The TechBeat: The Case Against Rocky Linux (4/2/2024)
How are you, hacker? đȘWant to know what's trending right now?: The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here. ## The Case Against Rocky Linux By @eluser [ 12 Min read ] Rocky Linux...
Malicious xz backdoor reveals fragility of open source
Malicious xz backdoor reveals fragility of open source Go to Source This time, we got lucky. It mostly affected bleeding-edge distros. But that's not a defense strategy Analysis The discovery last week of a backdoor in a widely used...
âWallEscapeâ Linux Vulnerability Leaks User Passwords
A vulnerability in util-linux, a core utilities package in Linux systems, allows attackers to leak user passwords and modify the clipboard. The post âWallEscapeâ Linux Vulnerability Leaks User Passwords appeared first on SecurityWeek.
âVulturâ Android Malware Gets Extensive Device Interaction Capabilities
NCC Group researchers warn that the Android banking malware âVulturâ has been updated with device interaction and file tampering capabilities. The post âVulturâ Android Malware Gets Extensive Device Interaction Capabilities appeared first on SecurityWeek.
Cyber Security Today, April 1, 2024 â An alert about a critical Linux vulnerability, a warning about password-spray attacks on Cisco VPNs, and more
An alert about a critical Linux vulnerability, a warning about password-spray attacks on Cisco VPNs, and more. Welcome to Cyber Security Today. Itâs Monday, April 1st, 2024. Iâm Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and...
Detecting Windows-based Malware Through Better Visibility
Despite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. These continued threats aren't just an inconvenience that hurt businesses and end users - they damage the economy, endanger lives, destroy...
Pandabuy – 1,348,407 breached accounts
In March 2024, 1.3M unique email addresses from the online store for purchasing goods from China, Pandabuy, were posted to a popular hacking forum. The data also included IP and physical addresses, names, phone numbers and order enquiries. The breach was alleged to be...
You Should Update Apple iOS and Google Chrome ASAP
Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and more.
Washington State Food Worker Card – 1,594,305 breached accounts
In June 2023, the Tacoma-Pierce County Health Department announced a data breach of their Washington State Food Worker Card online training system. The breach was published to a popular hacking forum the year before and dated back to a 2018 database backup. Included...
The Case Against Rocky Linux
Dear reader, please note that this article was written anonymously, as I am a person deep inside the Enterprise Linux ecosystem. I know "anonymous" is a big word, and if anyone wants to identify the author, they can. I'm against changes to RHEL code redistribution,...
Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware
Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims'...
Security Alert: Potential SSH Backdoor Via Liblzma
In breaking news that dropped just after our weekly security column went live, a backdoor has been discovered in the xz package, that could potentially compromise SSH logins on Linux systems. The most detailed analysis so far seems to be by [Andres Freund] on the...
Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching
CVE-2024-1086 turns the page tables on system admins A Linux privilege-escalation proof-of-concept exploit has been published that, according to the bug hunter who developed it, typically works effortlessly on kernel versions between at least 5.14 and 6.6.14. âŠ
Function Calling LLMs: Combining SLIMs and DRAGON for Better RAG Performance
Function Calling LLMs: Combining SLIMs and DRAGON for Better RAG Performance Go to Source In 2024, there is no shortage of LLM-based applications. Major tech companies like Microsoft and Google are pushing forward ever-more-powerful...
This Week in Security: Peering Through the Wall, Appleâs GoFetch, and SHA-256
The Linux command wall is a hold-over from the way Unix machines used to be used. Itâs an abbreviation of Write to ALL, and it was first included in AT&T Unix, way back in 1975. wall is a tool that a sysadmin can use to send a message to the terminal session of...
New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking
Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085,...
Activision is reportedly looking into the malware stealing its users’ login credentials
Activision is reportedly in the midst of investigating a hacking campaign that's stealing login credentials from people playing its games. According to TechCrunch, bad actors have been successfully installing malware onto victims' computers and using their access to...
England Cricket – 43,299 breached accounts
In March 2024, English Cricket's icoachcricket website suffered a data breach that exposed over 40k records. The data included email addresses and passwords stored as either bcrypt hashes, salted MD5 hashes or both. The data was provided to HIBP by a source who...
Activision investigating password-stealing malware targeting game players
Video game giant Activision is investigating a hacking campaign thatâs targeting players with the goal of stealing their credentials, TechCrunch has learned. At this point, the hackersâ specific goals â apart from stealing passwords for various types of accounts â are...
Malware Upload Attack Hits PyPI Repository
Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign. The post Malware Upload Attack Hits PyPI Repository appeared first on SecurityWeek.
Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries
A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to...
Cyberespionage Campaign Targets Government, Energy Entities in India
Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India. The post Cyberespionage Campaign Targets Government, Energy Entities in India appeared first on SecurityWeek.
Cisco Patches DoS Vulnerabilities in Networking Products
Cisco has released patches for multiple IOS and IOS XE software vulnerabilities leading to denial-of-service (DoS). The post Cisco Patches DoS Vulnerabilities in Networking Products appeared first on SecurityWeek.
INC Ransom claims responsibility for attack on NHS Scotland
Sensitive documents dumped on leak site amid claims of 3 TB of data stolen in total NHS Scotland says it managed to contain a ransomware group's malware to a regional branch, preventing the spread of infection across the entire institution.âŠ
AI hallucinates software packages and devs download them â even if potentially poisoned with malware
Simply look out for libraries imagined by ML and make them real, with actual malicious code. No wait, don't do that In-depth Several big businesses have published source code that incorporates a software package previously hallucinated by generative AI.âŠ
Exvagos – 2,121,789 breached accounts
In July 2022, the direct download website Exvagos suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.1M unique email addresses along with IP addresses, usernames, dates of birth and MD5 password hashes.
Code Execution Flaws Haunt NVIDIA ChatRTX for Windows
Code Execution Flaws Haunt NVIDIA ChatRTX for Windows Go to Source Artificial intelligence computing giant NVIDIA patches flaws in ChatRTX for Windows and warns of code execution and data tampering risks. The post Code Execution Flaws...
Protect Your Business With This Seamless Firewall â Now $150 Off
DNS FireWall is an intuitive security app built to protect you and your business from malware, phishing, botnets and more security threats.
Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite
Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack...
CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability
CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability Go to Source The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting the Microsoft Sharepoint Server to its Known...