-
Critical Vulnerability in Ping Utility Allows Hackers to Take Over FreeBSD Systems
The vulnerability could have been exploited to crash the utility or run arbitrary code.The FreeBSD developers have released updates to fix a critical vulnerability in the ping utility, which is being tracked as CVE-2022-23093 and could be used for remote code execution. The security flaw is caused by a buffer overflow while processing incoming ICMP messages. As the FreeBSD developers found out, the pr_pack() function, which copies the extracted IP and ICMP headers into stack buffers for further processing. At the same time, it does not take into account that additional extended headers may be...
-
A new way to attack Linux allows you to upload a ready-made repository to the system
Written once - works everywhere.Sysdig researchers have discovered that hackers are using the open-source Linux PRoot utility in Bring Your Own Filesystem (BYOF) attacks to provide a consistent repository of malicious tools that run on many Linux distributions.PRoot is an open source utility that allows the user to set up an isolated root file system on Linux. In the discovered attacks, the hacker uses PRoot to deploy a malicious file system on already compromised systems, which include network scanning tools - "masscan" and "nmap", the XMRig cryptominer and their configuration files.The filesystem contains everything needed...
-
Cybercriminals forced the Vatican to shut down its website
Experts suggest that Russian hackers are behind a series of cyberattacks on the website of the Holy See.According to a statement by Vatican spokesman Matteo Bruni, due to continuous cyber attacks, IT specialists had to temporarily disable the site and launch an investigation. The site was down on Wednesday and Thursday, but by Friday morning it was back up and running.It is not yet clear who is behind the cyberattack. However, experts recall incidents when cybercriminals attacked the Vatican because of the statements of Pope Francis. For example, earlier a Turkish hacker hacked into the...
-
CISA Warns of Multiple Critical Vulnerabilities in Mitsubishi Electric GX Works3 Engineering Software
Exploitation of these vulnerabilities could disrupt industrial processes.The US Cybersecurity and Infrastructure Protection Agency (CISA) this week issued an advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software."The successful exploitation of these vulnerabilities allows unauthorized attackers to view and execute programs, gain access to the MELSEC iQ-R/F/L series processor modules and the MELSEC iQ-R OPC UA series server module," the agency said.GX Works3 is Mitsubishi Electric's latest generation of programming and maintenance software specifically designed for MELSEC iQ-R series control systems. It includes many new features such as graphical system configuration, built-in...
-
Over 1600 Docker Hub images contain backdoors
More than 1,600 public Docker Hub images hide cryptocurrency miners, backdoors, DNS interceptors, and website redirectors.Docker Hub is a cloud-based container library that allows developers to search and download Docker images or upload their creations to a public library or personal repositories.Researchers at Sysdig have looked into the issue in an attempt to assess the extent of the problem and have reported images found that contain malicious code. Sysdig examined 250,000 unverified Linux images and identified 1,652 of them as malicious.In the first place are cryptominers, found in 608 images that used server resources for...
-
Meta steals personal data even if you don't use social media
Popular online tax filing platforms TaxAct, TaxSlayer, and H&R Block sent sensitive financial information to Meta via a tracking pixel.Researchers at The Verge found that a tracking pixel on organizations' websites violated Meta's privacy policy by sending the following information:Client's name;E-mail address;Income information;The amount of loans;The amount of the debt.Facebook may use information from tax websites to customize its advertising algorithms, even if the tax customer does not have a Facebook account.The experts also found that TaxAct was feeding similar information (without customer names) to Google through its analytics tool. A Google spokesperson said that...
-
Australia decriminalizes psilocybin, LSD and ecstasy
The Legislative Assembly of the Australian Capital Territory (ACT) has passed a decree decriminalizing psilocybin, LSD, ecstasy and several other psychoactive substances. The regulation will enter into force in 2023.According to the provisions of the law, the ACT will decriminalize possession of the following prohibited psychoactive substances:cocaine (weighing up to 1.5 grams);heroin (up to 2 grams);MDMA (up to 3 grams);methamphetamine (up to 1.5 grams);amphetamine (up to 2 grams);psilocybin (up to 2 grams);LSD (up to 2 milligrams).Possession of these substances below this limit will be punishable by a warning, a fine of $100 or participation in...
-
Malicious SMS app steals phone numbers from thousands of victims
The malicious application was discovered by cybersecurity researcher Maxim Ingrao, who works for Evina. It's called Symoo and has over 100,000 downloads on Google Play. According to the researcher, after installing the application, victims' SIM cards are used as "virtual numbers" to create accounts on Microsoft, Google, Instagram, Telegram and Facebook websites.The operation of the malicious application is simple – after installation, it requests access to send and read SMS messages, which does not arouse suspicion among the victims, since Symoo is advertised as “a simple application for sending SMS”. The fun begins after installation:The...
-
The United States spoke about the North Korean malware AppleJeus to steal cryptocurrency
The Lazarus Group has developed several versions of the AppleJeus malware to attack individuals and companies around the world.The FBI, CISA and the US Treasury have released details of malicious and fake cryptocurrency trading apps used by North Korean hackers to steal cryptocurrencies from individuals and companies around the world.The fake apps were developed and infected with the AppleJeus malware by the Lazarus Group. Hackers have developed and used multiple versions of AppleJeus since the malware was discovered in 2018.Most versions are delivered under the guise of secure applications through sites controlled by attackers and...
-
New version of Punisher ransomware targets Chilean citizens
Researchers at Cyble recently uncovered a new version of the Punisher ransomware that is being spread through a fake COVID-19 tracking app and is targeting Chilean citizens. After infecting the victim’s system, the malware adds the following to the ransom note:System ID;Unique ID of the victim;Bitcoin wallet address for paying the ransom;JS code that starts a timer that increases the ransom amount depending on the elapsed time.The victim's ransom note is found as a shortcut called "unlock your files.lnk" on the desktop and in the "Start" menu. The attackers demand $1,000 in bitcoins to decrypt...
