Security Leftovers and TCO

posted by Roy Schestowitz on Sep 20, 2024

• LWN ☛ Security updates for Thursday

  Security updates have been issued by Debian (expat and tinyproxy), Fedora (frr, microcode_ctl, python3.10, python3.12, python3.6, and ruby), Oracle (expat, fence-agents, firefox, ghostscript, java-1.8.0-openjdk, kernel, and thunderbird), Red Hat (firefox, openssl, ruby:3.3, and thunderbird), SUSE (clamav, ffmpeg-4, kernel, libmfx, python3, python312, runc, ucode-intel, and wireshark), and Ubuntu (apache2, git, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, and linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle).

• OpenSSF (Linux Foundation) ☛ OpenSSF Welcomes New Members and Presents Golden Egg Award at SOSS Community Day Europe

  The Open Source Security Foundation (OpenSSF), a global cross-industry initiative of the 'Linux' Foundation that focuses on sustainably securing open source software (OSS), is excited to announce new members from leading technology, security, and research firms. The OpenSSF is further pleased to host Secure Open Source Software (SOSS) Community Day at Open Source Summit EU 2024, which brings together community members, maintainers, and contributors from around the world.

• Beta News ☛ Google expands passkey support to desktop with Surveillance Giant Google Password Manager

  Google has made a move toward a passwordless future by expanding its passkey support to desktop devices. Until now, passkeys could only be saved to Surveillance Giant Google Password Manager on Android devices, requiring users to scan a QR code from an Android phone to access them on other platforms. However, thanks to a new update, passkeys can now be saved and managed directly on desktop systems running Windows, macOS, and Linux.

• Pen Test Partners ☛ Proroute H685 4G router vulnerabilities

  TL;DR Two vulnerabilities on the Proroute H685t-w 4G Router Authenticated command injection is possible through the admin interface Reflected Cross Site-Scripting is possible through the admin interface Patch [...]

• Security Week ☛ Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd

  Atlassian’s September 2024 monthly security bulletin details multiple high-severity vulnerabilities in four products.

• Security Week ☛ CISA: Oracle Vulnerabilities From ‘Miracle Exploit’ Targeted in Attacks

  CISA is warning organizations that two Oracle vulnerabilities tracked as CVE-2022-21445 and CVE-2020-14644 are being exploited in the wild. 

• SANS ☛ Fake Microsoft's proprietary prison GitHub Site Targeting Developers, (Thu, Sep 19th)

  Our reader "RoseSecurity" forwarded received the following malicious email: [...]

• Two QEMU Vulnerabilities Fixed in Ubuntu 24.04 LTS

  Recently, two memory-related flaws were discovered in QEMU, a popular open-source machine emulator and virtualizer. The vulnerabilities, identified as CVE-2024-26327 and CVE-2024-26328, affect QEMU versions 7.1.0 through 8.2.1. Both vulnerabilities stem from mishandling of memory operations within the QEMU codebase.

• Cyber Security News ☛ Hackers Using Supershell Malware To Attack Linux SSH Servers [Ed: The issue is not SSH and not Linux; the issue is weak password: "dictionary attacks from various IP addresses"]

  Supershell is a command-and-control (C2) remote control platform that operates through web services.

  It allows users to establish a reverse SSH tunnel, enabling a fully interactive shell session. Recently, ASEC researchers discovered that hackers have been actively using Supershell malware to attack Linux SSH servers.

  [...]

  The attack likely proceeded in stages, where it compromised multiple systems and installed a scanner, then attempted dictionary attacks from various IP addresses to gain unauthorized access.

• Windows TCO

  • Krebs On Security ☛ This backdoored Windows PowerShell Phish Has Scary Potential

    Many Microsoft's proprietary prison GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Abusive Monopolist Microsoft backdoored Windows to download password-stealing malware. While it's unlikely that many programmers fell for this scam, it's notable because less targeted versions of it are likely to be far more successful against the average backdoored Windows user.

  • Security Week ☛ Hackers Demand $6 Million for Files Stolen From Seattle Airport Operator in Cyberattack

    The Port of Seattle, which owns and runs the airport, has decided not to pay, the official said.

  • Silicon Angle ☛ Ransomware attacks surge with skyrocketing ransom demands and executive threats

    Ransomware attacks have seen dramatic changes over the past few years. Once considered a mere nuisance, they now pose a potentially devastating threat to organizations of all sizes. Back in 2019, ransomware attacks were just ramping up, focusing on infecting single machines.

  • Security Week ☛ Microsoft: US Healthcare Sector Targeted by INC Ransomware Affiliate [Ed: No, Microsoft is not the expert, it is the culprit]

    Microsoft has observed the threat actor Vanilla Tempest targeting US healthcare organizations with INC ransomware.