Matt WillemsenApr 13, 2024
Hackable Intel and Lenovo hardware that went undetected for 5 years won’t ever be fixed
https://arstechnica.com/security/2024/04/supply-chain-snafu-causes-intel-and-others-to-ship-hackable-hardware-for-5-years/ #Intel #Lenovo #hardware #vulnerability #SupplyChain #RemoteExploit #unfixable #lighttpd
Hackable Intel and Lenovo hardware that went undetected for 5 years won’t ever be fixed

Multiple links in the supply chain failed for years to identify an unfixed vulnerability.

Ars Technica
FLOX AdvocateMar 30, 2024

Update on xz-utils to sshd exploit

https://www.openwall.com/lists/oss-security/2024/03/30/36

Thanks to everyone who is working to investigate and mitigate this exploit!

#InfoSec #FLOSSsecurity #SSH #RemoteExploit

oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise

FLOX AdvocateMar 29, 2024

xz tool chain compromise in February compromising versions 5.6.0 and 5.6.1

"inject malicious code, at build time, into the resulting liblzma5 library"

"resulting malicious build interferes with authentication in sshd via systemd"

https://lists.debian.org/debian-security-announce/2024/msg00057.html

https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

#InfoSec #FLOSSsecurity #RemoteExploit

[SECURITY] [DSA 5649-1] xz-utils security update

ITSEC NewsAug 19, 2020
Researchers Warn of Flaw Affecting Millions of IoT Devices - A patch has been issued for the flaw in a widely-used module, and researchers are urging IoT manuf... https://threatpost.com/flaw-affecting-millions-iot-devices/158472/ #informationdisclosure #cinterionehs8module #internetofthings #cve-2020-15858 #remoteexploit #vulnerability #insulinpump #smartcity #thales #hacks #patch #iot #fix
Researchers Warn of Flaw Affecting Millions of IoT Devices

A patch has been issued for the flaw in a widely-used module, and researchers are urging IoT manufacturers to update their devices ASAP.

Threatpost - English - Global - threatpost.com
ITSEC NewsNov 15, 2019
How the Linux kernel balances the risks of public bug disclosure - A serious Wi-Fi flaw shows how Linux handles security in plain sight. more: https://nakedsecurity.sophos.com/2019/11/15/how-the-linux-kernel-balances-the-risks-of-public-bug-disclosure/ #securitythreats #cve-2019-17666 #linuxcommunity #wi-fiinterface #vulnerability #bugdisclosure #remoteexploit #linuxkernal #linux #wi-fi #cves #flaw #bug
How the Linux kernel balances the risks of public bug disclosure

Naked Security
FLOX AdvocateMay 14, 2019

to continue #ExploitTuesday Microsoft released updates for old versions of Windows with a wormable security bug

Kudos to Microsoft for updating out of support releases

https://www.theverge.com/2019/5/14/18623565/microsoft-windows-xp-remote-desktop-services-worm-security-patches

#InfoSec #RemoteExploit

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches

Windows 10 and Windows 8 are safe