A collection point
...and some of my own.
The Octopus Scanner Malware: Attacking the open source supply chain Github Security Lab: On March 9, we received a message from a security researcher informing us about a set of GitHub-hosted repositories that were, presumably unintentionally, actively serving malware. After a deep-dive analysis of the malware itself, we uncovered something that we had not seen before on our platform: malware designed to enumerate and backdoor NetBeans projects, and which uses the build process and its resulting artifacts to spread itself. In the course of our investigation we uncovered 26 open source projects that were backdoored by this malware and that were actively serving backdoored code. The malware is capable of identifying the NetBeans project files and embedding malicious payload both in project files and build JAR files. Below is a high -evel description of the Octopus Scanner operation: Identify user's NetBeans directory Enumerate all projects in the NetBeans directory Copy malicious payload cache.dat to nbproject/cache.dat Modify the nbproject/build-impl.xml file to make sure the malicious payload is executed every time NetBeans project is build If the malicious payload is an instance of the Octopus Scanner itself the newly built JAR file is also infected. Even though the malware C2 servers didn't seem to be active at the time of analysis, the affected repositories still posed a risk to GitHub users that could potentially clone and build these projects. Unlike other GitHub platform abuse cases, the repository owners were most likely completely unaware of the malicious activity, and therefore swiftly blocking or banning the maintainers was not an option for GitHub’s Security Incident Response Team (SIRT). The malware would proceed to backdoor NetBeans project builds through the following mechanisms:
OPENSSH WILL DEPRECATE SHA-1 By Dennis Fisher for Duo.com: In January, a pair of researchers published details of the first practical chosen prefix collision on SHA-1, showing that the aged hash algorithm, which had already far outlived its usefulness, was now all but useless. All of the major browsers had already abandoned SHA-1, as had most of the large certificate authorities, but it is still in use in many other places, including embedded systems and some cryptography systems. One of the more widely deployed applications that still supports SHA-1 is OpenSSH, the open source implementation of the SSH protocol that is included in a huge number of products, including Windows, macOS, many Unix systems, and several popular brands of network switches. On Wednesday, the OpenSSH developers said that a future version of the app will drop support for the use of the RSA public key algorithm, which uses SHA-1. “It is now possible to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm by default in a near-future release,” the OpenSSH developers said in the release notes for version 8.3 on Wednesday. “This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs.” Boris Johnson to reduce Huawei’s role in national 5G network Early this year, the UK Government agreed on the involvement of Huawei in the national 5G network, while the United States expressed its disappointment for the Johnson decision and threatened to limit intelligence sharing with the ally. “The Prime Minister plans to reduce Huawei’s involvement in Britain’s 5G network in the wake of the coronavirus outbreak, the Telegraph has learned.” reported The Telegraph. “Boris Johnson has instructed officials to draw up plans that would see China’s involvement in the UK’s infrastructure scaled down to zero by 2023.” New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps Mohit Kumar: Norwegian cybersecurity researchers, last week, unveiled details of a new critical vulnerability (CVE-2020-0096) affecting the Android operating system that could allow attackers to carry out a much more sophisticated version of Strandhogg attack. Dubbed 'Strandhogg 2.0,' the new vulnerability affects all Android devices, except those running the latest version, Android Q / 10, of the mobile operating system—which, unfortunately, is running on only 15-20% of the total Android-powered devices, leaving billions of rest of the smartphones vulnerable to the attackers. StrandHogg 1.0 was resided in the multitasking feature of Android, whereas the new Strandhogg 2.0 flaw is basically an elevation of privilege vulnerability that allows hackers to gain access to almost all apps.
"Utilising StrandHogg 2.0, attackers can, once a malicious app is installed on the device, gain access to private SMS messages and photos, steal victims' login credentials, track GPS movements, make and/or record phone conversations, and spy through a phone's camera and microphone," the researchers said. You can recognize an attack through the following actions on your phone:
Joomla team discloses data breach The incident took place after a member of the Joomla Resources Directory (JRD) team left a full backup of the JRD site (resources.joomla.org) on an Amazon Web Services S3 bucket owned by their own company. The Joomla team said the backup file was not encrypted and contained details for roughly 2,700 users who registered and created profiles on the JRD website -- a portal where professionals advertise their Joomla site-making skills. Data includes: Full name Business address Business email address Business phone number Company URL Nature of business Encrypted password (hashed) IP address Newsletter subscription preferences NTT warns its Singapore cloud was hacked, Japanese customer data compromised NTT was infiltrated on May 7 via Active Directory services running in its Singapore operations. The intrusion was confirmed on May 11. The Active Directory deployment was accessed remotely and then used internally as a stepping stone to other systems. While a production server that ultimately came under attack was quickly triaged and the service provider quickly cut off its communications links, the hacker had managed to gain a toehold in an information management server, and reach into the company’s Japanese hosting and cloud services. GE switches off light bulb business after almost 130 years The lighting business is GE's oldest segment, dating all the way back to the company's founding through a series of mergers with Thomas Edison's companies in the late 1880s and early 1890s. The company became a conglomerate early, investing in a wide array of technology and communications businesses. It moved toward aviation and energy and away from consumer products through the 1980s and 1990s under CEO Jack Welch. That industrial mindset lasted into the 21st century, under CEO Jeff Immelt, from 2001 through 2017 and then Larry Culp. "Today’s transaction is another important step in the transformation of GE into a more focused industrial company," Culp said in a written statement. "Together with Savant, GE Lighting will continue its legacy of innovation, while we at GE will continue to advance the infrastructure technologies that are core to our company and draw on the roots of our founder, Thomas Edison," even though GE has now spun off the last of Edison's original business. Microsoft lays off journalists to replace them with AI Business Insider first reported the layoffs on Friday, and says that around 50 jobs are affected in the US. The Microsoft News job losses are also affecting international teams, and The Guardian reports that around 27 are being let go in the UK after Microsoft decided to stop employing humans to curate articles on its homepages. Microsoft has been in the news business for more than 25 years, after launching MSN all the way back in 1995. At the launch of Microsoft News nearly two years ago, Microsoft revealed it had “more than 800 editors working from 50 locations around the world.” Microsoft has gradually been moving towards AI for its Microsoft News work in recent months, and has been encouraging publishers and journalists to make use of AI, too. Microsoft has been using AI to scan for content and then process and filter it and even suggest photos for human editors to pair it with. Microsoft had been using human editors to curate top stories from a variety of sources to display on Microsoft News, MSN, and Microsoft Edge. Leave a Reply. |
Linking the world
Sharing is caring Archives
May 2024
Categories |