Daily Archives: April 26, 2023

News

Smashing Security podcast #319: The CEO who also ran IT, Strava strife, and TikTok tall tales

Read Time:23 Second

A boss is bitten in the bottom after being struck by one of the worst crimes in Finnish history, Strava’s privacy isn’t so private, and a private investigator uncovers some TikTok tall tales. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham … Continue reading “Smashing Security podcast #319: The CEO who also ran IT, Strava strife, and TikTok tall tales”

Read More

News

Iranian cyberspies deploy new malware implant on Microsoft Exchange Servers

Read Time:38 Second

A cyberespionage group believed to be associated with the Iranian government has been infecting Microsoft Exchange Servers with a new malware implant dubbed BellaCiao that acts as a dropper for additional payloads. The malware uses DNS queries to receive commands from attackers encoded into IP addresses.

According to researchers from Bitdefender, the attackers appear to customize their attacks for each particular victim including the malware binary, which contains hardcoded information such as company name, custom subdomains and IP addresses. Debugging information and file paths from compilation that were left inside the executable suggest the attackers are organizing their victims into folders by country code, such as IL (Israel), TR (Turkey), AT (Austria), IN (India), or IT (Italy).

To read this article in full, please click here

Read More

Advisories

USN-6017-2: Ghostscript vulnerability

Read Time:14 Second

USN-6017-1 fixed vulnerabilities in Ghostscript. This update provides the
corresponding updates for Ubuntu 23.04.

Original advisory details:

Hadrien Perrineau discovered that Ghostscript incorrectly handled certain
inputs. An attacker could possibly use this issue to cause a denial of
service, or possibly execute arbitrary code.

Read More

Advisories

USN-6045-1: Linux kernel vulnerabilities

Read Time:1 Minute, 6 Second

It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel did not properly perform filter deactivation in some
situations. A local attacker could possibly use this to gain elevated
privileges. Please note that with the fix for this CVE, kernel support for
the TCINDEX classifier has been removed. (CVE-2023-1829)

Gwnaun Jung discovered that the SFB packet scheduling implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-3586)

Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless
driver in the Linux kernel contained a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-4095)

It was discovered that the TIPC protocol implementation in the Linux kernel
did not properly validate the queue of socket buffers (skb) when handling
certain UDP packets. A remote attacker could use this to cause a denial of
service. (CVE-2023-1390)

It was discovered that the Xircom PCMCIA network device driver in the Linux
kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2023-1670)

Read More