many parts make the whole
Evan Boehs has provided a detailed analysis and timeline of the xz Utils backdoor. Evan has gone in detail into the why of the compromise, how the threat actor leveraged the culture of the open source software community to gain the trust and experience needed to attempt rolling a malicious backdoor out to a very … Read More “ADDITIONAL ANALYSIS ON THE xz Utils BACKDOOR” »
Malicious code has been detected in xz Utils that appears to be intended to create a backdoor in sshd. xz Utils is a common compression utility used in many Linux distros including Debian and Red Hat. according to a researcher from Analygence the malicious versions of xz Utils were not added to production versions of … Read More “BACKDOOR IN WIDELY USED Linux UTILITY TARGETS SSH CONNECTIONS” »
In the wake of an attack on Change Healthcare UnitedHealth Group has paid out over $2 billion to help effected health-care providers. Change Healthcare handles prescriptions and billing for more than 67,000 pharmacies in the U.S. A ransomware attack beginning February 21st caused widespread outages to hospitals and pharmacies across the U.S. Change Healthcare took … Read More “UnitedHealth Group HAS PAID OVER $2 BILLION FOLLOWING CYBERATTACK” »
The big news this past week was a ransomware attack against MGM Resorts and Caesar’s Entertainment. The attacks have both been attributed to ALPHV and apparently Caesar’s quickly paid the ransom, (which may have been tens of millions according to bloomberg), while MGM seems to have refused to pay up and is still having issues … Read More “MGM AND CAESARS RANSOMWARE ATTACKS” »
21 years after its’ launch, the Windows XP activation algorithm has been completely cracked allowing for offline activation. Unfortunately it is common for very out of date Operating Systems to still be deployed, especially in manufacturing and industrial settings. Software that is required to run or communicate with an essential piece of equipment was written … Read More “Windows XP ACTIVATION ALGORITHM CRACKED” »
If you were not able to attend Shmoocon 2023 you can still view the talks and presentations. There are presentations on a wide variety of topics including career development, hardware hacking, Open Source Software, blue team operations, OSINT, and more! Videos are available here!
In it’s too good to be true news, what if you could just ask your target system to execute code? Lucas Luitjes has an interesting article about simply asking AI chatbots to execute code and it turns out they will! Sanitizing user input has been a known issue for quite some time. Without sanitized input … Read More “REMOTE CODE EXECUTION BY ASKING NICELY – InjectGPT” »
Veeam has recently disclosed a vulnerability which allows unauthenticated access to cleartext credentials. A bad actor would only require network access to exploit this vulnerability and it has been assigned a CVSS score of 7.5 HIGH. Versions before 12.0.0.1420 P20230223 and 11.0.1.1261 P20230227 are vulnerable. Leaked credentials are especially concerning in this case because they … Read More “Veeam Backup & Replication – CVE-2023-27532” »
A malware campaign is currently underway targeting popular Python packages by typosquatting. Once deployed the malware replaces crypto wallet addresses stored in the clipboard with a wallet controlled by the attacker. Phylum has discovered over 450 malicious packages in the wild mostly targeting crypto, finance, and web development packages. More information on affected packages and … Read More “ACTIVE MALWARE CAMPAIGN TARGETING POPULAR Python PACKAGES” »
A buffer overflow vulnerability has been disclosed that could allow for local privilege escalation to root and leakage of stack and heap addresses. The CVSS score is 7.8 HIGH. A patch has been proposed and mitigation is available by disabling unprivileged user namespaces. This is another buffer overflow in nf_tables similar to the one we … Read More “KERNEL STACK BUFFER OVERFLOW in Linux – CVE-2023-0179” »