Security: Linux and FUD
-
MS Enterprise app management service RCE. CVE-2022-35841
A remote command execution and local privilege escalation vulnerability has been fixed by Microsoft as part of September’s patch Tuesday.
The vulnerability, filed under CVE-2022-35841, affects the Enterprise App Management Service which handles the installation of enterprise applications deployed via MDM.
An unprivileged user can exploit the vulnerability both locally and, in some cases, remotely and gain SYSTEM level access on vulnerable hosts.
-
Security updates for Thursday [LWN.net]
Security updates have been issued by Debian (libreoffice, rexical, ruby-nokogiri, and squid), Fedora (wavpack), Red Hat (expat), SUSE (gdcm, orthanc, orthanc-gdcm, orthanc-webviewer and rubygem-puma), and Ubuntu (GMP and unzip).
-
Why Kali Linux is the go-to distribution for penetration testing
The Kali Linux distribution enables penetration testers to explore how potential attackers may enter a system. The suite features hundreds of tools to effectively test all aspects of an IT system, from applications to networks.
Author and pen tester Vijay Kumar Velu wrote Mastering Kali Linux for Advanced Penetration Testing to provide readers with a holistic understanding of ethical hacking, from start to finish, using tools such as Wireshark, Burp Suite and Nmap.
In an interview with SearchSecurity, Velu discussed what readers at all experience levels can learn from his book, why Kali Linux is such a solid distribution and more.
-
New Alchimist attack framework targets Windows, macOS, Linux [Ed: Classic FUD. Microsoft propaganda site blames "GoLang" and warns about "Linux" because someone wrote some malware and GoLang and tries to trick people into installing it. Microsoft is trying to shamelessly twist cross-platform compatibility as an undesirable thing and security nightmare.]
The framework and all its files are 64-bit executables written in GoLang, a programming language that makes cross-compatibility between different operating systems a lot easier.
-
iTWire - Signal to remove support for SMS messages in Android app
End-to-end encrypted messaging platform Signal will phase out support for plaintext SMS and MMS messages in its Android app over the next few months.
However current users will have to wait for an update to the Android app before they are able to export their existing plaintext messages to another messaging app on their phones. The current version of the Android app is 5.51.7 (on Android 11) and it lacks any means of exporting messages.
In a blog post on Wednesday, Signal Messenger, the company behind Signal said while it had offered support for plaintext messages all these years, it no longer made any sense to do so.