Security Leftovers and Windows TCO

posted by Roy Schestowitz on Oct 28, 2025

• LWN ☛ Security updates for Monday

  Security updates have been issued by Debian (intel-microcode, openjdk-11, openjdk-17, openjdk-21, python-pip, request-tracker4, thunderbird, and tika), Fedora (cef, chromium, complyctl, cri-o1.31, cri-o1.32, cri-o1.33, cri-o1.34, docker-buildkit, docker-buildx, dovecot, fetchmail, gi-docgen, golang-github-facebook-time, insight, mbedtls, mingw-binutils, mingw-python3, mingw-qt5-qtsvg, mingw-qt6-qtsvg, moodle, openssl, perl-YAML-Syck, podman-tui, python-socketio, python-sqlparse, python3.10, python3.11, python3.12, python3.9, qt5-qtsvg, runc, samba, squid, sssd, suricata, valkey, wireshark, wordpress, and yarnpkg), Red Hat (libssh), SUSE (aaa_base, afterburn, bind, chromedriver, chrony, firefox, git, govulncheck-vulndb, grub2, ImageMagick, java-11-openjdk, java-17-openjdk, kernel, libssh, libunbound8, libxslt, micropython, mozilla-nss, netty, open-vm-tools, openbao, p7zip, podman, poppler, python-python-socketio, python-urllib3, ruby2.5, rust-keylime, vim, wireshark, and xen), and Ubuntu (linux-aws-6.14).

• Security Week ☛ Massive China-Linked Smishing Campaign Leveraged 194,000 Domains

  The malicious Smishing Triad domains were used to collect sensitive information, including Social Security numbers.

• Scoop News Group ☛ Hacking Team successor linked to malware campaign, new ‘Dante’ commercial spyware

  Kaspersky researchers said Memento Labs appears to be behind both the Operation ForumTroll malware and spyware, known as Dante.

• Security Week ☛ Chrome Zero-Day Exploitation Linked to Hacking Team Spyware

  The threat actor behind Operation ForumTroll used the same toolset typically employed in Dante spyware attacks.

• Launchpad News: Support for FIDO2 SSH Keys

  Launchpad now supports the FIDO2 hardware-backed SSH key types ed25519-sk and ecdsa-sk. These keys use a hardware device, such as a YubiKey or Nitrokey, to perform cryptographic operations and keep your private keys safely off your computer. They can be used anywhere Launchpad accepts SSH authentication, including git+ssh and SFTP PPA uploads.

  To generate a new key, run

• Security Week ☛ Year-Old WordPress Plugin Flaws Exploited to Hack Websites

  Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced.

• TechnologyAdvice ☛ Controversial UN Cybercrime Treaty Signed by 65 Countries

  The landmark agreement was met with strong opposition from a coalition of human rights organizations and major technology companies.

• Hackaday ☛ Making A Virtual Machine Look Like Real Hardware To Malware

  Running suspicious software in a virtual machine seems like a basic precaution to figure out whether said software contains naughty code. Unfortunately it’s generally rather easy to detect whether or not one’s software runs inside a VM, with [bRootForce] going through a list of ways that a VirtualBox VM can be detected from inside the guest OS. While there are a range of obvious naming issues, such as the occurrence of the word ‘VirtualBox’ everywhere, there many more subtle ways too.

• SANS ☛ Bytes over DNS, (Mon, Oct 27th)

  I was intrigued when Johannes talked about malware that uses BASE64 over DNS to communicate. Take a DNS request like this: label1.label2.tld. Labels in a request like this can only be composed with letters (not case-sensitive), digits and a hyphen character (-).

• Windows TCO / Windows Bot Nets

  • Scoop News Group ☛ Attackers bypass patch in deprecated backdoored Windows Server update tool

    Microsoft addressed the critical vulnerability earlier this month, but had to issue an emergency update to resolve issues it previously missed.

  • Silicon Angle ☛ Australian regulator sues Abusive Monopolist Microsoft over Abusive Monopolist Microsoft 365 Copilot pricing notifications

    Australia’s competition watchdog has sued Abusive Monopolist Microsoft Corp. over the way the company rolled out artificial intelligence features to its productivity suite. The Australian Competition and Consumer Commission, or ACCC, filed the complaint today. The lawsuit focuses on the Personal and Family editions of Abusive Monopolist Microsoft 365.

  • Security Week ☛ Ransomware Payments Dropped in Q3 2025: Analysis

    Coveware has attributed the drop to large enterprises increasingly refusing to pay up and smaller amounts paid by mid-market firms.