Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Mar 28, 2023

=> What is System Hardening? Definition and Best practices | Games: Steam, Native GNU/Linux Ports, Netherguild, and More

OneNote Embedded URL Abuse

=> ↺ OneNote Embedded URL Abuse

[...]

In my previous blogpost I described how OneNote is being abused in order to deliver a malicious URL. In response to this attack, helpnetsecurity recently reported that Microsoft is planning to release a fix for the issue in April this year. Currently, it’s still unknown what this fix will look like, but from helpnetsecurity’s post, it seems like Microsoft’s fix will focus on the OneNote embedded file feature.

During my testing, I discovered that there is another way to abuse OneNote to deliver malware: Using URLs. The idea is similar to how Threat Actors are already abusing URLs in HTML pages or PDFs. Where the user is presented with a fake warning or image to click on which would open the URL in their browser and loads a phishing page.

Apps running as spot extra secure in Puppy

=> ↺ Apps running as spot extra secure in Puppy

I watch what Dima (dimkr in the forum) is doing on woof-CE with great interest. In particular, the steps that he has implemented to enhance security for applications running as user 'spot'.

See his summary here:

https://forum.puppylinux.com/viewtopic.php?p=70405#p70405

=> ↺ https://forum.puppylinux.com/viewtopic.php?p=70405#p70405

=> ↺ https://forum.puppylinux.com/viewtopic.php?p=70405#p70405

Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April [iophk: Windows TCO; Ed: Lies, decoys, and distraction. Microsoft is trying to offload blame to those who exploit the holes while Microsoft sits on its hands, making bug doors in everything it makes]

=> ↺ Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April

Microsoft says it has evidence that Russian APT actors were exploiting a nasty Outlook zero-day as far back as April 2022, upping the stakes on organizations to start hunting for signs of compromise.

[...]

The vulnerability, tracked as CVE-2023-23397, was flagged in the ‘already exploited’ category when Redmond shipped a fix earlier this month and Microsoft’s incident responders have pinned the attacks on Russian government-level hackers targeting organizations in Europe.

Fortinet’s Threat Report finds attackers are retooling and leveraging more wiper malware

=> ↺ Fortinet’s Threat Report finds attackers are retooling and leveraging more wiper malware

One of the outcomes of war in the modern age is that it can lead to a new class of destructive tools in the hands of cyber threat actors.

FBI warns business email compromise attacks are now targeting commodities

=> ↺ FBI warns business email compromise attacks are now targeting commodities

BEC attacks, an attack method that involves fraud enabled by social engineering, are not new. A report in September found that one-third of all cyberattacks now involve BEC, but typically, such attacks aim to steal money. The FBI warning details that those behind the attacks are now also targeting tangible goods.

According to a March 24 announcement by the FBI, criminal actors are impersonating the email domains of legitimate companies to initiate the bulk purchase of goods from vendors across the U.S. The email messages sent to vendors appear to come from known sources of business, which vendors assume are legitimate business transactions, so they fulfill the purchase orders for distribution.

Hacks at Pwn2Own Vancouver 2023

=> ↺ Hacks at Pwn2Own Vancouver 2023

An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver: [...]

=> gemini.tuxmachines.org