Security Leftovers
-
SANS ☛ Linux Trojan - Xorddos with Filename eyshcjdmzg, (Mon, Apr 29th)
I reviewed a filename I see regularly uploaded to my DShield sensor eyshcjdmzg that have been seeing since the 1 October 2023 which has multiple hashes and has been labeled as trojan.xorddos/ddos.
-
Keeping Your GNU/Linux System Secure: A Guide to Kernel Updates
In the realm of GNU/Linux systems, the Linux kernel acts as the core foundation, managing essential tasks like hardware interaction, memory allocation, and process control. Just as a crumbling castle wall leaves a kingdom vulnerable, an outdated Linux kernel exposes your system to a barrage of potential threats.
-
Security Week ☛ Vulnerability in R Programming Language Could Fuel Supply Chain Attacks [Ed: The "supply chain" FUD pattern is promoted to demonise FOSS and give a false sense of proprietary junk having no "supply chain"]
A vulnerability (CVE-2024-27322) in the R programming language implementation can be exploited to execute arbitrary and be used as part of a supply chain attack.
-
IT Wire ☛ Australia in top three nations targeted by bad bots: Imperva report
The 2024 Bad Bot report said bots, both good and bad, now made up 36.4% of Australia’s total Internet traffic, underlining the fact that businesses still face a threat from malicious and automated traffic.
-
SANS ☛ Another Day, Another NAS: Attacks against Zyxel NAS326 devices CVE-2023-4473, CVE-2023-4474, (Tue, Apr 30th)
Yesterday, I talked about attacks against a relatively recent D-Link NAS vulnerability.
-
Security Week ☛ UnitedHealth CEO Says Hackers Lurked in Network for Nine Days Before Ransomware Strike
UnitedHealth Group’s CEO Andrew Witty shares details on the damaging cyberattack in testimony before a US Congress committee set for May 1, 2024.
-
Security Week ☛ Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report
While China-linked Muddling Meerkat’s operations look like DNS DDoS attacks, it seems unlikely that denial of service is their goal, at least in the near term.
-
Scoop News Group ☛ Easterly appeals to Congress on CISA funding, citing Chinese threats to critical infrastructure
The director of the agency told the House Appropriations Committee that a $150 million fund would allow CISA to bolster three key initiatives.
-
Federal News Network ☛ This new zero-day cybersecurity threat aimed at critical infrastructure
On the cybersecurity front, every week seems to bring a new threat. A recent one in the category of advanced persistent threat is known as Volt Typhoon.
-
IT Wire ☛ Non-bank lender Firstmac suffers ransomware attack by EMBARGO
Australian non-bank lender Firstmac has suffered a ransomware attack from a new gang, EMBARGO, but has not made any public statement about the hack.
When iTWire contacted Firstmac on Wednesday morning, the woman who answered the phone said nobody was around to speak to us. The company advertises its working hours as being 7am to 7pm and the iTWire call was made at about 7.30am.
The woman then said that someone would be in touch with iTWire later, without specifying a time.
-
Security Week ☛ Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover
Three vulnerabilities in the Judge0 open source service could allow attackers to escape the sandbox and obtain root privileges on the host.
-
Security Week ☛ Docker Hub Users Targeted With Imageless, Malicious Repositories
JFrog raises an alarm after finding three large-scale malware campaigns targeting Docker Hub with imageless repositories.
-
YLE ☛ Court hands Kivimäki 6-year prison sentence in historic hacking case
Aleksanteri Kivimäki's hacking of psychotherapy centre Vastaamo's patient database led to a case with the largest number of victims in Finnish legal history.
-
Scoop News Group ☛ Pro-Russia hacktivists attacking vital tech in water and other sectors, agencies say
Other sectors that the hacktivists — who sometimes pose physical threats — are targeting in North America and Europe include energy and agriculture, according to a Wednesday advisory.
-
JFrog Reveals Docker Hub Compromise Spanning Millions of Repositories
Malware attacks against millions of Docker Hub repositories have been underway since 2021. Assume all the content you host on a publicly accessible repository might be compromised.
-
Multiple Apache HTTP Server Vulnerabilities Fixed in Ubuntu
The Ubuntu security team recently addressed several Apache HTTP Server vulnerabilities in Ubuntu 23.10, Ubuntu 23.04, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 16.04, and Ubuntu 18.04. These vulnerabilities could potentially allow attackers to disrupt server functionality or even inject malicious code. Let’s break down the issues and how to stay secure.
-
Debian 12: Redefining Stability and Innovation in Open-Source Operating Systems
Debian holds a distinguished position. Recognized as one of the oldest and most trusted distributions within the Linux ecosystem, Debian continues to impress with its latest release, Debian 12. This iteration not only underscores Debian’s legacy of stability and robust performance but also showcases significant strides in innovation, marking a new epoch for open-source operating systems.
-
Cyber Security News ☛ Linux Kernel Vulnerability (CVE-2024-26925) Let Hackers Access Unauthorized Data
In a significant update from the Linux kernel’s security team, a critical vulnerability identified as CVE-2024-26925 has been addressed to bolster the security of systems worldwide.
The flaw was found in the netfilter subsystem, specifically within the nf_tables component, which is crucial for packet filtering and classification.