Baseboard software vulnerabilities, threat group stole COVID funds, AI generated code
Vulnerabilities found in popular baseboard software
Researchers at Eclypsium Research disclosed three vulnerabilities in the MegaRAC Baseboard Management Controller software from American Megatrends. These BMCs operate their own firmware, memory and networking stack within a server, offering admins remote access to manage them. Many server OEMs use this baseboard software, including AMD, Dell, ARM, Asus, HPE, Huawei, Lenovo, and, Qualcomm. Access to exploit the vulnerabilities varies, from prior access to at least a low-privilege account to remote access, ultimately used to deploy malware or ransomware, and cause physical damage to servers. No word if threat actors actively target the vulnerabilities.?
Chinese threat group stole COVID-19 relief funds
According to information from the Secret Service, the Chinese-linked APT41 stole at least $20 million in COVID relief benefits. These came in the form of Small Business Administration loans and unemployment insurance funds across over a dozen states. The Secret Service also said it maintains over 1,000 ongoing investigations in criminal actors defrauding public benefits programs. It’s unclear how many of these investigations link back to foreign threat groups, but NBC News’ sources say other investigations point to state-backed actors. Security researchers say APT41, aka Wicked Panda, generally focuses on gathering personally identifiable information for cyber espionage.?
(NBC News)
The question of AI generated code
The popular coding Q&A site Stack Overflow temporarily banned users from sharing responses generated by OpenAI’s ChatGPT. The mods said the chatbot makes it easy to flood the site with responses that have a high rate of being incorrect, despite looking correct at first glance. Given that the site operates with volunteer moderators, the ban serves to reduce the volume to keep human review possible. Stack Overflow will make a final ruling on ChatGPT usage after consulting with its community.?
Twitter leaks emails on Hunter Biden laptop decision
Journalist Matt Taibbi published a tweet thread detailing how Twitter’s Trust and Safety team determined to temporarily block a 2020 New York Post story involving the contents of Hunter Biden’s laptop ahead of the US Presidential election. Twitter provided emails to Taibbi, which showed the team debating whether to restrict links to the story under its hacked materials policy. Emails show concern from some Trust and Safety staff that the story details appeared consistent with recent Russian influence operations. The emails do not show CEO Jack Dorsey involved in the decision. He subsequently reversed the block. Taibbi said he did not see evidence of “any government involvement in the laptop story.” The emails largely agree with recent statements on the decision from Twitter’s former head of Trust and Safety Yoel Roth.??
(CNN)
领英推荐
Thanks to today’s episode sponsor, PlexTrac
Case dismissed against Huawei CFO
U.S. District Judge Ann Donnelly in Brooklyn dismissed an indictment against Huawei CFO Meng Wanzhou (wan-jo), which alleged her of crimes related to misleading banks about Huawei’s relationship with a company operating in Iran. Canadian authorities arrested Meng in December 2018 and she remained under house arrest during the case. Meng reached an agreement with US prosecutors last year for the case to be dismissed four years after her initial arrest, acknowledging she made false statements about Huawei’s Iran business. The case was dismissed with prejudice, so it cannot be brought again. Meng flew home to Shenzhen following the dismissal.?
(Reuters)
FreeBSD fixes ping flaw
The ping utility remains a staple among the networking toolkit. It uses the internet control message protocol to let an admin check if a computer remains online. Reply packets from networked computers contain IPv4 packet headers which typically contain 20 bytes in total that includes a device’s IP address. The FreeBSD version of ping allocated fixed-size buffers on the stack where the IP header would reside. But since the header can contain any value that can exceed 20 bytes, it triggers a stack buffer overflow inside ping for larger headers. This remains rare but FreeBSD issued a security advisory stating “it may be possible for a malicious host to trigger remote code execution in ping.” Risk of exploitation remains limited. The latest versions of FreeBSD 12 and 13 fix the issue.?
Hospital complex suspends operations after ransomware
France’s health ministry announced the Hospital Centre of Versailles suspended medical operation after a ransomware attack over the weekend, transferring at least six patients. More transfers will occur in what is described as a “total reorganization of the hospital.” The center contains two hospitals and a retirement home, all currently without working computer systems. While critical medical care machines remained operational, the shutdown of the system’s internal network mean staff could not adequately monitor patients. French police named LockBit as the party behind the attack, with the group posting staff and patient data on its leak site.
OpenSSF adds new members
The Open Source Security Foundation operates under the Linux Foundation, bringing together various projects around software supply chain security. It announced new members across a wide swath of the industry, now bringing its total members to over 100. New members include Docker, HackerOne, Qualys, ControlPlane, and AMD Xilinx. OpenSSF announced the new members as it hosts OpenSSF Day Japan at the Open Source Summit in Yokohama.?