Category Archives: Advisories

RuRAT Malware Used in Spear-phishing Attacks Against US media Organizations

Read Time:2 Minute, 0 Second

FortiGuard Labs is aware of a report that RuRAT malware was distributed in the recent spear-phishing attack against media organizations in the United States. While the tactic used in this attack is not sophisticated, the installed RuRAT malware provides the attacker a foothold into the victim’s network where confidential information will be collected for further activities.Why is this Significant?This is significant because media organizations in the United States are reported to have been targeted in the spear-phishing attack. RuRAT payload provides the attacker an opportunity to collect confidential information from the compromised machine and perform lateral movement in the victim’s network. Not connected in any way to this attack, TV broadcasters in South Korea were affected by a wiper malware served through a malicious backdoor program in 2013 in which their operations were significantly disrupted. How does the Attack Work?According to the report by Cluster25, the victims received an email with a link. The email has the following content:”Hello, we are a group of venture capitalists investing in promising projects. We saw your website and were astounded by your product. We want to discuss the opportunity to invest or buy a part of the share in your project. Please get in touch with us by phone or in Vuxner chat. Your agent is Philip Bennett. His username in Vuxner is philipbennett Make sure you contact us ASAP because we are not usually so generous with our offers. Thank you in advance!”Upon clicking the link, the victim is redirected to a Web page where the victim is instructed to click a link to download and install a software Vuxner chat. The downloaded file is an installer for Vuxner Trillian not Vuxner chat. After the victim completes the installation and exits the installer, another remote file, turns out to be an installer for RuRAT, is downloaded and installed onto the victim’s machine. What is RuRAT?RuRAT, the first report of which goes back to at least October 2020, is a Remote Access Trojan (RAT) that provides an attacker a remote access to the compromised machine. Functionalities of RuRAT include:- Listening for incoming communications- Taking screenshots- Keylogging- Recording AudioWhat is the Status of Coverage?FortiGuard Labs provides the following AV coverage for files involved in this attack: W32/IndigoRose.AP!tr.dldrW32/RemoteUtilities.W!trW32/Agent.9EE5!trAll network IOCs are blocked by the WebFiltering client.

Read More

python-fastapi-0.75.0-2.fc36 python-ujson-5.1.0-1.fc36

Read Time:1 Minute, 15 Second

FEDORA-2022-dbf6e00ba8

Packages in this update:

python-fastapi-0.75.0-2.fc36
python-ujson-5.1.0-1.fc36

Update description:

Update python-ujson to 5.1.0 (compatible with 3.x and 4.x). Loosen version specification in python-fastapi to allow the update.

Fixes security bug CVE-2021-45958 (GHSA-fh56-85cw-5pq6).

5.1.0

Changed

Strip debugging symbols from Linux binaries

5.0.0

Added

Use cibuildwheel to build wheels

Removed

Drop support for soon-EOL Python 3.6

Fixed

Install Twine to upload to PyPI

4.3.0

Added

Enable Windows on ARM64 target

4.2.0

Added

Add a default keyword argument to dumps
Add support for Python 3.10
Build 32-bit wheels for Windows
Build PyPy3 wheels for manylinux
Build wheels for musl aarch64 (aka ARM) Linux (musllinux_1_1_aarch64)
Build wheels for musl Linux (musllinux_1_1_x86_64)

Changed

Use declarative setup metadata
Wheel building updates
Rename master to main
Replace README.rst with Markdown

4.1.0

Added

Add gcov coverage testing for C code
Test Python 3.10-dev

Changed

Remove unused variable
Remove explicit handling of manylinux platform tag

Fixed

dconv no longer uses global instances of StringToDoubleConverter and…
Switch shebang for the manylinux-wheels script
Fix typos in error message

Update to 0.75.0 (close RHBZ#2061006)

0.75.0

Features

✨ Add support for custom generate_unique_id_function and docs for generating clients. New docs: Advanced – Generate Clients. PR #4650 by @tiangolo.

Read More

chromium-99.0.4844.51-1.el7

Read Time:1 Minute, 18 Second

FEDORA-EPEL-2022-b169dce5bc

Packages in this update:

chromium-99.0.4844.51-1.el7

Update description:

Update to 99.0.4844.51. Oh, hey, look, the EPEL7 build is back. I’m going to try to keep it alive, but you still really should move to EL8 at a minimum. If you’re on EL8, it fixes these security issues. If you’re on EL7, it fixes these security issues and so so many more.

CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987
CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993 CVE-2021-37996
CVE-2021-37994 CVE-2021-37995 CVE-2021-22570
CVE-2022-0789 CVE-2022-0790 CVE-2022-0791 CVE-2022-0792 CVE-2022-0793 CVE-2022-0794 CVE-2022-0795 CVE-2022-0796 CVE-2022-0797 CVE-2022-0798 CVE-2022-0799 CVE-2022-0800 CVE-2022-0801 CVE-2022-0802 CVE-2022-0803 CVE-2022-0804 CVE-2022-0805 CVE-2022-0806 CVE-2022-0807 CVE-2022-0808 CVE-2022-0809
CVE-2022-0096 CVE-2022-0097 CVE-2022-0098 CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103 CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108 CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113 CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118 CVE-2022-0120

Read More