Read Time:9 Second
FEDORA-2022-d1fcad81f3
Packages in this update:
kernel-5.19.15-200.fc36
Update description:
The 5.19.15 stable kernel update contains a number of important fixes across the tree.
Daily Archives: October 12, 2022
Portnox adds IoT fingerprinting to network access control service
Read Time:21 Second
Network security firm Portnox on Wednesday announced it is adding IoT fingerprinting features to the Portnox Cloud NAC-as-a-Service to allow companies to more easily identify and authorize devices on their networks. The IoT fingerprinting features add new device-identification techniques to the network access control product, including MAC address clustering and DHCP (Dynamic Host Configuration Protocol) gleaning.
FormBook Tops Check Point’s Most Wanted Malware List For September
Read Time:5 Second
Vidar, an infostealer, has entered the top 10 list in eighth place for the first time
Microsoft October 2022 Patch Tuesday Fixes 84 Flaws, Including Zero-Day
Read Time:4 Second
Thirteen of the 84 vulnerabilities fixed in yesterday’s update are classified as ‘Critical’
Singtel’s Australian IT Firm Dialog Suffers Data Breach
Read Time:4 Second
The breach affected around 20 clients and 1000 current and/or former Dialog employees
How CIS Helps Ensure Cybersecurity for the Larger Ecosystem
Read Time:6 Second
Here are four CIS resources in particular that our experts would like to call out for this year’s Cybersecurity Awareness Month. […]
Internet outages hit Ukraine following Russian missile strikes
Read Time:13 Second
Ukraine has seen internet outages this week following renewed missile attacks from Russian forces. With a combination of power cuts and DDoS attacks knocking out telecommunications systems, internet availibility suffered a 35% dip.
Read more in my article on the Hot for Security blog.
Patch your iPhone now against mystery Mail crash bug
Read Time:6 Second
iOS 16.0.3 has been pushed out by Apple, and my advice is that you should install it.
USN-5672-1: GMP vulnerability
Read Time:12 Second
It was discovered that GMP did not properly manage memory
on 32-bit platforms when processing a specially crafted
input. An attacker could possibly use this issue to cause
applications using GMP to crash, resulting in a denial of
service.
Recovering Passwords by Measuring Residual Heat
Read Time:1 Minute, 6 Second
Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards. From the abstract:
We detail the implementation of ThermoSecure and make a dataset of 1,500 thermal images of keyboards with heat traces resulting from input publicly available. Our first study shows that ThermoSecure successfully attacks 6-symbol, 8-symbol, 12-symbol, and 16-symbol passwords with an average accuracy of 92%, 80%, 71%, and 55% respectively, and even higher accuracy when thermal images are taken within 30 seconds. We found that typing behavior significantly impacts vulnerability to thermal attacks, where hunt-and-peck typists are more vulnerable than fast typists (92% vs 83% thermal attack success if performed within 30 seconds). The second study showed that the keycaps material has a statistically significant effect on the effectiveness of thermal attacks: ABS keycaps retain the thermal trace of users presses for a longer period of time, making them more vulnerable to thermal attacks, with a 52% average attack accuracy compared to 14% for keyboards with PBT keycaps.
“ABS” is Acrylonitrile Butadiene Styrene, which some keys are made of. Others are made of Polybutylene Terephthalate (PBT). PBT keys are less vulnerable.
But, honestly, if someone can train a camera at your keyboard, you have bigger problems.
News article.