July 26, 2024 at 05:51AM Binarly has identified a security vulnerability named “PKfail,” centered around an exposed American Megatrends International Platform Key (PK), utilized as a Secure Boot private key. This flaw, found in hundreds of computer models from various manufacturers, allows attackers to sign and execute malicious code during the device’s boot process, potentially … Read more
June 28, 2024 at 09:01AM A large scale supply chain attack affecting numerous websites has been traced to a common operator. Leaked Cloudflare secret keys revealed the connection between the attack and the CDN services Polyfill.io, BootCDN, Bootcss, and Staticfile. Collaborative efforts of several security researchers contributed to the discovery. The attack’s widespread impact and … Read more
June 27, 2024 at 06:57AM The Polyfill.io JavaScript CDN service was shut down due to researchers discovering malicious code being delivered to over 100,000 websites. The service has since been relaunched on a new domain, polyfill.com, claiming to have no supply chain risks. However, doubts remain due to security practitioners’ findings and concerns raised by … Read more
June 25, 2024 at 12:53PM Multiple plug-ins on WordPress.org were compromised by threat actors, injecting malicious code aimed at granting attackers administrative privileges and enabling further malicious activity. The affected plug-ins, including the popular Social Warfare, have been delisted and are unavailable for download, with a recommendation to remove them immediately and perform a complete … Read more
June 25, 2024 at 08:48AM Malicious code inserted into five WordPress plugins created new admin accounts, reported Defiant. Social Warfare versions 4.4.6.4 to 4.4.7.1 have the code and users should update to 4.4.7.3. Four other plugins are affected. The attacker sends admin details to their server and adds SEO spam to sites. The plugins are … Read more
June 25, 2024 at 12:03AM Several WordPress plugins have been compromised and backdoored to inject malicious code, allowing creation of rogue administrator accounts and unauthorized actions on affected websites. The injected malware aims to create new admin accounts and inject malicious JavaScript for SEO spam. Users are advised to check for suspicious accounts and malicious … Read more
April 3, 2024 at 07:12AM An XZ Utils backdoor, reminiscent of a 2020 F-Droid attempt, highlighted the trend of targeting open source software. Jia Tan, posing as a legitimate developer, embedded a backdoor for remote code execution via Linux systems. Collin’s investigation promises more details, as experts predict further supply chain attacks in open source … Read more
April 1, 2024 at 05:20PM A backdoor was discovered in the open-source compression library xz, posing a significant security threat. Luckily caught in time, the incident has raised concerns about future safeguards. The complex and stealthy attack on the software has sparked speculation about the motives and sophistication of the perpetrator. The hunt for the … Read more
March 29, 2024 at 06:05PM Red Hat has warned about a backdoor in the xz compression library affecting Fedora Linux 40, 41, and Rawhide. The vulnerability, rated 10/10 in severity, provides remote backdoor access and interferes with sshd authentication. Users are advised to stop using Fedora Rawhide instances. Red Hat Enterprise Linux (RHEL) is not … Read more
March 26, 2024 at 11:00AM A suspicious NuGet package, “SqzrFramework480,” has been reported for potential industrial data harvesting. The .NET library offers legitimate robotic movement and GUI capabilities but can also capture information from industrial systems, take screenshots, and transfer data. The package is potentially linked to Chinese company Bozhon, raising concerns about industrial espionage. … Read more