News

3639 Articles

This Week In Security: REvil Goes Dark, Kaseya Cleanup, Android Updates, And Terrible Firmware

July 16, 2021 by 16 Comments

The funniest thing happened to REvil this week. Their online presence seems to have disappeared.
Their Tor sites as well as conventional sites all went down about the same time Tuesday morning, leading to speculation that they may have been hit by a law enforcement operation. This comes on the heels of a renewed push by the US for other countries, notably Russia, to crack down on ransomware groups operating within their borders. If it is a coordinated takedown, it’s likely a response to the extremely widespread 4th of July campaign launched via the Kaseya platform. Seriously, if you’re going to do something that risks ticking off Americans, don’t do it on the day we’re celebrating national pride by blowing stuff up.

Speaking of Kaseya, they have finished their analysis, and published a guide for safely powering on their VSA on-premise hardware. Now that the fixes are available, more information about the attack itself is being released. Truesec researchers have been following this story in real time, and even provided information about the attack back to Kaseya, based on their observations. Their analysis shows that 4 separate vulnerabilities were involved in the attack. First up is an authentication bypass. It takes advantage of code that looks something like this: Continue reading “This Week In Security: REvil Goes Dark, Kaseya Cleanup, Android Updates, And Terrible Firmware”

Amazon Drones Don’t Go Far

July 15, 2021 by 41 Comments

If you are like us, you’ve wondered what all the hoopla about drones making home deliveries is about. Our battery-operated vehicles carry very little payload and still don’t have a very long range. Add sophisticated smarts and a couple of delivery packages and you are going to need a lot more battery. Or maybe not. Amazon’s recent patent filing shows a different way to do it.

In the proposed scheme, a delivery truck drives to a neighborhood and then deploys a bunch of wheeled or walking drones to deliver in the immediate area. Not only does that reduce the range requirement, but there are other advantages, as well.

Continue reading “Amazon Drones Don’t Go Far”

The Linux Kernel 5.14 Audio Update

July 13, 2021 by 39 Comments

You may remember the Pipewire coverage we ran a couple weeks ago, and the TODO item to fix up Firewire device support with Pipewire. It turns out that this is an important feature for kernel hackers, too, because the Alsa changes just got pulled into the 5.14 kernel, and included is the needed Firewire audio work. Shout-out to [Marcan] for pointing out this changeset. Yes, that’s the same as [Hector Martin], the hacker bringing Linux to the M1, who also discovered M1racles. We’ve covered some of his work before.

It turns out that some Firewire audio devices expect timing information in the delivery stream to match the proper playback time for the audio contained in the stream. A naive driver ends up sending packets of sound to the Firewire device that wanted to be played before the packet arrives. No wonder the devices didn’t work correctly. I’m running a 5.14 development kernel, and so far my Focusrite Saffire Pro40 has been running marvelously, where previous kernels quickly turned its audio into a crackling mess.

There is another fix that’s notable for Pipewire users, a reduction in latency for USB audio devices. That one turned out to be not-quite-correct, leading to a hang in the kernel on Torvald’s machine. It’s been reverted until the problem can be corrected, but hopefully this one will land for 5.14 as well. (Edit: The patch was cleaned up, and has been pulled for 5.14. Via Phoronix.) Let us know if you’d like to see more kernel development updates!

Checking Up On Earth’s Sister Planet: NASA’s Upcoming Venus Missions

July 9, 2021 by 36 Comments

Even as we bask in the knowledge that our neighboring planet Mars is currently home to a multitude of still functional landers, a triplet of rovers and with an ever-growing satellite network as well as the first ever flying drone on another planet, our other neighboring planet Venus is truly playing the wallflower, with Japan’s Akatsuki orbiter as the lone active Venusian mission right now.

That is about to change, however, with NASA having selected two new missions that will explore Venus by the end of this decade. The DAVINCI+ and VERITAS missions aim to respectively characterize Venus’ atmosphere and map its surface in unprecedented detail. This should provide us information about possible tectonic activity, as well as details about the Venusian atmosphere which so far have been sorely missing.

Despite Venus being the closest match to our planet Earth, how is it possible that we have been neglecting it for so long, and what can we expect from future missions, including and beyond these two new NASA missions?

Continue reading “Checking Up On Earth’s Sister Planet: NASA’s Upcoming Venus Missions”

This Week In Security: Print Nightmare Continues, Ransomware Goes Bigger, And ATM Jackpots!

July 9, 2021 by 29 Comments

For the second time, Microsoft has attempted and failed to patch the PrintNightmare vulnerability. Tracked initially as CVE-2021-1675, and the second RCE as CVE-2021-34527. We warned you about this last week, but a few more details are available now. The original reporter, [Yunhai Zhang] confirms our suspicions, stating on Twitter that “it seems that they just test with the test case in my report”.

Microsoft has now shipped an out-of-band patch to address the problem, with the caveat that it’s known not to be a perfect fix, but should eliminate the RCE element of the vulnerability. Except … if the server in question has the point and print feature installed, it’s probably still vulnerable. And to make it even more interesting, Microsoft says they have already seen this vulnerability getting exploited in the wild. Continue reading “This Week In Security: Print Nightmare Continues, Ransomware Goes Bigger, And ATM Jackpots!”

The Trouble With Hubble: Payload Computer Glitch Stops Science At The Space Observatory

July 2, 2021 by 21 Comments

The Hubble Space Telescope’s remarkably long service life and its string of astonishing contributions to astronomy belie its troubled history. Long before its launch into low Earth orbit in 1990, Hubble suffered from design conflicts, funding and budgetary pressures, and even the death of seven astronauts. Long delayed, much modified, and mistakenly sent aloft with suboptimal optics, Hubble still managed to deliver results that have literally changed our view of the universe, and is perhaps responsible for more screensaver and desktop pictures than any other single source.

But all of that changed on June 13 of this year, when Hubble suffered a computer glitch that interrupted the flow of science data from the orbiting observatory. It’s not yet clear how the current issue with Hubble is going to pan out, and what it all means for the future of this nearly irreplaceable scientific asset. We all hope for the best, of course, but while we wait to see what happens, it’s worth taking the opportunity to dive inside Hubble for a look at its engineering and what exactly has gone wrong up there.

Continue reading “The Trouble With Hubble: Payload Computer Glitch Stops Science At The Space Observatory”

This Week In Security: Bad Signs From Microsoft, An Epyc VM Escape

July 2, 2021 by 14 Comments

Code signing is the silver bullet that will save us from malware, right? Not so much, particularly when vendors can be convinced to sign malicious code. Researchers at G DATA got a hit on a Windows kernel driver, indicating it might be malicious. That seemed strange, since the driver was properly signed by Microsoft. Upon further investigation, it became clear that this really was malware. The file was reported to Microsoft, the signature revoked, and the malware added to the Windows Defender definitions.

The official response from Microsoft is odd. They start off by assuring everyone that their driver signing process wasn’t actually compromised, like you would. The next part is weird. Talking about the people behind the malware: “The actor’s goal is to use the driver to spoof their geo-location to cheat the system and play from anywhere. The malware enables them to gain an advantage in games and possibly exploit other players by compromising their accounts through common tools like keyloggers.” This doesn’t seem to really match the observed behavior of the malware — it seemed to be decoding SSL connections and sending the data to the C&C server. We’ll update you if we hear anything more on this one.
Continue reading “This Week In Security: Bad Signs From Microsoft, An Epyc VM Escape”