Tag: Address | SpinSafe

Google Revealed Kernel Address Sanitizer To Harden Android Firmware

March 29, 2024/in Mobile Security

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source nature.

However, it has a big attack surface with over 2.5 billion active Android devices all over the world.

It also poses challenges when it comes to prompt vulnerability patching due to its fragmented ecosystem that consists of different hardware vendors and delayed software updates.

Malware distribution, surveillance, and unauthorized financial gain, or any other malicious purpose are some examples of how cybercriminals take advantage of these loopholes in security.

Recently, Google unveiled the Kernel Address Sanitizer (KASan) to strengthen the Android firmware and beyond.

Android Firmware And Beyond

KASan (Kernel Address Sanitizer) has broad applicability across firmware targets. Incorporating KASan-enabled builds into testing and fuzzing can proactively identify memory corruption vulnerabilities and stability issues before deployment on user devices.

Document

Download Free CISO’s Guide to Avoiding the Next Breach

Are you from The Team of SOC, Network Security, or Security Manager or CSO? Download Perimeter’s Guide to how cloud-based, converged network security improves security and reduces TCO.

Understand the importance of a zero trust strategy

Complete Network security Checklist

See why relying on a legacy VPN is no longer a viable security strategy

Get suggestions on how to present the move to a cloud-based network security solution

Explore the advantages of converged network security over legacy approaches

Discover the tools and technologies that maximize network security

Adapt to the changing threat landscape effortlessly with Perimeter 81’s cloud-based, unified network security platform.

Google has already leveraged KASan on firmware targets, leading to the discovery and remediation of over 40 memory safety bugs, some critically severe, through proactive vulnerability detection.

Address Sanitizer (ASan) is a compiler instrumentation tool that identifies invalid memory access bugs like out-of-bounds, use-after-free, and double-free errors during runtime.

For user-space targets, enabling ASan is…

Source…

TAD to hold emergency meeting Monday to address ransomware attack

March 23, 2024/in Internet Security

The Tarrant Appraisal District will hold an emergency board meeting March 25 after a criminal ransomware attack disrupted the agency’s network March 21, causing the website to crash.

The district has taken steps to secure the network and is working with cybersecurity experts to investigate, respond and restore the network, it said in a press release.

The incident was reported to the Federal Bureau of Investigation and the Texas Department of Information Resources.

The website is now live again, but emails and phone lines remain down.

Appraisal board member Alan Blaylock, who is also a Fort Worth City Council member, said board members anticipate receiving more detailed information at the March 25 meeting.

“I think that the chief appraiser and the new team are going to great pains to communicate all they can as they are able,” Blaylock said, “and I expect that there will be significant communication coming forward early next week as investigations into what happened continue.”

This is the second criminal cyberattack on the appraisal district’s website. In October 2022, a security breach potentially exposed sensitive taxpayer information. However, the final report found that data was not stolen.

Ransomware attacks were on the rise in 2023, according to data from the FBI. More than 2,800 complaints about ransomware were reported last year, including 156 from government facilities.

Source…

Cybersecurity on the farm conference to address internet security

December 14, 2023/in Internet Security

The farming sector is sometimes targeted by cybercriminals because of farming’s critical function — supplying the food and fiber that humans and animals depend upon.

The first of its kind Cybersecurity on the Farm Conference, offered by Iowa State University Extension and Outreach, will be held at the Iowa State University Alumni Center in Ames on Jan. 11, from 8:30 a.m. to 3:30 p.m.

In an era where technology is reshaping every industry, farming stands at the crossroads of innovation and tradition. This one-day conference is designed to address the unique intersection of today’s agriculture and cybersecurity.

For farmers, this workshop offers insights into the ever-evolving world of digital lending in farming and the shift toward online agricultural marketplaces. There will be critical discussions on the potential cyber threats that emerge when working in the agricultural sector. By the end of the day, farmers will be better equipped to navigate farming on the internet while keeping a keen eye on safety and security.

“As a farmer I’m used to risk from the markets and the weather, but it has been very eye-opening to learn how vulnerable my farm and family can be to cybersecurity risks,” said Alexis Stevens, farm management specialist with ISU Extension and Outreach. “Conferences like this one are helping me implement strategies to avoid cyberattacks so I can have peace of mind.”

Through panel discussions with industry experts and a resource fair with trusted service providers, this conference is designed to support farmers as they work to create a seamless integration of cybersecurity into existing systems.

Source…

Google urges users to update Chrome to address zero-day vulnerability

November 6, 2023/in Internet Security

Google has released Chrome version 112.0.5615.121 to address a vulnerability that can allow malicious code execution on Windows, Mac, and Linux systems.

Google has released an emergency Chrome security update to address a zero-day vulnerability targeted by an exploit, already in circulation on the internet, that can allow malicious code to be executed.
Google is urging users to upgrade Chrome to the new version, 112.0.5615.121, as soon as possible. The updated version addresses the vulnerability, which affects Windows, Mac, and Linux systems, and is listed as CVE-2023-2033 in the US’ National Vulnerability Database.
Meanwhile, the update will roll out in the coming weeks on Google’s stable desktop channel, the company said.
The high-severity vulnerability was described by Google as a “type confusion” issue in the V8 JavaScript engine. Google Chrome V8 is Google’s open source JavaScript and WebAssembly engine.

“Google is aware that an exploit for CVE-2023-2033 exists in the wild,” the company said in a statement on April 14.
NIST, the US Commerce Dept. agency that runs the National Vulnerability Database, went further in its CVE description about the vulnerability. “Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” NIST said.
Google is yet to release complete details on the vulnerability. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said in the statement.
To update Chrome, users can click the overflow menu on the right side of the menu bar and then go to Help and About Google Chrome. Chrome will automatically check for browser updates and, by default, update the browser. Once the update is complete, users need to restart the browser.

Clement Lecigne of Google’s Threat Analysis Group identified the vulnerability and reported the issue on April 11. In addition to fixing CVE-2023-2033, the Chrome update also fixes a variety of issues detected during internal audits and other initiatives, the company said.
This is the first zero-day vulnerability…

Source…

Tag Archive for: Address

Android Firmware And Beyond

Download Free CISO’s Guide to Avoiding the Next Breach