Latest threats, vulnerabilities, exploits to be aware of

Discussion in 'Operating Systems' started by alanm, Jan 27, 2022.

  1. alanm

    alanm Ancient Guru

    Messages:
    11,151
    Likes Received:
    3,231
    GPU:
    Asus 2080 Dual OC
    Thought it may be useful to keep a running thread on latest security threats to be aware of.

    BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims


    BlackCat (aka AlphaVM, AlphaV) is a newly established RaaS (Ransomware as a Service) with payloads written in Rust. While BlackCat is not the first ransomware written in the Rust language, it joins a small (yet growing) sliver of the malware landscape making use of this popular cross-platform language.

    First appearing in late November, BlackCat has reportedly been attacking targets in multiple countries, including Australia, India and the U.S, and demanding ransoms in the region of $400,000 to $3,000,000 in Bitcoin or Monero...

    https://www.sentinelone.com/labs/bl...le-rust-driven-raas-on-the-prowl-for-victims/
     
    386SX likes this.
  2. 386SX

    386SX Maha Guru

    Messages:
    1,424
    Likes Received:
    1,618
    GPU:
    AMD Vega64 RedDevil
    Windows .... :D


    "polkit", seems to be some dependency for all standard *Nixes, at least I heard it is "most likely included". The daemon does not have to be running for the attack to succeed!:
    https://blog.qualys.com/vulnerabili...ty-discovered-in-polkits-pkexec-cve-2021-4034

    KDE wants to put ads into their desktop (now what was that about Win10 advertising some years ago? :D ), just think about the fact we dealt with a lot of malware through ads before. IIRC even here some members complained about ads infecting them with malware (years if not decades ago), so a possible threat there (and why do they do this???!!!):
    https://www.neowin.net/news/ads-may-be-coming-to-kde-the-popular-linux-desktop/
     
    alanm likes this.
  3. alanm

    alanm Ancient Guru

    Messages:
    11,151
    Likes Received:
    3,231
    GPU:
    Asus 2080 Dual OC
    I wonder if malware authors are targeting linux because less attention on its security than windows.
     
    386SX likes this.
  4. anticupidon

    anticupidon Ancient Guru

    Messages:
    6,745
    Likes Received:
    3,068
    GPU:
    Polaris/Vega/Navi
    Interesting thread.
    Will follow it.
    In very broad lines, it's the user in the end, not only the OS.
    A security aware user will update the system, use root/admin only when it's necessary and harden their system. And follow the tech news and security bulletins.
    And have data backed up in 3-2-1 fashion.
    My humble opinion.
     
    386SX and alanm like this.

  5. 386SX

    386SX Maha Guru

    Messages:
    1,424
    Likes Received:
    1,618
    GPU:
    AMD Vega64 RedDevil
    3-2-1 backup? "3 - 2 - 1, your data is gone!"?? :D
     
  6. alanm

    alanm Ancient Guru

    Messages:
    11,151
    Likes Received:
    3,231
    GPU:
    Asus 2080 Dual OC
    Microsoft sounds the alarm over new cunning Windows malware

    Chinese state-sponsored threat actor Hafnium has been found using a brand new malware to maintain access on a breached Windows endpoint, with the help of hidden scheduled tasks, Microsoft has announced.

    The Microsoft Detection and Response Team (DART) says the group has been leveraging a so far unknown vulnerability (a zero-day) in its attacks.

    "Investigation reveals forensic artifacts of the usage of Impacket tooling for lateral movement and execution and the discovery of a defense evasion malware called Tarrask that creates 'hidden' scheduled tasks, and subsequent actions to remove the task attributes, to conceal the scheduled tasks from traditional means of identification,” DART explained...
     
    fantaskarsef likes this.
  7. 386SX

    386SX Maha Guru

    Messages:
    1,424
    Likes Received:
    1,618
    GPU:
    AMD Vega64 RedDevil
    anticupidon likes this.

Share This Page