news
Fear, Uncertainty, Doubt (FUD) While Microsoft Transmits Malware
-
Bleeping Computer ☛ CISA: High-severity Linux flaw now exploited by ransomware gangs
While the vulnerability (tracked as CVE-2024-1086) was disclosed on January 31, 2024, as a use-after-free weakness in the netfilter: nf_tables kernel component and was fixed via a commit submitted in January 2024, it was first introduced by a decade-old commit in February 2014.
-
Security Affairs ☛ Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks [Ed: Old stuff recycled to FUD Linux while Microsoft servers are Swiss cheese]
CISA warns ransomware gangs exploit CVE-2024-1086, a Linux kernel flaw in netfilter: nf_tables, introduced in 2014 and patched in Jan 2024.
-
IT Pro ☛ Hackers are using these malicious npm packages to target developers on Windows, macOS, and Linux systems – here’s how to stay safe [Ed: Microsoft transmits malware again]
Security experts have issued a warning to developers after ten malicious npm packages have been found to deliver infostealer malware across Windows, Linux, and macOS systems.
Analysis by researchers at Socket's Threat Research Team shows the malware distributed as part of the campaign uses four layers of obfuscation to hide payloads, displays a fake CAPTCHA to appear legitimate, and fingerprints victims by IP address.
It downloads a 24MB PyInstaller-packaged information stealer that harvests credentials from system keyrings, browsers, and authentication services across Windows, Linux, and macOS.
-
CISA, NSA offer guidance to better protect Abusive Monopolist Microsoft Exchange Servers [Ed: Like trying to swim in sand]
The guide includes security advice previously shared by Microsoft, yet authorities felt it prudent to outline best practices for the critical and widely used technology.
More of the same
More of this Fear, Uncertainty, Doubt:
-
Ongoing Ransomware Attacks Exploit Linux Vulnerability, CISA Warns [Ed: Old and booster by a Microsoft media operative, Davey Winder]