Patrick Domingues

A new malware campaign has been found containing a new Backdoor Trojan called SpeakUp and they are targeting Linux Servers and MacOS by exploiting vulnerabilities in their systems. 

Check Point researchers stated that the malware campaign attacks Linux servers from all over the world using the CVE-2018-20062 ThinkPHP remote code execution vulnerability as an initial infection vector.

To upload a “PHP shell that serves and executes a Perl backdoor” on vulnerable Linux machines, it will employ command injection techniques to send shell commands via a GET request’s “module” parameter:

s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo ^>index.php

Followed by the Trojan injecting a backdoor by pulling the ibus Perl script payload and store it in /tmp/e3ac24a0bcddfacd010a6c10f4a814bc, which will immediately be launched with the help of a follow-up malicious HTTP request designed to execute the Perl-based backdoor, pause for a couple of seconds and delete the file to remove any indication that something is wrong.

The malware … Read the rest

Apple has disabled the Group FaceTime software temporarily due to a software bug that allows other iOS users to listen in on private conversations without any notification to reject or accept a call.
The bug is believed to impact any pair of devices running iOS 12.1 or later, according to reports. Security Experts – like Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation – urged iOS users to delete the FaceTime function until a fix becomes available.

• Automating System Updates with Unattended-Upgrades on Ubuntu
• How to Add a Large Disk Partition as Storage in Proxmox VE
• How to Remove Radmin Viewer with PowerShell
• How to Automate Ubuntu Server System Updates and Package Installation
• Introducing Zevonix: Your Pathway to Smarter IT

The Department of Homeland Security states that some agencies are being targeted by specific attacks that modify the Domain Name System Records, which critical function of the processes to locate websites.

DHS issued an emergency statement giving government agencies 10 days to verify that their DNS records are accurate. There has been a series of incidents where email and website traffic has been redirected.

The DHS’s Cyber Security Team said it “is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them,” .

Cyber attacks that target DNS systems can be quite powerful. By modifying a DNS record it can allow an attacker to see traffic flowing to a website or service. They can also craft effective phishing attacks to collect login username and passwords for anything. Hackers can also set a different IP address for the domain … Read the rest

MySQL has released a security statement providing the following information:

The LOAD DATA statement can load a file located on the server host, or, if the LOCAL keyword is specified, on the client host.

There are two potential security issues with the LOCALversion of LOAD DATA:

• The transfer of the file from the client host to the server host is initiated by the MySQL server. In theory, a patched server could be built that would tell the client program to transfer a file of the server’s choosing rather than the file named by the client in the LOAD DATA statement. Such a server could access any file on the client host to which the client user has read access. (A patched server could in fact reply with a file-transfer request to any statement, not just LOAD DATA LOCAL, so a more fundamental issue is that clients should