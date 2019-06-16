Security: John Deere, Windows, Debian, Ubuntu, and Mozilla Firefox
John Deere's Promotional USB Drive Hijacks Your Keyboard
“The device itself, it’s pretty ingenious, actually,” the Reddit user said. “It’s an HID-compliant keyboard that, when connected detects what platform it’s on and automatically sends a keyboard shortcut to open a browser, and then it barfs the link into the address bar.”
New Variant of the Houdini Worm Emerges
WSH RAT is currently being offered as a subscription, at $50 per month. The malware operators are actively marketing the malware as compatible with all Windows XP to Windows 10 releases, featuring automatic startup methods, and various remote access, evasion, and stealing capabilities.
Debian's Intel MDS Mitigations Are Available for Sandy Bridge Server/Core-X CPUs
The Debian Project recently announced the general availability of a new security update for the intel-microcode firmware to patch the recently disclosed Intel MDS (Microarchitectural Data Sampling) vulnerabilities on more Intel CPUs.
Last month, on May 14th, Intel disclosed four new security vulnerabilities affecting many of its Intel microprocessor families. The tech giant was quick to release updated microcode firmware to mitigate these flaws, but not all the processor families were patched.
Canonical Outs New Linux Kernel Live Patch for Ubuntu 18.04 LTS and 16.04 LTS
Canonical released a new Linux kernel live patch for the Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04 LTS (Xenial Xerus) operating system series to address the recently disclosed TCP Denial of Service (DoS) vulnerabilities.
Coming hot on the heels of the recent Linux kernel security updates published earlier this week for all supported Ubuntu releases, the new Linux kernel live patch is only targeted at Ubuntu versions that support the kernel live patch and are long-term supported, including Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04 LTS (Xenial Xerus).
Firefox Users Warned to Patch Critical Flaw
Mozilla is urging users of its Firefox browsers to update them immediately to fix a critical zero-day vulnerability. Anyone using Firefox on a Windows, macOS or Linux desktop is at risk.
The vulnerability, CVE-2019011707, is a type confusion in Array.pop. It has been patched in Firefox 67.0.3 and Firefox ESR 60.7.1.
Mozilla announced the patch Tuesday, but the vulnerability was discovered by Samuel Groß of Google Project Zero on April 15.
Mozilla implemented the fix after digital currency exchange Coinbase reported exploitation of the vulnerability for targeted spearphishing attacks.
"On Monday, June 17, 2019, Coinbase reported a vulnerability used as part of targeted attacks for a spear phishing campaign," Selena Deckelmann, senior director, Firefox Browser Engineering, told TechNewsWorld. "In less than 24 hours, we released a fix for the exploit."
