In the realm of cybersecurity, a recent study has brought to light a series of Hello Authentication vulnerabilities that could compromise the Windows Hello authentication on popular laptop models, including Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X. Conducted by researchers at Blackwing Intelligence, a firm specializing in hardware and software product security, these findings underscore potential security risks associated with fingerprint sensors from Goodix, Synaptics, and ELAN integrated into these devices. This blog delves into the details of Hello Authentication flaws, as well as the mitigation measures advised.
The Nature of Hello Authentication Vulnerabilities
The fingerprint sensors in question, categorized as “match on chip” (MoC), house both matching and biometric management functions within their integrated circuits. Despite MoC’s ability to prevent the replay of stored fingerprint data, it falls short in preventing a malicious sensor from mimicking a legitimate sensor’s communication with the host. This could lead to false claims of successful user authentication.
CVE-2023-33063 (CVSS score: 7.8) – Memory corruption in DSP Services during a remote call from HLOS to DSP.
CVE-2023-33106 (CVSS score: 8.4) – Memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
CVE-2023-33107 (CVSS score: 8.4) – Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
Google’s Threat Analysis Group and Google Project Zero revealed back in October 2023 that the three flaws, along with CVE-2022-22071 (CVSS score: 8.4), have been exploited in the wild as part of limited, targeted attacks.
Public-facing servers at a U.S. federal agency were compromised by hackers in June and July through a vulnerability in a popular product from Adobe, according to the nation’s leading cybersecurity agency.
The unidentified hackers exploited CVE-2023-26360 — a bug affecting Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) as well as earlier installations of the software that Adobe no longer supports.
ColdFusion is a tool used by organizations for rapid web-application development, allowing them to build web applications and integrate things like databases and other third-party libraries.
You may be familiar with the common phishing tactics like fake emails or text messages from a hacker pretending to be someone at your place of work, or maybe it’s someone pretending to be from your bank or credit card company. The latest scam we’ve uncovered now highlights another widespread service used by almost everyone: the postal service. Perhaps it’s not a coincidence that the uptick comes as we turn the corner into the holiday season, emphasized with an increase of ordering and sending packages or items in the mail.
The parcel delivery scam, a phishing campaign initially targeting less tech-savvy individuals with messages about “failed deliveries” or late payments, has significantly evolved since first discovered. As awareness grows, scammers are refining their tactics, shifting from simple misleading messages to more sophisticated methods, like tricking victims to download malicious apps designed to steal banking information.
Cisco Talos recently discovered a malicious campaign that likely started as early as August 2023, delivering a new remote access trojan (RAT) we dubbed “SugarGh0st.”
We found evidence suggesting the threat actor is targeting the Uzbekistan Ministry of Foreign Affairs and users in South Korea.
We assess with high confidence that the SugarGh0st RAT is a new customized variant of Gh0st RAT, an infamous trojan that’s been active for more than a decade, with customized commands to facilitate the remote administration tasks as directed by the C2 and modified communication protocol based on the similarity of the command structure and the strings used in the code.
Talos assesses with low confidence that a Chinese-speaking threat actor is operating this campaign based on the artifacts we found in the attack samples.