Hi, everybody - Chad here. It’s good to be back after last week’s (and yesterday’s) absence. You barely noticed, you say? You didn’t shriek my name while shaking closed fists at the sky even once last Tuesday, you say? Man, whatever - you’re just trying to play it cool. It’s fine. The good news is, I’m back, my sister’s wedding went off without any unplanned shenanigans last week, and now we can get back to our terrifying security news. This week…
Phishing campaign uses UPS.com XSS vuln to distribute malware
Attackers Increasingly Target Linux in the Cloud
More bad news for Linux folks, as various distros continue to be targeted by attackers. This article from DarkReading focuses on Linux in the cloud, which is rapidly becoming the distro/instance of choice for various gigantic organizations, based on lots of cool options that Linux offers. Namely/lately, the feature of choice is the ability to use “containers” within the OS. Unfortunately, not all containers can be trusted - a lot of the most widely-used have shown a significant number of vulnerabilities. According to the article, “The official Python image, for example, has 482 vulnerabilities — 32 of them critical — while the official WordPress image has 402 vulnerabilities, 26 of them critical.” Keep that hygiene clean, y’all!
Windows 10 Admin Rights Gobbled by Razer Devices
Ahh, it’s finally Facepalm O’Clock! From the article at ThreatPost: “A zero-day bug in the device installer software for Razer peripherals – be they a Razer mouse, keyboard or any device that uses the Synapse utility – gives the plugger-inner full admin rights on Windows 10, just by inserting a compatible peripheral and downloading Synapse.” Now, I don’t know too many hateful, malicious plugger-inners myself, but jeez - that’s a pretty big slap in the face of the Cyber Hygiene Falcon®, a fictional animal mascot that I just invented. Personally, I’ve only used/supported Windows when forced but the former Admin in me just can’t stop laughing/screaming. Yup. Ol’ Cybey is gonna shed a tear or two over this one!