Security Leftovers

posted by Roy Schestowitz on Jun 01, 2024

• Security Week ☛ TrickBot and Other Malware Droppers Disrupted by Law Enforcement

  The TrickBot botnet and other malware droppers have been targeted by international law enforcement in Operation Endgame.

• LinuxInsider ☛ Can Public-Private Partnerships Improve Open-Source Security?

  Better collaboration between public and private sectors to advance open-source security is a major unresolved technology concern, especially as open-source software gains global dominance alongside artificial intelligence technology.

• Silicon Angle ☛ Law enforcement task force shuts down six malware droppers

  An international law enforcement task force has disrupted the infrastructure behind six malware droppers, malicious programs that play a key role in hacking campaigns. Europol, which led the task force, announced the development today.

• LWN ☛ Security updates for Thursday

  Security updates have been issued by Debian (python-pymysql), Fedora (chromium, mingw-python-requests, and thunderbird), Mageia (perl-Email-MIME and qtnetworkauth5 & qtnetworkauth6), Red Hat (gdisk and python39:3.9 and python39-devel:3.9 modules), SUSE (freerdp, gdk-pixbuf, gifsicle, glib2, java-1_8_0-ibm, kernel, libfastjson, libredwg, nodejs16, python, python3, python36, rpm, warewulf4, and xdg-desktop-portal), and Ubuntu (gst-plugins-base1.0, python-werkzeug, and tpm2-tss).

• Scoop News Group ☛ Global police operation strikes against malware infrastructure

  ‘Operation Endgame’ targeted well-known malware variants used to facilitate ransomware and other serious cybercrime.

• Security Week ☛ Okta Warns of Credential Stuffing Attacks Targeting Cross-Origin Authentication

  Okta raises the alarm on credential stuffing attacks targeting endpoints used for cross-origin authentication.

• Security Week ☛ Ransomware Attack Disrupts Seattle Public Library Services

  The Seattle Public Library is scrambling to bring systems online after shutting them down to contain a ransomware attack.

• France24 ☛ Four arrested in 'largest ever' international anti-malware sweep, says Europol

  Authorities arrested four people and took down or disrupted more than 100 servers in the "largest ever" operation against botnets that deploy ransomware, Europol said Thursday.

• Federal News Network ☛ New cyber plans for critical infrastructure could be ready early next year

  The Biden administration has sought to set minimum cyber standards for critical infrastructure, but faced pushback in some cases, including at the EPA.

• Security Week ☛ Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors

  Malicious campaign exploits high-severity XSS flaws in three WordPress plugins to backdoor websites.

• Security Week ☛ NIST Getting Outside Help for National Vulnerability Database

  NIST is receiving support to get the NVD and CVE processing back on track within the next few months.

• Security Week ☛ FBCS Data Breach Impact Grows to 3.2 Million Individuals

  The data breach at debt collection agency Financial Business and Consumer Solutions (FBCS) impacts 3.2 million individuals.

• Tom's Hardware ☛ AMD willing to pay you up to $30k via its new bug bounty program

  AMD expands its private bug bounty program to the general public, allowing anyone who signs up for an Intigriti account to submit bugs and get paid.

• RFA ☛ Chinese ‘botnet’ admin arrested in Singapore

  Attorney General Merrick Garland said the botnet led to $5.9 billion in losses to a US COVID relief program.

• Bruce Schneier ☛ Supply Chain Attack against Courtroom Software

  No word on how this backdoor was installed:

  A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack.

• Hacker News ☛ CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

  Tracked as CVE-2024-1086 (CVSS score: 7.8), the high-severity issue relates to a use-after-free bug in the netfilter component that permits a local attacker to elevate privileges from a regular user to root and possibly execute arbitrary code.

• Bleeping Computer ☛ CISA warns of actively exploited Linux privilege elevation flaw

  The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, including a Linux kernel privilege elevation flaw.

• Bleeping Computer ☛ macOS version of elusive 'LightSpy' spyware tool discovered

  LightSpy is a modular iOS and Android surveillance framework used to steal a wide variety of data from people's mobile devices, including files, screenshots, location data (including building floor numbers), voice recordings during WeChat calls, and payment information from WeChat Pay, and data exfiltration from Telegram and QQ Messenger.

• Bleeping Computer ☛ Pirated Microsoft Office delivers malware cocktail on systems

  Cybercriminals are distributing a malware cocktail through cracked versions of Microsoft Office promoted on torrent sites.

  The malware delivered to users includes remote access trojans (RATs), cryptocurrency miners, malware downloaders, proxy tools, and anti-AV programs.