My Shared Links — Week 41/2022
--
Collection of the resources and links I have found insightful and shared during week #41 of 2022.
New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems
A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems.
Written in GoLang, Alchimist is complemented by a beacon implant called Insekt, which comes with remote access features that can be instrumented by the C2 server.
Microsoft, an IBM Security Services strategic partner
IBM and Microsoft have formed a strategic alliance to help organizations achieve holistic enterprise-wide threat management. IBM’s aligned security solutions enable confidence to accelerate migration, modernization, and business transformation using #Azure cloud.
What You Should Know About the Honda Key Fob Vulnerability
The key fob attack impacting Honda vehicles is known as the Rolling-PWN. Rolling codes are used to avoid replay attacks, which are man-in-the-middle attacks that are intercepted and re-transmitted as if they are authentic codes.
The attack exploits a vulnerability in #authentication code transmitted wirelessly between the fob and the vehicle. Whenever the fob button is pressed, there is an increase in rolling codes that are synchronizing. Honda vehicles don’t need the exact codes — instead, the rolling codes fall into a window of codes.