Security Leftovers
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (git, python3.11, and python3.9), Debian (chromium, emacs, git, linux-5.10, and org-mode), Fedora (libopenmpt, nginx-mod-modsecurity, and thunderbird), Mageia (emacs, python-ansible-core, and python-authlib), Oracle (git, python3.11, and python3.9), Red Hat (kernel, kernel-rt, and samba), and Ubuntu (ansible, cups, google-guest-agent, google-osconfig-agent, libheif, openvpn, roundcube, and salt).
Critical ADOdb Vulnerabilities Fixed in Ubuntu
Multiple vulnerabilities have been addressed in ADOdb, a PHP database abstraction layer library. These vulnerabilities could cause severe security issues, such as SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses.
The Ubuntu security team has released updates to address them in various versions of Ubuntu, including Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, and Ubuntu 16.04 ESM. Users and organizations are strongly encouraged to apply updates promptly to mitigate potential risks.
PC Mag ☛ New 'Snowblind' Banking Malware Targets Android Users With Linux Kernel Exploit [Ed: But why would they install such malware? If you install malware, that's a user problem already.
A new strain of banking malware, dubbed "Snowblind," that affects Android mobile devices is targeting users to swipe their banking credentials, cybersecurity firm Promon has found.
Silicon Angle ☛ Supply chain attack compromises 100,000 websites via polyfill.io domain takeover
About 100,000 sites have potentially been compromised in a supply chain attack following an alleged Chinese firm’s takeover of a popular open-source library. The compromise involved the acquisition of polyfill.io, a domain name linked to the open-source Polyfill project, in February.
SANS ☛ What Setting Live Traps for Cybercriminals Taught Me About Security
Security Week ☛ P2Pinfect Worm Now Dropping Ransomware on Redis Servers
The P2Pinfect worm targeting Redis servers has been updated with ransomware and cryptocurrency mining payloads.
Security Week ☛ Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector
Several vulnerabilities patched recently in Siemens Sicam products could be exploited in attacks aimed at the energy sector.
Security Week ☛ Exploitation Attempts Target New MOVEit Transfer Vulnerability [Ed: Windows TCO]
Exploitation attempts targeting CVE-2024-5806, a critical MOVEit Transfer vulnerability patched recently, have started.
OpenSSF (Linux Foundation) ☛ A Deep Dive into SBOMit and Attestations
December 2023 saw the launch of SBOMit, a project that helps enhance the reliability and integrity of SBOMs (Software Bills of Materials). It does so by including, along with SBOMs, a series of in-toto attestations that are produced while the software is being created. SBOMit is hosted under the OpenSSF Security Tooling Working Group.
Security Week ☛ Google Unveils New Chrome Enterprise Core Features for IT, Security Teams
Google has announced new Chrome Enterprise Core features that should be very useful to IT and security teams.