Security, FUD, and Scams

posted by Roy Schestowitz on Feb 08, 2025

• LWN ☛ Security updates for Friday

  Security updates have been issued by Debian (openjdk-17), Fedora (firefox, FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk, and SimGear), Mageia (gstreamer), Red Hat (firefox, kernel, kernel-rt, libsoup, and python-jinja2), SUSE (bind, curl, dcmtk, etcd, firefox, google-osconfig-agent, krb5, openssl-1_1, podman, python311-cbor2, thunderbird, wget, and xrdp), and Ubuntu (glibc).

• Bruce Schneier ☛ Screenshot-Reading Malware

  Kaspersky is reporting on a new type of smartphone malware.

  The malware in question uses optical character recognition (OCR) to review a device’s photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Surveillance Giant Google Play apps have been downloaded more than 242,000 times.

• Latvia ☛ Spyware reportedly used against Latvian numbers through WhatsApp

  Spyware developed by Paragon Solutions, an Israel-based company, was reportedly used against the smartphones of more than 90 journalists and activists from different countries on WhatsApp, WhatsApp representatives told Reuters.

• Security Week ☛ Trimble Cityworks Customers Warned of Zero-Day Exploitation

  Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware.

• Hackaday ☛ This Week In Security: Medical Backdoors, Strings, And Changes At Let’s Encrypt

  There are some interesting questions afoot, with the news that the Contec CMS8000 medical monitoring system has a backdoor. And this isn’t the normal debug port accidentally left in the firmware. The CISA PDF has all the details, and it’s weird. The device firmware attempts to mount an NFS share from an IP address owned by an undisclosed university. If that mount command succeeds, binary files would be copied to the local filesystem and executed.

• Mobile Systems/Mobile Applications

  • Engadget ☛ Kaspersky researchers find screenshot-reading malware on the App Store and Google Play

    The malware in question uses optical character recognition (OCR) to review a device's photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more than 242,000 times. Kaspersky says "This is the first known case of an app infected with OCR spyware being found in Apple’s official app marketplace."

• Fear, Uncertainty, Doubt (FUD)/Fear-mongering/Dramatisation

  • Forbes ☛ New LinkedIn Lazarus Attack Warning For Windows, Mac And Linux Users [Ed: The problem here is Microsoft, not "Linux", but Microsoft media mole Davey Winder is at it again, deflecting blame]

  • Linux kernel flaw added to CISA’s exploited vulnerabilities list [Ed: But this was patched ages ago]

    The Cybersecurity and Infrastructure Security Agency (CISA) on Feb. 5 added a high-severity Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) list, ordering federal agencies to apply a patch within three weeks.

  • IT Pro Today ☛ How To Identify and Remove Linux Malware Infections [Ed: Looks like a fake 'article' of LLM slop]

    Linux is known for its security and resilience operating system, making it a popular choice for critical infrastructure like cloud and IoT. However, because of its growing adoption, it has become an attractive target for malware operators. In 2024, a more sophisticated breed of Linux malware necessitated a proactive approach to detection and removal.

    This article explores practical strategies for spotting and eliminating Linux malware, helping IT professionals secure their systems.

• Linux Foundation

  • Biometric Update ☛ CREDEBL comes under Linux Foundation Decentralized Trust [Ed: Linux Foundation is promoting scams]