Cybersecurity Newsletter, August 3 - 8
Qrator

Greetings to all the readers of our regular networking and cybersecurity newsletter! With this issue, we are looking at everything that has happened between August 3 and 8, 2020.

Massive 20GB Intel IP Data Breach Floods the Internet, Mentions Backdoors

"Till Kottmann, a Swiss IT consultant, posted on Twitter a link to a file sharing service today that contains what an anonymous source claims is a portion of Intel's crown jewels: A 20GB folder of confidential Intel intellectual property. The leaker dubbed the release the "Intel exconfidential Lake Platform Release ;)." 

Update: Intel has responded to Tom's Hardware with an official statement:

"We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data."

"Intel investigating breach after 20GB of internal documents leak online. Leak confirmed to be authentic. Many files are marked "confidential" or "restricted secret." - ZDNet.

"Intel NDA blueprints – 20GB of source code, schematics, specs, docs – spill onto web from partners-only vault. Leaker only 'a bit concerned' about getting sued." - The Register.

Related (to Intel) reading: "Murphy's Law vs Moore's Law: How Intel Lost its Dominance in the Computer Industry." - by Michael Bruck.
 

Google: Eleven zero-days detected in the wild in the first half of 2020

"According to data collected by Google's Project Zero security team, there have been 11 zero-day vulnerabilities exploited in the wild in the first half of the year.
The current number puts 2020 on track to have just as many zero-days as 2019 when Google security researchers said they tracked 20 zero-days all of last year."
 

Linus Torvalds on Linux 5.8

"Aside from silly header file noise, the last week was mostly dominated by the networking pull, which accounts for about half of the changes (mellanox drivers and selftests stand out, but there's other smaller things in there too). Some RCU fixes stand out.

Outside of the networking stuff, it's mostly various small driver
fixes (gpu, rdma, sound and pinctrl being much of it), and  some minor architecture noise (arm, x86, powerpc). But it's all fairly small.

So there it is, a shiny new kernel. Give it a whirl before all you
people start sending me the pull requests for the merge window, which I'll start handling tomorrow.."
 

Mozilla doubles down on anti-tracking tech: It'll be tougher for wily ad-biz cookie monsters to track Firefox

"A week after Firefox 79 debuted, Mozilla says that it plans to start rolling out version 2.0 of its Enhanced Tracking Protection (ETP) scheme to prevent redirect tracking on the web."

"More specifically, this technique was developed to circumvent browsers that prevent advertisers from using third-party cookies to track users." - ZDNet.
 

Bypassing internet connectivity and copy-paste restriction to Infiltrating malicious data

"In this blog post will discuss about the infiltration of data to a machine which has following restrictions: Internet connectivity is not allowed; Copy-Paste operation is blocked; File uploading is restricted".
 

Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns

"The Linux Foundation has formed the Open Source Security Foundation (OpenSSF) with founding board members representing companies including IBM, GitHub, Google, JPMorgan Chase, Microsoft, NCC Group, and Red Hat.

The OpenSSF is a consolidation of several pre-existing efforts in the same space and intends bring the Open Source Security Coalition (OSSC) and the Core Infrastructure Initiative (CII) under one roof.

The CII is an existing Linux Foundation project that has wide support, including from AWS, Facebook, Huawei, Cisco, Intel, Qualcomm, and VMware, as well as most of the OpenSSF founder members mentioned above.

The CII remains in place, but "in the long term, the CII will dissolve efforts with work happening under the OpenSSF umbrella," according to the FAQ. In the meantime, the plan is that the CII will work through the OpenSSF project approval process, and contribute its resources."

"The goal of OpenSSF is to simplify the industry's open source security efforts by bringing together its most popular projects and the companies that support them. Its founders say that open-source software has become pervasive in today's technology, used in everything from data centers to c0nsumer devices." - Silicon Angle.
 

Snapdragon chip flaws put >1 billion Android phones at risk of data theft

"A billion or more Android devices are vulnerable to hacks that can turn them into spying tools by exploiting more than 400 vulnerabilities in Qualcomm's Snapdragon chip, researchers reported this week."

"In July, the makers of millions of smartphones powered by Qualcomm's Snapdragon system-on-chips received mitigation recommendations to address a bevy of security flaws in their products, all introduced by Qualcomm's technology.

Those software-level vulnerabilities, which apparently affect potentially more than 40 per cent of cellphones worldwide, were outlined this week at the now-virtual DEF CON hacking conference." - The Register.
 

Possible blocking of Encrypted SNI extension in China

"There is now a detailed written report on the new phenomenon of ESNI blocking in China. It was produced by a collaboration of researchers from Geneva (https://censorship.ai/), GFW Report (https://gfw.report/), and iYouPort (https://www.iyouport.org/).

https://geneva.cs.umd.edu/posts/china-censors-esni/esni/    (English);

https://geneva.cs.umd.edu/zh/posts/china-censors-esni/esni/ (Chinese)."


"We confirm that the Great Firewall (GFW) of China has recently begun blocking ESNI—one of the foundational features of TLS 1.3 and HTTPS. We empirically demonstrate what triggers this censorship and how long residual censorship lasts. We also present several evasion strategies discovered by Geneva that can be run either client-side or server-side to evade blocking." - Censorship.ai.
 

An academic paper of the week - Speculative Dereferencing of Registers: Reviving Foreshadow

 

Repository of the week -  Performant type-checking for python

 

Thanks for being an excellent subscriber!

For feedback, please write to us at cybersec@qrator.net.