What is InfoSec

A new and previously undetected malware dubbed ‘Lightning Framework’ targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits. Described as a “Swiss Army Knife” in a report published today by Intezer, Lightning Framework is a modular malware that also comes with support for plugins. “The framework has both passive and active capabilities for communication with the threat actor, including opening up SSH on an infected machine, and a polymorphic malleable command and control configuration,” Intezer security researcher Ryan Robinson said. This malware is……

 825 total views,  10 views today

Atlassian has patched a critical hardcoded credentials vulnerability in Confluence Server and Data Center that could let remote, unauthenticated attackers log into vulnerable, unpatched servers. The hardcoded password is added after installing the Questions for Confluence app (versions 2.7.34, 2.7.35, and 3.0.2) for a user account with the username disabledsystemuser — designed to help admins with the migration of data from the app to the Confluence Cloud. According to Atlassian, the app helps improve communication with the organization’s internal Q&A team and is currently installed on over 8,000 Confluence servers. “The disabledsystemuser account……

 1,113 total views,  10 views today

What initially started like a minor Microsoft Teams outage has also taken down multiple Microsoft 365 services with Teams integration, including Exchange Online, Windows 365, and Office Online. “We’ve received reports of users being unable to access Microsoft Teams or leverage any features,” the company revealed on its official Microsoft 365 Status Twitter account more than 8 hours ago. Two hours later, Redmond said the issue causing the connection problems was a recent deployment that featured a broken connection to an internal storage service. However, Teams was not the only product impacted by the outage since users……

 909 total views,  8 views today

The popular open-source Linux distribution, Kali Linux, specialized for penetration testing, ethical hacking and security auditing, can now be used by Linode customers. Getting Kali Linux on Linode The infrastructure-as-a-service (IaaS) platform provider, recently acquired by Akamai, offers two ways to get Kali: A bare-install version in the form of an official Kali distribution (without a GUI and tools) that can be deployed on any Linode compute instance and used via a command line interfaceA Kali Linux Marketplace app (with an XFCE user interface, a full suite of tools, and various additional options)……

 1,467 total views,  1 views today

Remember Log4j? Well, Log4J is one of the Apache Software Foundation’s many software projects (more than 350 at current count), and it’s a programming library that Java coders can use to manage logfiles in their own products. Logfiles are a vital part of development, debugging, record keeping, program monitoring, and, in many industry sectors, of regulatory compliance. Unfortunately, not all text you logged – even if it was sent in by an external user, for example as a username in a login form – was treated literally. If you gave your name……

 1,302 total views