A new report by Red Canary has found that while cybersecurity budgets have risen, many security leaders still feel overwhelmed by the growing threat landscape
Daily Archives: October 3, 2024
mosquitto-2.0.19-1.fc40
FEDORA-2024-e36b567b66
Packages in this update:
mosquitto-2.0.19-1.fc40
Update description:
Update to 2.0.19
mosquitto-2.0.19-1.fc39
FEDORA-2024-f71b7dad10
Packages in this update:
mosquitto-2.0.19-1.fc39
Update description:
Update to 2.0.19
mosquitto-2.0.19-1.fc41
FEDORA-2024-0078a55acf
Packages in this update:
mosquitto-2.0.19-1.fc41
Update description:
Update to 2.0.19
Fix FTBFS (closes rhbz#2300978)
Weird Zimbra Vulnerability
Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit.
In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage malware. The researcher provided the following details:
While the exploitation attempts we have observed were indiscriminate in targeting, we haven’t seen a large volume of exploitation attempts
Based on what we have researched and observed, exploitation of this vulnerability is very easy, but we do not have any information about how reliable the exploitation is
Exploitation has remained about the same since we first spotted it on Sept. 28th
There is a PoC available, and the exploit attempts appear opportunistic
Exploitation is geographically diverse and appears indiscriminate
The fact that the attacker is using the same server to send the exploit emails and host second-stage payloads indicates the actor does not have a distributed set of infrastructure to send exploit emails and handle infections after successful exploitation. We would expect the email server and payload servers to be different entities in a more mature operation.
Defenders protecting Zimbra appliances should look out for odd CC or To addresses that look malformed or contain suspicious strings, as well as logs from the Zimbra server indicating outbound connections to remote IP addresses.
USN-7021-4: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– BTRFS file system;
– F2FS file system;
– GFS2 file system;
– BPF subsystem;
– Netfilter;
– RxRPC session sockets;
– Integrity Measurement Architecture(IMA) framework;
(CVE-2024-41009, CVE-2024-26677, CVE-2024-42160, CVE-2024-39494,
CVE-2024-39496, CVE-2024-38570, CVE-2024-27012, CVE-2024-42228)
Northern Ireland Police Data Leak Sees Service Fined by ICO
The ICO blamed the Police Service of Northern Ireland for procedural failings that exposed the personal data of 9843 personnel, putting police officers at risk
Crypto-Doubling Scams Surge Following Presidential Debate
Researchers see an uptick in crypto-doubling investment scams following the first presidential debate
Email Phishing Attacks Surge as Attackers Bypass Security Controls
Egress found that attackers are becoming more adept at bypassing email security, such as using compromised accounts and the use of commodity campaigns
FIN7 Gang Hides Malware in AI “Deepnude” Sites
Threat group FIN7 is hiding infostealer malware on sites promising AI deepnude downloads