Security Leftovers

posted by Roy Schestowitz on Aug 31, 2023

• Microsoft joins a growing chorus of organizations criticizing a UN cybercrime treaty [Ed: Microsoft itself is by far the biggest security abuser/culprit, enabler of breaches]

  Critics say the draft version of the global treaty backed by China and Russia could be used to persecute security researchers and activists.

• Multiple Severe, Remotely Exploitable Chromium Vulns Fixed

  Multiple severe, remotely exploitable security vulnerabilities have been found in Chromium, including out-of-bounds memory access in V8, CSS, and Fonts ( CVE-2023-4427 , CVE-2023-4428 , and CVE-2023-4431 ), and use after frees in Loader and Vulkan ( CVE-2023-4429 and CVE-2023-4430 ). Because of the serious threat these bugs pose to the confidentiality, integrity, and availability of impacted systems and their ease of exploitation, they have all received a National Vulnerability Database severity rating of ''High''.

• Critical PHP Info Disclosure, Code Execution Bugs Fixed

  Two major security vulnerabilities were recently discovered in PHP. It was discovered that PHP incorrectly handled certain XML files ( CVE-2023-3823 ) and certain PHAR files ( CVE-2023-3824 ). Due to their ease of exploitation and the severe threat that these issues pose to impacted systems, these vulnerabilities have been rated by the National Vulnerability Database as High-Severity and Critical, respectively.

• New ‘MMRat’ Android Trojan Targeting Users in Southeast Asia

  The newly identified MMRat Android trojan has been targeting users in Southeast Asia to remotely control devices and perform bank fraud.

• FBI and European partners seize major malware network in blow to global cybercrime

  U.S. officials say the FBI and its partners in Europe infiltrated and seized control of a major malware network that was used for more than 15 years to commit a gamut of online crimes including crippling ransomware attacks. They then remotely removed its malicious software agent — known as Qakbot — from thousands of infected computers. The operation was announced Tuesday in Los Angeles, where U.S. Attorney Martin Estrada said the criminal network had facilitated about 40 ransomware attacks alone over 18 months that officials said Qakbot administrators about $58 million. “Nearly ever sector of the economy has been victimized by Qakbot," he said.

• Qakbot Botnet Disrupted in Operation ‘Duck Hunt’

  U.S. law enforcement announce the disruption of the notorious Qakbot cybercrime operation and the release of an auto-disinfection tool to 700,000 infected machines.

• U.S. Hacks QakBot, Quietly Removes Botnet Infections

  The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet's online infrastructure, and quietly removing the Qakbot malware from tens of thousands of infected Microsoft Windows computer systems.

• Multinational task force takes down prolific Qakbot malware and botnet operation

  A multinational task force headed by the U.S. Federal Bureau of Investigation and Dutch Police has taken down Qakbot, a prolific malware and botnet operation that was named in May the most successful malware family reaching inboxes.

• North Korea Lazarus Group beefs up its malware attacks once again

  A group of North Korean hackers group continues to threaten networks and businesses around the world, now with ever more sophisticated new attacks.

• FBI, DOJ disrupt massive Qakbot botnet connected to millions of dollars in ransomware losses

  “Operation Duck Hunt” also included authorities in France, Germany, the Netherlands, Romania, Latvia and the U.K.