Hackerzhome

Cybersecurity news all over the world

HACKERZHOME NEWS

March 2, 2023

Thursday

Linux users now have access to Iron Tiger hackers' specialized malware.

The Chinese cyberespionage organization APT27, also known as “Iron Tiger,” has created a new Linux version of its SysUpdate bespoke remote access malware, enabling it to target more services used by businesses.


The Linux version was first put to the test by hackers in July 2022, according to a recent Trend Micro report. Unfortunately, many payloads didn’t start spreading in the wild until October 2022.


The new malware variant is remarkably similar to Iron Tiger’s Windows version of SysUpdate in terms of functionality and is developed in C++ utilizing the Asio library.


When SEKOIA and Trend Micro reported finding APT27 targeting Linux and macOS computers using a new backdoor dubbed “rshell” last summer, it became clear that the threat actor was interested in broadening the targeting reach to platforms other than Windows.


The Trend Micro-researched SysUpdate campaign used both Windows and Linux malware against legitimate targets.


A gaming business in the Philippines was one of the victims of this campaign, and the attack used a command and control server registered with a domain similar to the victim’s brand.


Trend Micro’s analysts speculate that chat apps were utilized as enticements to deceive staff into downloading early malware payloads despite the unclear infection vector.

NEWS 1
Linux users now have access to Iron Tiger hackers' specialized malware.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

A significant crypto wallet phishing campaign, according to Trezor

An ongoing phishing attack is attempting to steal a target’s cryptocurrency wallet and its assets by impersonating Trezor data breach alerts.

Trezor is a hardware cryptocurrency wallet that allows users to keep their cryptocurrency offline as opposed to in cloud-based or device-based wallets. Because a hardware wallet like a Trezor is not intended to be connected to your computer, using one improves protection against viruses and compromised devices.

Users are given a 12 or 24-word recovery seed when setting up a new Trezor wallet, which can be used to recover a wallet in the event that a device is stolen, lost, or malfunctions.

Customers of Trezor started getting SMS and email scam communications on February 27th, claiming that Trezor had experienced a data breach.
To safeguard their device, the recipients of these messages are urged to go to a website that is listed.

Trezor is aware of the phishing campaign and has advised users to be wary of SMS and email phishing scams that purport to alert them to a fake data breach.

The business adds that its systems have not shown any signs of a recent data compromise.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at admin@hackerzhome.org or fill out this contact form.

Share this news:

March 2, 2023 /

Thursday

Hackerzhome News

2

Did you know?
The Royal Ransomware Linux Variant Targets VMware ESXi Servers Know more!

Cisco fixes numerous IP phones for a serious Web UI RCE bug.

Cisco fixes numerous IP phones for a serious Web UI RCE bug.

Several IP Phone models’ Web user interfaces have a significant security flaw that unauthenticated, remote attackers can use to execute code (RCE) attacks. Cisco has patched this issue.

The RCE flaw (CVE-2023-20078) enables attackers to inject arbitrary commands that, upon successful exploitation, will be executed with root privileges.

A second high-severity vulnerability (CVE-2023-20079) that can be exploited to cause denial-of-service (DoS) conditions was also revealed by the business today.

Both flaws result from inadequate user input validation and can be exploited by sending specially crafted queries to the targeted device’s web-based management interface.

The impacted devices include the Unified IP Conference Phone 8831, Unified IP Conference Phone 8831 with Multiplatform Firmware, Unified IP Phone 7900 Series, and Cisco IP Phone 6800, 7800, and 8800 series devices (susceptible to RCE and DoS attacks) (only vulnerable to DoS attacks).

The product security incident response team (PSIRT) for the corporation also stated that it had not observed any indications of attempts to use this security issue in attacks.

NEWS 3

Aruba Networks updates ArubaOS to address six serious flaws.

Aruba Networks updates ArubaOS to address six serious flaws.
NEWS 4

Six critical-severity vulnerabilities affecting different versions of ArubaOS, the company’s proprietary network operating system, were disclosed in a security alert that Aruba Networks released to its customers.

Aruba Mobility Conductor, Aruba Mobility Controllers, Aruba-managed WLAN Gateways, and Aruba SD-WAN Gateways are all affected by the issues.

Hewlett Packard Enterprise’s subsidiary in California, Aruba Networks, focuses on computer networking and wireless connectivity solutions.

The command injection vulnerabilities have a CVSS v3 score of 9.8 out of 10.0 and are tracked as CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750.

By delivering specially crafted packets to the PAPI across UDP port 8211, an unauthenticated, remote attacker can take advantage of them and execute arbitrary code as a privileged user on ArubaOS.

The stack-based buffer overflow flaws have a CVSS v3 score of 9.8 and are categorized as CVE-2023-22751 and CVE-2023-22752, respectively.

All public repositories can now receive GitHub's secret scanning alerts.

GitHub has announced that its secret scanning alerts feature, which can be activated to find exposed secrets over an entire publishing history, is now broadly accessible to all public repositories.

Secrets are private information that has been inadvertently added to GitHub repositories, such as API keys, account passwords, authentication tokens, and other information that could be used by hackers to breach security or access private information.

Threat actors frequently go through open GitHub projects for authentication keys in order to get into networks, steal data, or pose as the target of an attack.

In order to assist developers in locating unintentional public disclosure of sensitive material, GitHub started rolling out a beta of a free secret scanning function to all public projects in December 2022.

This feature scans for 200+ token forms. Since then, the new capability has been made available in 70,000 public repositories.

GitHub will continue to alert its over 100 secret scanning partners of exposed secrets in addition to informing repository owners of secret leak occurrences so that they can revoke the authentication token and alert their clients.

If a concerned partner cannot be reached, a notification to the administrator should be sufficient to ensure that the revealed secrets are taken down from the public repository.

All public repositories can now receive GitHub's secret scanning alerts.
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at admin@hackerzhome.org or fill out this contact form.

Share this news: