Share Blog Post
Ubuntu users, beware! ImageMagick, a widely used image manipulation program, is susceptible to various vulnerabilities across multiple Ubuntu releases. Ensure installing the latest security updates as these flaws could turn into adverse exploits, such as triggering DoS conditions. Another group of experts has detected a Linux version of the DinodasRAT that has been targeting Red Hat and Ubuntu systems since 2022. The malware enables full control and espionage on infected machines.
Separately, Red Hat warned about a malicious backdoor discovered in the xz data compression library, affecting Fedora Linux 40 and the Fedora Rawhide developer distribution. Also, the Vultur Android banking trojan has reemerged with enhanced features and evasion techniques, enabling remote device interaction and data harvesting capabilities.
Top Breaches Reported in the Last 24 Hours
Dating app exposes millions of users’ data
Atraf, a popular Israeli LGBTQ dating app, experienced a significant data breach, exposing the personal information of around 700,000 users. The leaked data included clear text passwords and payment card details. While the breach remains alleged until confirmed by the company, experts confirmed that the leaked data is legitimate, with records dating back to 2021. Users were urged to change their passwords immediately and exercise caution with emails from the app.
AT&T confirms breach affecting 73 million customers
Despite initially denying that the recently leaked data originated at its end, AT&T finally confirmed a data incident impacting 73 million current and former customers. The data, believed to be from 2019 or earlier, includes sensitive information such as names, addresses, phone numbers, and Social Security numbers for many customers. Security passcodes for 7.6 million current account holders were compromised.
Top Malware Reported in the Last 24 Hours
Linux variant of DinodasRAT discovered
Red Hat and Ubuntu systems have been under attack by a Linux version of the DinodasRAT, also known as XDealer, since 2022, revealed security experts. While the Linux variant has not been publicly described, its Windows counterpart was previously involved in an espionage campaign targeting government entities. The Linux variant of DinodasRAT exhibits sophisticated capabilities, including persistence mechanisms, data exfiltration, remote command execution, and proxying C2 communications.
Android banking trojan returns
The Vultur Android banking trojan made a comeback with upgraded capabilities and improved evasion techniques, allowing attackers to control mobile devices and extract sensitive information remotely. Distributed via trojanized dropper apps on the Google Play Store, Vultur now encrypts its communication, employs multiple encrypted payloads, and masquerades as legitimate applications. It leverages techniques like TOAD to spread, targeting victims through SMS messages and phone calls.
Top Vulnerabilities Reported in the Last 24 Hours
ImageMagick bugs patched in Ubuntu
The Ubuntu security team has addressed multiple vulnerabilities in ImageMagick, a widely used image manipulation program and library. These vulnerabilities could lead to DoS attacks. Affected Ubuntu releases include Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 23.10, Ubuntu 23.04, Ubuntu 18.04, and Ubuntu 16.04. The vulnerabilities encompass memory handling issues and an SVG processing vulnerability, which could be triggered by opening specially crafted images or SVG files.
Malicious backdoor Found in xz library
Red Hat issued a warning regarding a backdoor flaw discovered in the xz data compression software library, potentially impacting instances of Fedora Linux 40 and Fedora Rawhide. The backdoor, present in xz versions 5.6.0 and 5.6.1, allows for remote access via OpenSSH and system. Designated as CVE-2024-3094, the vulnerability is rated as critical. While Red Hat assures that Red Hat Enterprise Linux (RHEL) is unaffected, users of Fedora Linux 40 and Rawhide are advised to cease usage immediately.
Tags
Posted on: April 01, 2024
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
