Author: panosnet

Linux Maintainers Infected by SSH-Dwelling Backdoor: A Two-Year Compromise

Introduction In a shocking revelation, it has been disclosed that the infrastructure used to maintain and distribute the Linux operating system kernel was compromised for two years by sophisticated malware. This critical breach, involving the Ebury backdoor, has had far-reaching implications for Linux security. This article delves into the details of the attack, its impact, and the lessons learned. The […]

Cryptic Bitcoin Transaction Unfolds: Revisiting Satoshi Nakamoto’s Genesis Wallet in a $1.17 Million Transaction

Introduction: In the early hours of January 5, the cryptocurrency community was abuzz with speculation and curiosity as a mysterious Bitcoin transaction unfolded, linking to Satoshi Nakamoto’s dormant Genesis wallet. The wallet, inactive since Nakamoto’s disappearance in 2010, witnessed an unknown user transfer 26.9 BTC, valued at $1.17 million. This enigmatic transaction has raised eyebrows within the crypto space, fueled […]

Emerging Threat: SMTP Smuggling Exploits Flaws in Major Email Servers – how to spoof like a pro!

Summary: A newly identified technique called SMTP smuggling poses a significant threat to email security by exploiting vulnerabilities in Microsoft Exchange Online, GMX, and Cisco Secure Email Gateway servers. Researchers at SEC Consult have discovered that this method allows attackers to bypass Domain-based Message Authentication, Reporting, and Conformance (DMARC) as well as other email protections. By manipulating the Simple Mail […]

Unraveling the Operation Triangulation Spyware: A Deep Dive into iPhone Exploits

Since 2019, the Operation Triangulation spyware has targeted iPhone devices, exploiting undocumented features within Apple chips to bypass robust hardware-based security measures. Over the past year, Kaspersky analysts have meticulously reverse-engineered this intricate attack chain, shedding light on its complexities since its discovery in June 2023. Exploitation of Obscure Hardware Features: Operation Triangulation represents a sophisticated attempt by threat actors […]

Safeguard Your Confluence for an Urgent Upgrade!

Alert: Safeguard Your Confluence for an Urgent Upgrade! Advisory Release Date: Wednesday, Oct 4th, 2023, 06:00 PDT Attention, Confluence Users! We’ve got some news that’s making waves in the tech world. Atlassian has recently uncovered a significant security concern – CVE-2023-22515 – and it’s time for you to sit up and take notice. The Scoop: What’s Happening? Picture this: a […]

Curl new vulnerabilities to be announced on October 11, 2023

Curl, which relies on libcurl, is a widely-used command-line tool for transferring data via URL syntax. It supports a diverse array of protocols, including FTP(S), HTTP(S), IMAP(S), LDAP(S), MQTT, POP3, RTMP(S), SCP, SFTP, SMB(S), SMTP(S), TELNET, WS, and WSS. The maintainers of the Curl library have issued a warning regarding two security vulnerabilities scheduled for resolution in an upcoming update […]

Looney Tunables Vulnerability Exploited: Linux Root Access at Risk

Introduction: In the realm of Linux security, a new vulnerability known as “Looney Tunables,” officially designated CVE-2023-4911, has raised significant alarms. This high-severity flaw resides in the GNU C Library’s dynamic loader, posing a serious threat to major Linux distributions. The flaw, marked by a buffer overflow weakness, allows local attackers to gain root privileges, which could lead to unauthorized […]

CVE-2023-22809 SUDO High criticality Vulnerability

The world of technology is always advancing, with new products and services being developed at a rapid pace. However, with this progress comes new security risks and vulnerabilities, which can leave users and organizations vulnerable to attacks. One such vulnerability is CVE-2023-22809, a critical vulnerability in the popular Unix and Linux utility, sudo. Sudo is a powerful tool that allows […]