip prefetcher Nigeria holds ex-IRS investigator hostage in Binance stoush Researchers bring Rowhammer to AMD Zen and DDR5 And much, much more. This week's show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week's show to make a passionate case that security vendors don't all have to go for explosive growth. Slow and steady with a focus on excellent and relevant products will win the race, he says. Show notes Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov Parliament network breached in China-led cyberattack, Judith Collins reveals China blocks use of Intel and AMD chips in government computers Announcement of Safety and Reliability Evaluation Results (No. 1, 2023) Unpatchable vulnerability in Apple chip leaks secret encryption keys | Ars Technica How Ukraine is using mobile phones on 6ft poles to stop drones Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop US penalizes Russian fintech firms that helped others evade sanctions UN probing 58 alleged crypto heists by North Korea worth $3 billion Detained execs, a bold escape, and tax evasion charges: Nigeria takes aim at Binance The DOJ Puts Apple's iMessage Encryption in the Antitrust Crosshairs | WIRED Mark Zuckerberg told Facebook execs to 'figure out' how to track encrypted usage on rival apps like Snap and YouTube, unsealed documents show ‘Far-reaching' hack stole information from Python developers ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms One Man's Army of Streaming Bots Reveals a Whole Industry's Problem Apex Legends hacker said he hacked tournament games ‘for fun' | TechCrunch
On this week's show Patrick and Adam discuss the week's security news, including: FVEY protests China's widespread hacking of western politicians China bans western CPUs, Windows and databases Apple's leaky M-chip prefetcher Nigeria holds ex-IRS investigator hostage in Binance stoush Researchers bring Rowhammer to AMD Zen and DDR5 And much, much more. This week's show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week's show to make a passionate case that security vendors don't all have to go for explosive growth. Slow and steady with a focus on excellent and relevant products will win the race, he says. Show notes Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov Parliament network breached in China-led cyberattack, Judith Collins reveals China blocks use of Intel and AMD chips in government computers Announcement of Safety and Reliability Evaluation Results (No. 1, 2023) Unpatchable vulnerability in Apple chip leaks secret encryption keys | Ars Technica How Ukraine is using mobile phones on 6ft poles to stop drones Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop US penalizes Russian fintech firms that helped others evade sanctions UN probing 58 alleged crypto heists by North Korea worth $3 billion Detained execs, a bold escape, and tax evasion charges: Nigeria takes aim at Binance The DOJ Puts Apple's iMessage Encryption in the Antitrust Crosshairs | WIRED Mark Zuckerberg told Facebook execs to 'figure out' how to track encrypted usage on rival apps like Snap and YouTube, unsealed documents show ‘Far-reaching' hack stole information from Python developers ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms One Man's Army of Streaming Bots Reveals a Whole Industry's Problem Apex Legends hacker said he hacked tournament games ‘for fun' | TechCrunch
In this episode of InTechnology, Camille gets into cybersecurity for AI and software optimization with Thomas Dullien, aka Halvar Flake. They talk about his work with Optimyze, cybersecurity and software optimization uses for large language models, the outlook for artificial general intelligence and other technology jumps, the data required to build large AI models, his research with Rowhammer, and more. The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation.
Picture of the Week. Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software. And as for MOVEit... What's a "Rug Pull" ?? "Avast, ye Matey" China's OpenKylin v1. TootRoot! Firefox 115. Did Russia Disconnect? Use some honey if you want to catch some flies. Cryptocurrency losses. International Consumer Data Transit. Apple's emergency update retraction. Syncthing Revisited. Closing the Loop. SpinRite's first RTM release. RTOS-32. Rowhammer Indelible Fingerprinting. Show Notes: https://www.grc.com/sn/SN-930-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT bitwarden.com/twit GO.ACILEARNING.COM/TWIT
Picture of the Week. Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software. And as for MOVEit... What's a "Rug Pull" ?? "Avast, ye Matey" China's OpenKylin v1. TootRoot! Firefox 115. Did Russia Disconnect? Use some honey if you want to catch some flies. Cryptocurrency losses. International Consumer Data Transit. Apple's emergency update retraction. Syncthing Revisited. Closing the Loop. SpinRite's first RTM release. RTOS-32. Rowhammer Indelible Fingerprinting. Show Notes: https://www.grc.com/sn/SN-930-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT bitwarden.com/twit GO.ACILEARNING.COM/TWIT
Picture of the Week. Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software. And as for MOVEit... What's a "Rug Pull" ?? "Avast, ye Matey" China's OpenKylin v1. TootRoot! Firefox 115. Did Russia Disconnect? Use some honey if you want to catch some flies. Cryptocurrency losses. International Consumer Data Transit. Apple's emergency update retraction. Syncthing Revisited. Closing the Loop. SpinRite's first RTM release. RTOS-32. Rowhammer Indelible Fingerprinting. Show Notes: https://www.grc.com/sn/SN-930-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT bitwarden.com/twit GO.ACILEARNING.COM/TWIT
Picture of the Week. Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software. And as for MOVEit... What's a "Rug Pull" ?? "Avast, ye Matey" China's OpenKylin v1. TootRoot! Firefox 115. Did Russia Disconnect? Use some honey if you want to catch some flies. Cryptocurrency losses. International Consumer Data Transit. Apple's emergency update retraction. Syncthing Revisited. Closing the Loop. SpinRite's first RTM release. RTOS-32. Rowhammer Indelible Fingerprinting. Show Notes: https://www.grc.com/sn/SN-930-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT bitwarden.com/twit GO.ACILEARNING.COM/TWIT
Picture of the Week. Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software. And as for MOVEit... What's a "Rug Pull" ?? "Avast, ye Matey" China's OpenKylin v1. TootRoot! Firefox 115. Did Russia Disconnect? Use some honey if you want to catch some flies. Cryptocurrency losses. International Consumer Data Transit. Apple's emergency update retraction. Syncthing Revisited. Closing the Loop. SpinRite's first RTM release. RTOS-32. Rowhammer Indelible Fingerprinting. Show Notes: https://www.grc.com/sn/SN-930-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT bitwarden.com/twit GO.ACILEARNING.COM/TWIT
Picture of the Week. Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software. And as for MOVEit... What's a "Rug Pull" ?? "Avast, ye Matey" China's OpenKylin v1. TootRoot! Firefox 115. Did Russia Disconnect? Use some honey if you want to catch some flies. Cryptocurrency losses. International Consumer Data Transit. Apple's emergency update retraction. Syncthing Revisited. Closing the Loop. SpinRite's first RTM release. RTOS-32. Rowhammer Indelible Fingerprinting. Show Notes: https://www.grc.com/sn/SN-930-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT bitwarden.com/twit GO.ACILEARNING.COM/TWIT
Picture of the Week. Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software. And as for MOVEit... What's a "Rug Pull" ?? "Avast, ye Matey" China's OpenKylin v1. TootRoot! Firefox 115. Did Russia Disconnect? Use some honey if you want to catch some flies. Cryptocurrency losses. International Consumer Data Transit. Apple's emergency update retraction. Syncthing Revisited. Closing the Loop. SpinRite's first RTM release. RTOS-32. Rowhammer Indelible Fingerprinting. Show Notes: https://www.grc.com/sn/SN-930-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT bitwarden.com/twit GO.ACILEARNING.COM/TWIT
Picture of the Week. Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software. And as for MOVEit... What's a "Rug Pull" ?? "Avast, ye Matey" China's OpenKylin v1. TootRoot! Firefox 115. Did Russia Disconnect? Use some honey if you want to catch some flies. Cryptocurrency losses. International Consumer Data Transit. Apple's emergency update retraction. Syncthing Revisited. Closing the Loop. SpinRite's first RTM release. RTOS-32. Rowhammer Indelible Fingerprinting. Show Notes: https://www.grc.com/sn/SN-930-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT bitwarden.com/twit GO.ACILEARNING.COM/TWIT
Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: POC GTFO culture as partial antidote to alignment wordcelism, published by lc on March 15, 2023 on LessWrong. There is an important asymmetry in reception for prophets. Go read that post first if you haven't. For those who don't want to, the gist is: Given the same level of specificity, people will naturally give more credit to the public thinker that argues that society or industry will change, because it's easy to recall active examples of things changing and hard to recall the vast amount of negative examples where things stayed the same. If you take the Nassim Taleb route of vapidly predicting, in an unspecific way, that interesting things are eventually going to happen, interesting things will eventually happen and you will be revered as an oracle. If you take the Francis Fukuyama route of vapidly saying that things will mostly stay the same, you will be declared a fool every time something mildly important happens. The computer security industry happens to know this dynamic very well. No one notices the Fortune 500 company that doesn't suffer the ransomware attack. Outside the industry, this active vs. negative bias is so prevalent that security standards are constantly called "horrific" without articulating the sense in which they fail, and despite the fact that online banking system works pretty well virtually all of the time. And inside the industry, vague and unverified predictions that Companies Will Have Security Incidents, or that New Tools Will Have Security Flaws, are treated much more favorably in retrospect than vague and unverified predictions that companies will mostly do fine. Even if you're right that an attack vector is unimportant and probably won't lead to any real world consequences, in retrospect your position will be considered obvious. On the other hand, if you say that an attack vector is important, and you're wrong, people will also forget about that in three years. So better list everything that could possibly go wrong, even if certain mishaps are much more likely than others, and collect oracle points when half of your failure scenarios are proven correct. This would be bad on its own, but then it's compounded with several other problems. For one thing, predictions of doom, of course, inflate the importance and future salary expectations of information security researchers, in the same sense that inflating the competence of the Russian military is good for the U.S. defense industry. When you tell someone their Rowhammer hardware attacks are completely inexploitable in practice, that's no fun for anyone, because it means infosec researchers aren't going to all get paid buckets of money to defend against Rowhammer exploits, and journalists have no news article. For another thing, the security industry (especially the offensive side) is selected to contain people who believe computer security is a large societal problem, and that they themselves can get involved, or at least want to believe that it's possible for them to get involved if they put in a lot of time and effort, and so they're really inclined to hear you if you're about to tell them how obviously bad information security at most companies really is. But worst of all, especially for those evaluating particular critiques and trying to prevent problems in advance, is a fourth problem: unskilled hackers are bad at modeling defenders, just as unskilled defenders are bad at modeling computer hackers. It's actually very easy - too easy - to write stories and pseudocode for exploits that an average, security-aware software engineer will believe works in practice. Newbies to the field are often shocked by how many times they run into a situation where their attacks "almost" work, just like entrepreneurs are shocked by how many startup ideas "almost" work. This happens not because the ...
Link to original articleWelcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: POC GTFO culture as partial antidote to alignment wordcelism, published by lc on March 15, 2023 on LessWrong. There is an important asymmetry in reception for prophets. Go read that post first if you haven't. For those who don't want to, the gist is: Given the same level of specificity, people will naturally give more credit to the public thinker that argues that society or industry will change, because it's easy to recall active examples of things changing and hard to recall the vast amount of negative examples where things stayed the same. If you take the Nassim Taleb route of vapidly predicting, in an unspecific way, that interesting things are eventually going to happen, interesting things will eventually happen and you will be revered as an oracle. If you take the Francis Fukuyama route of vapidly saying that things will mostly stay the same, you will be declared a fool every time something mildly important happens. The computer security industry happens to know this dynamic very well. No one notices the Fortune 500 company that doesn't suffer the ransomware attack. Outside the industry, this active vs. negative bias is so prevalent that security standards are constantly called "horrific" without articulating the sense in which they fail, and despite the fact that online banking system works pretty well virtually all of the time. And inside the industry, vague and unverified predictions that Companies Will Have Security Incidents, or that New Tools Will Have Security Flaws, are treated much more favorably in retrospect than vague and unverified predictions that companies will mostly do fine. Even if you're right that an attack vector is unimportant and probably won't lead to any real world consequences, in retrospect your position will be considered obvious. On the other hand, if you say that an attack vector is important, and you're wrong, people will also forget about that in three years. So better list everything that could possibly go wrong, even if certain mishaps are much more likely than others, and collect oracle points when half of your failure scenarios are proven correct. This would be bad on its own, but then it's compounded with several other problems. For one thing, predictions of doom, of course, inflate the importance and future salary expectations of information security researchers, in the same sense that inflating the competence of the Russian military is good for the U.S. defense industry. When you tell someone their Rowhammer hardware attacks are completely inexploitable in practice, that's no fun for anyone, because it means infosec researchers aren't going to all get paid buckets of money to defend against Rowhammer exploits, and journalists have no news article. For another thing, the security industry (especially the offensive side) is selected to contain people who believe computer security is a large societal problem, and that they themselves can get involved, or at least want to believe that it's possible for them to get involved if they put in a lot of time and effort, and so they're really inclined to hear you if you're about to tell them how obviously bad information security at most companies really is. But worst of all, especially for those evaluating particular critiques and trying to prevent problems in advance, is a fourth problem: unskilled hackers are bad at modeling defenders, just as unskilled defenders are bad at modeling computer hackers. It's actually very easy - too easy - to write stories and pseudocode for exploits that an average, security-aware software engineer will believe works in practice. Newbies to the field are often shocked by how many times they run into a situation where their attacks "almost" work, just like entrepreneurs are shocked by how many startup ideas "almost" work. This happens not because the ...
Picture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: tanium.com/twit itpro.tv/securitynow use code: SN30 grammarly.com/securitynow
Picture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: tanium.com/twit itpro.tv/securitynow use code: SN30 grammarly.com/securitynow
Picture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: tanium.com/twit itpro.tv/securitynow use code: SN30 grammarly.com/securitynow
Picture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: tanium.com/twit itpro.tv/securitynow use code: SN30 grammarly.com/securitynow
Picture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: tanium.com/twit itpro.tv/securitynow use code: SN30 grammarly.com/securitynow
Picture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: tanium.com/twit itpro.tv/securitynow use code: SN30 grammarly.com/securitynow
Picture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: tanium.com/twit itpro.tv/securitynow use code: SN30 grammarly.com/securitynow
Picture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: tanium.com/twit itpro.tv/securitynow use code: SN30 grammarly.com/securitynow
Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Code Generation as an AI risk setting, published by Not Relevant on April 17, 2022 on LessWrong. Historically, it has been difficult to persuade people of the likelihood of AI risk because the examples tend to sound “far-fetched” to audiences not bought in on the premise. One particular problem with many traditional framings for AI takeover is that most people struggle to imagine how e.g. “a robot programmed to bake maximum pies” figures out how to code, locates its own source-code, copies itself elsewhere via an internet connection and then ends the world. There's a major logical leap there: “pie-baking” and “coding” are things done by different categories of agent in our society, and so it's fundamentally odd for people to imagine an agent capable of both. This oddness makes it feel like we must be far away from any system that could be that general, and thus pushes safety concerns to a philosophical exercise. I want to make the case that the motivating example we should really be using is automatic code generation. Here's a long list of reasons why: It's obvious to people why and how a system good at generating code could generate code to copy itself, if it were given an open-ended task. It's a basic system-reliability precaution that human engineers would also take. For non-experts, they are already afraid of unrestrained hackers and of large tech companies building software products that damage society - this being done by an unaccountable AI fits into an emotional narrative. For software people (whom we most need to convince) the problem of unexpected behaviors from code is extremely intuitive - as is the fact that it is always the case that code bases are too complex for any human to be certain of what they'll do before they're run. Code generation does seem to be getting dramatically better, and the memetic/media environment is ripe for people to decide how to feel about these capabilities. Nearly all conceivable scalable prosaic alignment solutions will require some degree of “program verification” - making sure that code isn't being run with an accidentally terrible utility function, or to verify the outputs of other AIs via code-checking Tool AIs. So we want substantial overlap between the AI safety and AI codegen communities. The “alignment problem” already exists in nearly all large software engineering projects: it's very difficult to specify what you want a program to do ahead of time, and so we mostly just run codebases and see what happens. All of the concerns around “the AI learns to use Rowhammer to escape” feel much more obvious when you're building a code-generator. We can even motivate the problem by having the AI's objective be “make sure that other code-generating AIs don't misbehave”. This is open-ended in a way that obviously makes it a utility-maximizer, and preemptively addresses the usual technooptimistic response of “we'll just build auditor AIs” by starting with aligning those as the premise. The distinction between act-based AIs and EUMs is obvious in the case of code-gen. Similarly, the idea of Safety via Debate is related to code reviewing processes. Software project generation capabilities seem both necessary and possibly sufficient for FOOM/takeover scenarios. Ultimately, the people in government/companies most sympathetic to high-tech risk mitigation are the people who think about cybersecurity - so scaring them gets us a very useful ally. (It's also a community with plenty of people with the “security mindset” needed for many empirical alignment scenarios.) On the other hand, there may be some risk that focusing on code generation increases its public salience and thus investment in it. But this seems likely to have happened anyway. It's also more obviously the path towards recursive self-improvement, and thus may accelerate AI c...
Link to original articleWelcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Code Generation as an AI risk setting, published by Not Relevant on April 17, 2022 on LessWrong. Historically, it has been difficult to persuade people of the likelihood of AI risk because the examples tend to sound “far-fetched” to audiences not bought in on the premise. One particular problem with many traditional framings for AI takeover is that most people struggle to imagine how e.g. “a robot programmed to bake maximum pies” figures out how to code, locates its own source-code, copies itself elsewhere via an internet connection and then ends the world. There's a major logical leap there: “pie-baking” and “coding” are things done by different categories of agent in our society, and so it's fundamentally odd for people to imagine an agent capable of both. This oddness makes it feel like we must be far away from any system that could be that general, and thus pushes safety concerns to a philosophical exercise. I want to make the case that the motivating example we should really be using is automatic code generation. Here's a long list of reasons why: It's obvious to people why and how a system good at generating code could generate code to copy itself, if it were given an open-ended task. It's a basic system-reliability precaution that human engineers would also take. For non-experts, they are already afraid of unrestrained hackers and of large tech companies building software products that damage society - this being done by an unaccountable AI fits into an emotional narrative. For software people (whom we most need to convince) the problem of unexpected behaviors from code is extremely intuitive - as is the fact that it is always the case that code bases are too complex for any human to be certain of what they'll do before they're run. Code generation does seem to be getting dramatically better, and the memetic/media environment is ripe for people to decide how to feel about these capabilities. Nearly all conceivable scalable prosaic alignment solutions will require some degree of “program verification” - making sure that code isn't being run with an accidentally terrible utility function, or to verify the outputs of other AIs via code-checking Tool AIs. So we want substantial overlap between the AI safety and AI codegen communities. The “alignment problem” already exists in nearly all large software engineering projects: it's very difficult to specify what you want a program to do ahead of time, and so we mostly just run codebases and see what happens. All of the concerns around “the AI learns to use Rowhammer to escape” feel much more obvious when you're building a code-generator. We can even motivate the problem by having the AI's objective be “make sure that other code-generating AIs don't misbehave”. This is open-ended in a way that obviously makes it a utility-maximizer, and preemptively addresses the usual technooptimistic response of “we'll just build auditor AIs” by starting with aligning those as the premise. The distinction between act-based AIs and EUMs is obvious in the case of code-gen. Similarly, the idea of Safety via Debate is related to code reviewing processes. Software project generation capabilities seem both necessary and possibly sufficient for FOOM/takeover scenarios. Ultimately, the people in government/companies most sympathetic to high-tech risk mitigation are the people who think about cybersecurity - so scaring them gets us a very useful ally. (It's also a community with plenty of people with the “security mindset” needed for many empirical alignment scenarios.) On the other hand, there may be some risk that focusing on code generation increases its public salience and thus investment in it. But this seems likely to have happened anyway. It's also more obviously the path towards recursive self-improvement, and thus may accelerate AI c...
Among the many problems with the current social media enthusiasm for deplatforming is this question: What do you do with all the data generated by people you deplatformed? Facebook's answer, as you'd expect, is that Facebook can do what it wants with the data, which mostly means deleting it. Even if it's evidence of a crime? Yes, says the platform, unless law enforcement asks us to save it. The legal fight over a deplatformed group that defended historical statues (and may have shot someone in the process) will tell us something about the—law of deplatformed data as will the fight over Gambia's effort to recover evidence of deplatformed human rights evidence. In the end, though, we need a law on this question. Because, given their track record in content moderation, leaving the question to the discretion of social media will translate into platforms' preserving only evidence that hurts people they hate. Tired: Data breach reporting. Wired: Cyber incident reporting. The unanimous view of our news panelists, Paul Rosenzweig and Dmitri Alperovitch, is that cyber policy has turned from reporting personal data breaches to reporting serious cyber intrusions no matter what data is compromised. The latest example is the financial regulators' adoption of a rule requiring banks and similar institutions to report major cyber incidents within 36 hours of determination that one has occurred. But who will make that determination and with what certainty? Dmitri's money is on the lawyers. I think there's a great ER-style drama in the process: “OK, I'm going to call it. No point in trying to keep this alive any longer. Time of determination is 2:07 pm.” Back after a long absence, we add an interview to the news roundup. David “moose” Wolpoff and Dan MacDonnell of Randori explain the consternation over their startup's use of a serious vulnerability to conduct realistic penetration tests of buttoned-up networks instead of reporting it right away to the software provider. They argue that the value of zero days for pentesting is great and the risk of harm low, if handled responsibly. In fact, the debate sounds a lot like the arguments around the table at a government Vulnerability Equities Process (VEP) meeting. And that makes me wonder whether the people pushing for a stricter VEP have any idea at all what they're talking about. Dmitri lays out the surprising complexity and sophistication of the Iranian attempt to influence the 2020 election. I'm less convinced. The Iranian effort failed, after all, and it resulted in the hackers' indictment. I dig into a recent brief by Hikvision claiming that the FCC lacks authority to bar sales of its products in the U.S. I'm only half convinced by the legal claim, but I am sure of this: The Hikvision argument has created an opportunity for some enterprising politician to sponsor quick, uncontroversial legislation giving the FCC the authority that Hikvision says it doesn't have. Dmitri explains the latest advance of the hardware hack known as Rowhammer. It may not be deployed routinely even now, he says, but the exploit makes clear that we will never entirely secure our cyber infrastructure. Paul and I agree that it's perfectly legal for the government to buy advertising data that shows citizens' locations. We more or less agree that some restraint on sales of location data—at least to the Russian and Chinese governments and maybe to anybody—are in order. Paul and I offer muted and squeamish criticism of a Big Report claiming that child sexual abuse is exploding online. There's no doubt that it's a problem that deserves more legal and platform effort, but the authors did their cause no favors by mixing kids exchanging nude selfies with truly loathsome material. Dmitri and I perform a public service announcement about a scam that takes advantage of security habits that the banks have encouraged us to get used to. Zelle fraud is going to make us all regret those habits. And hopefully it will finally get banks to use hardware tokens instead of text messages to verify our transactions. Germany and Mandiant are at odds in attributing the government sponsor of the Ghostwriter hacking gang. Germany, backed by the EU, says it's Russia. Mandiant says it's Belarus. Dmitri says “Never bet against Mandiant on attribution.” I can't disagree. Finally, Dmitri joins me in an appreciation of Alan Paller, who died last week. He was a major influence in cybersecurity, and a role model for successful entrepreneurs who want to give back using their institution-creating skills. Download the 384th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
What happens when the digital world collides with the physical world?
![Day[0] - Zero Days for Day Zero](https://ivyfm.s3.amazonaws.com/i320/820071.jpg)
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/ddr4-rowhammer-azure-bugs-essential-0days-and-backdoored-ida.html North Korea is at it again targeting researchers, 0day hoarding, breaching secure hardware, and fuzzing on this weeks episode. [00:01:15] Spot the Vuln - Beyond the Grave [00:03:50] ESET Research discovered a trojanized IDA Pro installer, distributed by the #Lazarus APT group [00:12:39] Why Zero-Days Are Essential to Security - Randori [00:29:32] Blacksmith - Rowhammer Returns [00:43:04] Fuzzing Microsoft's RDP Client using Virtual Channels: Overview & Methodology [00:57:45] Microsoft Azure Sphere Security Monitor SMSyscallCommitImageStaging stage-without-manifest denial of service vulnerability [01:04:53] Microsoft Azure Sphere Kernel GPIO_SET_PIN_CONFIG_IOCTL information disclosure vulnerability The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week: Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec You can also join our discord: https://discord.gg/daTxTK9 Or follow us on Twitter (@dayzerosec) to know when new releases are coming.
In today's podcast we cover four crucial cyber and technology topics, including: 1. New evidence that Emotet may be back emerges 2. Intel addresses two flaws in firmware of computer processors 3. New Rowhammer attack makes DDR4 memory vulnerable 4. North Korean attackers push bundled IDA Pro security tool laced with malware I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Watering hole attacks are getting much better How Israel's government used NSO to strengthen its diplomatic ties Randori sat on some PAN 0day. This is fine. Facebook outs state-backed ops FBi has unfortunate incident with its mail boxes Much, much more This week's sponsor interview is with HD Moore. He's the founder of Rumble, the network asset discovery scanner, and he's joining us to talk about some new tricks he's added to the product, like integrations with cloud service APIs and external discovery products like Censys. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes British news website was hacked to control readers' computers, report says Strategic web compromises in the Middle East with a pinch of Candiru | WeLiveSecurity Analyzing a watering hole campaign using macOS exploits Israel, spyware and corruption: NSO ties to Netanyahu, Bennett and other politicians - Israel News - Haaretz.com Pakistani hackers operated a fake app store to target former Afghan officials - The Record by Recorded Future Exclusive: A Cyber Mercenary Is Hacking The Google And Telegram Accounts Of Presidential Candidates, Journalists And Doctors New Moses Staff group targets Israeli organizations in destructive attacks - The Record by Recorded Future Kevin Beaumont on Twitter: "Pay attention to this one when it's out. I haven't seen it, but it's possible to use BitLocker to remotely (re)encrypt every endpoint in AD in a way that only the attacker can decrypt… and it bypasses sec solutions. So I imagine it's that." / Twitter Hacker sends spam to 100,000 from FBI email address Booking.com was reportedly hacked by a US intel agency but never told customers | Ars Technica ‘Ghostwriter' Looks Like a Purely Russian Op—Except It's Not | WIRED Emotet botnet returns after law enforcement mass-uninstall operation - The Record by Recorded Future Canadian health systems recovering from breach that forced thousands of appointment cancellations Dustin Volz on Twitter: "@riskybusiness @DAlperovitch I think folks outside government can also underestimate how much agencies rehearse talking points and in testimony like this and try to be always on the same page—unless they don't want to be. And that adds to the sense of “conflict” or “disagreement” for some of us." / Twitter CERT-PL employees rally around politically-dismissed chief - The Record by Recorded Future US detains crypto-exchange exec for helping Ryuk ransomware gang launder profits - The Record by Recorded Future Researchers wait 12 months to report vulnerability with 9.8 out of 10 severity rating | Ars Technica DDR4 memory protections are broken wide open by new Rowhammer technique | Ars Technica New secret-spilling hole in Intel CPUs sends company patching (again) | Ars Technica GoCD bug chain provides second springboard for supply chain attacks | The Daily Swig ‘Add yourself as super admin' – Researcher details easy-to-exploit bug that exposed GSuite accounts to full takeover | The Daily Swig Adult cam site StripChat exposes the data of millions of users and cam models - The Record by Recorded Future Hundreds of WordPress sites defaced in fake ransomware attacks - The Record by Recorded Future
Older threats, including Emotet and Mirai, are out and about, and an old vulnerability, Rowhammer, gets a fresh proof-of-concept. A new banking Trojan threatens Europe. Intel works on vulnerabilities. CISA advises awareness of recently reported DDS vulnerabilities. Joe Carrigan explains how spearphishers are using customer complaints as bait. Rick Howard epaks with Carlos Vega from Devo on Supply Chain issues. And an arrest is made in a Maryland revenge porn case. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/220
Half-Double, la nueva vulnerabilidad de Google Project Zero que mejora el impacto de RowHammer, un vector de ataque de película. Tarjetas de aprendizaje de soldados americanos accesibles públicamente en Internet exponen secretos sobre ubicaciones de búnkeres de misiles nucleares en Europa. Una aplicación móvil centrada en reportar y actuar contra el crimen, tiene un lado muy oscuro. El informe Dunhammer descubre la operación de espionaje de la NSA contra políticos europeos gracias a un pacto secreto con el Servicio de Inteligencia de Defensa danés. Anonymous declara la guerra a nada más y nada menos que a Elon Musk. El FBI retira una citación de registros web que incluye direcciones IP que hubieran podido identificar a lectores de una historia en USA TODAY publicada este febrero. Notas y referencias en tierradehackers.com Twitch: twitch.tv/tierradehackers
Alexander (@ErDetEnTing), Melvin (@Flangvik) og Vetle (@bordplate) snakker om å dumme seg ut i når man finner en sårbarhet. På nyhetsfronten snakkes det om advarsel fra NSM om FluBot på SMS, oppdatert CrackMapExec, et dark net market kalt Hydra, og til slutt om en ny type Rowhammer. Vi avslutter, som vanlig, med 5h3ll res0urces.
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Ransomware attack threatens Australian and US beef supply Talos dubs Russian ransomware crews “privateers” NYTimes writes another bad story More Fortinet pwnage Belgian government rolls Hafnium IR and finds, well, something else Google unveils new rowhammer techniques Much, much more Haroon Meer of Thinkst Canary is this week’s sponsor guest. Thinkst is spinning up a labs division, but they’ll be doing something different to the same-old bug hunting. That’s a quality conversation. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Full impact still being assessed in JBS cyber-security attack - Beef Central JBS to bring most plants online after ransomware attack - Axios JBS Cyber Hack: Meat Supplier Shuts Down Some Slaughterhouses After Attack - Bloomberg Hackers hit Australian meatworks giant | 7NEWS.com.au Colonial hack exposed TSA’s light-touch oversight of pipeline cybersecurity - The Washington Post TSA cyber requirements would fine pipeline operators for lax security practices Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber Security researchers suggest naming state-harbored hackers 'privateers' Russia Appears to Carry Out Hack Through System Used by U.S. Aid Agency - The New York Times The SolarWinds Hackers Aren’t ‘Back.’ They Never Went Away | WIRED Ex-US ambassador, anti-corruption activists in Ukraine were targets of suspected Russian phishing US seizes two domains used by the SVR in recent hacking campaign | The Record by Recorded Future SVR cyberspies used iOS zero-day in recent phishing campaign | The Record by Recorded Future FBI says an APT breached a US municipal government via an unpatched Fortinet VPN | The Record by Recorded Future Days before a report, Chinese hackers removed malware from infected networks | The Record by Recorded Future Belgium government discovers old 2019 hack during Hafnium investigation | The Record by Recorded Future Possible Chinese hackers pose as UN, human rights group to eavesdrop on beleaguered Uyghur population Faulty emailing tool prevented Accellion from notifying customers of attacks | The Record by Recorded Future The FBI will feed hacked passwords directly into Have I Been Pwned | The Record by Recorded Future Macron says wiretapping ‘not acceptable between allies’ after report adds details about old NSA program - The Washington Post Malware campaign targets server hosting software CWP | The Record by Recorded Future Fujitsu suspends ProjectWEB platform after Japanese government hacks | The Record by Recorded Future Hackers target Japanese government, transportation entities Using Fake Reviews to Find Dangerous Extensions – Krebs on Security Boss of ATM Skimming Syndicate Arrested in Mexico – Krebs on Security Russian hacker Pavel Sitnikov arrested for sharing malware source code | The Record by Recorded Future French authorities seize their third dark web marketplace | The Record by Recorded Future WhatsApp’s Fight With India Has Global Implications | WIRED Threema, the European rival to Signal, wins pivotal privacy battle in Swiss Court | The Daily Swig Apple’s M1 Chip Has a Fascinating Flaw | WIRED Google says Rowhammer attacks are gaining range as RAM is getting smaller | The Record by Recorded Future No, it doesn’t just crash Safari. Apple has yet to fix exploitable flaw | Ars Technica Inside The ‘World’s Largest’ Video Game Cheating Empire 'FIND THIS FUCK:' Inside Citizen’s Dangerous Effort to Cash In On Vigilantism Hacktivist Posts Massive Scrape of Crime App Citizen to Dark Web
How Firefox showed the hand to a widely abused online tracking trick. Why reading from one part of your computer's memory can paradoxically (and sneakily) let you write to another part. And yet more IoT bugs, this time a whole slew of them that go by the moniker "name:wreck". With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity
How Firefox showed the hand to a widely abused online tracking trick. Why reading from one part of your computer's memory can paradoxically (and sneakily) let you write to another part. And yet more IoT bugs, this time a whole slew of them that go by the moniker "name:wreck". https://nakedsecurity.sophos.com/firefox-88-patches-bugs https://nakedsecurity.sophos.com/serious-security-rowhammer-is-back https://nakedsecurity.sophos.com/iot-bug-report-claims-at-least-100m With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)
Доклады по порядку: Building a Vulnerability Disclosure Program that Works for Election Vendors and Hackers (https://youtu.be/iH56dHNFmXo) Reverse Engineering the Tesla Battery Management System to increase Power Available (https://youtu.be/UV2zvgyIF0I) Virtually Private Networks (https://youtu.be/1FbmSCpYIx4) Plundervolt: Flipping Bits from Software without Rowhammer (https://youtu.be/zKIliM-pHFs) You have No Idea Who Sent that Email: 18 Attacks on Email Sender Authentication (https://youtu.be/ar_lVqkWcHk) Engineering Empathy: Adapting Software Engineering Principles and Process to Security (https://youtu.be/_tbd1y6fbHU) Lamphone: Real-Time Passive Reconstruction of Speech Using Light Emitted from Lamps (https://youtu.be/9b1ffAcKZ_c) Heroku Abuse Operations: Hunting Wolves in Sheep's Clothing (https://youtu.be/S4BQg-yX5WQ) Breaking Brains, Solving Problems: Lessons Learned from 2 Years of Setting puzzles for InfoSec Pros (https://youtu.be/16JWimnLE5A) Нас можно найти: 1. Telegram: https://t.me/proConf 2. Youtube: https://www.youtube.com/c/proconf 3. SoundCloud: https://soundcloud.com/proconf 4. Itunes: https://podcasts.apple.com/by/podcast/podcast-proconf/id1455023466 5. Spotify: https://open.spotify.com/show/77BSWwGavfnMKGIg5TDnLz
You can find Ken on Twitter at twitter.com/kenshirriff and his blog righto.com.- Soyuz blog post: http://www.righto.com/2020/01/inside-digital-clock-from-soyuz.html- IBM System/370: https://en.wikipedia.org/wiki/IBM_System/370- Amdahl: https://en.wikipedia.org/wiki/Amdahl_Corporation- Build Your Own Z80 Computer: https://books.google.com/books?id=mVQnFgWzX0AC&pg=PA1#v=onepage&q&f=false- Euler: https://en.wikipedia.org/wiki/Leonhard_Euler- Commodore PET: https://en.wikipedia.org/wiki/Commodore_PET- TRS-80 (Trash-80): https://en.wikipedia.org/wiki/TRS-80 https://techland.time.com/2012/08/03/trs-80/- Visual 6502: http://www.visual6502.org/- MOS 6502: https://en.wikipedia.org/wiki/MOS_Technology_6502- Metallurgy microscope: https://www.amscope.com/compound-microscopes/metallurgical-microscopes.html- AM2900: https://en.wikipedia.org/wiki/AMD_Am2900- MOS transistor: https://en.wikipedia.org/wiki/MOSFET- Cray-1: https://en.wikipedia.org/wiki/Cray-1- Intel 4004: https://en.wikipedia.org/wiki/Intel_4004- Datapoint 2200: https://en.wikipedia.org/wiki/Datapoint_2200- Intel 8008: https://en.wikipedia.org/wiki/Intel_8008- Endianness: https://en.wikipedia.org/wiki/Endianness- TTL chips: https://en.wikipedia.org/wiki/Transistor%E2%80%93transistor_logic- Big Endian and Little Endian: https://chortle.ccsu.edu/AssemblyTutorial/Chapter-15/ass15_3.html- Xerox Alto: https://en.wikipedia.org/wiki/Xerox_Alto- Charles Simonyi: https://en.wikipedia.org/wiki/Charles_Simonyi- Punched cards: https://en.wikipedia.org/wiki/Punched_card- Why did line printers have 132 columns?: https://retrocomputing.stackexchange.com/questions/7838/why-did-line-printers-have-132-columns- Teletype 33: https://en.wikipedia.org/wiki/Teletype_Model_33- Analogue computer: https://en.wikipedia.org/wiki/Analog_computer- Analogue computer thread: https://twitter.com/kenshirriff/status/1223675683387265024- Differential analyser: https://en.wikipedia.org/wiki/Differential_analyser- Bitcoin mining on a 1401: http://www.righto.com/2015/05/bitcoin-mining-on-55-year-old-ibm-1401.html- Mining bitcoin with pencil and paper: https://www.youtube.com/watch?v=y3dqhixzGVo- Bitcoin mining on a Xerox Alto: http://www.righto.com/2017/07/bitcoin-mining-on-vintage-xerox-alto.html- Bitcoin mining on the Apollo Guidance computer: http://www.righto.com/2019/07/bitcoin-mining-on-apollo-guidance.html- Colossus computer: https://en.wikipedia.org/wiki/Colossus_computer- Accounting machine: https://en.wikipedia.org/wiki/Accounting_machine- Memory phosphor: https://www.britannica.com/science/memory-phosphor- Rowhammer: https://en.wikipedia.org/wiki/Row_hammer- Core memory: https://en.wikipedia.org/wiki/Magnetic-core_memory- Williams tube: https://en.wikipedia.org/wiki/Williams_tube- Core rope memory: https://en.wikipedia.org/wiki/Core_rope_memory- Honeywell 800: https://people.cs.clemson.edu/~mark/h800.html- Honeywell 1800: https://www.computerhistory.org/brochures/doc-4372956da1170/ http://ed-thelen.org/comp-hist/BRL64-h.html#HONEYWELL-1800- SPARC delayed branching: https://arcb.csc.ncsu.edu/~mueller/codeopt/codeopt00/notes/delaybra.html- IBM 360 Model 50: https://en.wikipedia.org/wiki/IBM_System/360_Model_50- RR Auction: https://www.rrauction.com/
Dynamic random-access memory – or DRAM – is the most popular form of volatile computer memory in the world but it’s particularly susceptible to Rowhammer, an adversarial attack that can cause data loss and security exploits in everything from smart phones to the cloud. Today, Dr. Stefan Saroiu, a Senior Principal Researcher in MSR’s Mobility and Networking group, explains why DRAM remains vulnerable to Rowhammer attacks today, even after several years of mitigation efforts, and then tells us how a new approach involving bespoke extensibility mechanisms for DRAM might finally hammer Rowhammer in the fight to keep data safe and secure.
This week's stories:Two new un-patched 0-days affecting billions of Windows users - here is the fix!Mozilla reversed itself on TLS v1.0 and 1.1 deprecation... due to the coronavirusA micropatch for Win7 and Server 2008Chrome's release schedule has been impacted by the coronavirusAvast emergency-disables their internal JavaScript emulatorCookieThief - "FireSheep evolves for the 21st century"PwnToOwn Spring 2020 winnersSteve's coronavirus journeyThe fixes for RowHammer have not worked Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: privacy.com/securitynow Wasabi.com offer code SECURITYNOW
This week's stories:Two new un-patched 0-days affecting billions of Windows users - here is the fix!Mozilla reversed itself on TLS v1.0 and 1.1 deprecation... due to the coronavirusA micropatch for Win7 and Server 2008Chrome's release schedule has been impacted by the coronavirusAvast emergency-disables their internal JavaScript emulatorCookieThief - "FireSheep evolves for the 21st century"PwnToOwn Spring 2020 winnersSteve's coronavirus journeyThe fixes for RowHammer have not worked Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: privacy.com/securitynow Wasabi.com offer code SECURITYNOW
This week's stories:Two new un-patched 0-days affecting billions of Windows users - here is the fix!Mozilla reversed itself on TLS v1.0 and 1.1 deprecation... due to the coronavirusA micropatch for Win7 and Server 2008Chrome's release schedule has been impacted by the coronavirusAvast emergency-disables their internal JavaScript emulatorCookieThief - "FireSheep evolves for the 21st century"PwnToOwn Spring 2020 winnersSteve's coronavirus journeyThe fixes for RowHammer have not worked Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: privacy.com/securitynow Wasabi.com offer code SECURITYNOW
This week's stories:Two new un-patched 0-days affecting billions of Windows users - here is the fix!Mozilla reversed itself on TLS v1.0 and 1.1 deprecation... due to the coronavirusA micropatch for Win7 and Server 2008Chrome's release schedule has been impacted by the coronavirusAvast emergency-disables their internal JavaScript emulatorCookieThief - "FireSheep evolves for the 21st century"PwnToOwn Spring 2020 winnersSteve's coronavirus journeyThe fixes for RowHammer have not worked Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: privacy.com/securitynow Wasabi.com offer code SECURITYNOW
On this week’s show Patrick and Adam discuss the week’s security news, including: Coronavirus phishing lures are everywhere Czech hospital ransomwared during crisis Voatz mobile voting app destroyed by Trail of Bits audit We recap yesterday’s livestream Windows SMBv3 bug probably not such a big deal ALL the week’s news This week’s sponsor interview is with Sam Crowther, founder of Kasada. They do bot detection and mitigation and apparently they’re quite good at it. Sam joins the show to talk through the new greyhatter of anti-anti-bot. It’s actually a really fun conversation, that one, so stick around for it. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes State-sponsored hackers are now using coronavirus lures to infect their targets | ZDNet The Internet is drowning in COVID-19-related malware and phishing scams | Ars Technica undefined TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years | Proofpoint US Live Coronavirus Map Used to Spread Malware — Krebs on Security Czech hospital hit by cyberattack while in the midst of a COVID-19 outbreak | ZDNet High-Stakes Security Setups Are Making Remote Work Impossible | WIRED A Mobile Voting App That's Already in Use Is Filled With Critical Flaws - VICE Microsoft delivers emergency patch to fix wormable Windows 10 flaw | Ars Technica undefined undefined undefined undefined Medical Device Regulation: EU to give €100bn MedTech industry a security health check | The Daily Swig WordPress to add auto-update feature for themes and plugins | ZDNet undefined Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldn't | ZDNet Avast disables JavaScript engine in its antivirus following major bug | ZDNet US is preparing to ban foreign-made drones from government use | TechCrunch Card data from the Volusion web skimmer incident surfaces on the dark web | ZDNet Intel CPUs vulnerable to new 'Snoop' attack | ZDNet Modern RAM used for computers, smartphones still vulnerable to Rowhammer attacks | ZDNet We Built a Database of Over 500 iPhones Cops Have Tried to Unlock - VICE The Web’s Bot Containment Unit Needs Your Help — Krebs on Security undefined Cyberattack Hits HHS During Coronavirus Response - Bloomberg Microsoft discontinues RDCMan app following security bug | ZDNet Google awards $100k to Dutch bug hunter for cutting-edge cloud security research | The Daily Swig #737140 Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies oracle chat on prem - Google Search Risky Business - Risky Business publications/voatz-securityreview.pdf at master · trailofbits/publications · GitHub publications/voatz-threatmodel.pdf at master · trailofbits/publications · GitHub Our Full Report on the Voatz Mobile Voting Platform | Trail of Bits Blog Securing a work from home workforce - YouTube
In this week's Cyber Security Brief podcast, Brigid O'Gorman and Dick O'Brien discuss some of the biggest infosec news stories of the last week, including, new vulnerabilities in Intel chips, and the Microsoft SMB protocol, as well as the Rowhammer vulnerability being back in the headlines. As well as this, there is an intricate phishing scam targeting Russian speakers that uses a chatbot to help you hand over your information, a mysterious Vietnam-based group is releasing Trojanized hacking tools to try and hack other hackers, the chief suspect thought to be behind the Deer[.]io online marketplace is arrested, and BEC scammers make the headlines once again.
A look at the ongoing ransomware epidemic, with some speculation about its connection to the criminal economy. Over-the-air provisioning might open Android users to sophisticated phishing approaches. Alleged spammers are indicted in California. And, ZAO, we hardly knew ye. Jonathan Katz from UMD on the evolution of Rowhammer attacks. Tamika Smith speaks with Troy Gill from AppRiver about cities being hit with ransomware. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_04.html Support our show
DragonflyBSD 5.6 is out, OpenBSD Vulkan Support, bad utmp implementations in glibc and FreeBSD, OpenSSH protects itself against Side Channel attacks, ZFS vs OpenZFS, and more. Headlines DragonflyBSD 5.6 is out (https://www.dragonflybsd.org/release56) Version 5.6.0 released 17 June 2019 Version 5.6.1 released 19 June 2019 (https://www.dragonflydigest.com/2019/06/19/23091.html) Big-ticket items Improved VM Informal test results showing the changes from 5.4 to 5.6 are available. Reduce stalls in the kernel vmpagealloc() code (vmpagelist_find()). Improve page allocation algorithm to avoid re-iterating the same queues as the search is widened. Add a vmpagehash*() API that allows the kernel to do heuristical lockless lookups of VM pages. Change vmhold() and vmunhold() semantics to not require any spin-locks. Change vmpagewakeup() to not require any spin-locks. Change wiring vm_page's no longer manipulates the queue the page is on, saving a lot of overhead. Instead, the page will be removed from its queue only if the pageout demon encounters it. This allows pages to enter and leave the buffer cache quickly. Refactor the handling of fictitious pages. Remove m->md.pvlist entirely. VM pages in mappings no longer allocate pventry's, saving an enormous amount of memory when multiple processes utilize large shared memory maps (e.g. postgres database cache). Refactor vmobject shadowing, disconnecting the backing linkages from the vmobject itself and instead organizing the linkages in a new structure called vmmapbacking which hangs off the vmmapentry. pmap operations now iterate vmmapbacking structures (rather than spin-locked page lists based on the vmpage and pventry's), and will test/match operations against the PTE found in the pmap at the requisite location. This doubles VM fault performance on shared pages and reduces the locking overhead for fault and pmap operations. Simplify the collapse code, removing most of the original code and replacing it with simpler per-vmmapentry optimizations to limit the shadow depth. DRM Major updates to the radeon and ttm (amd support code) drivers. We have not quite gotten the AMD support up to the more modern cards or Ryzen APUs yet, however. Improve UEFI framebuffer support. A major deadlock has been fixed in the radeon/ttm code. Refactor the startup delay designed to avoid conflicts between the i915 driver initialization and X startup. Add DRMIOCTLGET_PCIINFO to improve mesa/libdrm support. Fix excessive wired memory build-ups. Fix Linux/DragonFly PAGE_MASK confusion in the DRM code. Fix idr_*() API bugs. HAMMER2 The filesystem sync code has been rewritten to significantly improve performance. Sequential write performance also improved. Add simple dependency tracking to prevent directory/file splits during create/rename/remove operations, for better consistency after a crash. Refactor the snapshot code to reduce flush latency and to ensure a consistent snapshot. Attempt to pipeline the flush code against the frontend, improving flush vs frontend write concurrency. Improve umount operation. Fix an allocator race that could lead to corruption. Numerous other bugs fixed. Improve verbosity of CHECK (CRC error) console messages. OpenBSD Vulkan Support (https://www.phoronix.com/scan.php?page=news_item&px=OpenBSD-Vulkan-Support) Somewhat surprisingly, OpenBSD has added the Vulkan library and ICD loader support as their newest port. This new graphics/vulkan-loader port provides the generic Vulkan library and ICD support that is the common code for Vulkan implementations on the system. This doesn't enable any Vulkan hardware drivers or provide something new not available elsewhere, but is rare seeing Vulkan work among the BSDs. There is also in ports the related components like the SPIR-V headers and tools, glsllang, and the Vulkan tools and validation layers. This is of limited usefulness, at least for the time being considering OpenBSD like the other BSDs lag behind in their DRM kernel driver support that is ported over from the mainline Linux kernel tree but generally years behind the kernel upstream. Particularly with Vulkan, newer kernel releases are needed for some Vulkan features as well as achieving decent performance. The Vulkan drivers of relevance are the open-source Intel ANV Vulkan driver and Radeon RADV drivers, both of which are in Mesa though we haven't seen any testing results to know how well they would work if at all currently on OpenBSD, but they're at least in Mesa and obviously open-source. + A note: The BSDs are no longer that far behind. + FreeBSD 12.0 uses DRM from Linux 4.16 (April 2018), and the drm-devel port is based on Linux 5.0 (March 2019) + OpenBSD -current as of April 2019 uses DRM from Linux 4.19.34 News Roundup Bad utmp implementations in glibc and freebsd (https://davmac.wordpress.com/2019/05/04/bad-utmp-implementations-in-glibc-and-freebsd/) I recently released another version – 0.5.0 – of Dinit, the service manager / init system. There were a number of minor improvements, including to the build system (just running “make” or “gmake” should be enough on any of the systems which have a pre-defined configuration, no need to edit mconfig by hand), but the main features of the release were S6-compatible readiness notification, and support for updating the utmp database. In other words, utmp is a record of who is currently logged in to the system (another file, “wtmp”, records all logins and logouts, as well as, potentially, certain system events such as reboots and time updates). This is a hint at the main motivation for having utmp support in Dinit – I wanted the “who” command to correctly report current logins (and I wanted boot time to be correctly recorded in the wtmp file). I wondered: If the files consist of fixed-sized records, and are readable by regular users, how is consistency maintained? That is – how can a process ensure that, when it updates the database, it doesn’t conflict with another process also attempting to update the database at the same time? Similarly, how can a process reading an entry from the database be sure that it receives a consistent, full record and not a record which has been partially updated? (after all, POSIX allows that a write(2) call can return without having written all the requested bytes, and I’m not aware of Linux or any of the *BSDs documenting that this cannot happen for regular files). Clearly, some kind of locking is needed; a process that wants to write to or read from the database locks it first, performs its operation, and then unlocks the database. Once again, this happens under the hood, in the implementation of the getutent/pututline functions or their equivalents. Then I wondered: if a user process is able to lock the utmp file, and this prevents updates, what’s to stop a user process from manually acquiring and then holding such a lock for a long – even practically infinite – duration? This would prevent the database from being updated, and would perhaps even prevent logins/logouts from completing. Unfortunately, the answer is – nothing; and yes, it is possible on different systems to prevent the database from being correctly updated or even to prevent all other users – including root – from logging in to the system. + A good find + On FreeBSD, even though write(2) can be asynchronous, once the write syscall returns, the data is in the buffer cache (or ARC), and any future read(2) will see that new data even if it has not yet been written to disk. OpenSSH gets an update to protect against Side Channel attacks (https://securityboulevard.com/2019/06/openssh-code-gets-an-update-to-protect-against-side-channel-attacks/) Last week, Damien Miller, a Google security researcher, and one of the popular OpenSSH and OpenBSD developers announced an update to the existing OpenSSH code that can help protect against the side-channel attacks that leak sensitive data from computer’s memory. This protection, Miller says, will protect the private keys residing in the RAM against Spectre, Meltdown, Rowhammer, and the latest RAMBleed attack. SSH private keys can be used by malicious threat actors to connect to remote servers without the need of a password. According to CSO, “The approach used by OpenSSH could be copied by other software projects to protect their own keys and secrets in memory”. However, if the attacker is successful in extracting the data from a computer or server’s RAM, they will only obtain an encrypted version of an SSH private key, rather than the cleartext version. In an email to OpenBSD, Miller writes, “this change encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large ‘prekey’ consisting of random data (currently 16KB).” ZFS vs OpenZFS (https://www.ixsystems.com/blog/zfs-vs-openzfs/) You’ve probably heard us say a mix of “ZFS” and “OpenZFS” and an explanation is long-overdue. From its inception, “ZFS” has referred to the “Zettabyte File System” developed at Sun Microsystems and published under the CDDL Open Source license in 2005 as part of the OpenSolaris operating system. ZFS was revolutionary for completely decoupling the file system from specialized storage hardware and even a specific computer platform. The portable nature and advanced features of ZFS led FreeBSD, Linux, and even Apple developers to start porting ZFS to their operating systems and by 2008, FreeBSD shipped with ZFS in the 7.0 release. For the first time, ZFS empowered users of any budget with enterprise-class scalability and data integrity and management features like checksumming, compression and snapshotting, and those features remain unrivaled at any price to this day. On any ZFS platform, administrators use the zpool and zfs utilities to configure and manage their storage devices and file systems respectively. Both commands employ a user-friendly syntax such as‘zfs create mypool/mydataset’ and I welcome you to watch the appropriately-titled webinar “Why we love ZFS & you should too” or try a completely-graphical ZFS experience with FreeNAS. Oracle has steadily continued to develop its own proprietary branch of ZFS and Matt Ahrens points out that over 50% of the original OpenSolaris ZFS code has been replaced in OpenZFS with community contributions. This means that there are, sadly, two politically and technologically-incompatible branches of “ZFS” but fortunately, OpenZFS is orders of magnitude more popular thanks to its open nature. The two projects should be referred to as “Oracle ZFS” and “OpenZFS” to distinguish them as development efforts, but the user still types the ‘zfs’ command, which on FreeBSD relies on the ‘zfs.ko’ kernel module. My impression is that the terms of the CDDL license under which the OpenZFS branch of ZFS is published protects its users from any patent and trademark risks. Hopefully, this all helps you distinguish the OpenZFS project from the ZFS technology. + There was further discussion of how the ZFSOnLinux repo will become the OpenZFS repo in the future once it also contains the bits to build on FreeBSD as well during the June 25th ZFS Leadership Meeting. The videos for all of the meetings are available here (https://www.youtube.com/channel/UC0IK6Y4Go2KtRueHDiQcxow) Beastie Bits How to safely and portably close a file descriptor in a multithreaded process without running into problems with EINTR (https://twitter.com/cperciva/status/1141852451756105729?s=03) KnoxBug Meetup June 27th at 6pm (http://knoxbug.org/2019-06-27) BSD Pizza Night, June 27th at 7pm, Flying Pie Pizzeria, 3 Monroe Pkwy, Ste S, Lake Oswego, OR (https://www.flying-pie.com/locations/lake-oswego/) Difference between $x and ${x} (https://moopost.blogspot.com/2019/06/difference-between-x-and-x.html) Beware of Software Engineering Media Sites (https://www.nemil.com/on-software-engineering/beware-engineering-media.html) How Verizon and a BGP optimizer knocked large parts of the internet offline today (https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/) DragonflyBSD - MDS mitigation added a while ago (http://lists.dragonflybsd.org/pipermail/commits/2019-May/718899.html) Reminder: Register for EuroBSDcon 2019 in Lillehammer, Norway (https://eurobsdcon.org) Feedback/Questions Dave - CheriBSD (http://dpaste.com/38233JC) Neb - Hello from Norway (http://dpaste.com/0B8XKXT#wrap) Lars - Ansible tutorial? (http://dpaste.com/3N85SHR) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) *** Your browser does not support the HTML5 video tag.
A new vulnerability may be the next 'Ping of Death'; we explore the details of SACK Panic and break down what you need to know. Plus Firefox zero days targeting Coinbase, the latest update on Rowhammer, and a few more reasons it's a great time to be a ZFS user.
Pre-computed Hash Table, v. 1.0 | Andronicus Security Advisory 2019-06-13 | Yubico Attacks that allow retrieving all HSM (Hardware Security Modules) secrets remotely The Platform Challenge: Balancing Safety, Privacy and Freedom — Alex Stamos (DataEDGE 2019) Researchers use Rowhammer bit flips to steal 2048-bit crypto key New Pervasive Worm Exploiting Linux Exim Server Vulnerability Proving that a Russian cryptographic standard is too structured Why Are Cryptographers Being Denied Entry into the US? The Cost of Cybercrime E.U.: Russians interfered in our elections, too U.S. Escalates Online Attacks on Russia’s Power Grid
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Microsoft Patches https://isc.sans.edu/forums/diary/MSFT+June+2019+Patch+Tuesday/25024/ Adobe Patches https://helpx.adobe.com/security.html SAP Security Notes https://www.onapsis.com/blog/sap-patch-notes-june-2019 Intel Updates https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Security-Updates-Mitigations-Multiple-Products Microsoft Certificate DoS https://bugs.chromium.org/p/project-zero/issues/detail?id=1804 GPS Receiver Woes https://www.flightglobal.com/news/articles/collins-gps-outage-grounds-regional-flights-458819/ RAMBleed Attack https://www.documentcloud.org/documents/6150180-RamBleed-attack-CVE-2019-0174.html
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Microsoft Patches https://isc.sans.edu/forums/diary/MSFT+June+2019+Patch+Tuesday/25024/ Adobe Patches https://helpx.adobe.com/security.html SAP Security Notes https://www.onapsis.com/blog/sap-patch-notes-june-2019 Intel Updates https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Security-Updates-Mitigations-Multiple-Products Microsoft Certificate DoS https://bugs.chromium.org/p/project-zero/issues/detail?id=1804 GPS Receiver Woes https://www.flightglobal.com/news/articles/collins-gps-outage-grounds-regional-flights-458819/ RAMBleed Attack https://www.documentcloud.org/documents/6150180-RamBleed-attack-CVE-2019-0174.html
The Battle of the Tech Giants? The reality behind the AT&T/Time Warner merger? Also, AI made encryption, Alternative 3, and much, much more... Special Guest: N/A Stories of the Week: --Random Access: Zcash is LIVE!, Vine is shutting down, the Dirty Cow and Rowhammer exploits, the AT&T/Time Warner merger, Mozilla Firefox's new engine Project Quantum.--"The Microsoft October Event" Link: tcrn.ch/2fgi3Ck First Choice:--"The Apple October Event" Link: tcrn.ch/2eSAz0V Game Talk:--"Max Stirner, Lara Croft, and Zomia Offline Games" Link: zog.ninja HackSec:--"Jerry Kaplan on Triangulation" Link: pca.st/BWDr--"AI-based Encryption" Link: tcrn.ch/2dPhFKF The Climax:--"Happy Halloween" APPENDIX:--"Agorist Hosting" Link agoristhosting.com/--"Roberts & Roberts Brokerage" Link: rrbi.co --"CryptoCompare" Link: www.cryptocompare.com/--”Sovryn Tech Solutions” Link: solutions.zog.ninja --”Libreboot X200” Link: bit.ly/1FI57ew--"Worldwide Torrents" Link: worldwidetorrents.eu----------------------------------------------------------------------------------------Make easy monthly donations through Patreon: patreon.com/sovryntechAnd you can tip me at: sovryntech.tip.meSovryn Tech is powered by Namecheap! Get a website today with Bitcoin!Donate with Bitcoin! BTC: 1AEiTkWiF8x6yjQbbhoU89vHHMrkzQ7o8d Donate with PayPal! Link: donate.zog.ninjaDonate with our Amazon Wish List! Link: wishlist.zog.ninja----------------------------------------------------------------------------------------You can e-mail the show at: bbs@sovryntech.com----------------------------------------------------------------------------------------You can also visit our IRC channel on Freenode: #SovNetOr just go to: irc.zog.ninja ----------------------------------------------------------------------------------------sovryntech.comtwitter.com/sovryntechsteamcommunity.com/id/ninjaprogram
The Battle of the Tech Giants? The reality behind the AT&T/Time Warner merger? Also, AI made encryption, Alternative 3, and much, much more... Special Guest: N/A Stories of the Week: --Random Access: Zcash is LIVE!, Vine is shutting down, the Dirty Cow and Rowhammer exploits, the AT&T/Time Warner merger, Mozilla Firefox's new engine Project Quantum.--"The Microsoft October Event" Link: tcrn.ch/2fgi3Ck First Choice:--"The Apple October Event" Link: tcrn.ch/2eSAz0V Game Talk:--"Max Stirner, Lara Croft, and Zomia Offline Games" Link: zog.ninja HackSec:--"Jerry Kaplan on Triangulation" Link: pca.st/BWDr--"AI-based Encryption" Link: tcrn.ch/2dPhFKF The Climax:--"Happy Halloween" APPENDIX:--"Agorist Hosting" Link agoristhosting.com/--"Roberts & Roberts Brokerage" Link: rrbi.co --"CryptoCompare" Link: www.cryptocompare.com/--”Sovryn Tech Solutions” Link: solutions.zog.ninja --”Libreboot X200” Link: bit.ly/1FI57ew--"Worldwide Torrents" Link: worldwidetorrents.eu----------------------------------------------------------------------------------------Make easy monthly donations through Patreon: patreon.com/sovryntechAnd you can tip me at: sovryntech.tip.meSovryn Tech is powered by Namecheap! Get a website today with Bitcoin!Donate with Bitcoin! BTC: 1AEiTkWiF8x6yjQbbhoU89vHHMrkzQ7o8d Donate with PayPal! Link: donate.zog.ninjaDonate with our Amazon Wish List! Link: wishlist.zog.ninja----------------------------------------------------------------------------------------You can e-mail the show at: bbs@sovryntech.com----------------------------------------------------------------------------------------You can also visit our IRC channel on Freenode: #SovNetOr just go to: irc.zog.ninja ----------------------------------------------------------------------------------------sovryntech.comtwitter.com/sovryntechsteamcommunity.com/id/ninjaprogram
This week, disastrous Rowhammer bitflips, malicious developer steals Bitcoin with NodeJS module, Germany proposes router security guidelines, Uber fined 148$ Million for data breach cover-up, Microsoft yanks two buggy Office patches, and a malware advertising campaign that impacts millions of iOS users! Jason Wood from Paladin Security joins us for Expert Commentary to discuss how the FBI created a fake FedEx website to unmask a cybercriminal, and more on this episode of Hack Naked News! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode198 Visit https://www.securityweekly.com/hnn for all the latest episodes! Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Disastrous Rowhammer bitflips, malicious developer steals Bitcoin with nodeJS module, Germany proposes router security guidelines, Uber fined 148$ Million for data breach cover-up, Microsoft yanks 2 buggy Office patches, and a malvertising campaign impacts millions of iOS users! Jason Wood from Paladin Security joins us for expert commentary to discuss how The FBI created a Fake FedEx Website to Unmask a Cybercriminal! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode198 Visit http://hacknaked.tv to get all the latest episodes!
This week, disastrous Rowhammer bitflips, malicious developer steals Bitcoin with NodeJS module, Germany proposes router security guidelines, Uber fined 148$ Million for data breach cover-up, Microsoft yanks two buggy Office patches, and a malware advertising campaign that impacts millions of iOS users! Jason Wood from Paladin Security joins us for Expert Commentary to discuss how the FBI created a fake FedEx website to unmask a cybercriminal, and more on this episode of Hack Naked News! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode198 Visit https://www.securityweekly.com/hnn for all the latest episodes! Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Attacks Against Docker API https://isc.sans.edu/forums/diary/Moby+the+Shark/24340/ Mirai Like Attack Hitting Hadoop https://asert.arbornetworks.com/mirai-not-just-for-iot-anymore/ New Rowhammer Variant Effects ECC Memory https://www.vusec.net/projects/eccploit/
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Attacks Against Docker API https://isc.sans.edu/forums/diary/Moby+the+Shark/24340/ Mirai Like Attack Hitting Hadoop https://asert.arbornetworks.com/mirai-not-just-for-iot-anymore/ New Rowhammer Variant Effects ECC Memory https://www.vusec.net/projects/eccploit/
The data theft technique called "Rowhammer" has fascinated and worried the cybersecurity community for years now, because it combines digital and physical hacking in ways that are both fascinating and unaccounted for. Since its discovery, researchers have steadily refined the attack, and expanded the array of targets it works against.
DRAM のハードウェアバグ Rowhammer を使った脆弱性について向井が話します。
16.06.2018 BSidesKharkiv https://kharkiv.securitybsides.org.ua/ 07.06.2018 OWASP Odesa https://www.facebook.com/events/2104923576405410/ 07.07.2018 BSidesOdessa https://odessa.securitybsides.org.ua/ Kostiantyn Korsun про NoNameCon https://www.facebook.com/kostiantyn.korsun/posts/840821456102957 EFAIL https://efail.de/ Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels (draft 0.9.1) https://efail.de/efail-attack-paper.pdf ProtonMail is safe against the efail PGP vulnerability. https://twitter.com/ProtonMail/status/995996112526954496 Efail or OpenPGP is safer than S/MIME https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html Digital Photocopiers Loaded With Secrets https://www.cbsnews.com/news/digital-photocopiers-loaded-with-secrets/ Throwhammer: Rowhammer Attacks over the Network and Defenses https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf Rowhammer strikes networks, Bolton strikes security jobs, and Nigel Thornberry strikes Chrome, and more http://www.theregister.co.uk/2018/05/12/security_roundup/ Memcached https://memcached.org/ 7-Zip: From Uninitialized Memory to Remote Code Execution https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/ IBM bans all removable storage, for all staff, everywhere http://www.theregister.co.uk/2018/05/10/ibm_bans_all_removable_storage_for_all_staff_everywhere/ Second wave of Spectre-like CPU security flaws won't be fixed for a while http://www.theregister.co.uk/2018/05/09/spectr_ng_fix_delayed/ Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed http://www.theregister.co.uk/2018/05/09/intel_amd_kernel_privilege_escalation_flaws/ Ex-CIA man fingered as prime suspect in Vault 7 spy tool manuals leak http://www.theregister.co.uk/2018/05/15/vault_7_leak/ DHCP Client Script Code Execution Vulnerability - CVE-2018-1111 https://access.redhat.com/security/vulnerabilities/3442151 Securit13 Patreon https://www.patreon.com/securit13 Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I
This week, now there's a SECOND remote Rowhammer exploit, Chrome will remove secure indicator, Google offers free DDoS protection services, Intel is set to patch two new Meltdown/Spectre vulnerabilities, and more! Jason Wood from Paladin Security joins us for expert commentary on Non-Secure Healthcare data sharing, and more on this episode of Hack Naked News! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode174 Visit https://www.securityweekly.com/hnn for all the latest episodes! Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!! →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
This week, now there's a SECOND remote Rowhammer exploit, Chrome will remove secure indicator, Google offers free DDoS protection services, Intel is set to patch two new Meltdown/Spectre vulnerabilities, and more! Jason Wood from Paladin Security joins us for expert commentary on Non-Secure Healthcare data sharing, and more on this episode of Hack Naked News! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode174 Visit http://hacknaked.tv to get all the latest episodes!
Soutenez Tech Café sur Patreon ! Réagissez à l’émission en commentaires sur techcafe.fr Echangez avec nous sur Telegram Build, IO, F8 ? CT B1 MR6. XOXO… Retour sur la Build : Your Phone, Timeline, Sets etc. Retour sur Europe IO: Android P, vers un système plus respectueux de votre temps. Sinon, les apps s’en chargeront... Et … avec les gestes de l’iPhone X ? Oui, Duplex est impressionnant, mais non, il n’a pas passé le test de Turing. Et non, Assistant n’est pas devenu une personne... (de toute façon il se présentera. Rassurés ?) … peut-être avec la version 3 des TPU ? Chrome OS aussi devient compatible Linux. ARCore 1.2, la RA devient multijoueur ! Et en marge : Lookout, pour les malvoyants… Qui saura Seurat ? La simplification de scènes 3D passe open source. J’ai tout VRsé ! En attendant, il y a Oculus Go, un casque grand public et social ? Bientôt les cours de fac en VR ? Facebook veut aller au delà du (demi) dôme de la VR…! Et passe un cap dans le suivi des mains. Des écrans à 1001 PPI ? Non : à 2228 PPI ! Allez plus hauuuuut…! Et dessiner des souvenirs… Et croire encore à l’avenir : Apple préparerait un super casque AR / VR pour 2022. Samsung et Microsoft aussi. Evidemment. En bref Amazon Écho Dot Kids Klout est mort ! Longue vive au score social ! L’action Facebook revient à son score d’avant Cambridge Analytica Allo maman crypto… Facebook réfléchit à sa propre blockchain. HTC dévoile Exodus, un smartphone décrit comme le "premier smartphone natif de la blockchain" Année record pour NVIDIA grâce aux cryptomonnaies. Vous pouvez stocker vos bitcoin dans un coffre fort souterrain. Tout fout le camp : on a trouvé un malware dans l’app store Ubuntu. Je suis nono, le petit robot Atlas se balade dans le parc et Spot Mini va chercher les photocopies… Tenté ? Achetez le dès 2019 ! La Roborace ? Ca roule… mais pas en campagne. Heureusement il y a Maplite ! Cool, bientôt des sexdolls robotiques pas chères et turboglauques. Rowhammer sur GPU, la faille qui se creuse de plus en plus… Téléphones pliants : Motorola aussi. La notch family s’agrandit : le OnePlus 6 est dispo sur Amazon ! Uber veut des taxis volants dès 2023. Au moins, y aura plus de piétons… Mission to Mars : Jeff en course contre Elon. Je parie sur Jeff. #wisdom : Google refuse les annonces concernant le référendum Irlandais. La NES classic revient en rayon ! Bonus GPP : Aggretsuko Guillaume : Relife 16 Participants : Guillaume Poggiaspalla Présenté par Guillaume Vendé
Nearly four years have passed since researchers began to experiment with a hacking technique known as "Rowhammer," which breaks practically every security model of a computer by manipulating the physical electric charge in memory chips to corrupt data in unexpected ways. Since that attack exploits the most fundamental properties of computer hardware, no software patch can fully fix it. And now, for the first time, hackers have found a way to use Rowhammer against Android phones over the internet.
Anfang 2018 deckte ein Team aus jungen Informatikern verheerende Sicherheitslücken in Computer-Prozessoren auf und sorgte damit für weltweites Aufsehen. Aktuell sind Daniel Gruss, Moritz Lipp und Michael Schwarz (v.l.) auch Sicherheitslücken durch so genannte Rowhammer-Angriffe auf der Spur. Der Beitrag Wenn Rowhammer nur einmal klopft erschien zuerst auf AirCampus.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Locky Ransomware Updates https://isc.sans.edu/forums/diary/Necurs+Botnet+malspam+pushes+Locky+using+DDE+attack/22946/ https://isc.sans.edu/forums/diary/HSBCthemed+malspam+uses+ISO+attachments+to+push+Loki+Bot+malware/22942/ Authedmine To Replace Coinhive https://coinhive.com/blog/authedmine Attackers Scan for SSH Keys via Webexploits https://www.wordfence.com/blog/2017/10/ssh-key-website-scans/ Attacking Colocated Virtual Machines with Rowhammer https://thisissecurity.stormshield.com/2017/10/19/attacking-co-hosted-vm-hacker-hammer-two-memory-modules/
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Locky Ransomware Updates https://isc.sans.edu/forums/diary/Necurs+Botnet+malspam+pushes+Locky+using+DDE+attack/22946/ https://isc.sans.edu/forums/diary/HSBCthemed+malspam+uses+ISO+attachments+to+push+Loki+Bot+malware/22942/ Authedmine To Replace Coinhive https://coinhive.com/blog/authedmine Attackers Scan for SSH Keys via Webexploits https://www.wordfence.com/blog/2017/10/ssh-key-website-scans/ Attacking Colocated Virtual Machines with Rowhammer https://thisissecurity.stormshield.com/2017/10/19/attacking-co-hosted-vm-hacker-hammer-two-memory-modules/
More Chrome extensions have been compromised, disabling safety features in cars, being targeted via AirDrop, USB is less secure (go figure), and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode526 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly
More Chrome extensions have been compromised, disabling safety features in cars, being targeted via AirDrop, USB is less secure (go figure), and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode526 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Maldoc with auto-updated link https://isc.sans.edu/forums/diary/Maldoc+with+autoupdated+link/22730/ Rowhammer is Back: SSD Memory Affected https://www.usenix.org/system/files/conference/woot17/woot17-paper-kurmus.pdf Nathaniel Quist: Active Defense in a Labyrinth of Deception https://www.sans.org/reading-room/whitepapers/ActiveDefense/active-defense-labyrinth-deception-37462
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Maldoc with auto-updated link https://isc.sans.edu/forums/diary/Maldoc+with+autoupdated+link/22730/ Rowhammer is Back: SSD Memory Affected https://www.usenix.org/system/files/conference/woot17/woot17-paper-kurmus.pdf Nathaniel Quist: Active Defense in a Labyrinth of Deception https://www.sans.org/reading-room/whitepapers/ActiveDefense/active-defense-labyrinth-deception-37462
In today's podcast we hear about a successful business email compromise caper, and some more SWIFT fraud. Vanya the RIPPER is on the lam from Thai police. iMessaging issues surface. Cerber ransomware is being spread by Word documents. Adobe's hot fix swats a Cold Fusion bug. Rowhammer attacks are shown to be a real possibility. Election hacking and influence operations. Centrify's Corey Williams weighs in on the Sage Software data breach, and Jonathan Katz from the University of Maryland explains an iMessage vulnerability. And a tip: if you look good for your mugshot, you won't be tempted to Facebook a more flattering one to the authorities.
More on Buhtrap and its sophisticated spearphishing of Russian banks. There are more reasons (as if they were needed) not to jailbreak your iPhones and iPads. Also, stay away from "adult" apps on your Android. And we hear from the University of Maryland's Ben Yelin, who brings us up to date on the lingering fallout of the Snowden leaks.
Your job will never love you; WIFI isn't making you sick; mind your own business, twitter vigilantes; RIP Google+; Win10; air-gapped hack, Rowhammer, Black Darts, hacking sniper rifles, breaking Brinks, FBI plane surveillance & the Hoff, oh my vlog! Show notes at http://grumpyoldgeeks.com/121
Vi uppdaterar oss om Rowhammer, konstaterar icke nyheten att Internet Explorer är död. I läslistan finns nyheter från 2008 kring Cloud OS och funderingar leder till om det går att utropa en teknik till vinnare idag. PayPal lämnar VMware, i alla fall delvis till förmån för OpenStack. Jonas berättar om Y-combinator och deras startup "skola" och vi avrudnar med att prata om hur DevOps inte är en cowboy verksamhet utan faktiskt innefattar processer. Länkar: http://gizmodo.com/internet-explorer-is-dead-and-everything-else-you-miss-1691676029?utm_campaign=socialflow_gizmodo_facebook&utm_source=gizmodo_facebook&utm_medium=socialflow http://www.forbes.com/sites/benkepes/2015/03/24/good-bye-vmware-hello-openstack-paypal-axes-virtualization-giant/ http://www.cnet.com/news/the-battle-of-the-cloud-oses-begins-in-earnest/ http://techcrunch.com/2015/03/24/y-combinator-demos/ http://lattice.cf/docs/index.html http://foundersatwork.posthaven.com/my-interviews-with-airbnb-dropbox-posterous-reddit-weebly-and-wufoo-circa-2010 EMC World länkar: http://www.eventbrite.com/e/devops-emc-world-tickets-15881059677 http://emcworldsverige.com/ Medverkande: Markus Eskola, @wimpyfudgeJonas Rosland, @jonasrosland
Intro: Кар - Мэн - Лондон гуд-бай https://www.youtube.com/watch?v=Uyisn3MTmJQ The Company Securing Your Internet Has Close Ties to Russian Spies http://www.bloomberg.com/news/articles/2015-03-19/cybersecurity-kaspersky-has-close-ties-to-russian-spies A practical guide to making up a sensation https://eugene.kaspersky.com/2015/03/20/a-practical-guide-to-making-up-a-sensation/ H4cked off: Is Eugene Kaspersky 'in bed' (or the sauna) with the Russian government? Derr, of course he is http://www.computing.co.uk/ctg/feature/2400777/is-eugene-kaspersky-in-bed-or-the-sauna-with-the-russian-government-derr-of-course-he-is Exploiting the DRAM rowhammer bug to gain kernel privileges http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html The Rowhammer Bug http://www.rowhammer.com/ Risky Business #357 -- Mark Dowd talks Rowhammer http://risky.biz/RB357 Black Box Can Brute Force Crack iPhone PIN Passcodes http://www.forbes.com/sites/thomasbrewster/2015/03/16/300-device-can-pop-open-old-iphones-with-ease/ New BIOS implant, vulnerability discovery tool to debut at CanSecWest https://threatpost.com/new-bios-implant-vulnerability-discovery-tool-to-debut-at-cansecwest/111710 Mobile Android, iOS apps still vulnerable to FREAK attacks https://threatpost.com/mobile-android-ios-apps-still-vulnerable-to-freak-attacks/111695 RC4 must die http://www.isg.rhul.ac.uk/tls/RC4mustdie.html uTorrent Installs Bitcoin Miner http://anonhq.com/utorrent-installs-bitcoin-miner-bad-pc/ OpenSSL Audit https://cryptoservices.github.io/openssl/2015/03/09/openssl-audit.html Webnic Registrar Blamed for Hijack of Lenovo http://krebsonsecurity.com/2015/02/webnic-registrar-blamed-for-hijack-of-lenovo-google-domains/ Bogus SSL certificate for Windows Live could allow man-in-the-middle hacks http://arstechnica.com/security/2015/03/bogus-ssl-certificate-for-windows-live-could-allow-man-in-the-middle-hacks/ Yahoo Mail launches on-demand passwords, end-to-end encryption coming by year's end http://www.techspot.com/news/60064-yahoo-mail-launches-demand-passwords-end-end-encryption.html Yahoo exec goes mano a mano with NSA director over crypto backdoors http://arstechnica.com/tech-policy/2015/02/yahoo-exec-goes-mano-a-mano-with-nsa-director-over-crypo-backdoors/ Adobe web services vulnerability disclosure program https://hackerone.com/adobe Yahoo! pays $24,000 to Hacker for finding Security Vulnerabilities http://thehackernews.com/2015/03/yahoo-bug-bounty.html Cyber terror test tasks hackers with saving London from hacked battleship http://m.v3.co.uk/v3-uk/news/2399541/cyber-terror-test-tasks-hackers-with-saving-london-from-hacked-battleship Banning Tor unwise and infeasible, MPs told http://www.bbc.com/news/technology-31816410 Drupal Patches Critical Password-Reset Vulnerability http://thehackernews.com/2015/03/hacking-drupal-website.html GPG Suite Beta 6 https://gpgtools.org/ Интервью с представителем департамента по борьбе с кибер. преступностью Украины Василием Гузием Форма связи http://cybercrime.gov.ua/ua/feedback-ua Outro: Петр Сказкив - Буревій https://youtu.be/DlvL1O9QFMc?t=1m54s
Episode dédié à RowHammer. The post RowHammer appeared first on NoLimitSecu.
Mr. Boettcher went on vacation and was volunteering for Austin Bsides this week, and I needed to do a podcast, so I enlisted the aid of Lee Brotherston and Jarrod Frates discuss some important topics. We discuss the seemingly short talent pool for IT/IS positions. We talk about the ROWHAMMER vulnerability and how it may affect your organization. Additionally, we talk about how the NTP protocol is being maintained by one person and what can be done to help with that, as it is a critical piece of Internet Infrastructure, and finally, we figure out why PGP/GPG is not user-friendly, and if there are ways to make it better, or if it needs to be replaced permanently. News of the week RowHammer - http://www.darknet.org.uk/2015/03/rowhammer-ddr3-exploit-what-you-need-to-know/ Lack of hire-able people in IT/IS - per Leviathan Sec report. https://www.leviathansecurity.com/blog/scarcity-of-cybersecurity-expertise/ NTP maintained by one guy ‘Father Time’ http://www.informationweek.com/it-life/ntps-fate-hinges-on-father-time/d/d-id/1319432 Moxie Marlinspike’s GPG/PGP rant: Perfection ruined the goal http://www.thoughtcrime.org/blog/gpg-and-me/
Rowhammer, malicious code obfuscators, XML & CHM exploits, and the Internet Weather Report. Originally recorded March 10, 2015.
© 2020-2025 Ivy Podcast Discovery LLC
