Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Sep 04, 2023

8 Unbelievable Single Board Computer Linux for 2023

Fedora Linux KDE Spin Is Switching to the Calamares Graphical Installer

PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability [Ed: The issue here is not SSH but VMware (proprietary)]

↺ PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability

> The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation.

North Korean Malware Targets Windows, MacOS and Linux [Ed: They do not target the OS; they target gullible admins who install malware.]

↺ North Korean Malware Targets Windows, MacOS and Linux

> The VMConnect campaign, spotted in early August, consists of two dozen “malicious Python packages” posted on the openly accessible PyPI software repository, and after observing it for a few weeks ReversingLabs detected three more packages that belong to the VMConnect family.

How DEB Packages Are Backdoored and How to Detect It [Ed: Misleading title; the issue is malware, not how it is packaged]

↺ How DEB Packages Are Backdoored and How to Detect It

> Did you know attackers can modify the scripts packaged in a DEB file to gain unauthorized access to your PC? Here's how DEB packages are backdoored.

Security updates for Monday

↺ Security updates for Monday

> Security updates have been issued by Debian (thunderbird), Fedora (firefox, kernel, kubernetes, and mediawiki), Mageia (openldap), SUSE (terraform), and Ubuntu (atftp, busybox, and thunderbird).

3,20,000+ Patient Records From Ayush Jharkhand Gov. In Shared On Dark Web Hacking Forums

↺ 3,20,000+ Patient Records From Ayush Jharkhand Gov. In Shared On Dark Web Hacking Forums

> - More than 3 lakh 20 thousand patient records containing their PII information and medical diagnosis. - 500 login credentials with multiple cleartext passwords as well. - Contact information of 737 people who used the contact us form - 472 records containing PII information of doctors - Database also has the PII information of 91 Doctors along with the information about where they are posted.

> ‍

SANS

Analysis of a Defective Phishing PDF, (Sun, Sep 3rd)

↺ Analysis of a Defective Phishing PDF, (Sun, Sep 3rd)

> A reader submitted a suspicious PDF file. TLDR: it&#&#x3b;x26;#;39;s a defective phishing PDF.

↺ suspicious PDF file

↺ suspicious PDF file

Overview of Content Published in August

↺ Overview of Content Published in August

> Here is an overview of content I published in August: Blog posts: Update: sortcanon.py Version 0.0.3 Update: emldump.py Version 0.0.12 Quickpost: Analysis of PDF/ActiveMime Polyglot Maldocs Quickpost: PDF/ActiveMime Maldocs YARA Rule SANS ISC Diary entries: PDFiD: False Positives Revisited Analysis of RAR Exploit Files (CVE-2023-38831)

Update: emldump.py Version 0.0.12

↺ Update: emldump.py Version 0.0.12

> This update to emldump.py adds a new feature to fix (-F) some obfuscations. For the moment, only one obfuscation method is fixed (many are already ignored with option -f –filter), used in polyglot PDF/Word files. emldump_V0_0_12.zip (http)MD5: 3847B92460C0485E1238C47C29EF9DE1SHA256: AFDFB8E78AE7DE56F50EA73D69705B6DACB425FFBD40D6997D64C7C75E3D8A0D

gemini.tuxmachines.org