The Qualys Research Labs discovered two vulnerabilities in util-linux’s
libmount. These flaws allow an unprivileged user to unmount other users’
filesystems that are either world-writable themselves or mounted in a
world-writable directory
(CVE-2021-3996), or to unmount FUSE filesystems that belong to certain other
users
(CVE-2021-3995).
Yearly Archives: 2022
DSA-5056 strongswan – security update
Zhuowei Zhang discovered a bug in the EAP authentication client code of
strongSwan, an IKE/IPsec suite, that may allow to bypass the client and in some
scenarios even the server authentication, or could lead to a denial-of-service
attack.
DSA-5057 openjdk-11 – security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service, bypass of deserialization
restrictions or information disclosure.
DSA-5058 openjdk-17 – security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service, bypass of deserialization
restrictions or information disclosure.
DSA-5054 chromium – security update
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
Friday Squid Blogging: Piglet Squid
MoonBounce UEFI implant used by spy group brings firmware security into spotlight
Researchers uncovered a stealthy UEFI rootkit that’s being used in highly targeted campaigns by a notorious Chinese cyberespionage group with suspected government ties. The group is known for using software supply-chain attacks in the past. Dubbed MoonBounce by researchers from Kaspersky Lab, the implant’s goal is to inject a malicious driver into the Windows kernel during the booting stages, providing attackers with a high level of persistence and stealthiness.
While MoonBounce is not the first UEFI rootkit found in the wild — LoJax, MosaicRegressor are two examples– these types of implants are not common because they require knowledge of low-level firmware programming. They are typically found in the arsenal of well-resourced and sophisticated attacker groups.
A Backdoor in WordPress AccessPress Plugins and Themes Could Allow an Attacker Access to a Targeted Website
A backdoor has been discovered in WordPress AccessPress plugins and themes, which could allow an attacker access to a targeted website. AccessPress plugins and themes are used to provide website functionality and design options to website administrators. Successful exploitation of this backdoor could allow an attacker to redirect users to malicious sites as well as access to the vulnerable website.
Attackers use public cloud providers to spread RATs
A campaign that uses public cloud service providers to spread malware has been discovered by Cisco Talos. The offensive is the latest example of threat actors abusing cloud services like Microsoft Azure and Amazon Web Services for malicious purposes, security researchers Chetan Raghuprasad and Vanja Svajcer wrote in the Talos blog.
To camouflage their activity, the researchers noted, the hackers used the DuckDNS dynamic DNS service to change the domain names of the command-and-control hosts used for the campaign, which started distributing variants of Nanocore, Netwire, and AsyncRATs to targets in the United States, Italy and Singapore, starting around October 26. Those variants are packed with multiple features to take control of a target’s computer, allowing it to issue commands and steal information.
Homelife of Connecticut Residents Secretly Recorded
Homelife of Connecticut Residents Secretly Recorded
A man from Connecticut has been arrested on suspicion of using digital devices to record his neighbors.
Waterford resident Keith Hancock allegedly recorded 10 victims from outside their homes, two of whom were juveniles. Six of the individuals were filmed while undressing.
Hancock is also suspected of recording more victims while inside his home on Overlook Drive.
Cops arrested 53-year-old Hancock on Tuesday and charged him with eight counts of voyeurism and three counts of criminal trespass in the third degree.
According to an arrest affidavit for Hancock, the alleged voyeur admitted filming individuals in two residences without their knowledge or consent.
The investigation that led to Hancock’s arrest began on October 07 2021 when the Waterford Police Department responded to a report of an intruder entering a male resident’s backyard.
According to news source The Day, the resident became aware of the intruder’s presence when he let his dog out into the yard and the animal started to bark. When the resident shone a flashlight into the yard, he was able to see an intruder running away.
The resident searched his backyard and found a pair of binoculars and a black Canon camcorder stashed behind a tree. A portable chair and two posts were discovered on the other side of the wall that separated the resident’s property from his neighbor’s.
Stored on the SD card inside the recovered camcorder was video footage of another home, focusing on an upstairs window.
Police traced the camcorder to Hancock and obtained a search warrant for his residence. Stored on a laptop seized in the search was video footage of a woman undressing. Another video showed a woman naked from the waist down and urinating into a toilet.
The bathroom in the video matched a bathroom shown in an online real estate listing of Hancock’s house. When officers searched Hancock’s bathroom, they found a hole in the base of a cabinet set opposite the toilet through which they believe the defendant filmed his victims.
Hancock was released on a $100,000 bond. He is scheduled to appear in court on February 23.