[PLUG] OS sec, WSL malware, Ofc 0-day

jeffv via plug on 31 May 2022 07:29:57 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] OS sec, WSL malware, Ofc 0-day

From: jeffv via plug <plug@lists.phillylinux.org>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: [PLUG] OS sec, WSL malware, Ofc 0-day
Date: Tue, 31 May 2022 10:03:56 -0400
Authentication-results: smtp03.aqua.bos.sync.lan smtp.user=jeffv@op.net; auth=pass (LOGIN)
Dkim-signature: v=1; a=rsa-sha1; d=op.net; s=20180222; c=relaxed/simple; q=dns/txt; i=@op.net; t=1654005837; h=From:Subject:Date:To:MIME-Version:Content-Type; bh=lYo89+y5qXcBCZMdgZiG7jqWS08=; b=lSsvLg1m94JRTZcSg2O/znuAgobGGkSYKbhhI4TFenN5718OuuRRx4JvwTmRmrR1 Yy7OgOiusQZTOYFoAlgdvust8W5TevbkUPaFqTkeoNaKcGZ+n34ovxKi9wSrhMIU j5EIcuglgCUbHCcFc70F+OGc3xuwDf0wVU4x4Zgcj5ramgerj6jVeoERaif5vZCL 3xKfBe0zLFXZtP8MS9mtICkeg2ktuBQ9FVjObcfhDTI3rPUHAVMxOcIOJ7Z39kXm V5C8rVWIcrVq7/v8orr/ROPWPA7WK7sNfPlNf8fp9CWDbOjXBtET5wP1BX6WhEIT AW5DRd4N1n7OvcgMEWSspQ==;
Reply-to: jeffv <jeffv@op.net>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1

Hijacking of popular ctx and phpass packages reveals open sourcesecurity gaps


https://www.helpnetsecurity.com/2022/05/26/hijacking-open-source-packages/

The Python module “ctx” and a fork of the PHP library “phpass” haverecently been modified by an unknown attacker to grab AWScredentials/keys and send them to a Heroku app.




New Windows Subsystem for Linux malware steals browser auth cookies

https://www.bleepingcomputer.com/news/security/new-windows-subsystem-for-linux-malware-steals-browser-auth-cookies/



Microsoft shares mitigation for Office zero-day exploited in attacks

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: [PLUG] Perl 5.36 released
Previous by thread: [PLUG] Perl 5.36 released
Index(es):
- Date
- Thread