Security Leftovers

posted by Roy Schestowitz on Jul 30, 2023

• Linux Version of Abyss Locker Ransomware Targets VMware ESXi Servers [Ed: The problem is not Linux. The problem is malware and it impacts proprietary software, not GNU/Linux. Microsoft boosters and spinners here.]

  The Abyss Locker operation is the latest to develop a Linux encryptor to target VMware's ESXi virtual machines platform in attacks on the enterprise.

• USPS Phishing Scam Targeting iOS Users, (Sun, Jul 30th)

  Phishing scams have frequently arrived as an SMS message (sometimes called "Smishing"). SMS messages are easy and cheap to send, and we have documented how attackers like to scan for exposed credentials for services like Twilio to make it even cheaper.

• Indirect Instruction Injection in Multi-Modal LLMs

  Interesting research: “(Ab)using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs“:

  Abstract: We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs. An attacker generates an adversarial perturbation corresponding to the prompt and blends it into an image or audio recording. When the user asks the (unmodified, benign) model about the perturbed image or audio, the perturbation steers the model to output the attacker-chosen text and/or make the subsequent dialog follow the attacker’s instruction. We illustrate this attack with several proof-of-concept examples targeting LLaVa and PandaGPT...

• Hackers Deploy "SUBMARINE" Backdoor in Barracuda Email Security Gateway Attacks

  [Ed: The problem is a proprietary front end and it's not a back door, albeit it can be used by malicious actor to install one on a compromised system. This is awful reporting by Microsoft boosters and spinners.]

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday disclosed details of a "novel persistent backdoor" called SUBMARINE deployed by threat actors in connection with the hack on Barracuda Email Security Gateway (ESG) appliances.

• Zimbra Patches Exploited Zero-Day Vulnerability

  Zimbra has released patches for a cross-site scripting (XSS) vulnerability that has been exploited in malicious attacks.

• CoinsPaid Blames North Korean Hackers for $37 Million Cryptocurrency Heist

  CoinsPaid says North Korean hacking group Lazarus is likely responsible for the recent theft of $37 million in cryptocurrency.

• US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications

  US and Australian government agencies provide guidance on addressing access control vulnerabilities in web applications.

• Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins

  The first attempts to exploit CVE-2023-24489, a recent critical Citrix ShareFile remote code execution vulnerability, have been observed.

• Weintek Weincloud Vulnerabilities Allowed Manipulation, Damaging of ICS Devices

  Several vulnerabilities found in Weintek Weincloud could have allowed hackers to manipulate and damage ICS, including PLCs and field devices.