Zscaler also confirmed MadMxShell uses DLL sideloading and DNS tunneling for C2 communication
Monthly Archives: April 2024
Change Healthcare data for sale on dark web as fallout from ransomware attack spirals out of control
February’s crippling ransomware attack against Change Healthcare, which saw prescription orders delayed across the United States, continues to have serious consequences.
Read more in my article on the Hot for Security blog.
3.5 million Omni Hotel guest details held to ransom by Daixin Team
The international hotel chain Omni Hotels & Resorts has confirmed that a cyber attack last month saw it shut down its systems, with hackers stealing personal information about its customers.
Read more in my article on the Exponential-E blog.
Police smash LabHost international fraud network, 37 arrested
Police have successfully infiltrated and disrupted the fraud platform “LabHost”, used by more than 2,000 criminals to defraud victims worldwide.
Read more in my article on the Tripwire State of Security blog.
python-idna-3.7-1.fc38
FEDORA-2024-73644489ec
Packages in this update:
python-idna-3.7-1.fc38
Update description:
Update to 3.7 (rhbz#2274439), security fix for CVE-2024-3651
python-idna-3.7-1.fc39
FEDORA-2024-9176fdb518
Packages in this update:
python-idna-3.7-1.fc39
Update description:
Update to 3.7 (rhbz#2274439), security fix for CVE-2024-3651
US Election Officials Told to Prepare for Nation-State Influence Campaigns
A US government advisory sets out actions election officials need to take to mitigate the impact of nation-state influence campaigns ahead of the November elections
USN-6737-1: GNU C Library vulnerability
Charles Fol discovered that the GNU C Library iconv feature incorrectly
handled certain input sequences. An attacker could use this issue to cause
the GNU C Library to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Other Attempts to Take Over Open Source Projects
After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique:
The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to take action to update one of its popular JavaScript projects to “address any critical vulnerabilities,” yet cited no specifics. The email author(s) wanted OpenJS to designate them as a new maintainer of the project despite having little prior involvement. This approach bears strong resemblance to the manner in which “Jia Tan” positioned themselves in the XZ/liblzma backdoor.
[…]
The OpenJS team also recognized a similar suspicious pattern in two other popular JavaScript projects not hosted by its Foundation, and immediately flagged the potential security concerns to respective OpenJS leaders, and the Cybersecurity and Infrastructure Security Agency (CISA) within the United States Department of Homeland Security (DHS).
The article includes a list of suspicious patterns, and another list of security best practices.
glibc-2.37-19.fc38
FEDORA-2024-f7ae5df88d
Packages in this update:
glibc-2.37-19.fc38
Update description:
This update includes several bug fixes from the upstream glibc release branch, including a fix for CVE-2024-2961.