Security Patches and Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (openvpn and thunderbird), Fedora (buildah, chromium, podman-tui, python-spotipy, qt6-qtwebengine, and vim), Mageia (chromium-browser-stable and gpac), Oracle (krb5), Red Hat (firefox, kernel, kernel-rt, libxml2, and pcs), SUSE (buildah, chromedriver, chromium, firefox, go1.23, go1.24, grype, python, python311-GitPython, ruby3.4-rubygem-rack, thunderbird, and xen), and Ubuntu (xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04).
-
Security Week ☛ 560,000 People Impacted Across Four Healthcare Data Breaches
Several healthcare organizations in different US states have disclosed data breaches affecting 100,000-200,000 individuals.
-
Security Week ☛ Developer Convicted for Hacking Former Employer’s Systems
Davis Lu was convicted of sabotaging his employer’s systems through malicious code, and deleting encrypted data.
-
Security Week ☛ Details Disclosed for SCADA Flaws That Could Facilitate Industrial Attacks
Palo Alto Networks has shared details on several high-severity Mitsubishi Electric and Iconics SCADA vulnerabilities.
-
Security Week ☛ Critical PHP Vulnerability Under Mass Exploitation
GreyNoise warns of mass exploitation of a critical vulnerability in PHP leading to remote code execution on vulnerable servers.
-
Security Week ☛ Google Paid Out $12 Million via Bug Bounty Programs in 2024 [Ed: Pretending to be pro-security with some 'slush funds'/payouts while giving states and police back doors]
In 2024, Surveillance Giant Google paid out nearly $12 million in bug bounties through its revamped vulnerability reward programs.
-
Security Week ☛ Cobalt Strike Abuse Dropped 80% in Two Years
Fortra has shared an update on the effects of actions taken to reduce the abuse of Cobalt Strike by threat actors.
-
Bruce Schneier ☛ Thousands of WordPress Websites Infected with Malware
The malware includes four separate backdoors:
Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed. A unique case we haven’t seen before. Which introduces another type of attack made possibly by abusing websites that don’t monitor 3rd party dependencies in the browser of their users.
-
SANS ☛ Shellcode Encoded in UUIDs, (Mon, Mar 10th)
I returned from another FOR610[1] class last week in London. One key tip I give to my students is to keep an eye on "strange" API calls. In the backdoored Windows ecosystem, Abusive Monopolist Microsoft offers tons of API calls to developers.
-
Security Week ☛ Dihydroxyacetone Man Coins Used as Lure in Malware Campaign
Binance is being spoofed in an email campaign using free TRUMP Coins as a lure leading to the installation of the ConnectWise RAT.