Google publishes cross-site leaks wiki

This site is set up as an open knowledge base where researchers can share new information about cross-site leaks. At its launch, will host information about the principles behind these attacks, common exploitations with proof-of-concept code, and proposed mitigation techniques. Ultimately Google says the goal of the wiki is to empower web developers to eliminate side-channel attacks that reveal sensitive information about users. 


NSA warns of state-sponsored attacks on remote-work systems

A new advisory from the agency warns that Russian state-sponsored groups are targeting flaws in some VMware platforms. VMware issued a security bulletin on December 3rd warning of a command injection vulnerability in VMware Workspace One Access, Identity Manager, and Cloud Foundry, and included mitigations, with CISA warning the same day these could be used to take control of impacted systems. VMware rated the flaw as Important, but not Critical, as attackers need access to a web-based, password-protected management interface to exploit the flaw. While also warning the general public, the NSA advisory “encourages National Security System (NSS), Department of Defense (DOD), and Defense Industrial Base (DIB) network administrators to prioritize mitigation of the vulnerability on affected servers.” 


Greater Baltimore Medical Center hit with ransomware attack

The attack hit on the morning of December 6th, although it’s unclear what group or ransomware variation was used in the attack. IT staff for the Medical Center said that some procedures this week had to be delayed as a result, but that all impacted patients have been contacted. This comes as ransomware attacks against healthcare have become increasingly common with CISA and the Department of Health and Human Services issuing a joint alert in October, warning hospitals and healthcare providers of imminent ransomware attacks from Russia.

(Security Affairs)

Can Macs be used for airgapped systems?

Security researcher Jeffrey Paul makes the case that Macs can no longer be used and maintained in airgapped deployments. This is due to how Apple now handles factory resets to machines, which requires restoring the OS to the special secured section of Apple Silicon processors, or the T2 chip on Intel-based machines. To do so, users need a cryptographic signature from Apple specific to that hardware, which is provided over the internet. Paul further states that the code to make this check is closed source, by necessity must include a unique identifier, which could then be tied back to the IP address when contacting Apple, making them insecure by design.

(Jeffrey Paul)

Thanks to our episode sponsor, Code42

Organizations are moving faster than ever before and security tools like DLP, UEBA and CASB can’t keep up. Code42 Incydr takes a Zero Trust approach to managing and mitigating data risk from insider threats. Learn more about Code42 Incydr, the insider risk platform that offers insider risk detection and response.

Google removes IAC extensions

The search giant said it removed “a number” of IAC extensions from the Chrome Web Store over “policy violations.” The Wall Street Journal’s sources say Google found the extension included “deceptive marketing practices” like stating features they didn’t actually include and pushing users to view extra ads. Google is also currently reviewing other IAC extensions for potential violations. The company is reportedly concerned that penalties against IAC might be viewed as anti-competitive, as the companies are rivals in some categories. IAC owns a number of companies and brands including Vimeo, Angie’s List, Ask Media Group, and The Spruce.


Hacker opens thousands of package lockers

The locker belonged to the delivery service PickPoint, which maintains 8,000 lockers across Moscow and St. Petersburg. Like other delivery lockers, users can have packages delivered to them instead of a home address, and unlock them with the PickPoint app. Using an unknown exploit, an attacker was able to unlock 2,732 lockers across Moscow on December 4th. Pickpoint said it’s currently working to restore it’s network. The perpetrator and reason behind the attack are unknown. 


Cloudflare launches data localization tools

The company officially announced its Data Localisation Suite, which let’s customers set where data is encrypted, decrypted, and inspected, as well as in which geography the private keystore is held. This will use Cloudflare’s 200 points of presence across the world. At launch, customers will be able to set a blocklist of countries where data transit is entirely prevented. Customers can also now specify where Cloudflare inspects HTTPS traffic, and launched an early beta of a Edge Log Delivery service, which lets customers send logs directly to the point where they are processed. According to Cloudflare, the company hopes the service can help companies  “manage privacy with technology, as opposed to by policy.”


NortonLifeLock acquires Avira

Norton will acquire the consumer security company in an all-cash $360 million deal. Norton said it plans to keep Avira’s freemium anti-virus model available to customers, in addition to Avira’s 1.5 million paying customers. This acquisition comes after Investcorp Technology Partners acquired a majority stake in Avira on a $180 million valuation back in April. NortonLifeLock itself was spun off by Symantec in 2019 as part of the conditions for Broadcom to acquire the company.