This Week In Security: Bad Signs From Microsoft, An Epyc VM Escape

July 2, 2021 by Jonathan Bennett 14 Comments

Code signing is the silver bullet that will save us from malware, right? Not so much, particularly when vendors can be convinced to sign malicious code. Researchers at G DATA got a hit on a Windows kernel driver, indicating it might be malicious. That seemed strange, since the driver was properly signed by Microsoft. Upon further investigation, it became clear that this really was malware. The file was reported to Microsoft, the signature revoked, and the malware added to the Windows Defender definitions.

The official response from Microsoft is odd. They start off by assuring everyone that their driver signing process wasn’t actually compromised, like you would. The next part is weird. Talking about the people behind the malware: “The actor’s goal is to use the driver to spoof their geo-location to cheat the system and play from anywhere. The malware enables them to gain an advantage in games and possibly exploit other players by compromising their accounts through common tools like keyloggers.” This doesn’t seem to really match the observed behavior of the malware — it seemed to be decoding SSL connections and sending the data to the C&C server. We’ll update you if we hear anything more on this one.
Continue reading “This Week In Security: Bad Signs From Microsoft, An Epyc VM Escape” →

This Week In Security: Android Bluetooth RCE, Windows VMs, And HTTPS Everywhere

January 8, 2021 by Jonathan Bennett 5 Comments

Android has released it’s monthly round of security updates, and there is one patched bug in particular that’s very serious: CVE-2021-0316. Few further details are available, but a bit of sleuthing finds the code change that fixes this bug.

Fix potential OOB write in libbluetooth Check event id if of register notification command from remote to avoid OOB write.

It’s another Bluetooth issue, quite reminiscent of BleedingTooth on Linux. In fact, in researching this bug, I realized that Google never released their promised deep-dive into Bleedingtooth. Why? This would usually mean that not all the fixes have been rolled out, or that a significant number of installations are unpatched. Either way, the details are withheld until the ramifications of releasing them are minimal. This similar Bluetooth bug in Android *might* be why the BleedingTooth details haven’t yet been released. Regardless, there are some serious vulnerabilities patched this in this Android update, so make sure to watch for the eventual rollout for your device. Continue reading “This Week In Security: Android Bluetooth RCE, Windows VMs, And HTTPS Everywhere” →

Hackaday

Zyxel

2 Articles

This Week In Security: Bad Signs From Microsoft, An Epyc VM Escape

This Week In Security: Android Bluetooth RCE, Windows VMs, And HTTPS Everywhere

Search

Never miss a hack

If you missed it

Blended Wing Body Passenger Airplanes And The End Of Winged Tubes

With Core ONE, Prusa’s Open Source Hardware Dream Quietly Dies

The Great Redbox Cleanup: One Company Is Hauling Away America’s Last DVD Kiosks

Do You Dream In Color?

I Want To Believe: How To Make Technology Value Judgements

Our Columns

USB-C For Hackers: Reusing Cables

FLOSS Weekly Episode 810: Pi4J – Stable And Boring On The Raspberry Pi

Boss Byproducts: Calthemites Are Man-Made Cave Dwellers

Supercon 2024 SAO Petal KiCad Redrawing Project

Keebin’ With Kristina: The One With The Typo

Search

Never miss a hack

Subscribe

If you missed it

Our Columns