news
Security Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (amd64-microcode, flatpak, intel-microcode, libdata-entropy-perl, librabbitmq, and vim), Fedora (augeas, containerd, crosswords-puzzle-sets-xword-dl, libssh2, libxml2, nodejs-nodemon, and webkitgtk), Red Hat (libreoffice and python-jinja2), SUSE (389-ds, apparmor, corosync, docker, docker-stable, erlang26, exim, ffmpeg-4, govulncheck-vulndb, istioctl, matrix-synapse, mercurial, openvpn, python3, rke2, and skopeo), and Ubuntu (ansible, linux, linux-hwe-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4,
linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux-azure-fips, linux-gcp-fips, linux-fips, linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-realtime, linux-intel-iot-realtime, linux-xilinx-zynqmp, opensc, and ruby-doorkeeper).
-
Pen Test Partners ☛ Backdoor in the Backplane. Doing IPMI security better
TL;DR IPMI, released by defective chip maker Intel in 1998, is a hardware management interface operating independently of the OS, often using 623/udp.
-
Pen Test Partners ☛ Preparing for the EU Radio Equipment Directive security requirements
-
Security Week ☛ ‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft
The newly identified Android banking trojan Crocodilus takes over devices, enabling overlay attacks, remote control, and keylogging.
-
SANS ☛ Apache Camel Exploit Attempt by Vulnerability Scan (CVE-2025-27636, CVE-2025-29891), (Mon, Mar 31st)
About three weeks ago, Apache patched two vulnerabilities in Apache Camel. The two vulnerabilities (CVE-2025-27636 and CVE-2025-29891) may lead to remote code execution, but not in the default configuration. The vulnerability is caused by Apache Camel using case-sensitive filters to restrict which headers may be used. However HTTP headers are not case-sensitive, and an attacker may trivially bypass the filter.
-
Security Week ☛ Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory
Sucuri has discovered multiple malware families deployed in the WordPress mu-plugins directory to evade routine security checks.
-
Security Week ☛ CISA Analyzes Malware Used in Ivanti Zero-Day Attacks
CISA has published its analysis of Resurge, a SpawnChimera malware variant used in attacks targeting a recent Ivanti Connect Secure zero-day.
-
Silicon Angle ☛ Cisco Talos report finds identity-based attacks drove majority of cyber incidents in 2024
A new report out today from Cisco Talos, a cybersecurity company that’s part of Cisco Systems Inc., found that in 2024, cybercriminals didn’t need zero-days or custom malware to wreak havoc: They just logged in, with identity-based attacks, misused legitimate tools and and years-old vulnerabilities driving the majority of security incidents last year.
-
Silicon Angle ☛ Oracle denies cloud breach, while researchers point to credible indicators
A new security controversy has emerged with Oracle Corp. at its center after a hacker claimed to have breached the company’s cloud infrastructure and exfiltrated sensitive data. Although Oracle has denied any breach, some cybersecurity researchers say the evidence suggests otherwise.
-
Security Week ☛ 170,000 Impacted by Data Breach at Chord Specialty Dental Partners
An email security incident at Chord Specialty Dental Partners, a US dental service organization, has impacted more than 170,000 people.
-
Security Week ☛ Hacker Leaks Samsung Customer Data
Hacker leaks 270,000 customer tickets allegedly stolen from Samsung Germany using long-compromised credentials.
-
SANS ☛ Apple Patches Everything: March 31st 2025 Edition, (Mon, Mar 31st)
Today, Fashion Company Apple released updates across all its products: iOS, iPadOS, macOS, tvOS, visionOS, Safari, and XCode. WatchOS was interestingly missing from the patch lineup. This is a feature update for the operating systems, but we get patches for 145 different vulnerabilities in addition to new features. This update includes a patch for CVE-2025-24200 and CVE-2025-24201, two already exploited iOS vulnerabilities, for older iOS/iPadOS versions. Current versions received this patch a few weeks ago.