Systemd Vulnerable to DNS Attacks

Systemd, the Linux world’s favorite init monolith, can be potentially crashed or hijacked by malicious DNS servers. Patches are available to address the security flaw, and should be installed ASAP if you’re affected.
Continue reading Systemd Vulnerable to DNS Attacks

Linux Malware Mines for Cryptocurrency Using Raspberry Pi Devices

A Linux trojan detected under the generic name of Linux.MulDrop.14 is infecting Raspberry Pi devices with the purpose of mining cryptocurrency.

According to Russian antivirus maker Dr.Web, the malware was first spotted online in the second half of May in the form of a script that contains a compressed and encrypted application.

Experts say the initial infection takes place when Raspberry Pi operators leave their devices’ SSH ports open to external connections.

Once a Raspberry Pi device is infected, the malware changes the password for the “pi” account to:

\$6\$U1Nu9qCp\$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1

Read the full article here

New Attack Method Delivers Malware Via Mouse Hover

Mouseover’ technique relies on users hovering over hyperlinked text and images in Microsoft PowerPoint files to drop Trojan.

Researchers have found a new form of attack that abuses the action of hovering over hyperlinked text and images in a Microsoft PowerPoint presentation.

Trend Micro researchers discovered the “mouseover” technique, used by a Trojan downloader also found in a spam campaign hitting EMEA businesses in the manufacturing, education, pyrotechnics, logistics, and device fabrication industries. The downloader they analyzed delivers a version of the OTLARD banking Trojan, also known as GootKit.

“This is the first occurrence of malware using the ‘hover’ method to initiate a download that we know of,” says Mark Nunnikhoven, Trend Micro’s VP of cloud security.

“While GootKit is known malware, businesses should be more concerned about this latest technique as it shows none of the usual indicators of an infected document,” he explains. This is novel because it abuses the previously safe user practice of hovering over a link before clicking.
Continue reading New Attack Method Delivers Malware Via Mouse Hover

Netgear Router Security Update

Netgear noted that several of their routers have a command injection Vulnerability issue where an attacker can use a phishing method to gain control of your router.

Tip:
To find the model/version number, check the bottom or back panel of your NETGEAR device.

From the vulnerability Notes Database:

R6200, R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, and D6400 contain an unauthenticated command injection vulnerability that may be executed directly or via cross-domain requests. Known affected firmware versions include Netgear R7000 version 1.0.7.2_1.1.93, R6400 version 1.0.1.12_1.0.11, and R8000 version 1.0.3.4_1.1.2. Earlier versions may also be affected. The command injection vulnerability has been assigned CVE-2016-6277.

By convincing a user to visit a specially crafted web site, a remote, unauthenticated attacker may execute arbitrary commands with root privileges on affected routers. An unauthenticated, LAN-based attacker may do the same by issuing a direct request, e.g. by visiting: http:///cgi-bin/;COMMAND

Continue reading Netgear Router Security Update