Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Telegram Live Sex ThePornDude
Home Artists Posts Import Register

ACTION ALERTS! (Patreon)

Published:
2022-03-23 13:00:08
Imported:
2022-07

Content

I've got a bunch of extra news that I wanted to make sure I linked you to this week, so here are several additional action alerts you need to be aware of!


https://www.bleepingcomputer.com/news/security/new-linux-botnet-exploits-log4j-uses-dns-tunneling-for-comms/

A recently discovered botnet which takes advantage of the Log4J vulnerability is under active development and targets Linux systems, attempting to ensnare them into an army of bots ready to steal sensitive info, installing rootkits, creating reverse shells, and acting as web traffic proxies. 

Indicators of compromise: https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/


https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html

ASUS routers are being targeted by Cyclops Blink malware. Trend Micro's analysis and security recommendations are linked above.


https://www.bleepingcomputer.com/news/security/android-trojan-persists-on-the-google-play-store-since-january/

More google play trojans were found in mobile apps - notably in cryptocurrency management apps, photo editors, and theme launchers. Protect your mobile device by only downloading through the play store, checking reputable sources, checking user reviews, avoid weird permission requests, monitor battery and internet data, and potentially add a mobile security tool.


https://www.bleepingcomputer.com/news/security/western-digital-app-bug-gives-elevated-privileges-in-windows-macos/

Props to Joel for this news alert! Western Digital's EdgeRover is a desktop app that is vulnerable to privilege escalation and sandbox escaping. You can update to version 1.5.1-594 to fix the issue.


https://thehackernews.com/2022/03/new-infinite-loop-bug-in-openssl-could.html

OpenSSL had a severe security flaw that could lead to denial of service issues, but it has been fixed in supported versions. 


Interesting reads:

The FIDO Alliance is continuing to work towards a password-free future: https://arstechnica.com/information-technology/2022/03/a-big-bet-to-kill-the-password-for-good/


A researcher used Dirty Pipe (the Linux vulnerability previously discussed) to root a Pixel 6 Pro and a Samsung S22, both brand new phones. There's a video demo on twitter! https://arstechnica.com/information-technology/2022/03/researcher-uses-dirty-pipe-exploit-to-fully-root-a-pixel-6-pro-and-samsung-s22/


Hackers hacked into CCTV feeds in Russia to stream pro-Ukrainian messaging: https://www.vice.com/en/article/jgmnbb/hackers-cctv-anonymous-russia-cameras

Comments

No comments found for this post.