Security and Windows TCO Leftovers
-
Bruce Schneier ☛ TP-Link Router Botnet
There is a new botnet that is infecting TP-Link routers:
The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked as CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks.
-
Security Week ☛ In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker
Noteworthy stories that might have slipped under the radar: Switzerland requires disclosure of critical infrastructure attacks, ESP32 chips don’t contain a backdoor, MassJacker cryptojacking malware.
-
LWN ☛ Security updates for Friday
Security updates have been issued by Fedora (iniparser, thunderbird, trafficserver, and xorg-x11-server), Mageia (opensc), Oracle (.NET 8.0, .NET 9.0, gcc, kernel, and libxml2), Red Hat (firefox, grub2, and krb5), Slackware (libxslt), SUSE (amazon-ssm-agent, bsdtar, build, ffmpeg-4, forgejo-runner, kernel, python, python3, python313, rubygem-rack-1_6, and tailscale), and Ubuntu (linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15).
-
Windows TCO / Windows Bot Nets
-
Krebs On Security ☛ ClickFix: How to Infect Your PC in Three Easy Steps
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Abusive Monopolist Microsoft backdoored Windows to download password-stealing malware.
-
Security Week ☛ ClickFix Widely Adopted by Cybercriminals, APT Groups
The ClickFix technique has been employed by cybercrime and APT groups for information stealer and other malware deployment.
-
Forbes ☛ Microsoft ‘Install Fails’—New Update Breaks Windows
Windows users are being warned that Microsoft’s latest critical software release could be hiding some nasty surprises.
-
Forbes ☛ New Microsoft 365 Attack Bypasses Email Security Controls
What researchers have called a highly sophisticated phishing campaign that exploits Microsoft 365 trusted infrastructure to facilitate account takeover attempts through credential harvesting techniques, has been confirmed. By exploiting legitimate Microsoft domains and misconfigurations within tenants, the threat actors are executing Business Email Compromise attacks which are capable of maintaining a very convincing appearance of legitimacy. This method bypasses conventional email security measures, the researchers have revealed, by capitalizing on and exploiting inherent trust mechanisms.
-