The tech giant has rolled out fixes for 173 CVEs, including five critical-severity security defects.

The post Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws appeared first on SecurityWeek.

The attack uses a passive interposer to control the SGX enclave and extract the DCAP attestation key, breaking the mechanism.

The post WireTap Attack Breaks Intel SGX Security appeared first on SecurityWeek.

The vulnerability could lead to a denial-of-service condition or memory corruption when a malicious font is processed.

The post Apple Updates iOS and macOS to Prevent Malicious Font Attacks appeared first on SecurityWeek.

Binarly researchers have found a way to bypass a patch for a previously disclosed vulnerability. 

The post Patch Bypassed for Supermicro Vulnerability Allowing BMC Hack appeared first on SecurityWeek.

Hackers are increasingly adopting the techniques of the Chinese group that successfully infiltrated major telecommunications providers in attacks that made headlines last year by looking for unconventional weak spots, an AT&T executive said Monday.

AT&T was one of the major providers to fall victim to the sweeping campaign from the group, known as Salt Typhoon, but the company has since said it evicted the hackers from its networks.

“We’re seeing adversaries really change the way they’re doing things, very similar to what Salt Typhoon did,” Rich Baich, chief information security officer at AT&T, said at the Google Cloud Cyber Defense Summit.

There were three things that stood out about the way Salt Typhoon approached its campaign, he said. One was hunting for weak points in the company’s ability to find and track malicious activity on physical devices like phones or laptops, known as endpoint detection and response (EDR).

“Traditionally as practitioners, we focused on putting endpoint detection on our devices to help us provide a certain level of protection” Baich said. “Salt Typhoon’s approach was a little bit different. They said, ‘Well, what about all the other platforms that traditionally don’t have an EDR?’ And those platforms then can be utilized in many fashions, carrying out different types of actions.”

“What we need to think about is this: Do we need to have endpoint protection elsewhere, in different platforms?” Baich added. ”So that’s one: They’re going to the areas of least resistance and not spending time trying to combat traditional security controls.”

Another technique that’s growing in use since the Salt Typhoon attacks is “looking for things where we don’t have logs,” he said. Baich said attackers are “re-engineering and thinking of tradecraft techniques that allow them to circumvent known controls, and things that we may do today, but in certain parts of our networks, we may not have those things enabled.”

Lastly, Salt Typhoon and its mimics have been turning to what’s called “living off the land” attacks, where attackers rely on legitimate tools that already exist in a victim’s networks.

“Third thing that they are doing is using the actual administrative tools that we use to perform those functions, so [a lesson for potential victims is] making sure that those are locked down and you understand all the administrative tools that you have in your environment,” Baich said. “All of that is because they’re actually trying to be part of your network.”

The combination of those techniques, as well as a dedication to covering and wiping their tracks to avoid digital forensics probes, means that “we have to be much more efficient operators,” he said. “We have to think outside the box. It’s not just about just having the technology; it’s understanding how to use the technology and understanding how your technology can be used against us.”

Ironically, network defenders might be a victim of their own success, said Rob Joyce, the former cybersecurity director of the National Security Agency.

Defenses for the most-used technology in society today — from mobile phones to web browsers — have gotten very good, Joyce said at the same conference. Vulnerability management, patch management, threat intelligence — all have bolstered defenses, he said.

Because of that, “it just takes exploits chained together in multiple paths to get to success,” said Joyce, who now runs his own cybersecurity consulting firm.

“All of that has advanced us,” he said. “At the same time, we’ve evolved the attackers through that activity. I think by calling out some of the bad behavior, by highlighting the things that have worked or not worked, we’ve pushed people into new exploit methodology.”

The post Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques appeared first on CyberScoop.

Neon Cyber argues that phishing, social engineering, and insider threats demand protections that follow users into the browser, where most attacks now begin.

The post Neon Cyber Emerges From Stealth, Shining a Light Into the Browser appeared first on SecurityWeek.

Researchers devise Phoenix, a new Rowhammer attack that achieves root on DDR5 systems in less than two minutes.

The post Rowhammer Attack Demonstrated Against DDR5 appeared first on SecurityWeek.

Yet again it is time for another edition of Sacred Cash Cow Tipping! Or, “Why do these endpoint security bypass techniques still work? Why?” The goal of this is to […]

The post PODCAST: Sacred Cash Cow Tipping 2019 appeared first on Black Hills Information Security, Inc..

John Strand // Yet again it is time for another edition of Sacred Cash Cow Tipping! Or, “Why do these endpoint security bypass techniques still work? Why?” The goal of […]

The post Webcast: Sacred Cash Cow Tipping 2019 appeared first on Black Hills Information Security, Inc..