CVE-2018-3968: Cisco using outdated U-boot in Cujo

Let’s hope Cisco Talos will let Mitre/NVD about the details soon. No info on the Talos or Cisco security sites, nor even *Twitter*!, AFAICT. πŸ™‚

https://lists.denx.de/pipermail/u-boot/2018-August/336973.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3968

——– Forwarded Message ——–
Subject: [U-Boot] Talos Security Advisory (TALOS-2018-0633/CVE-2018-3968 )
Date: Thu, 2 Aug 2018 18:52:03 +0000

Hello,

Cisco Talos team discovered a security issue impacting Cujo product using an outdated version of U-boot. We’ve assigned a CVE for this issue (CVE-2018-3968) and have attached a copy of the security advisory provided to Cujo.

VPNFilter malware

https://blog.talosintelligence.com/2018/05/VPNFilter.html

https://www.wired.com/story/vpnfilter-router-malware-outbreak/

Talos II by Raptor Engineering

The Free Software Foundation has a new announcement, reminding you to pre-order a Talos II by Raptor Engineering before Septembert 15th deadline. The FSF includes the Talos II in their Respects Your Freedom hardware certification program.

Support the Talos II, Respects Your Freedom certification candidate: pre-order by 9/15

Raptor Engineering is now taking pre-orders for the Talos II until September 15th. The Talos II is a powerful system built from the ground up with freedom in mind. We’ve previously [supported] the work of the folks at Raptor Engineering. This time, rather than a crowdfunding effort, we are asking you to support their work by pre-ordering the [Talos II]. The system comes in a variety of forms to meet your needs, from a workstation to rack-mounted to the board by itself. Raptor Engineering has put in a great deal of effort researching and prototyping this system, and now it is ready for prime time. The Talos II is great for any hacker who needs a powerful machine, perfect for developing even more free software.[…]

https://www.fsf.org/blogs/licensing/support-the-talos-ii-a-candidate-for-respects-your-freedom-certification-by-pre-ordering-by-september-15

https://raptorcs.com/TALOSII/

 

TaLoS: library that integrates Intel SGX with OpenSSL

TaLoS: Efficient TLS Termination Inside SGX Enclaves for Existing Applications

TaLoS1 is a TLS library that allows existing applications (with an OpenSSL/LibreSSL interface) to securely terminate their TLS connection. For this, TaLoS places security-sensistive code and data of the TLS library inside an Intel SGX enclave, while the rest of the application remains outside. It can then be used as the building block for a wide range of security-critical applications for which the integrity and/or confidentiality of TLS connections must be guaranteed. TaLoS provides good performance by executing enclave transitions asynchronously and leveraging user-level threading inside the enclave. The code is accompanied with a technical report, containing details about the architecture and performance results. In contrast to the SSL add-on for the Intel SGX SDK, TaLoS exposes the OpenSSL/LibreSSL API to untrusted code outside of the enclave. This means that existing applications can use the TaLoS library with no or only minor modifications. The Intel SGX SDK SSL add-on does not expose an outside interface, which means that applications must be modified to use it.[…]

https://github.com/lsds/TaLoS

 

MBRFilter: MBR security for Windows

Lucian Constantin has an article about a new MBR-based Windows-centric tool created by Cisco’s Talos. From his article on CSO Online:

[…]Cisco’s Talos team has developed an open-source tool that can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks. threat intelligence The tool, called MBRFilter, functions as a signed system driver and puts the disk’s sector 0 into a read-only state. It is available for both 32-bit and 64-bit Windows versions and its source code has been published on GitHub. The master boot record (MBR) consists of executable code that’s stored in the first sector (sector 0) of a hard disk drive and launches the operating system’s boot loader. The MBR also contains information about the disk’s partitions and their file systems. Since the MBR code is executed before the OS itself, it can be abused by malware programs to increase their persistence and gain a head start before antivirus programs. Malware programs that infect the MBR to hide from antivirus programs have historically been known as bootkits — boot-level rootkits. […]

From the project’s readme:

[…]This is a simple disk filter based on Microsoft’s diskperf and classpnp example drivers. The goal of this filter is to prevent writing to Sector 0 on disks. This is useful to prevent malware that overwrites the MBR like Petya. This driver will prevent writes to sector 0 on all drives. This can cause an issue when initializing a new disk in the Disk Management application. HitΒ  ‘Cancel’ when asks you to write to the MBR/GPT and it should work as expected. Alternatively, if OK was clicked, then quitting and restarting the application will allow partitoning/formatting. […]

http://www.csoonline.com/article/3133115/security/free-tool-protects-pcs-from-master-boot-record-attacks.html

https://github.com/vrtadmin/MBRFilter/releases/tag/1.0

Talos creates Intel PT driver

Talos Intel PT Driver
This driver implements the Intel Processor Trace functionality in Intel Skylake architecture for Microsoft Windows.
Intel Processor Trace is a high performance hardware supported branch tracing mechanism in Intel Skylake architecure.
[…]

https://github.com/talos-vulndev/TalosIntelPtDriver

https://github.com/talos-vulndev/FuzzFlow

http://www.talosintelligence.com/