It’s now official: the US National Institute of Standards and Technology (NIST) will hand over some aspects of the management of the world’s most widely used software vulnerability repository to an industry consortium.
Cyware News – Latest Cyber News – Read More
The strategy, which covers fiscal years 2024 through 2027, lays out four topline goals, such as improving best practices within the industrial base. Each goal contains a subset of objectives, such as being able to recover from a cyberattack.
Cyware News – Latest Cyber News – Read More
The Android banking trojan known as Vultur has resurfaced with a suite of new features and improved anti-analysis and detection evasion techniques, enabling its operators to remotely interact with a mobile device and harvest sensitive data.
“Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted
The Hacker News – Read More
Millions lost internet service after three cables in the Red Sea were damaged. Houthi rebels deny targeting the cables, but their missile attack on a cargo ship, left adrift for months, is likely to blame.
Security Latest – Read More
Unknown actors implanted malicious code into the versions 5.6.0 and 5.6.1 of the open source compression tools set XZ Utils. To make matters worse, Trojanized utilities managed to find their way into several popular builds of Linux released this March, so this incident could be regarded as a supply chain attack. This vulnerability has been assigned the number CVE-2024-3094.
Initially, various researchers claimed that this backdoor allowed attackers to bypass the sshd (the OpenSSH server process) authentication, and remotely gain unauthorized access to the operating system. However, judging by the latest information, this vulnerability should not be classified as an “authentication bypass”, but as a “remote code execution” (RCE). The backdoor intercepts the RSA_public_decrypt function, verifies the host’s signature using the fixed key Ed448 and, if verified successfully, executes malicious code passed by the host via the system() function, leaving no traces in the sshd logs.
It is known that XZ Utils versions 5.6.0 and 5.6.1 were included in the March builds of the following Linux distributions:
Kali Linux, but according to the official blog, only those that were available between March 26 and March 29 (the blog also contains instructions for checking for vulnerable versions of utilities);
openSUSE Tumbleweed and openSUSE MicroOS, available from March 7 to March 28;
Fedora 41, Fedora Rawhide and Fedora Linux 40 beta;
Debian (testing, unstable and experimental distributions only);
Arch Linux – container images available from February 29 to March 29. However, the website archlinux.org states that due to the implementation peculiarities this attack vector will not work in Arch Linux, but they still strongly recommend updating the system.
According to official information, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise, openSUSE Leap, Debian Stable are not vulnerable. As for other distributions it is advised to check them for the presence of Trojanized versions of XZ Utils manually.
Apparently, it was the usual case of control transfer. The person who initially maintained the XZ Libs project on GitHub passed control of the repository to the account, which has been contributing to a number of repositories related to data compression for several years. And at some point, new maintainer implanted a backdoor to the project code.
The US Cybersecurity and Infrastructure Security Agency (CISA) recommends anyone who installed or updated affected operating systems in March to downgrade XZ Utils to an earlier version (for example, version 5.4.6) immediately. And also to start hunting for malicious activity.
If you have installed a distribution with a vulnerable version of XZ Utils, it also makes sense to change all credentials which could potentially be stolen from the system by the threat actors.
You can detect the presence of a vulnerability using the Yara rule for CVE-2024-3094.
Kaspersky official blog – Read More
Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and more.
Security Latest – Read More
AT&T used the Easter holiday weekend to quietly share details on data that surfaced on the dark web roughly two weeks ago.
The post AT&T Says Data on 73 Million Customers Leaked on Dark Web appeared first on SecurityWeek.
SecurityWeek – Read More
By Waqas
Another day, another alleged data breach putting hundred of thousands of unsuspecting users at risk.
This is a post from HackRead.com Read the original post: Israeli LGBTQ App Atraf Faces Data Leak, 700,000 Users Affected
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Australia gets its cyber-groove back, and 2023’s zero-day field day.
darkreading – Read More