Cyber Security Weekly Recap (10-14 Oct.)

Cyber Security Weekly Recap 10 14 Oct. 1024x679

Intel has confirmed a leak of Alder Lake BIOS Source Code

Confidential source code for Intel’s Alder Lake processors was leaked on 4chan and GitHub by an anonymous user. Alder Lake is the company’s twelfth generation of CPUs and was first released in November 2021.

The incident was confirmed by the chipmaker in a statement. Based on what is known, the 6GB file that was leaked has tools and code for building and optimizing BIOS/UEFI images.

Some of the files and tools in the data dump appear to have come from the firmware provider, Insyde Software. They are part of the breach, along with the UEFI code.

Presently, there are no details on the type of hack that was used or where it came from. Unfortunately, the GitHub repository was removed, but copies of the code are still available online in other places.

Researchers detailed a critical RCE flaw in the popular vm2 JavaScript Sandbox.

A security hole in the vm2 JavaScript sandbox module could be exploited by remote attackers to bypass security restrictions and execute arbitrary code on the underlying computer.

A lot of users turn to the vm2 Node library in order to execute untrusted code using allow-listed built-in modules. It is one of the most downloaded programs because nearly 3.5 million copies are downloaded every week.

According to an advisory published by GitHub in September this year, a threat actor may bypass the sandbox security to gain remote code execution rights on the host that is running it.

The vulnerability, identified as CVE-2022-36067 and dubbed “Sandbreak,” has a CVSS score of 10, the highest possible score in the CVSS system). An update in version 3.9.11, issued on August 28, 2022, provides a fix for this issue. Due to the severity of the flaw, it is strongly recommended that users update to the most recent version immediately.

Google’s Passkey Password-Free Login is coming to Chrome and Android.

Both Android and Chrome now have formal support for passkeys, which is the next authentication standard, according to Google’s announcement on Wednesday.

The tech giant recommends using passkeys to replace passwords and other easily phished authentication elements. The company says that since passkeys can’t be used more than once, user data is safe in the event of a server breach or a phishing attack.

The functionality was initially revealed in May of 2022, as part of a larger initiative to promote a standardized method of passwordless sign-in.

The most appealing advantage of passkeys is that they work across platforms and browsers. This means that a user on Android may, for example, access a website that supports passkeys by using the Safari browser on iOS or macOS, or the Chrome browser on Windows.

Private packages may leak due to a new attack against the NPM Registry API.

A unique timing attack aimed at the npm’s registry API is placing developers at risk of supply chain vulnerabilities. The attack could be exploited to expose private packages used by companies.

Yakir Kadkoda, a security researcher at Aqua, said that with this attack, threat actors could find a company’s scoped private packages, which they could then use to make copies of these packages that are harmful and trick staff and users into downloading them.

As a safety measure, companies should periodically check npm and other package management systems for fake packages that look like their real ones.

A New Malware Attack Framework from China Aims at Mac OS X, Windows, and Linux

Alchimist, an undocumented command, and control (C2) framework, is likely being used in the wild against Windows, macOS, and Linux machines.

According to a report from Cisco Talos, “Alchimist C2” is capable of generating a configured payload, establishing remote sessions, deploying payloads to the remote machines, capturing screenshots, performing remote shellcode execution, and running arbitrary commands. Its web interface is written in a simplified Chinese language.

A beacon implant written in GoLang known as Insekt is designed to work in tandem with Alchimist. The implant includes a remote access feature that may be instrumented by the C2 server. 

Alchimist’s features show that cybercriminals are becoming more interested in “all-inclusive C2 frameworks” for remote management and command-and-control attacks.

A critical Fortinet Auth Bypass flaw is actively being exploited.

After a proof-of-concept (PoC) attack code was released for a newly discovered major security flaw in Fortinet FortiOS, FortiProxy, and FortiSwitchManager, users are urged to install the necessary updates as soon as possible.

The flaw is being tracked as CVE-2022-40684 and is an authentication bypass vulnerability with a CVSS score of 9.6. According to researchers, if unpatched, the vulnerability may enable a remote attacker to execute arbitrary code through carefully crafted HTTP(S) requests on the administrator interface.

If the flaw is successfully exploited, an attacker will be able to do just about everything on the vulnerable device. This includes modifying network settings, adding rogue users, and monitoring network traffic.


About the author

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment