Disable User
Posts
Acer fixes UEFI bug, and Cobalt strike under attack.

Acer fixes UEFI bug, and Cobalt strike under attack.

Security weekly

Disable User
December 01, 2022

Hi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.

I just found a Pokémon font generator. Can life get any better?

In this week's edition:

🧑‍💻 Hack simulation software Cobalt Strike also used by malicious hackers🐞 Acer fixes UEFI bug with high-risk potential🔥 the quick and dirty

Reading time: 03:26

Hack simulation software Cobalt Strike also used by malicious hackers

Who would have guessed right? Is there nothing sacred in this world?

For those unaware, a little background info:

Cobalt Strike is hacking simulation software. Used to simulate a real cyber-attack. This way good-guy-hackers can test if their environment are safe, and try out different types of malware in their network to see which ones get detected and which don't.

Sounds good, right?

Of course, the software is a victim of its own succes and malicious actors have latched on to its capabilities, and use it as a tool for network infiltration.Google found several (34 to be precise, but who's counting, right?) versions of the cracked software, ready to be used in real-life attacks.

Luckily, Google offered aid and provided a way to validate whether or not you're dealing with a real of fake "Cobalt Strike".As per usual with cracked software, it's always at least one version behind the legitimate software. This way it is possible to detect and obstruct older versions.

I could expand on how that's done, but even for me it's hard to explain-it-like-your-five.

If you're interested thought, the full article can be found here:

Making Cobalt Strike harder for threat actors to abuse | Google Cloud Blog

A new initiative from Google Cloud and Cobalt Strike’s vendor has made it easier to find and block cracked versions of the popular red team software.

https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse

Acer fixes UEFI bug with high-risk potential

Acer, the Taiwanese hardware giant, recently fixed an UEFI bug that could potentially disable secure boot.

To fully understand why that is a potential high-risk, let me take you cats & dogs on a journey through UEFI-land.

UEFI-land? What am I even saying..

Anyway. UEFI.The Unified Extensible Firmware Interface. That sounds like somebody tried to come up with a name, while having his fist jammed in his mouth.UEFI is the glue that holds it all together. The juice that makes the computer hardware, talk to the operating system.If you ever worked with older computers, you may know it's predecessor, BIOS firmware.The screen you went to for;

changing your boot order, if you wanted a (re)install.
adjusting your CPU speed, for extra megahurtz
setting up a password on laptops at your local computer store, so they were essentially useless (it's very hard to get rid of a BIOS/UEFI password) - haha I never did that.. (I did)

Eventually they came up with a new version of BIOS, dubbed UEFI.Apart from the obvious upgrade in visuals (I mean, look at the thing)

I'm sorry BIOS, but you're not going to win this competition.

It also brought a nifty feature called 'Secure Boot'.Secure Boot is the guardian to your OS. It makes sure that nothing comes in between your UEFI booting, and the OS itself. What it does.Whenever you shut down, your operating system generates a key. This key is stored in the UEFI Secure Boot module. When you boot up again, Secure Boot validates if the OS still has the same key. If it doesn't, something altered your OS and Secure boot will prevent it from booting.

Easy. Peasy, Lemon. Squeezy.

But apparently for some people it's hard to grasp. Because in my days as a sysadmin I encountered a lot of devices with Secure Boot turned off.

I reckon in the beginning it wasn't the most friendly to use feature. And some people thought Microsoft made it to control more on your device (plottwist: it isn't).But please, even if you run into some issues, don't disable it without good cause.It's there for a reason.

Also: if you do, I'll visit you in your nightmares.

The quick and dirty

Windows Subsystem for Linux generally available via Microsoft Store - good news for security-guys-in-learning who want to try out working with Linux.
Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware - there are no apps to un-invisible that girl's silhouette guys. I'm sorry. Stop getting hacked following your d*ck.
Meme of the week

Security like I'm five

Don't have time for hours of research? Don't have 20 years of experience in security? Me neither, but I gotchu fam.In Security like I'm five I cover a range of security topics. I do all the hard work, and explain it to you in a practical matter. Lot's of meme's too. Good stuff, good stuff.This and Security weekly conveniently delivered to your mailbox a couple of times a week, for free.Pretty sweet deal if you ask me.

So sign up for the newsletter and be enlightened! (don't set the bar too high tho)