#security (2020-12)

Archive: https://archive.sweetops.com/security/

2020-12-20

Maciek Strömich avatar
Maciek Strömich

https://www.zdnet.com/article/academics-turn-ram-into-wifi-cards-to-steal-data-from-air-gapped-systems/ it only took 3 years to go from 4000b/s using hdd lights to extract the data with some malware installed on the system to malwareless extraction at speeds around 100b/s

Academics turn RAM into Wi-Fi cards to steal data from air-gapped systems | ZDNet attachment image

AIR-FI technique can send stolen data at speeds of up to 100 b/s to Wi-Fi receivers at a distance of a few meters.

roth.andy avatar
roth.andy
Solarwinds, the World’s Biggest Security Failure and Open Source’s Better Answer attachment image

Every day that goes by SolarWinds proprietary software Orion network monitoring product supply chain security failure gets bigger and bigger.

2020-12-16

2020-12-15

btai avatar

this is so scary… many of us use many third party software hosted on our servers and some with privileged access. Think prometheus images, log agents, etc. which many of us always assume its safe because it’s coming from a safe source. these hackers got their malware into solarwind’s build process which can very much happen to any of our trusted vendors/images if we’re unlucky. https://arstechnica.com/information-technology/2020/12/18000-organizations-downloaded-backdoor-planted-by-cozy-bear-hackers/

~18,000 organizations downloaded backdoor planted by Cozy Bear hackers attachment image

Russia-backed hackers use supply chain attack to infect public and private organizations.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Ya, it’s super scary. And there are plenty of smaller organizations with even larger reach / distribution. It’s hard for small organizations to invest in all the safeguards, more over have the staff on hand and sophistication to deal with it.

~18,000 organizations downloaded backdoor planted by Cozy Bear hackers attachment image

Russia-backed hackers use supply chain attack to infect public and private organizations.

    keyboard_arrow_up