This Week in Security: Signal DRM, Modern Phone Phreaking, and the Impossible SSH RCE

In a slight irony, a new feature in Microsoft’s AI-powered Recall tool marks windows as containing DRM content in order to avoid being cached, however, this has the side effect of also avoiding screenshotting tools.
More malicious packages have been found on npm, two years after they were published, allegedly having a trigger date rather than exfiltrating data or stealing bitcoin, the packages simply sabotage systems in subtle ways.
An investigation into Voice over LTE (VoLTE) calls on the O2 network showed that they use the Session Initiation Protocol which contains metadata including the caller and receiver’s International Mobile Subscriber Identity and International Mobile Equipment Identity codes; these could locate a caller to within an urban environment.
A new tool, NetImposter has been designed to automate the process of sending spoofed ARP packets and establishing “impossible” TCP connections.
Perri Adams, having spent two years working on a Remote Code Execution exploit based on a pre-authentication double-free vulnerability in OpenSSH server version 9.1, has concluded that AI systems are now approaching the threshold of being useful for defensive programming work.

Fast Feed