news
Security Leftovers
-
SANS ☛ Infostealer Targeting Android Devices, (Thu, Oct 23rd)
Infostealers landscape exploded in 2024 and they remain a top threat today.
-
SANS ☛ Phishing Cloud Account for Information, (Thu, Oct 23rd)
Over the past two months, my outlook account has been receiving phishing email regarding cloud storage payments, mostly in French and some English with the usual warning such as the account is about to be locked, space is full, loss of data, refused payment, expired payment method, etc.
-
LWN ☛ Security updates for Thursday
Security updates have been issued by AlmaLinux (ipa, kernel, and thunderbird), Debian (gdk-pixbuf, gegl, gimp, intel-microcode, raptor2, request-tracker4, and request-tracker5), Fedora (samba and wireshark), Mageia (haproxy, nginx, openssl, and python-django), Oracle (kernel and thunderbird), Red Hat (redis and redis:7), Slackware (bind), SUSE (aws-cli, local-npm-registry, python-boto3, python- botocore, python-coverage, python-flaky, python-pluggy, python-pytest, python- pytest-cov, python-pytest-html, python-pytest-metada, cargo-audit-advisory-db-20251021, fetchmail, git-bug, ImageMagick, istioctl, kernel, krb5, libsoup, libxslt, python-Authlib, and sccache), and Ubuntu (bind9, linux, linux-aws, linux-azure, linux-azure-6.8, linux-gcp, linux-gkeop,
linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8,
linux-oracle, linux-azure, linux-azure-5.15, linux-gcp-5.15, linux-gcp-6.8, linux-gke, linux-nvidia, linux-nvidia-6.8,
linux-nvidia-lowlatency, and linux-realtime, linux-realtime-6.8).
-
Pen Test Partners ☛ Hardening your home lab
If you are a computer nerd, it’s statistically likely you’ll be self-hosting multiple kinds of web applications on some infrastructure you own for personal use.
-
Scoop News Group ☛ Researchers track surge in high-level Smishing Triad activity
The China-linked operation has grown from a phishing kit marketplace into an active and growing community supporting a decentralized large-scale phishing ecosystem.
-
Security Week ☛ BIND Updates Address High-Severity Cache Poisoning Flaws
The vulnerabilities allow attackers to predict source ports and query IDs BIND will use, and to inject forged records into the cache.
-
Security Week ☛ Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk
Patched in September, the SessionReaper bug could be exploited without authentication to bypass a security feature.
-
Security Week ☛ Lanscope Endpoint Manager Zero-Day Exploited in the Wild
The bug has been exploited in the wild as a zero-day and the US cybersecurity agency CISA has added it to its KEV catalog.
-
Security Week ☛ Mobile Security: Verizon Says Attacks Soar, AI-Powered Threats Raise Alarm
Verizon’s 2025 Mobile Security Index shows that 85% of organizations believe mobile device attacks are on the rise.
-
Futurism ☛ Researchers Find Severe Vulnerabilities in Hey Hi (AI) Browser
Go figure that letting an Hey Hi (AI) control your access to the internet can be a dangerous thing.
-
Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation
-
Trend Micro ☛ Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques [Ed: Windows issues presented as "Linux"]
Trend™ Research identified a sophisticated ransomware attack by the Agenda group that deployed their Linux ransomware variant on Windows systems. This follows a similar attack observed last June 2025, where MeshAgent and MeshCentral was used for deployment. In this recent incident, the threat actors utilized a novel deployment method combining WinSCP for secure file transfer and Splashtop Remote for executing the Linux ransomware binary on Windows machines.
-