Valter got his first job straight after leaving school at the age of 16, and had various different jobs since then — from shoe seller to poker croupier! Today, he has two beautiful daughters, an MBA in Information Security, and a job with Kaspersky supporting its B2B customers in Latin America. — Just curious: in show more ...
our corporate email youre listed as Valter Generoso, but in our company database, youre down as Valter Silva. What gives?! — Well, my full name is Valter Generoso Silva. Silva is my surname, but its a common one here in Brazil, so, when possible, I tend to present myself using my first name plus second name: Valter Generoso, since my second name is a very uncommon one. Besides, Generoso means — can you guess?! — generous, so its a good way to start a conversation. — Where do you live in Brazil? — My family wasnt much into traveling, so the first time I left my home town, Ribeirão Preto, I was already 15. And last year, in order to work at Kaspersky, I moved to a town in the same state, called Jundiaí, 50km from our office in São Paulo. The traffic in São Paulo is jammed most of the time, so its faster for me to get to the office than for someone who actually lives in São Paulo! — I thought the support teams worked remotely, from home. Or do you have to do some offline support, too? — Here in Brazil we work based on a hybrid system, and yes, I work from home most weekdays. Im a part of the MSA LatAm team, where MSA stands for Kasperskys Maintenance Service Agreement. We take care of clients who have Premium Support contracts — in other words, high-priority support. On top of typical activities like remote sessions and follow-up on support cases, I really like to take care of the most complex of problems, like when a client is unhappy with something and I need to change their perspective. — Is some technical education required for such a job? — Sure. I have a bachelors degree in Computer Science and MBA in Information Security. — Did you get it from university? Im asking because most of my colleagues my age dont have degrees in infosec; in the 1990s, there were no infosec classes in universities at all! — Interesting! Yes, I studied at the UNISEB university in my hometown. But I was a late student: I was 27 when I graduated in Computer Science. And my Information Security MBA was obtained much later, in 2022. — So what did you do before uni? — I started work when I was 16. A lot of retail jobs. Here in Brazil everyone has a labor book in which you log all your jobs — and mine is full. Working at a bar, selling shoes, telemarketing… Perhaps my most unusual job was being a card dealer in poker tournaments. — Wow, great experience! And after all that, you got interested in computers? — All of my friends started coding, and they were doing well. So one day I left everything, took a test for a scholarship, and went to work in customer support for telemarketing for a telecoms company here at Brazil. It was the only place where they didnt ask for experience and I could make a career change. I tried to be a developer, but it wasnt for me. However, my first work experience in an IT company helped me learn about IT infrastructure. So I thought, Im almost 10 years behind everyone else my age, so I need to be a fast-paced learner. And ever since I never stopped studying as hard as I can. — How about infosec? Why did you pick up this specialization? Is it a serious problem in Brazil? — Its a really serious problem, and what makes it even bigger is that theres very little security awareness — even among IT people here. Take me, for example. I was working for an IT company for three years, then I started working for a car dealer, and they used Kaspersky in their IT infrastructure, and this is where I learned about antivirus for the first time. But other basic concepts of information security — like firewalls and network protection — I learned only when I started work for a company that was selling these solutions. In a similar way, I found out about advanced security trends (like red teaming), only when I started working for a company that provided these services. In short, some businesses in Brazil take information security seriously and they buy security solutions. But around 80% of SMB companies dont even know about the risks — or dont have the budget for solutions to deal with them. — Can you describe in one word the main quality needed to work successfully in the support service for a cybersecurity company? — Empathy. Be in the shoes of those who are facing the problem. — Does it always work for you? I bet you have some funny stories to tell involving misunderstandings! — Well, there was the time I was in a remote session talking about a serious issue. Since I provide support in different Latin America countries, Im usually speaking Portuguese or Spanish. This particular discussion was in Spanish, but I tried to use a Portuguese popular proverb. Unfortunately the Spanish translation didnt make any sense. I was trying very hard to explain the proverb, but it just kept getting worse. So eventually I started laughing and thankfully everyone else did too. After this experience I promised myself Id never go for proverb translations again! — Is there anybody in Brazil who can call your support service and speak some indigenous language? — Unfortunately, no. Indigenous languages here are dead. Historically, we didnt take sufficient care of indigenous culture and languages. And Brazil is the only country in South America that was colonized by Portugal, so we speak Portuguese mostly. — As you talk to people from other Latin American countries, do you see any differences in their attitudes towards cybersecurity? — Well, Costa Rica is now facing a tough phase from a cybersecurity point of view. Theres an official state of emergency there now because of attacks against several government sectors. The sense of urgency there is way higher than in other countries. — So you can actually help in some global analysis! I wonder if our analysts ever used data from support services, to see a global picture of threats… — I think they might use some data about the support cases, but from a macro point of view. At least from my side I never directly helped in this kind of analysis. — Do people in Brazil care about the fact that Kaspersky has Russian roots? — No. Here in Brazil, at least as I see, people dont care that much about the origins of the company I work for. I know that people at the enterprise level may get real problems because of it. But from my family or friends or on social media Ive never been asked about anything connected with Kasperskys Russian roots. — Well, in Europe some people got very nervous about it, because of the Ukrainian conflict. — Yeah, I know. But its like with any other foreign news: for the first two weeks people were talking about Ukraine a lot; now its just 20 seconds on the news. Besides, here in Brazil, its an election year. So people now are more crazy about the cost of a wedding reception thrown by one of the candidates. — And finally, some words about your personal life. What do you prefer to do when youre not at work? Brazilians are supposed to love football, no? — Dont tell anyone, but I am not a football (soccer) fan! I like to take my family to the park, or to go to the movie theater with my older daughter. We both love superhero movies. I also go to the gym from time to time. And I like to walk my two dogs. Another thing about me is that I like to give life some… comic relief. So every time I can, I like to make the people around me feel more positive in tough situations. — How about visiting Russia? — Its a dream! When I was 14 years old, I was in an MSN chat room practicing my English, and I started chatting with a Russian girl there. After a few days we exchanged ICQ numbers, and she shared some pictures of Russia and told me what it was like living there. It was the first time I saw Red Square. I dream of one day… playing chess with a Russian elder in a square in Moscow — and being crushed in eight moves!
Check out this handmade sign posted to the front door of a shuttered Jimmy John’s sandwich chain shop in Missouri last week. See if you can tell from the store owner’s message what happened. If you guessed that someone in the Jimmy John’s store might have fallen victim to a Business Email Compromise show more ...
(BEC) or “CEO fraud” scheme — wherein the scammers impersonate company executives to steal money — you’d be in good company. In fact, that was my initial assumption when a reader in Missouri shared this photo after being turned away from his favorite local sub shop. But a conversation with the store’s owner Steve Saladin brought home the truth that some of the best solutions to fighting fraud are even more low-tech than BEC scams. Visit any random fast-casual dining establishment and there’s a good chance you’ll see a sign somewhere from the management telling customers their next meal is free if they don’t receive a receipt with their food. While it may not be obvious, such policies are meant to deter employee theft. The idea is to force employees to finalize all sales and create a transaction that gets logged by the company’s systems. The offer also incentivizes customers to help keep employees honest by reporting when they don’t get a receipt with their food, because employees can often conceal transactions by canceling them before they’re completed. In that scenario, the employee gives the customer their food and any change, and then pockets the rest. You can probably guess by now that this particular Jimmy John’s franchise — in Sunset Hills, Mo. — was among those that chose not to incentivize its customers to insist upon receiving receipts. Thanks to that oversight, Saladin was forced to close the store last week and fire the husband-and-wife managers for allegedly embezzling nearly $100,000 in cash payments from customers. Saladin said he began to suspect something was amiss after he agreed to take over the Monday and Tuesday shifts for the couple so they could have two consecutive days off together. He said he noticed that cash receipts at the end of the nights on Mondays and Tuesdays were “substantially larger” than when he wasn’t manning the till, and that this was consistent over several weeks. Then he had friends proceed through his restaurant’s drive-thru, to see if they received receipts for cash payments. “One of [the managers] would take an order at the drive-thru, and when they determined the customer was going to pay with cash the other would make the customer’s change for it, but then delete the order before the system could complete it and print a receipt,” Saladin said. Saladin said his attorneys and local law enforcement are now involved, and he estimates the former employees stole close to $100,000 in cash receipts. That was on top of the $115,000 in salaries he paid in total each year to both employees. Saladin also has to figure out a way to pay his franchisor a fee for each of the stolen transactions. Now Saladin sees the wisdom of adding the receipt sign, and says all of his stores will soon carry a sign offering $10 in cash to any customers who report not receiving a receipt with their food. Many business owners are reluctant to involve the authorities when they discover that a current or former employee has stolen from them. Too often, organizations victimized by employee theft shy away from reporting it because they’re worried that any resulting media coverage of the crime will do more harm than good. But there are quiet ways to ensure embezzlers get their due. A few years back, I attended a presentation by an investigator with the criminal division of the U.S. Internal Revenue Service (IRS) who suggested that any embezzling victims seeking a discreet law enforcement response should simply contact the IRS. The agent said the IRS is obligated to investigate all notifications it receives from employers about unreported income, but that embezzling victims often neglect to even notify the agency. That’s a shame, he said, because under U.S. federal law, anyone who willfully attempts to evade or defeat taxes can be charged with a felony, with penalties including up to $100,000 in fines, up to five years in prison, and the costs of prosecution.
Naomi Yusupov, a Chinese Intelligence Analyst at the threat intelligence firm CyberSixGill talks to host Paul Roberts about that company’s new report: The Bear and the Dragon: Analyzing the Russian and Chinese Cybercriminal Communities. The post Episode 239: Power shifts from Russia to China in the Cyber Underground show more ...
appeared first on The...Read the whole entry... » Click the icon below to listen. Related StoriesFeel Good Ukraine Tractor Story Highlights Ag Cyber RiskEpisode 238: Robots Are The Next Frontier In Healthcare Cyber RiskEpisode 236: Cyberwar Takes A Back Seat In Ukraine (For Now)
According to the US Federal Trade Commission (FTC), romance scams are outstripping every other fraud category in consumer losses. Romance scams continue to evolve, not in a small part due to social media and the popularity of online dating.
The operators behind BRATA have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy.
A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero.
Financial institutions are realizing that they don’t need to choose between customer experience and fraud loss; rather, they need to identify and implement more efficient and effective tools to verify parties with whom they are conducting business.
Matanbuchus is a malware-as-a-service (MaaS) project first spotted in February 2021 in advertisements on the dark web, promoting it as a $2,500 loader that launches executables directly into system memory.
Microsoft has recently added a new privacy feature that allows Windows 11 users to get a list of all the apps that have recently accessed their sensitive info and devices, including their camera, microphone, and contacts.
“One constant that remains as organizations approach a sense of normalcy after a disruptive year is that cyber criminals continue to target and exploit people,” said Ryan Kalember, EVP of cybersecurity strategy, Proofpoint.
According to Volexity, attackers could exploit CVE-2022-26134 to upload a webshell, particularly the China Chopper, a notorious security vulnerability issue that was also used during the last Microsoft Exchange Server crisis.
A new phishing campaign has been targeting U.S. organizations in the military, security software, manufacturing supply chain, healthcare, and pharmaceutical sectors to steal Microsoft Office 365 and Outlook credentials.
According to a Rapid7 report, financial services is the sector that is most likely to have customer data exposed, with 82% of incidents involving ransomware gangs accessing and making threats to release this data.
The email accounts were not fully infiltrated and hackers had no direct access, the spokesperson said, adding that only the communication of compromised accounts was automatically forwarded.
On their website, India's Computer Emergency Response Team (CERT-In) shared multiple vulnerabilities affecting products from Citrix, Adobe, Microsoft, and Zimbra webmail.
It has long been known that a coordinated global effort on cybersecurity is a must to have lasting success at home. “The Internet has no physical borders” is a common rallying cry regarding cyber protections.
This week, ech0raix ransomware has started targeting vulnerable QNAP Network Attached Storage (NAS) devices again, according to user reports and sample submissions on the ID Ransomware platform.
A national conference on cyber security will be organized by the Ministry of Home Affairs in New Delhi on Monday to create mass awareness for the prevention of cyber crimes in the country.
Web developer 'z0ccc' shared a new fingerprinting site called 'Extension Fingerprints' that can generate a tracking hash based on a browser's installed Google Chrome extensions.
The most common types of attacks involved malware and phishing, but Fortinet pointed out that these types of incidents have significantly declined in North America — along with insider breaches — compared to the previous year.
Scroll to Text Fragment (STTF), a feature that can be used to directly browse to a specific text fragment on a webpage, can be exploited to leak sensitive user information, a security researcher has found.
The package manager has started alerting the maintainers of gems with more than 165 million downloads via the RubyGems command-line tool and website, recommending that they enable MFA on their accounts.
Security researchers have apparently discovered more than 1.6 million secrets leaked by websites, including more than 395,000 exposed by the one million most popular domains.
The Digital Operational Resilience Act would force non-EU companies with a significant presence in member states to create subsidiaries that can be regulated under their jurisdiction.
The US CISA has informed organizations that AutomationDirect has patched several high-severity vulnerabilities in some of its programmable logic controller (PLC) and human-machine interface (HMI) products.
The Department of Energy this week released its national Cyber-Informed Engineering Strategy that provides guidance for building resilient energy systems that can withstand cyberattacks.
The Pain Points: Ransomware Data Disclosure Trends by Rapid7 uncovers the kind of data ransomware actors want and how they pressure victims into getting it back by paying a ransom.
App-specific passwords are used in conjunction with two-factor authentication on your Google account. Most applications do not know how to handle two-factor, which is why app-specific passwords were created.
Ubuntu Security Notice 5483-1 - It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2022-4965-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.53. There are no images for this advisory. Issues addressed include a memory exhaustion vulnerability.
Red Hat Security Advisory 2022-5050-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.106 and .NET Runtime 6.0.6. Issues addressed include a password leak vulnerability.
Red Hat Security Advisory 2022-4990-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-5052-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
Red Hat Security Advisory 2022-5054-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-5056-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a bypass vulnerability.
When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description] and the corresponding user manual. Thus, an attacker with physical access to such an show more ...
external SSD can try more passcodes in order to unlock the device. During the security analysis, SySS could not find out how many failed passcode attempts would actually lock the device and require reformatting it, as this device state was never reached.
When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN show more ...
with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller. For instance, this security vulnerability could be exploited in a so-called "supply chain attack" when the device is still on its way to its legitimate user. An attacker with temporary physical access during the supply could program a modified firmware on the Verbatim Keypad Secure, which always uses an attacker-controlled AES key for the data encryption, for example. If, later on, the attacker gains access to the used USB drive, he can simply decrypt all contained user data.
Red Hat Security Advisory 2022-5057-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-5062-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.420 and .NET Runtime 3.1.26. Issues addressed include a password leak vulnerability.
Ubuntu Security Notice 5481-1 - It was discovered that BlueZ incorrectly validated certain capabilities and lengths when handling the A2DP profile. A remote attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2022-5061-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.420 and .NET Runtime 3.1.26. Issues addressed include a password leak vulnerability.
Red Hat Security Advisory 2022-5055-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a bypass vulnerability.
When analyzing the external SSD Verbatim Store 'n' Go Secure Portable HDD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this show more ...
case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.
When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out it uses an insecure design which allows for offline brute-force attacks against the passcode.
Ubuntu Security Notice 5479-1 - Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP show more ...
incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2022-5046-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.106 and .NET Runtime 6.0.6. Issues addressed include a password leak vulnerability.
Ubuntu Security Notice 5486-1 - It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use this to cause a denial of service. Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use show more ...
this to obtain sensitive information. Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges.
Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components.
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Ziming Zhang show more ...
discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. A local attacker could use this to cause a denial of service or execute arbitrary code.
When analyzing the USB flash drive Lepin EP-KP001, Matthias Deeg found out that it uses an insecure hardware design which allows an attacker to bypass the password-based user authentication.
Ubuntu Security Notice 5485-1 - It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not completely perform cleanup actions on show more ...
microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information.
Red Hat Security Advisory 2022-4947-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.59. Issues addressed include cross site scripting and memory exhaustion vulnerabilities.
Mitel 6800/6900 Series SIP Phones excluding 6970 and Mitel 6900 Series IP (MiNet) Phones have a flow to spawn a telnet backdoor on the device with a static root password enabled. Affected versions include Rel 5.1 SP8 (5.1.0.8016) and earlier, Rel 6.0 (6.0.0.368) to 6.1 HF4 (6.1.0.165), and MiNet 1.8.0.12 and earlier.
When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the content of the emulated CD-ROM drive containing the Windows and macOS client software can be manipulated. The content of this emulated CD-ROM drive is stored as ISO-9660 image in the "hidden" sectors of the USB drive show more ...
that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure.
Ubuntu Security Notice 5484-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. It was discovered that a race condition existed in the network show more ...
scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals show more ...
to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.
Ubuntu Security Notice 5482-1 - It was discovered that SPIP incorrectly validated inputs. An authenticated attacker could possibly use this issue to execute arbitrary code. Charles Fol and Theo Gordyjan discovered that SPIP is vulnerable to cross site scripting. If a user were tricked into browsing a malicious SVG show more ...
file, an attacker could possibly exploit this issue to execute arbitrary code. This issue was only fixed in Ubuntu 21.10.
Ubuntu Security Notice 5476-1 - Han Zheng discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue was addressed in Ubuntu 21.10 and Ubuntu 22.04 LTS. It was discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
Red Hat Security Advisory 2022-4951-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.43. Issues addressed include a memory exhaustion vulnerability.
When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a show more ...
correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller.
The Wordfence Threat Intelligence team uncovered a code injection vulnerability that made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserialized user-supplied content, resulting in Object Injection. This could allow attackers show more ...
to execute arbitrary code or delete ar bitrary files on sites where a separate POP chain was present. This flaw has been fully patched in versions 3.0.34.2, 3.1.10, 3.2.28, 3.3.21.4, 3.4.34.2, 3.5.8.4, and 3.6.11.
When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the content of the emulated CD-ROM drive containing the Windows and macOS client software can be manipulated. The content of this emulated CD-ROM drive is stored as ISO-9660 image in the "hidden" sectors of the USB show more ...
drive that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure.
When analyzing the Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct show more ...
checksum on the used SPI flash memory chip (XT25F01B), which then gets successfully executed by the USB-to-SATA bridge controller.
Red Hat Security Advisory 2022-5099-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package show more ...
contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5100-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package show more ...
contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 show more ...
bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.
When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out it uses an insecure design which allows retrieving the currently used password and thus the ability to unlock and access the stored data in an unauthorized way.
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
The operators behind BRATA have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy. "In fact, the modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern," Italian cybersecurity firm Cleafy said in a report last week. "This term is used to describe an attack campaign in which
Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that's where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance. In this article, we'll outline why, particularly given the current
A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. The issue, tracked as CVE-2022-22620 (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could be exploited by a piece of specially crafted web content to
Graham Cluley Security News is sponsored this week by the folks at SolCyber. Thanks to the great team there for their support! If the bad guys aren’t discriminating who they are attacking, how can your business settle for anything less than Fortune 500 level security? SolCyber has brought to market a new way to show more ...
consume … Continue reading "How to get Fortune 500 cybersecurity without the hefty price tag"