many parts make the whole
Evan Boehs has provided a detailed analysis and timeline of the xz Utils backdoor. Evan has gone in detail into the why of the compromise, how the threat actor leveraged the culture of the open source software community to gain the trust and experience needed to attempt rolling a malicious backdoor out to a very … Read More “ADDITIONAL ANALYSIS ON THE xz Utils BACKDOOR” »
Malicious code has been detected in xz Utils that appears to be intended to create a backdoor in sshd. xz Utils is a common compression utility used in many Linux distros including Debian and Red Hat. according to a researcher from Analygence the malicious versions of xz Utils were not added to production versions of … Read More “BACKDOOR IN WIDELY USED Linux UTILITY TARGETS SSH CONNECTIONS” »
In the wake of an attack on Change Healthcare UnitedHealth Group has paid out over $2 billion to help effected health-care providers. Change Healthcare handles prescriptions and billing for more than 67,000 pharmacies in the U.S. A ransomware attack beginning February 21st caused widespread outages to hospitals and pharmacies across the U.S. Change Healthcare took … Read More “UnitedHealth Group HAS PAID OVER $2 BILLION FOLLOWING CYBERATTACK” »
The City of Dallas is currently dealing with a ransomware attack that is affecting multiple departments including the Police. Apparently while their systems are locked down Police and dispatch are having to do their work by hand which is slowing things down, although they are still responding as normal to calls. The City is advising … Read More “CITY OF DALLAS RANSOMWARE ATTACK” »
Compromised updates for Solarwinds Orion are making headlines for containing malware. The updates available from March through May of this year appear to have contained a very elusive and adaptable trojan that FireEye has dubbed the SUNBURST Backdoor. FireEye has published a great write-up on the attack here along with Indications of Compromise. Please be sure to read through … Read More “SOLARWINDS ORION AND THE SUNBURST BACKDOOR” »
Norsk Hydro, (one of the world’s largest aluminum producers), has suffered a loss of profits due to a recent cyber attack. Additionally large US cities are struggling with ransomware. Baltimore and Atlanta have both fallen victim recently and they are not alone. These attacks were noteworthy in that they did not target the people but … Read More “NORSK HYDRO AND US CITIES AFFECTED BY RANSOMWARE” »
There is a good write up from Armin Sebastian on a vulnerability in Adblock Plus 3.2 which can allow for arbitrary code execution under certain conditions. There $rewrite filter option is the source of the problem and several conditions must be met in order for an attack to be possible. uBlock Origin is not susceptible … Read More “ADBLOCK PLUS – ARBITRARY CODE EXECUTION” »