[PLUG] OS sec, WSL malware, Ofc 0-day

jeffv via plug <plug@lists.phillylinux.org> · Tue, 31 May 2022 10:03:56 -0400

Hijacking of popular ctx and phpass packages reveals open source 

security gaps

https://www.helpnetsecurity.com/2022/05/26/hijacking-open-source-packages/

The Python module “ctx” and a fork of the PHP library “phpass” have 

recently been modified by an unknown attacker to grab AWS 

credentials/keys and send them to a Heroku app.

New Windows Subsystem for Linux malware steals browser auth cookies

https://www.bleepingcomputer.com/news/security/new-windows-subsystem-for-linux-malware-steals-browser-auth-cookies/

Microsoft shares mitigation for Office zero-day exploited in attacks

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug