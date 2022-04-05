Security Leftovers
-
US Cyber Command shored up nine nations' defenses last year [Ed: Microsoft Windows TCO or broken windows]
-
Beijing-backed gang looted IP around the world for years, claims Cybereason> [Ed: Microsoft Windows TCO]
Infosec outfit Cybereason says it's discovered a multi-year – and very successful – Chinese effort to steal intellectual property.
The company has named the campaign "Operation CuckooBees" and attributed it, with a high degree of confidence, to a Beijing-backed advanced persistent threat-slinger going by Winnti – aka APT 41, BARIUM, and Blackfly.
Whatever the group is called, it uses several strains of malware and is happy to construct complex chains of activity. In the attack Cybereason claims to have spotted, Winnti starts by finding what Cybereason has described as "a popular ERP solution" that had "multiple vulnerabilities, some known and some that were unknown at the time of the exploitation."
Once ERP was compromised, Winnti sought out a file named gthread-3.6.dll, which can be found in the VMware Tools folder. The DLL was used to inject other payloads into svchost.exe, with installation of a webshell and credential dumping tools high on the crims' to-do list.
-
Cisco has released a free antivirus package, ClamAV 0.105 - LinuxStoney
Cisco has introduced a major new release of the free antivirus package ClamAV 0.105.0 and has also published patch releases of ClamAV 0.104.3 and 0.103.6 with vulnerabilities and bug fixes. Recall that the project passed into the hands of Cisco in 2013 after the purchase of Sourcefire, which develops ClamAV and Snort. The project code is distributed under the GPLv2 license.
-
- Login or register to post comments
- Printer-friendly version
- 430 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Kubernetes 1.24 Featuress and Change, Even Lockdown
Audiocasts/Shows: The Linux Link Tech Show, FLOSS Weekly, and Microsoft Junk
Xebian - A Blend of Debian and Goodness of Xfce [Review]
A review of Xebian Linux Distribution which brings the Debian rolling release with lightweight Xfce desktop environment - together.
Debian GNU/Linux 11 Users Get a Massive Linux Kernel Security Update, Patch Now
The Debian Project announced this week a massive Linux kernel security update for its Debian GNU/Linux 11 “Bullseye” operating system series to address 19 security vulnerabilities discovered by various security researchers in the upstream Linux 5.10 LTS kernel, which may lead to a privilege escalation, denial of service or information leaks.
Recent comments
2 hours 21 min ago
2 hours 24 min ago
2 hours 37 min ago
12 hours 9 min ago
12 hours 30 min ago
12 hours 34 min ago
12 hours 52 min ago
13 hours 1 min ago
14 hours 50 min ago
15 hours 5 sec ago