The all in one place for non-profit security aid.
A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool.
Simbian Emerges From Stealth With $10 Million to Build Autonomous AI-Based Security Platform
[[{“value”:”
Simbian aims to build a fully autonomous security platform that lets humans make the strategic decisions while AI implements those decisions.
The post Simbian Emerges From Stealth With $10 Million to Build Autonomous AI-Based Security Platform appeared first on SecurityWeek.
“}]] Read More
SecurityWeek RSS Feed
Google Revealed Kernel Address Sanitizer to Harden Android Firmware & Beyond
[[{“value”:”
Google has unveiled its latest initiative the implementation of the Kernel Address Sanitizer (KASan) to enhance firmware security.
This development comes as the focus on lower-level firmware security intensifies, given its critical role in device security.
Traditionally, this area has received less scrutiny than Android userspace and kernel security.
However, Google’s proactive approach aims to mitigate unknown vulnerabilities by catching memory corruption issues and stability problems before they affect user devices.
Firmware, the software programmed into a device’s hardware, is essential for the operation of mobile devices.
Despite its importance, firmware has often been overlooked in security discussions.
Google’s recent efforts signify a shift in this perspective, highlighting the company’s commitment to addressing all aspects of device security.
KASan, or Kernel Address Sanitizer, is a powerful tool designed to proactively discover vulnerabilities within the firmware.
Contrary to what its name might suggest, KASan’s application extends beyond the kernel, covering a wide range of firmware targets.
By enabling KASan in builds during testing or fuzzing, developers can identify and rectify memory safety bugs and vulnerabilities, including those of critical severity.
Google’s deployment of KASan has already led to the discovery and fixing of over 40 memory safety issues.
ASan is a compiler-based tool that detects real-time invalid memory access operations.
It can identify memory safety bugs, such as out-of-bounds memory access and use-after-free errors.
While ASan is readily enabled for most user-space targets, its application in bare-metal code requires a custom implementation due to the absence of a standard runtime environment.
To implement KASan for bare-metal targets, developers must first reserve a portion of DRAM for shadow memory, which tracks the state of memory regions.
Following this, the necessary runtime routines for memory access checks and shadow memory management must be established.
These steps ensure that any invalid memory access is promptly reported, enhancing the overall security of the firmware.
Google’s introduction of KASan marks a significant advancement in the security of Android firmware and beyond.
By addressing vulnerabilities at the firmware level, Google aims to fortify the foundation of device security, preventing potential exploits before they reach end-users.
This initiative, coupled with exploring memory-safe languages like Rust, underscores Google’s comprehensive approach to enhancing Android security.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Google Revealed Kernel Address Sanitizer to Harden Android Firmware & Beyond appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Ukraine at D+486: The march on Moscow is over.
Mr. Prigozhin calls off his march on Moscow and moves to Minsk. Read More
The CyberWire