Security Leftovers
Security Week ☛ New BlankBot Android Trojan Can Steal User Data
The BlankBot Android trojan exfiltrates user data, executes C&C commands, and supports custom injections, keylogging, and screen recording.
LWN ☛ Security updates for Friday
Security updates have been issued by Fedora (chromium), SUSE (docker and patch), and Ubuntu (bind9, gross, linux-azure, linux-azure-4.15, linux-lowlatency-hwe-6.5, and tomcat8, tomcat9).
CISA ☛ 2024-07-29 [Older] CISA Adds Three Known Exploited Vulnerabilities to Catalog
PR Newswire ☛ Advantech and Canonical Announce Ubuntu Pro for Devices for Secure and Streamlined Industrial IoT and AI
Advantech (TWSE: 2395), a leading provider of AIoT platforms and services, is excited to announce the launch of Ubuntu Pro for Devices, now available with the Advantech Edge Computing Platform. This powerful combination brings unparalleled benefits to IoT, AI, and industrial applications, enhancing security, support, and development efforts.
Cyber Security News ☛ Telegram-Controlled TgRat Attacking Linux Servers to Exfiltrate Data [Ed: Details needed on why or how this actually gets installed in the first place]
Cyber Security News ☛ SLUBStick Linux Vulnerability Let Attackers Gain Full System Control
Security researchers have discovered a severe vulnerability in the Linux kernel that could allow attackers to gain full control over affected systems. Dubbed “SLUBStick,” the exploit technique uses memory allocation flaws to achieve arbitrary read and write access to kernel memory.
The vulnerability, detailed in a paper by Graz University of Technology researchers, affects recent Linux kernel versions, including 5.19 and 6.2. It allows unprivileged users to elevate privileges and potentially escape container environments.