Security Leftovers

posted by Roy Schestowitz on Oct 16, 2024

• Pen Test Partners ☛ BEC-ware the phish (part 1). Investigating incidents in M365

  TL;DR Review the key artefacts to ensure the best possible telemetry is available in the case of a Business Email Compromise (BEC).

• Scoop News Group ☛ Organizations can substantially lower vulnerabilities with secure-by-design practices, report finds

  Ex-National Cyber Director Inglis says “quantitative data” in Secure Code Warrior’s report shows the importance of the cybersecurity practice.

• SANS ☛ Angular-base64-update Demo Script Exploited (CVE-2024-42640), (Tue, Oct 15th)

  Demo scripts left behind after installing applications or frameworks are an ongoing problem. After installation, removing any "demo" or "example" folders is usually best. A few days ago, Ravindu Wickramasinghe noticed that the Angular-base64-upload project is leaving behind a demo folder with a script allowing arbitrary file uploads without authentication. Exploitation of the vulnerability is trivial. An attacker may use the file upload script to upload a web shell, and in response, the attacker will obtain remote command execution with all the privileges granted to the web server.

• Cyber Security News ☛ Ubuntu Authd Flaw Let Attackers Spoof User ID

  A recently identified vulnerability in Ubuntu’s Authd, CVE-2024-9312, has raised significant security concerns.

  The flaw, present through version 0.3.6, allows local attackers to spoof user IDs, potentially gaining unauthorized access to privileged accounts.

• Bleeping Computer ☛ New FASTCash malware Linux variant helps steal money from ATMs

  North Korean hackers are using a new Linux variant of the FASTCash malware to infect the payment switch systems of financial institutions and perform unauthorized cash withdrawals.

  Previous variants of FASTCash targeted Windows and IBM AIX (Unix) systems, but a new report by security researcher HaxRob reveals a previously undetected Linux version that targets Ubuntu 22.04 LTS distributions.

• EIN Presswire ☛ TuxCare Arms Enterprises with First-Ever Endless Lifecycle Support for EOL Linux Distributions and Open-Source Software

  TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, today announced that its Extended Lifecycle Support (ELS) services for End-of-Life (EOL) Linux distributions and open-source software have advanced to an endless service model – a trailblazing offering for its award-winning services that bring even greater peace of mind and unprecedented control for enterprises facing potential EOL-related hurdles. TuxCare will now brand the services as Endless Lifecycle Support.

• NordVPN implements post-quantum cryptography in Linux App

  This move addresses growing concerns about the potential for future quantum computers to break current encryption standards, potentially compromising sensitive data.

• Hacker News ☛ New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists

  North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign.

  The malware is "installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs," a security researcher who goes by HaxRob said.

• PC Gamer ☛ Windows 10 only has a year of support: 12 months left to keep Copilot off your desktop or learn Linux

  Have you been putting off upgrading to Windows 11 ever since it launched? If you want your rig to be as secure as possible, you don't have long left until you pretty much have to.