FEDORA-2022-10be3957a4

Packages in this update:

expat-2.4.7-1.fc35

Update description:

Rebase to version 2.4.7

Rebase to version 2.4.6

Read More

Reginaldo Silva discovered that due to a packaging issue, a remote attacker
with the ability to execute arbitrary Lua scripts could possibly escape the
Lua sandbox and execute arbitrary code on the host.

Read More

FEDORA-EPEL-2022-db09048bde

Packages in this update:

nbd-3.24-1.el7

Update description:

Update to 3.24: fix CVE-2022-26495, CVE-2022-26496

Read More

FEDORA-2022-807e431d5f

Packages in this update:

nbd-3.24-1.fc35

Update description:

Update to 3.24: fix CVE-2022-26495, CVE-2022-26496

Read More

FEDORA-2022-62adf9a1e0

Packages in this update:

nbd-3.24-1.fc34

Update description:

Update to 3.24: fix CVE-2022-26495, CVE-2022-26496

Read More

FEDORA-2022-263873fb70

Packages in this update:

nbd-3.24-1.fc36

Update description:

Update to 3.24: fix CVE-2022-26495, CVE-2022-26496

Read More

FEDORA-2022-e1ce6f6d88

Packages in this update:

nbd-3.24-1.fc37

Update description:

Automatic update for nbd-3.24-1.fc37.

Changelog

* Tue Mar 8 2022 Robin Lee <cheeselee@fedoraproject.org> 3.24-1
– Update to 3.24: fix CVE-2022-26495(RHBZ#2061541),
CVE-2022-26496(RHBZ#2061542)

Read More

It was discovered that SPIP, a website engine for publishing, would
allow a malicious user to execute arbitrary code.

Read More

Two security issues were discovered in Thunderbird, which could result
in the execution of arbitrary code.

Read More

FortiGuard Labs is aware of a report that RuRAT malware was distributed in the recent spear-phishing attack against media organizations in the United States. While the tactic used in this attack is not sophisticated, the installed RuRAT malware provides the attacker a foothold into the victim’s network where confidential information will be collected for further activities.Why is this Significant?This is significant because media organizations in the United States are reported to have been targeted in the spear-phishing attack. RuRAT payload provides the attacker an opportunity to collect confidential information from the compromised machine and perform lateral movement in the victim’s network. Not connected in any way to this attack, TV broadcasters in South Korea were affected by a wiper malware served through a malicious backdoor program in 2013 in which their operations were significantly disrupted. How does the Attack Work?According to the report by Cluster25, the victims received an email with a link. The email has the following content:”Hello, we are a group of venture capitalists investing in promising projects. We saw your website and were astounded by your product. We want to discuss the opportunity to invest or buy a part of the share in your project. Please get in touch with us by phone or in Vuxner chat. Your agent is Philip Bennett. His username in Vuxner is philipbennett Make sure you contact us ASAP because we are not usually so generous with our offers. Thank you in advance!”Upon clicking the link, the victim is redirected to a Web page where the victim is instructed to click a link to download and install a software Vuxner chat. The downloaded file is an installer for Vuxner Trillian not Vuxner chat. After the victim completes the installation and exits the installer, another remote file, turns out to be an installer for RuRAT, is downloaded and installed onto the victim’s machine. What is RuRAT?RuRAT, the first report of which goes back to at least October 2020, is a Remote Access Trojan (RAT) that provides an attacker a remote access to the compromised machine. Functionalities of RuRAT include:- Listening for incoming communications- Taking screenshots- Keylogging- Recording AudioWhat is the Status of Coverage?FortiGuard Labs provides the following AV coverage for files involved in this attack: W32/IndigoRose.AP!tr.dldrW32/RemoteUtilities.W!trW32/Agent.9EE5!trAll network IOCs are blocked by the WebFiltering client.

Read More