Threat hunters expose novel IceApple attack framework

Read Time:35 Second

A novel post-exploitation framework that allows the activity of its malicious actors to persist on their targets was exposed Wednesday by Crowdsrike’s Falcon OverWatch threat hunters. Dubbed IceApple, the .NET-based framework has been observed since late 2021 in multiple victim environments in geographically diverse locations with targets spanning the technology, academic and government sectors, according to CrowdStrike’s report.

Up to now, Falcon OverWatch’s threat hunters have found the framework only on Microsoft Exchange instances, but they said it’s capable of running under any Internet Information Services (IIS) web application and advise organizations to make sure their web apps are fully patched to avoid infection.

To read this article in full, please click here

Read More

CVE-2021-26348

Read Time:12 Second

Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.

Read More

CVE-2021-26347

Read Time:10 Second

TOCTOU (time-of-check to time-of-use) issue in the System Management Unit (SMU) may result in a DMA (Direct Memory Access) to invalid DRAM address that could result in denial of service.

Read More

CVE-2021-26342

Read Time:21 Second

In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability.

Read More

CVE-2021-26339

Read Time:15 Second

A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.

Read More

golang-1.17.7-1.el7

Read Time:12 Second

FEDORA-EPEL-2022-f64d777807

Packages in this update:

golang-1.17.7-1.el7

Update description:

Update to 1.17.7, including fixes for CVE-2021-29923, CVE-2021-43565, CVE-2022-23806, CVE-2022-23772, and CVE-2022-23773

Read More

ForgeRock offers AI-based solution for identity-based cyberattacks

Read Time:34 Second

ForgeRock, a global identity and access management company, has introduced ForgeRock Autonomous Access, a new application that uses AI to prevent identity-based cyberattacks and fraud. 

The application monitors login requests in real-time to block malicious attempts and add authentication steps for anomalous behavior, while streamlining access for authorized users.

“We believe that modern AI-driven solutions have the ability to protect organizations and their customers and employees from damaging and costly cyberattacks and fraud,” says Peter Barker, chief product officer at ForgeRock. “Our approach is to use AI to stop bad actors at a massive scale and reduce the risk of account takeovers.”           

To read this article in full, please click here

Read More

ICE Is a Domestic Surveillance Agency

Read Time:1 Minute, 53 Second

Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US:

When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI. You might even think of a powerful police agency, such as the New York Police Department. But unless you or someone you love has been targeted for deportation, you probably don’t immediately think of Immigration and Customs Enforcement (ICE).

This report argues that you should. Our two-year investigation, including hundreds of Freedom of Information Act requests and a comprehensive review of ICE’s contracting and procurement records, reveals that ICE now operates as a domestic surveillance agency. Since its founding in 2003, ICE has not only been building its own capacity to use surveillance to carry out deportations but has also played a key role in the federal government’s larger push to amass as much information as possible about all of our lives. By reaching into the digital records of state and local governments and buying databases with billions of data points from private companies, ICE has created a surveillance infrastructure that enables it to pull detailed dossiers on nearly anyone, seemingly at any time. In its efforts to arrest and deport, ICE has — without any judicial, legislative or public oversight — reached into datasets containing personal information about the vast majority of people living in the U.S., whose records can end up in the hands of immigration enforcement simply because they apply for driver’s licenses; drive on the roads; or sign up with their local utilities to get access to heat, water and electricity.

ICE has built its dragnet surveillance system by crossing legal and ethical lines, leveraging the trust that people place in state agencies and essential service providers, and exploiting the vulnerability of people who volunteer their information to reunite with their families. Despite the incredible scope and evident civil rights implications of ICE’s surveillance practices, the agency has managed to shroud those practices in near-total secrecy, evading enforcement of even the handful of laws and policies that could be invoked to impose limitations. Federal and state lawmakers, for the most part, have yet to confront this reality.

Read More

News, Advisories and much more

Exit mobile version