Category Archives: Advisories

RuRAT Malware Used in Spear-phishing Attacks Against US media Organizations

Read Time:2 Minute, 0 Second

FortiGuard Labs is aware of a report that RuRAT malware was distributed in the recent spear-phishing attack against media organizations in the United States. While the tactic used in this attack is not sophisticated, the installed RuRAT malware provides the attacker a foothold into the victim’s network where confidential information will be collected for further activities.Why is this Significant?This is significant because media organizations in the United States are reported to have been targeted in the spear-phishing attack. RuRAT payload provides the attacker an opportunity to collect confidential information from the compromised machine and perform lateral movement in the victim’s network. Not connected in any way to this attack, TV broadcasters in South Korea were affected by a wiper malware served through a malicious backdoor program in 2013 in which their operations were significantly disrupted. How does the Attack Work?According to the report by Cluster25, the victims received an email with a link. The email has the following content:”Hello, we are a group of venture capitalists investing in promising projects. We saw your website and were astounded by your product. We want to discuss the opportunity to invest or buy a part of the share in your project. Please get in touch with us by phone or in Vuxner chat. Your agent is Philip Bennett. His username in Vuxner is philipbennett Make sure you contact us ASAP because we are not usually so generous with our offers. Thank you in advance!”Upon clicking the link, the victim is redirected to a Web page where the victim is instructed to click a link to download and install a software Vuxner chat. The downloaded file is an installer for Vuxner Trillian not Vuxner chat. After the victim completes the installation and exits the installer, another remote file, turns out to be an installer for RuRAT, is downloaded and installed onto the victim’s machine. What is RuRAT?RuRAT, the first report of which goes back to at least October 2020, is a Remote Access Trojan (RAT) that provides an attacker a remote access to the compromised machine. Functionalities of RuRAT include:- Listening for incoming communications- Taking screenshots- Keylogging- Recording AudioWhat is the Status of Coverage?FortiGuard Labs provides the following AV coverage for files involved in this attack: W32/IndigoRose.AP!tr.dldrW32/RemoteUtilities.W!trW32/Agent.9EE5!trAll network IOCs are blocked by the WebFiltering client.

Read More

python-fastapi-0.75.0-2.fc36 python-ujson-5.1.0-1.fc36

Read Time:1 Minute, 15 Second

FEDORA-2022-dbf6e00ba8

Packages in this update:

python-fastapi-0.75.0-2.fc36
python-ujson-5.1.0-1.fc36

Update description:

Update python-ujson to 5.1.0 (compatible with 3.x and 4.x). Loosen version specification in python-fastapi to allow the update.

Fixes security bug CVE-2021-45958 (GHSA-fh56-85cw-5pq6).

5.1.0

Changed

Strip debugging symbols from Linux binaries

5.0.0

Added

Use cibuildwheel to build wheels

Removed

Drop support for soon-EOL Python 3.6

Fixed

Install Twine to upload to PyPI

4.3.0

Added

Enable Windows on ARM64 target

4.2.0

Added

Add a default keyword argument to dumps
Add support for Python 3.10
Build 32-bit wheels for Windows
Build PyPy3 wheels for manylinux
Build wheels for musl aarch64 (aka ARM) Linux (musllinux_1_1_aarch64)
Build wheels for musl Linux (musllinux_1_1_x86_64)

Changed

Use declarative setup metadata
Wheel building updates
Rename master to main
Replace README.rst with Markdown

4.1.0

Added

Add gcov coverage testing for C code
Test Python 3.10-dev

Changed

Remove unused variable
Remove explicit handling of manylinux platform tag

Fixed

dconv no longer uses global instances of StringToDoubleConverter and…
Switch shebang for the manylinux-wheels script
Fix typos in error message

Update to 0.75.0 (close RHBZ#2061006)

0.75.0

Features

✨ Add support for custom generate_unique_id_function and docs for generating clients. New docs: Advanced – Generate Clients. PR #4650 by @tiangolo.

Read More