It only took 13+ years, but this week KrebsOnSecurity surpassed 50,000 subscribers to our newsletter, which is and always has been just been a text-based email alert with a blurb and link that goes out w/ every story that gets published.

Haven't ever tried to survey our subscribers, but finally considering it. Would be open to ideas about how best to do that without annoying everyone.

The last time we did an informal analysis of our subscriber base -- ignoring all the gmails, yahoo etc addresses and looking at corporate domains -- we had something close to 70 percent of US financial institutions represented, which is a lot. But beyond that I don't have a lot of insight into my own base, and I'm unwilling to entrust our subscriber list to anyone else.

QR codes used in fake parking tickets, surveys to steal your money

Careful what QR codes you are scanning... never a good idea to scan random QR codes.

Be extra warry of QR codes that lead you to install a third-party app - could be #malware or #spyware designed to give threat actors access to your phone.

#cybersecurity #infosec #security #informationsecurity

https://www.bleepingcomputer.com/news/security/qr-codes-used-in-fake-parking-tickets-surveys-to-steal-your-money/

Microsoft released an emergency security update for the Windows 10 and Windows 11 Snipping tool to fix the Acropalypse privacy vulnerability.

https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-oob-security-updates-for-windows-snipping-tool-flaw/

What’s the opposite of impostor syndrome?

Where you KNOW you belong, you’ve earned your seat at every table you’re invited to, you’re certain your contribution will make a positive difference in ways unique to you based on your experience?

Whatever it’s called it pisses ppl off

CISA has added a critical severity vulnerability in VMware's Cloud Foundation to its catalog of security flaws exploited in the wild.

https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-vmware-rce-flaw-exploited-in-attacks/

Unkillable UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw

Researchers on Wednesday announced a major cybersecurity find—the world’s first-known instance of real-world malware that can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.

Dubbed BlackLotus, the malware is what’s known as a UEFI bootkit. These sophisticated pieces of malware infect the UEFI—short for Unified Extensible Firmware Interface—the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right. It’s located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch.

While researchers have found Secure Boot vulnerabilities in the past, there has been no indication that threat actors have ever been able to bypass the protection in the 12 years it has been in existence. Until now.

On Wednesday, researchers at security firm ESET presented a deep-dive analysis of the world’s first in-the-wild UEFI bootkit that bypasses Secure Boot on fully updated UEFI systems running fully updated versions of Windows 10 and 11.

To defeat Secure Boot, the bootkit exploits CVE-2022-21894, a vulnerability in all supported versions of Windows that Microsoft patched in January 2022. The memory corruption flaw can be exploited to remove Secure Boot functions from the boot sequence during startup. Attackers can also abuse the flaw to obtain keys for BitLocker, a Windows feature for encrypting hard drives.

CVE-2022-21894 has proven to be especially valuable to the BlackLotus creators. Despite Microsoft releasing new patched software, the vulnerable signed binaries have yet to be added to the UEFI revocation list that flags boot files that should no longer be trusted. As a result, fully updated devices remain vulnerable because attackers can simply replace patched software with the older, vulnerable software.

https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/