flatpak-runtime-f37-3720230215003302.1
flatpak-sdk-f37-3720230215003302.1
Updated flatpak runtime and SDK, including latest Fedora 37 security and bug-fix errata.
In addition to regular package updates, this also adds double-conversion package to the runtime as it’s a new dep of qt5-qtbase.
As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work that would otherwise require significant effort and potentially drain in-house resources to those who can do it for you.
The use of third-party services can also come with significant—often unforeseen—risks. Third parties can be a gateway for intrusions, harm a company’s reputation if a service malfunctions, expose it to financial and regulatory issues, and draw the attention of bad actors from around the world. A poorly managed breakup with a vendor can also be perilous, resulting in the loss of access to systems put in place by the third party, loss of custody of data, or loss of data itself.
Towards the end of last year, malicious hackers broke into the systems of Pepsi Bottling Ventures, the largest privately-owned bottler of Pepsi-Cola beverages in the USA, and installed malware.
For almost the month the malware secretly exfiltrated personally identifiable information (PII) from the company’s network.
Read more in my article on the Hot for Security blog.
Descope has launched its first product, a platform designed to help developers add authentication and user management capabilities to their business-to-consumer and business-to-business applications. The software as a service is available now. Developers can access the product free of charge for up to 7,500 monthly active uses for B2C applications and up to 50 tenants for B2B apps. Beyond these there is a US$0.10 per user and US$20 per tenant.
The Descope platform aims to make it easier to build passwordless authentication, according to the company. Descope says the new product allows organizations to:
Create authentication flows and user-facing screens using a visual workflow designer.
Seamlessly add a variety of passwordless authentication methods to apps such as magic links, biometrics and passkeys (based on WebAuthn), authenticator apps, and social logins.
Validate, merge, and manage identities across the user journey.
Get business apps enterprise-ready with single sign-on (SSO), access control, tenant management, and automated user provisioning.
Enhance user protection by easily enabling multi-factor authentication (MFA), step-up, or biometric authentication within applications.
Descope’s platform offers different integration options: a no-code workflow builder and screen editor, a set of client and backend SDKs, and comprehensive REST APIs.
Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7
sequence. A remote attacker could possibly use this issue to cause NSS to
crash, resulting in a denial of service. (CVE-2022-22747)
Ronald Crane discovered that NSS incorrectly handled certain memory
operations. A remote attacker could use this issue to cause NSS to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2022-34480)
Cameras are getting smaller and smaller, changing the scale and scope of surveillance.
Recorded Future analyzed how threat actors have been exploiting VMware ESXi vulnerabilities over the past three years
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
This blog was jointly authored with Arjun Patel.
GuLoader is a malware downloader that is primarily used for distributing other shellcode and malware such as ransomware and banking Trojans. It was first discovered in the wild in late 2019 and has since become a popular choice among cybercriminals due to its effectiveness and ease of use. Researchers at cybersecurity firm CrowdStrike have recently published a technical write-up detailing the various techniques used by GuLoader to avoid detection.
One of the key features of GuLoader is its ability to evade detection by traditional security solutions. It uses several techniques to avoid being detected, including packing and encryption, as well as utilizing legitimate websites and services as command and control (C2) servers. It also employs advanced anti-debugging and anti-analysis techniques, which makes it difficult for security researchers to reverse engineer and analyze its code.
GuLoader is typically spread through phishing campaigns, where victims are tricked into downloading and installing the malware through emails or links containing a Visual Basic script file. It can also be distributed through other means, such as drive-by downloads, where the malware is delivered to a victim’s computer through a web browser without the victim’s knowledge.
GuLoader utilizes a three-stage process to deliver the final payload to the infected host. During the first stage, the VBScript dropper file gets downloaded into a registry key as a persistence mechanism and delivers a next-stage payload. The second stage payload performs anti-analysis checks before injecting shellcode into memory.
If these checks are successful, the shellcode then downloads the final payload from a remote server and executes it on the compromised host. The shellcode incorporates various anti-analysis and anti-debugging measures, including checks for the presence of a remote debugger and breakpoints, scans for virtualization software, and the use of a “redundant code injection mechanism” to avoid NTDLL.dll hooks implemented by endpoint detection and response (EDR) solutions.
*encrypted final payload
NTDLL.dll API hooking is a technique used by anti-malware engines to detect and flag suspicious processes on Windows by monitoring APIs that are known to be abused by threat actors. The method involves using assembly instructions to invoke the necessary Windows API function to allocate memory and inject arbitrary shellcode into that location via process hollowing. GuLoader’s “redundant code injection mechanism” is designed to avoid these NTDLL.dll hooks, making it more difficult for EDR solutions to detect and flag the malware.
One of the ways that GuLoader evades detection is through its use of legitimate websites and services such as C2 servers. This means that it uses websites that are not known to be malicious as a means of communicating with its command-and-control (C2) center. This can make it difficult for security researchers to identify the C2 servers being used by the malware, as they are not typically flagged as malicious.
In addition to its advanced evasion techniques, GuLoader is also highly customizable, which allows cybercriminals to tailor the malware to their specific needs. This includes the ability to change the appearance of the malware, as well as its behavior and functionality.
Also, GuLoader has also been observed using JavaScript malware strain RATDispenser to drop the malware via a Base64-encoded VBScript dropper. This allows the malware to bypass security measures and gain access to infected systems.
GuLoader has been used in high-profile attacks, including the Ryuk ransomware attack, which targeted government agencies and other large organizations. It has also been used in attacks on healthcare organizations, as well as in attacks targeting individuals and small businesses.
GuLoader is a highly effective and versatile malware that can evade detection and distribute a wide range of malicious payloads. With its exceptional ability to check for anti-analysis at every step of execution, the malware downloader can constantly bypass security checks and avoid being detected by some of the security solutions. Due to its capability to hide without being detected, it poses a significant threat to all levels of enterprises whether it’s small business or a large enterprise.
It is important for organizations to be vigilant in protecting their systems and data from this type of malware. This can be achieved by implementing a combination of various security tools such as Next Generation Firewall (NGFW), Security Information and Event Management (SIEM) and EDR and best security practices at each layer of the organization’s infrastructure.
*IOC for GuLoader
Sources/Articles
https://gbhackers.com/guloader-malware-advanced-anti-analysis/
https://thehackernews.com/2022/12/guloader-malware-utilizing-new.html
PerimeterWatch gives you total control and management over your data. The rate of change on the internet, mobile, distributed processing and other technologies is- simply staggering. Failing to keep up can doom even a well-established organization, but bringing in these new capabilities without fully effective security procedures and systems can be equally disastrous.
What PerimeterWatch offers is a truly secure IT infrastructure. Whether that means a completely managed IT and security function or co-managing with your in-house people, we provide the security intelligence, the technical expertise and the implementation experience necessary to make sure your solutions solve your business problems – without simply creating new ones.
firefox-110.0-3.fc37
New upstream release (110.0)
firefox-110.0-3.fc36
New upstream release (110.0)
