news
Security Leftovers
-
Security Week ☛ SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown
The malware is known for dropping ransomware and other payloads, and for abusing infected machines to proxy traffic.
-
Security Week ☛ Critical N8n Sandbox Escape Could Lead to Server Compromise
The vulnerability could allow attackers to execute arbitrary commands and steal credentials and other secrets.
-
Security Week ☛ Italy Averted Russian-Linked Cyberattacks Targeting Winter Olympics Websites, Foreign Minister Says
Italy has foiled a series of cyberattacks targeting some of its foreign ministry offices, including one in Washington.
-
Tom's Hardware ☛ $40 million worth of crypto stolen from Step Finance — hackers compromise executives’ devices to gain illicit access
DeFi platform Step Finance has been hit with a $40 million breach stemming from compromised devices used by its executive team.
-
Security Week ☛ Cisco, F5 Patch High-Severity Vulnerabilities
The security defects can lead to DoS conditions, arbitrary command execution, and privilege escalation.
-
Federal News Network ☛ CISA tells agencies to identify, upgrade unsupported edge devices
CISA's new binding operational directive comes amid persistent concerns about nation-state adversaries targeting end-of-service edge devices, like routers.
-
Security Week ☛ Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries
Palo Alto Networks has not attributed the APT activity to any specific country, but evidence points to China.
-
Security Week ☛ Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign
Criminals are using Hey Hi (AI) to clone professional websites at an industrial scale. A new report shows how one AI-powered network grew to 150+ domains by hiding behind Clownflare and rotating IP ranges.
-
Security Week ☛ Substack Discloses Security Incident After Hacker Leaks Data
The hacker claims to have stolen nearly 700,000 Substack user records, including email addresses and phone numbers.
-
LWN ☛ Security updates for Thursday
Security updates have been issued by AlmaLinux (brotli, curl, kernel, python-wheel, and python3.12), Debian (containerd), Fedora (gnupg2, pgadmin4, phpunit10, phpunit11, phpunit12, phpunit8, phpunit9, and yarnpkg), Mageia (expat), Oracle (qemu-kvm and util-linux), Red Hat (kernel, kernel-rt, opentelemetry-collector, and python3.12-wheel), SUSE (abseil-cpp, dpdk, freerdp, glib2, ImageMagick, java-11-openj9, java-17-openj9, java-1_8_0-ibm, java-1_8_0-openj9, java-1_8_0-openjdk, java-21-openj9, kernel, libsoup, libsoup-3_0-0, openssl-3, patch, python-Django, rekor, rizin, udisks2, and xrdp), and Ubuntu (gh, linux, linux-aws, linux-azure, linux-azure-5.15, linux-gcp, linux-gke,
linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg,
linux-intel-iotg-5.15, linux-kvm, linux-lowlatency,
linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux, linux-aws, linux-azure, linux-gcp, linux-oem-6.17, linux-oracle,
linux-raspi, linux-realtime, linux, linux-gke, linux-gkeop, linux-hwe-6.8, linux-oracle,
linux-oracle-6.8, linux-raspi, linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-realtime, linux-intel-iot-realtime, and linux-realtime, linux-realtime-6.8, linux-raspi-realtime).
-
The Register UK ☛ Sudo maintainer, handling utility for more than 30 years, is looking for support
It's hard to imagine something as fundamental to computing as the sudo command becoming abandonware, yet here we are: its solitary maintainer is asking for help to keep the project alive.
It's a common trope in the open-source computing community that a small number of solitary maintainers do a disproportionate amount of work keeping critical software going, often with little recognition or support. Ubuntu Unity and the NGINX Ingress Controller are just two examples we've covered in recent months, and now we can add another, far more critical one to the mix.
Sudo, for those not familiar with Unix systems, is a command-line utility that allows authorized users to run specific commands as another user, typically the superuser, under tightly controlled policy rules. It is a foundational component of Unix and Linux systems: without tools like sudo, administrators would be forced to rely more heavily on direct root logins or broader privilege escalation mechanisms, increasing both operational risk and attack surface.
-
Attacks involving critical React Native bug target Windows, Linux systems
After initially targeting the flaw, which has been dubbed Metro4Shell, on Dec. 21, threat actors proceeded to exploit the issue again on Jan. 4 and Jan. 21 to facilitate the delivery of a multi-stage PowerShell-based loader, according to VulnCheck. Such a loader deactivates Microsoft Defender and ensures a raw TCP connection to the attacker-controlled host before retrieving and executing an illicit Rust-based payload with anti-analysis capabilities, with the integration of evasion tactics to the primary execution flow indicating attackers' expectation of endpoint security measures.