LWN ☛ Security updates for Tuesday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, libtiff, squid:4, and thunderbird), Debian (strongswan and webkit2gtk), Fedora (pcre2, qt5-qtbase, squid, unbound, and xen), Mageia (icu and libtpms), Oracle (java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, kernel, squid:4, and thunderbird), Red Hat (libtiff, squid, squid:4, and webkit2gtk3), SUSE (cmake, dracut-saltboot, erlang, exim, expat, ffmpeg-4, firefox, golang-github-prometheus-alertmanager, haproxy, java-11-openjdk, kernel, libxslt, multi-linux-manager, openssl-3, podman, rabbitmq-server, spacewalk-web, strongswan, and wireshark), and Ubuntu (gst-plugins-good1.0, linux-aws-5.15, radare2, ruby2.3, ruby2.5, ruby2.7, and strongswan).
GamingOnLinux ☛ New security advisory released for X.Org X server and Xwayland issues | GamingOnLinux
Today, an X.Org Security Advisory was sent out that details multiple security issues X.Org X server and Xwayland. Be sure you keep an eye on system updates as distributions get the issues patched.
Krebs On Security ☛ Aisuru Botnet Shifts from DDoS to Residential Proxies
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts say a glut of proxies from Aisuru and other sources is fueling large-scale data harvesting efforts tied to various artificial intelligence (AI) projects, helping content scrapers evade detection by routing their traffic through residential connections that appear to be regular Internet users.
Futurism ☛ Serious New Hack Discovered Against OpenAI’s New Hey Hi (AI) Browser
Atlas is a cybersecurity disaster waiting to happen.
Security Week ☛ Hackers Target Swedish Power Grid Operator
The hackers stole information from a file transfer solution and the country’s power supply was not affected.
Security Week ☛ TurboMirai-Class ‘Aisuru’ Botnet Blamed for 20+ Tbps DDoS Attacks
A new class of Mirai-based DDoS botnets have been launching massive attacks, but their inability to spoof traffic enables device remediation.
Federal News Network ☛ EPA deepens work with water sector amid rising cyber concerns
The EPA’s work to identify vulnerabilities in the water sector will be a critical piece of its efforts as the risk management agency for water utilities.
NVISO Labs ☛ Vulnerability Management – Process Perspective
In this post, we dive deeper into the HOW of vulnerability management. This post is dedicated to the processes to provide a comprehensive overview.
Security Week ☛ Industrial Giants Schneider Electric and Emerson Named as Victims of Oracle Hack
Data allegedly stolen from the companies has been made available for download on the Cl0p ransomware leak website.
Linux Handbook ☛ Automating XSS Hunting with Dalfox [Pen Testing Hands-on]
Learn about using Dalfox for XSS injection on Kali GNU/Linux with a demo scan against a safe target. Copy, paste, profit. For lab purposes only.
Windows TCO / Windows Bot Nets
Security Week ☛ QNAP NetBak PC Agent Affected by Recent ASP.NET Core Vulnerability
The critical-severity flaw allows attackers to smuggle HTTP requests and access sensitive data, modify server files, or cause DoS conditions.
Bleeping Computer ☛ Qilin ransomware abuses WSL to run Linux encryptors in Windows [Ed: Windows issues twisted as "Linux"]
The ransomware first launched as "Agenda" in August 2022, rebranding to Qilin by September and continuing to operate under that name to this day.
Qilin Ransomware Targets Windows with Linux-Based Payload [Ed: WSL is Windows]
A new Linux-based ransomware variant from the Qilin group can now infiltrate Windows systems.
Qilin uses Linux ransomware to evade Windows defenses
Security Affairs reports that Trend Micro researchers uncovered a sophisticated Qilin ransomware campaign that weaponized Linux binaries on Windows systems to evade endpoint detection and response tools and disable security defenses.
XDA ☛ WSL is great, but networking is a mess — here's how I fixed it [Ed: Windows is not great and using GNU/Linux "proper" would solve this]
But it's not all perfect, and for all the usefulness of WSL, more advanced users have noticed some big issues, with networking being a major one. With Linux running inside Windows, managing the network connection for the host and guest can be a challenge, at least out of the box.
