zelos v0.1 releases: comprehensive binary emulation and instrumentation platform

From securityonline.info

Zelos (Zeropoint Emulated Lightweight Operating System) is a python-based binary emulation platform. One use of Zelos is to quickly assess the dynamic behavior of binaries via command-line or python scripts. All syscalls are emulated to isolate the target binary. Linux x86_64 (32- and 64-bit), ARM, and MIPS binaries are supported. Unicorn provides CPU emulation.

Read more…

‘Anti-5G quantum machine’ turns out to just be 128MB USB drive

From techradar.com


Conspiracy theories surrounding the negative effects of 5G have become increasingly popular online, and scammers are now looking to capitalise with fake products claimed to protect against these made-up claims.

Now a company called BioShield Distribution has launched a new device which it claims can protect users from them using “quantum holographic catalyzer technology”.

The 5GBioShield recently went on sale in the UK for £283 ($348), with its creators claiming it could protect a users’ entire home from 5G. However a strip-down test has now revealed that the device is actually just a cheap USB stick with a sticker attached, offering no protection to any dangers, real or imagined.

Read more…

Multiple security vulnerabilities in VMware ESXi, Workstation, Fusion, VMRC and Horizon Client

From vmware.com

VMware Fusion, VMRC and Horizon Client contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.3.

Known Attack Vectors:

Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed.

To remediate CVE-2020-3957 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Read more…

Singapore researchers tapping quantum cryptography to enhance network encryption

From zdnet.com

A team of engineers and researchers are working to tap quantum cryptography technology to enhance network encryption tools, so these can be ready to mitigate security risks when quantum computing becomes mainstream. ST Engineering and National University of Singapore (NUS) will use “measurement-device-independent” quantum key distribution (MDI QKD) technology in their efforts to to build cybersecurity defence against increasingly sophisticated threats.

Supported under National Research Foundation’s Quantum Engineering Programme, the partnership aims to make advanced quantum cryptography accessible to the wider industry and drive the advancement of a technology that can lead to a new class of “quantum-resilient encryptors”, the partners said in a joint statement Friday. 

Read more…

New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective

From thehackernews.com

Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed.

The findings are from a paper “DABANGG: Time for Fearless Flush based Cache Attacks” published by a pair of researchers, Biswabandan Panda and Anish Saxena, from the Indian Institute of Technology (IIT) Kanpur earlier this week.

Read more…

The latest AWS phishing scam puts millions of customers at risk across the globe.

From hackread.com

New phishing scam steals AWS credentials via fake AWS notifications

It’s a fact that phishing scams are evolving and stealing credentials to obtain sensitive business data has remained the foremost target of hackers since day one, and to achieve this they can go to any lengths.

Pursuing the same goal, hackers are now distributing fake Amazon Web Services (AWS) notifications to steal employee credentials and fulfill their nefarious objectives. 

Read more…

Software bug in Bombardier airliner made planes turn the wrong way

From theregister.com

A Bombardier CRJ200 airliner. Pic: Bombardier

A very specific software bug made airliners turn the wrong way if their pilots adjusted a pre-set altitude limit.

The bug, discovered on Bombardier CRJ-200 aircraft fitted with Rockwell Collins Aerospace-made flight management systems (FMSes), led to airliners trying to follow certain missed approaches turning right instead of left – or vice versa.

Missed approaches are used when pilots aren’t confident that they’re going to land safely. They are a published path that helps the pilot safely position the aeroplane for another attempt.

Read more…