Super(conductive) Graphene, Yandex Leak, No Fly Lists, & Thinkpad Servers – PSW #771

This is a massive collection of IR files for the flipper. I've tested a few on Unleashed firmware, and they are working great! I mean, who doesn't want to carry around a pre-programmed universal remote with them at all times?

• Ah, right, so this: print(os.path.abspath('/home/username/../../etc/passwd')) results in this: '/etc/passwd'
• But this: print(os.path.join('/home/username/../../etc/', 'passwd')) results in this: /home/username/../../etc/passwd
• And now you understand the vulnerability :)

"With a victim’s phone number, an attacker would go to the centralized accounts center, enter the phone number of the victim, link that number to their own Facebook account, and then brute force the two-factor SMS code. This was the key step, because there was no upper limit to the amount of attempts someone could make." - I think this means the victim still gets an SMS message with a code they did not request...

This is great, chaining some exploits, unauthenticated RPC with directory traversal for the win! Summary: "We create a Thrift client and are allowed unauthenticated access to the Log Insight Thrift server. We create a malicious tar file containing a directory traversal using a valid Pak file. Using remotePakDownloadCommand, we upload the malicious Pak file to /tmp/.pak. We cause the Pak file to be extracted using pakUpgradeCommand. This writes our file to where we want on the filesystem."

Interesting: "Last summer Intel published guidance around the Data Operand Independent Timing (DOIT) instruction mode that can be enabled with recent generations of Intel processors to ensure constant time execution for a subset of the Intel instruction set, which can be particularly important for cryptographic algorithms. Linux kernel developer discussions fizzled out last year over handling this DOIT functionality for what is described as a CPU vulnerability with recent Intel CPUs. However, now a Linux kernel patch from a Google developer would enable this change unconditionally for newer Intel CPUs but raises performance concerns." - This is in response to the Hertzbleed attack from last year that we covered.

Hrm, and it looks like older Debian versions are vulnerable: https://security-tracker.debian.org/tracker/source-package/samba

Wow, parameter SQL injection along with XSS in an error message that gets displayed. This opens up too many possibilities, so bypassing the WAF was the next logical step. This just should not exist today, but it does, because bugs never die...

SSRF leads to RCE, PoC exists, haven't found it yet. Also, Shodan did not have much to say about port 65002 (where the service runs that is vulnerable).

This is a really neat use-case for a laptop, rip out as much as you can, get some airflow to it, and use it as a server!

This is really awesome; we should all pay attention to it: "The basic assumption of our monitoring idea is that certain exceptions should never appear in production applications that were written securely. For example - SQL ‘syntax errors’ should not occur when a query is written ‘properly’ (i.e. using a valid parameterized query library). Such exceptions may indicate that the actual syntax of the SQL query changed due to a runtime aspect (for example user input) that was not properly handled or was unexpected...If you ‘reverse’ this logic, the process becomes clear - instead of searching for injections using penetration tests (and then finding evidence in the log), find errors in the logs and then reverse-engineer them to build the injection payload and find the vulnerability."

• "Cisco noted that an exploit is floating around the internet, although it has not been made publicly available. But the good news is that Cisco is unaware of these exploits being used maliciously." - I don't seem to remember a requirement that malicious actors report exploitation of vulnerabilities in the wild to the vendor, unless I missed the memo.
• This is also really bad on all fronts: *"Cisco stated in their advisory that they have “not released software updates to address the vulnerabilities described in [the] advisory.” and that “there are no workarounds that address these vulnerabilities.”. Given that these devices are End of Life (meaning they are entirely unsupported by Cisco), there will not be an official fix for the vulnerabilities.""
• You should just disable the web interface on these devices. This also begs the question of support for firmware-based systems, when does it end and how long are you keeping the device? It's frustrating that we could use devices for longer periods of time, but OEMs do not want to support them that long, or allow you to run your own firmware in most cases.

What happened to innocent until proven guilty?

"The tool works because, as one of the hackers involved (CoolElectronics#4683) explains, only kernel partitions are checked for signatures by ChromeOS firmware. Other partitions can be edited after the forced readonly bit is removed." - Not entirely sure how this works (and shim is an overloaded term), but it sounds like you can obtain a package that includes a signed bootloader and kernel, which then allows you to install any other software you want because the rest is not checked for a signature.

I don't generally look to Popular Mechanics for articles on Cybersecurity, but who am I to judge? The article cites a presentation at the recent World Economic Forum (WEF) highlighting the WEF Global Security Outlook Report 2023, which asserts that “93 percent of cyber leaders, and 86 percent of cyber business leaders, believe that the geopolitical instability makes a catastrophic cyber event likely in the next two years." Given the state of our industry, I'm not sure we prevent this from occurring, so what should be our strategy?

Spaf is very excited about his latest book release - so go grab a copy today!

In Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us, three cybersecurity pioneers don't just deliver the first comprehensive collection of falsehoods that derail security from the frontlines to the boardroom; they offer expert practical advice for avoiding or overcoming each myth.

AI has made progress at an incredible pace. Why? Because of a new class of AI models that are more flexible and powerful than anything that has come before: foundation models. The main drivers of this success are programmable GPUs, large training data sets, and a model from Google called "the transformer." Inputs are reduced to a matrix of numbers so large data inputs can be efficiently processed.

The FBI's new strategy prioritizes helping victims of cybercrime over gathering evidence for prosecution. The FBI had extraordinary access for six months to the computer infrastructure of a Russian-speaking ransomware group known as Hive, and passed keys to victims so they could decrypt their systems and thwart $130 million in ransom payments.

Graphene is an atom-thin material made from carbon atoms that are linked in a hexagonal pattern resembling chicken wire. Two sheets of graphene stacked together and rotated by the magic angle of 1.1 degrees create a new material with an amazing property: superconductivity that can be turned on and off with an electric pulse, much like a light switch.

The discovery could lead to ultrafast, energy-efficient superconducting transistors for neuromorphic devices—electronics designed to operate in a way similar to the rapid on/off firing of neurons in the human brain.

Nearly 45GB of source code files, allegedly stolen by a former employee, have revealed the underpinnings of Russian tech giant Yandex's many apps and services. This exposes the internal workings of Yandex and also Google, since Yandex purportedly employs several ex-Google employees.

The Ukraine humanitarian aid village was established with the purpose of providing a safe, nurturing shelter, and refuge for individuals fleeing violence and hardship from the war in Ukraine. Here, those who come to our humanitarian village can find a stable new home that provides 3 nutritious hot meals a day, medical care, education, and safety from harm. Many of the women and children in our facility have grown together and formed strong bonds of friendships, turning this village into a safe haven in an otherwise tumultuous environment.

Your donations will ensure that these residents receive the love, support, vital care, and safe environment they require to survive and thrive. It will help to provide nutrition assistance; trauma-informed care; warm clothing; educational resources; quality winter-proof housing; mental health services; security; and play therapy tools for young children. By supporting us through your donations, you’ll be giving us the means to continue to make a positive impact and save lives in Ukraine.