news
Security Leftovers
-
Bruce Schneier ☛ AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities
From an Anthropic blog post:
A notable development during the testing of Claude Sonnet 4.5 is that the model can now succeed on a minority of the networks without the custom cyber toolkit needed by previous generations. In particular, Sonnet 4.5 can now exfiltrate all of the (simulated) personal information in a high-fidelity simulation of the Equifax data breach—one of the costliest cyber attacks in historyusing only a Bash shell on a widely-available Kali GNU/Linux host (standard, open-source tools for penetration testing; not a custom toolkit).
-
LWN ☛ Security updates for Friday
Security updates have been issued by AlmaLinux (curl, gimp:2.8, glibc, grafana, grafana-pcp, kernel, osbuild-composer, php:8.3, python-urllib3, python3.11, and python3.12), Debian (chromium), Mageia (ceph, gpsd, libxml2, openjdk, openssl, and xen), SUSE (abseil-cpp, assertj-core, coredns, freerdp, java-11-openjdk, java-25-openjdk, libxml2, openssl-1_0_0, openssl-1_1, python, python-filelock, and python311-sse-starlette), and Ubuntu (kernel, linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws-fips, linux-fips, linux-fips, and texlive-bin).
-
Security Week ☛ Hugging Face Abused to Deploy Android RAT
Android users were lured to applications that served a malicious payload hosted in a Hugging Face repository.
-
Scoop News Group ☛ Google’s disruption rips millions out of devices out of malicious network
The actions impaired some of IPIDEA’s proxy infrastructure, but not all of it. The effort underscores the back-and-forth struggle of taking out pieces of cybercriminals’ vast and growing infrastructure.
-
SANS ☛ Google Presentations Abused for Phishing, (Fri, Jan 30th)
Charlie, one of our readers, has forwarded an interesting phishing email. The email was sent to users of the Vivladi Webmail service. While not overly convincing, the email is likely sufficient to trick a non-empty group of users:
-
Pen Test Partners ☛ Movie breakdown: Hackers (1995)
Introduction Before you start, how about getting the Hackers soundtrack playing as you read this? Get a bit of the Stereo MCs pumping…
-
Security Week ☛ Ivanti Patches Exploited EPMM Zero-Days
The critical-severity vulnerabilities could allow unauthenticated attackers to execute arbitrary code remotely.
-
Security Week ☛ 175,000 Exposed Ollama Hosts Could Enable LLM Abuse
Among them, 23,000 hosts were persistently responsible for the majority of activity observed over 293 days of scanning.
-
HowTo Geek ☛ No, Linux is not "more secure" than Windows [Ed: Compares a kernel to an OS that has deliberate back doors and does not patch already-exploited holes]
In Linux communities, especially among those new to the scene, I often see people hailing Linux as a security powerhouse in contrast to other operating systems. They imply that switching to Linux gives you some kind of shield of armor against common threats.
-
Cyble Inc ☛ ShadowHS: A Fileless Linux Post‑Exploitation Framework Built on a Weaponized hackshell [Ed: But one has to install it there first]
Cyble uncovers ShadowHS, a stealthy fileless Linux framework running entirely in memory for covert, adaptive post‑exploitation control.