As part of this month’s Patch Tuesday, Microsoft today released a fresh batch of security updates to fix a total of 129 newly discovered security vulnerabilities affecting various versions of its Windows operating systems and related software. Of the 129 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, ChakraCore, SQL Server, Exchange Server, Office,
The Hacker News
Last week on Malwarebytes Labs, we dug into security hubris on the Lock and Code podcast, explored ways in which Apple’s notarization process may not be hitting all the right notes, and detailed a new web skimmer. We also explained how to keep distance learners secure, talked about PCI DSS compliance, and revealed that SMB security posture is weakened by COVID-19.
Other cybersecurity news
- School’s out for cyber attacker: Arrests made after multiple DDoS attacks target district networks (Source: Miami-Dade office of communications)
- Long arm of the law: British citizen extradited to the US regarding $ 2m in scam charges (Source: The Register)
- Warning signs: Your servers could be at risk should you spot cryptomining activity taking place (Source: Help Net Security)
- Election threats: How ransomware could spell trouble for the upcoming US election (Source: GovTech)
- Lloyd’s bank phish warning: A scam SMS attack is the order of the day for this bank’s customers (Source: Computer Weekly)
- COVID-19 scammers play on data breach fears: An interesting look at how old breach data is being repackaged to coax payment information from potential victims (Source: The Record)
- Fake ASDA mails in circulation: Missives offering entry into a competition for a £1,000 gift card should be ignored (Source: My London)
- Ad scams on TikTok: Researchers look at some of the ways bad ads make their way to the person holding the device (Source: Tenable)
- I can’t dance to this: Warner music group stores compromised by hackers (Source: Bleeping Computer)
- Fakes on Facebook: The social media giant takes down fake content run by a US-based pr firm (Source: Buzzfeed)
Stay safe, everyone!
The post A week in security (August 31 – September 6) appeared first on Malwarebytes Labs.
Microsoft has released an out-of-band security update that fixes remote code execution vulnerabilities in an Autodesk FBX library integrated into Microsoft Office and Paint 3D applications. […] BleepingComputer
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering, and extraction of firmware images.
Features of Binwalk Firmware Security Analysis & Extraction Tool
- Scanning Firmware – Binwalk can scan a firmware image for many different embedded file types and file systems
- File Extraction – You can tell binwalk to extract any files that it finds in the firmware image
- Entropy Analysis – Can help identify interesting sections of data inside a firmware image
- String Search – Allows you to search the specified file(s) for a custom string
There are also various filters such as by CPU architecture, number of instructions, include filter, exclude filter,
Installation of Binwalk Firmware Security Analysis & Extraction Tool
Download binwalk:
$ wget https://github.com/ReFirmLabs/binwalk/archive/master.zip
$ unzip master.zip
Install binwalk; if you have a previously installed version of binwalk, it is suggested that you uninstall it before upgrading:
$ (cd binwalk-master && sudo python setup.py uninstall && sudo python setup.py install)
Debian users can install all optional and suggested extractors/dependencies using the included deps.sh script (recommended):
$ sudo ./binwalk-master/deps.sh
If you are not a Debian user, or if you wish to install only selected dependencies, see the INSTALL documentation for more details.
Read the rest of Binwalk – Firmware Security Analysis & Extraction Tool now! Only available at Darknet.
A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company refused to acknowledge the responsibly submitted disclosure. The affected premium product in question is IBM Data Risk Manager (IDRM) that has been designed to analyze sensitive business information
The Hacker News