Read Time:8 Second
SecurityScorecard identified a new campaign in which the North Korean Lazarus group aims to steal source code, secrets and cryptocurrency wallet keys from developer environments
Yearly Archives: 2025
Social Engineering to Disable iMessage Protections
Read Time:46 Second
I am always interested in new phishing tricks, and watching them spread across the ecosystem.
A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some personal information into a website. But because they came from unknown phone numbers, the links did not work. So—this is the new bit—the messages said something like: “Please reply Y, then exit the text message, reopen the text message activation link, or copy the link to Safari browser to open it.”
I saw it once, and now I am seeing it again and again. Everyone has now adopted this new trick.
One article claims that this trick has been popular since last summer. I don’t know; I would have expected to have seen it before last weekend.
Star Blizzard Targets WhatsApp in New Campaign
Read Time:8 Second
Microsoft highlighted a new Star Blizzard campaign targeting WhatsApp accounts, as the group adapts its TTPs following the takedown of its infrastructure by law enforcement
Noyb Files GDPR Complaints Against TikTok and Five Chinese Tech Giants
Read Time:5 Second
AliExpress, Shein, Temu, TikTok, WeChat and Xiaomi are accused of operating unlawful data transfers to China
DORA Takes Effect: Financial Firms Still Navigating Compliance Headwinds
Read Time:6 Second
The EU’s DORA regulation is in effect as of January 17, with mixed evidence around compliance levels among financial firms
No, Brad Pitt isn’t in love with you
Read Time:15 Second
No, Brad Pitt isn’t in love with you.
A French woman was duped into believing a hospitalised Brad Pitt had fallen in love with her. The scammers even faked a “breaking news” report announcing the revelation of Brad’s new love…
Read more in my article on the Hot for Security blog.
Aviatrix Controllers OS Command Injection Vulnerability
Read Time:1 Minute, 3 Second
What is the Vulnerability?Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, has been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog on January 16, 2025. A proof-of-concept exploit has been published, and Wiz Research has observed exploitation in the wild resulting in cryptojacking and backdoor deployment. Wiz | BlogWhat is the recommended Mitigation?This vulnerability impacts Aviatrix Controller in versions before 7.1.4191 and versions 7.2.x before 7.2.4996. FortiGuard recommends applying the security patch provided by Aviatrix and following any guideline mentioned on the advisory. Aviatrix PSIRT Advisories: DocumentationWhat FortiGuard Coverage is available?FortiGuard recommends users to apply the fix provided by the vendor and follow instructions as mentioned on the vendor’s advisory. FortiGuard Labs has blocked all the known Indicators of Compromised (IOCs) including the Malware related to the campaign targeting CVE-2024-50603. Virus | FortiGuard LabsVirus | FortiGuard LabsThe FortiGuard Incident Response team can be engaged to help with any suspected compromise.FortiGuard IPS protection is being reviewed, and this Threat Signal will be updated accordingly as it becomes available.
chromium-132.0.6834.83-2.el8
Read Time:40 Second
FEDORA-EPEL-2025-97399a0469
Packages in this update:
chromium-132.0.6834.83-2.el8
Update description:
Update to 132.0.6834.83
High CVE-2025-0434: Out of bounds memory access in V8
High CVE-2025-0435: Inappropriate implementation in Navigation
High CVE-2025-0436: Integer overflow in Skia
High CVE-2025-0437: Out of bounds read in Metrics
High CVE-2025-0438: Stack buffer overflow in Tracing
Medium CVE-2025-0439: Race in Frames
Medium CVE-2025-0440: Inappropriate implementation in Fullscreen
Medium CVE-2025-0441: Inappropriate implementation in Fenced
Medium CVE-2025-0442: Inappropriate implementation in Payments
Medium CVE-2025-0443: Insufficient data validation in Extensions
Low CVE-2025-0446: Inappropriate implementation in Extensions
Low CVE-2025-0447: Inappropriate implementation in Navigation
Low CVE-2025-0448: Inappropriate implementation in Compositing
DSA-5845-1 tomcat10 – security update
Read Time:56 Second
Several problems have been addressed in Tomcat 10, a Java based web server,
servlet and JSP engine which may lead to a denial-of-service.
CVE-2024-38286
Apache Tomcat, under certain configurations, allows an attacker to cause an
OutOfMemoryError by abusing the TLS handshake process.
CVE-2024-52316
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is
configured to use a custom Jakarta Authentication (formerly JASPIC)
ServerAuthContext component which may throw an exception during the
authentication process without explicitly setting an HTTP status to
indicate failure, the authentication may not fail, allowing the user to
bypass the authentication process. There are no known Jakarta
Authentication components that behave in this way.
CVE-2024-50379 / CVE-2024-56337
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP
compilation in Apache Tomcat permits an RCE on case insensitive file
systems when the default servlet is enabled for write (non-default
configuration).
Some users may need additional configuration to fully mitigate
CVE-2024-50379 depending on which version of Java they are using with
Tomcat.