Read Time:6 Second
The CIS CTI team spotted a Lumma Stealer campaign where SLTT victims were redirected to malicious webpages delivering fake CAPTCHA verifications.
Daily Archives: March 20, 2025
USN-7363-1: PAM-PKCS#11 vulnerabilities
Read Time:24 Second
Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS#11 did not
properly handle certain return codes when authentication was not possible.
An attacker could possibly use this issue to bypass authentication. This
issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-24531)
It was discovered that PAM-PKCS#11 did not require a private key signature
for authentication by default. An attacker could possibly use this issue
to bypass authentication. (CVE-2025-24032)
BlackLock ransomware: What you need to know
Read Time:11 Second
BlackLock has become a big deal, very quickly. It has been predicted to be one of the biggest ransomware-as-a-service operations of 2025.
Read more in my article on the Tripwire State of Security blog.
A Vulnerability in AMI MegaRAC Software Could Allow for Remote Code Execution
Read Time:26 Second
A vulnerability has been discovered in AMI MegaRAC Software, which could allow for remote code execution. MegaRAC is a product line of BMC firmware packages and formerly service processors providing out-of-band, or lights-out remote management of computer systems. Successful exploitation of this vulnerability allows an attacker to remotely control the compromised server, remotely deploy malware, ransomware, firmware tampering, bricking motherboard components (BMC or potentially BIOS/UEFI), potential server physical damage (over-voltage / bricking), and indefinite reboot loops that a victim cannot stop.
USN-7362-1: go-gh vulnerability
Read Time:9 Second
It was discovered that go-gh incorrectly handled authentication
tokens. An attacker could possibly use this issue to leak
authentication tokens to the wrong host. (CVE-2024-53859)
FishMonger APT Group Linked to I-SOON in Espionage Campaigns
Read Time:6 Second
The FishMonger APT Group has been linked with I-SOON, targeting governments, NGOs and think tanks in cyber-espionage campaigns
Critical GitHub Attack
Read Time:30 Second
This is serious:
A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have originated from an earlier breach of the “reviewdog/action-setup@v1” GitHub Action, according to a report.
[…]
CISA confirmed the vulnerability has been patched in version 46.0.1.
Given that the utility is used by more than 23,000 GitHub repositories, the scale of potential impact has raised significant alarm throughout the developer community.
Rooted Devices 250 Times More Vulnerable to Compromise
Read Time:4 Second
Rooted devices are 250 times more vulnerable to security incidents, Zimperium warned
Smashing Security podcast #409: Peeping perverts and FBI phone calls
Read Time:16 Second
In episode 409 of the “Smashing Security” podcast, we uncover the curious case of the Chinese cyber-attack on Littleton’s Electric Light Company, and a California landlord’s hidden camera scandal.
Find out about this, and more, in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
APPLE-SA-03-11-2025-4 visionOS 2.3.2
Read Time:25 Second
Posted by Apple Product Security via Fulldisclosure on Mar 20
APPLE-SA-03-11-2025-4 visionOS 2.3.2
visionOS 2.3.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122284.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
WebKit
Available for: Apple Vision Pro
Impact: Maliciously crafted web content may be able to break out of Web
Content sandbox….