Microsoft just released a beta version of Windows Subsystem for Linux (WSL) v2 which accelerates the Linux performance in Windows by using parts of Hyper-V underneath the hood.
I was just made me aware of some awesome open source efforts for doing car hacking with a CAN bus virtually. Check out the article here:
I have already taken the liberty of forking the underlying CAN bus GitHub repo:
Thank you IAmSecurity for making me aware of this!
If you are using any major Linux distribution you should patch now. There’s a remotely exploitable condition in any Linux Kernel (such as Fedora, Debian, Ubuntu, and others) that is prior to 5.0.8. It’s got the potential for being exploitable, but thankfully it’s fairly difficult the gain code execution but not impossible.
Microsoft has issued a warning regarding a pre-auth bug that could potentially be used for another worm, like WannaCry. It affects Windows XP-8.1 clients and Windows Server 2003-2008R2.
Looks like Vodaphone considered having a telnet server running as a backdoor in the initial reporting by Bloomberg. All the same though, using Huawei devices as infrastructure of a 5G cellular network gives another nation state access to some potentially sensitive data and they would have the ability to remotely tamper with it. As more and more people rely on high speed cellular networks this is still a bad idea!
Someone posted this video on one of the Slack workspaces that I’m on. It was really informative on the techniques used and where the current state of the art quantum computers currently are. The good news is current quantum computers don’t have enough quantum memory to break large primes, however I wonder if there’s such a thing as Moore’s Law for quantum computing in which case the Internet will be in big trouble in just a few years.
While Huawei has made promises that they have removed all the backdoors found by Vodafone, how about firmware updates and security updates that Vodaphone and other major carriers need to keep the network up to date. Are they going to have a manual review process? Blindly assume the updates don’t re-introduce a backdoor? Seems like risky business!
Microsoft release 70 patches and updates this “Patch Tuesday” including two local privilege (LPE) escalations that affected all versions of Windows.
I found this tutorial on using recon-ng, which is a tool used for pentesters for gathing open source intelligence (OSINT) about an individual or a company. It features a Metasploit-like interface and has the ability to crawl social networks, Google, WHOIS databases, etc to collect information about a company, it’s employees, it’s domains, etc.