Tux Machines
Security Leftovers
Posted by Roy Schestowitz on Jul 07, 2024
Cyble Inc ☛ Critical Ghostscript Vulnerabilities Addressed with Latest Ubuntu Security Updates
Canonical has recently issued a series of crucial Ubuntu security updates aimed at addressing multiple vulnerabilities in Ghostscript, a widely utilized tool for interpreting PostScript and PDF files. These vulnerabilities, discovered by various security researchers, posed significant risks such as bypassing security restrictions and executing malicious code on affected systems.
CISA ☛ 2024-07-02 [Older] CISA Adds One Known Exploited Vulnerability to Catalog
CISA ☛ 2024-07-02 [Older] CISA Releases Seven Industrial Control Systems Advisories
CISA ☛ 2024-07-02 [Older] Johnson Controls Kantech Door Controllers
CISA ☛ 2024-07-02 [Older] mySCADA myPRO
CISA ☛ 2024-07-02 [Older] ICONICS and Mitsubishi Electric Products
CISA ☛ 2024-06-28 [Older] Progress Software Releases Security Bulletin for MOVEit Transfer
2024-06-27 [Older] ISTIO-SECURITY-2024-005
Modern Diplomacy ☛ 2024-07-02 [Older] Indonesia’s Weak Cybersecurity Governance
CISA ☛ 2024-07-02 [Older] Juniper Networks Releases Security Bulletin for Junos OS: SRX Series
US News And World Report ☛ 2024-07-04 [Older] Cybersecurity Breach Could Delay Court Proceedings Across New Mexico, Public Defenders Office Says
Copenhagen Post ☛ 2024-07-04 [Older] DTU cuts collaborations with Chinese and Iranian universities over security concerns
Cyble Inc ☛ Exploiting CVE-2024-23692 With HFS Server Vulnerabilities
HTTP File Server (HFS) is a lightweight web server software widely used for file sharing. Its simplicity in setup and operation makes it popular, allowing users to share files over the internet with ease.
Integrity/Availability/Authenticity
Science Alert ☛ Giant Cybersecurity Threat Discovered Lurking in Plain Sight
For example, a programmer making a link to theconversation.com might accidentally link to tehconversation.com – note the misspelling. If the mistyped domain has never been purchased, someone could come along and buy that phantom domain for around A$10, hijacking the inbound traffic. In these cases, the price of programmers' mistakes is paid by the users.
These programmer linking errors don't just risk directing users to phishing or spoofing sites. Hijacked traffic can be directed towards a range of traps, including malicious scripts, misinformation, offensive content, viruses and any other hacks the future will bring.
Windows TCO
RTL ☛ New tactics: Cybercrime groups restructuring after major takedowns: experts
LockBit was one of the major developers of malicious software that allows criminals to lock victims out of their networks, steal their data and demand a ransom for its return.
Ransomware attacks using LockBit and other software have led to major disruption of governments, businesses and public services like hospitals.
The Register UK ☛ The untold impact of Qilin's attack on London hospitals
How the ordeal actually unraveled, however, was an entirely different story. Hanna was given less than 24 hours by doctors to make the daunting decision to either accept a simple mastectomy or delay a life-changing procedure until Synnovis's systems were back online.
Cyble Inc ☛ Threat Actors Exploit Microsoft SmartScreen Vulnerability: Cyble Researchers
The multi-stage attack that follows utilizes legitimate tools such as forfiles.exe, PowerShell, mshta, and other trusted files to circumvent security measures, and then DLL sideloading and IDATLoader inject the final payload into explorer.exe.
The campaign delivers Lumma and Meduza Stealer as its final payloads.
[Repeat] Silicon Angle ☛ Patelco Credit Union targeted in ransomware attack, disrupting customer access
California-based Patelco Credit Union, one of the largest credit unions in the U.S., has suffered from a ransomware attack that has prevented some customers from accessing their funds.