Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion

Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion,

In what’s yet another act of sabotage, the developer behind the popular « node-ipc » NPM package shipped a new version to protest Russia’s invasion of Ukraine, raising concerns about security in the open-source and the software supply chain.
Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting users with IP

,

In what’s yet another act of sabotage, the developer behind the popular « node-ipc » NPM package shipped a new version to protest Russia’s invasion of Ukraine, raising concerns about security in the open-source and the software supply chain.
Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting users with IP

, ,
https://thehackernews.com/2022/03/popular-npm-package-updated-to-wipe.html

DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly

DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly,

The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found.
« The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation, » Avast researcher Martin Chlumecký said in a report published Wednesday.
« One worm

,

The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found.
« The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation, » Avast researcher Martin Chlumecký said in a report published Wednesday.
« One worm

, ,
https://thehackernews.com/2022/03/dirtymoe-botnet-gains-new-exploits-in.html

The Golden Hour of Incident Response

The Golden Hour of Incident Response,

As a CSIRT consultant, I cannot overemphasize the importance of effectively managing the first hour in a critical incident.
Finding out what to do is often a daunting task in a critical incident. In addition, the feeling of uneasiness often prevents an incident response analyst from making effective decisions. However, keeping a cool head and actions planned out is crucial in successfully

,

As a CSIRT consultant, I cannot overemphasize the importance of effectively managing the first hour in a critical incident.
Finding out what to do is often a daunting task in a critical incident. In addition, the feeling of uneasiness often prevents an incident response analyst from making effective decisions. However, keeping a cool head and actions planned out is crucial in successfully

, ,
https://thehackernews.com/2022/03/the-golden-hour-of-incident-response.html

TrickBot Malware Abusing Hacked IoT Devices as Command-and-Control Servers

TrickBot Malware Abusing Hacked IoT Devices as Command-and-Control Servers,

Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers.
« By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds

,

Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers.
« By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds

, ,
https://thehackernews.com/2022/03/trickbot-malware-abusing-hacked-iot.html

Ukraine Secret Service Arrests Hacker Helping Russian Invaders

Ukraine Secret Service Arrests Hacker Helping Russian Invaders,

The Security Service of Ukraine (SBU) said it has detained a « hacker » who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory.
The anonymous suspect is said to have broadcasted text messages to Ukrainian officials, including security officers and civil servants, proposing that they surrender and take the side of

,

The Security Service of Ukraine (SBU) said it has detained a « hacker » who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory.
The anonymous suspect is said to have broadcasted text messages to Ukrainian officials, including security officers and civil servants, proposing that they surrender and take the side of

, ,
https://thehackernews.com/2022/03/ukraine-secret-service-arrests-hacker.html

New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers

New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers,

A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called cr8escape could be exploited by an attacker to break out of containers and obtain root access to the host.
« Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data, and lateral movement across pods, » CrowdStrike

,

A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called cr8escape could be exploited by an attacker to break out of containers and obtain root access to the host.
« Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data, and lateral movement across pods, » CrowdStrike

, ,
https://thehackernews.com/2022/03/new-vulnerability-in-cri-o-engine-lets.html

New « B1txor20 » Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw

New « B1txor20 » Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw

,

A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits.
Qihoo 360’s Netlab security team called it B1txor20 « based on its propagation using the file name ‘b1t,’ the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes. »
<!–adsense–>

,

A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits.
Qihoo 360’s Netlab security team called it B1txor20 « based on its propagation using the file name ‘b1t,’ the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes. »
<!–adsense–>

, ,
https://thehackernews.com/2022/03/new-b1txor20-linux-botnet-uses-dns.html

New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers

New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers,

The maintainers of OpenSSL have shipped patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service (DoS) condition when parsing certificates.
Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue stems from parsing a malformed certificate with invalid explicit elliptic-curve parameters, resulting in what’s called an « infinite loop. » The flaw

,

The maintainers of OpenSSL have shipped patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service (DoS) condition when parsing certificates.
Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue stems from parsing a malformed certificate with invalid explicit elliptic-curve parameters, resulting in what’s called an « infinite loop. » The flaw

, ,
https://thehackernews.com/2022/03/new-infinite-loop-bug-in-openssl-could.html

FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug

FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws.
« As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws.
« As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [

, ,
https://thehackernews.com/2022/03/fbi-cisa-warn-of-russian-hackers.html

Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters

Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters,

Researchers have disclosed an unpatched security vulnerability in « dompdf, » a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations.
« By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it

,

Researchers have disclosed an unpatched security vulnerability in « dompdf, » a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations.
« By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it

, ,
https://thehackernews.com/2022/03/unpatched-rce-bug-in-dompdf-project.html