Cybersecurity

Note this post evaluates Linux systems. Microsoft presumably has a different, hopefully better, implementation.

• The Biden administration is imposing new security standards for companies that do business with the U.S. government with a new executive order.

• The directive also will require software companies to demonstrate the security of their development processes.

• It’s not clear if the incoming Trump administration will uphold the new rules.

According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based computers and networks.”

Details:

To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group. According to the FBI, at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023.

It was that very server that allowed the FBI to finally kill this pesky bit of malicious software. First, they tapped the know-how of French intelligence agencies, which had recently discovered a technique for getting PlugX to self-destruct. Then, the FBI gained access to the hackers’ command-and-control server and used it to request all the IP addresses of machines that were actively infected by PlugX. Then it sent a command via the server that causes PlugX to delete itself from its victims’ computers.

The title is a bit blick-batey as it implies the FBI did it directly to said computers.

In both campaigns, attackers hid malicious code in images they uploaded to archive[.]org, a file-hosting website, and used the same .NET loader to install their final payloads

A simple misconfiguration in on-premise applications can override the Group Policy, effectively negating the Group Policy designed to stop NTLMv1 authentications

App: https://chat.positive-intentions.com/

A p2p encrypted file transfer and messaging app. Here are some features below:

• Open Source
• Cross platform
  • PWA
  • iOS, Android, Desktop (self compile)
  • App store, Play store (coming soon)
  • Desktop
    • Windows, Macos, Linux (self compile)
    • run index.html on any modern browser
  • Decentralized
• Secure
  • No cookies
  • P2P encrypted
  • No registration
  • No installing
• Messaging
  • Group Messaging (coming soon)
  • Text Messaging
  • Multimedia Messaging
  • Screensharing (on desktop browsers)
  • Offline Messaging (in research phase)
  • File Transfer
  • Video Calls
• Data Ownership
  • Self Hosting
  • GitHub pages Hosting
  • Local-Only storage

Check it out!

• App: https://chat.positive-intentions.com/
• More info: https://positive-intentions.com/blog/introducing-decentralized-chat
• GitHub: https://github.com/positive-intentions/chat

Two independent groups of researchers have identified a total of 6 vulnerabilities in rsync. In the most severe CVE, an attacker only requires anonymous read access to a rsync server, such as a public mirror, to execute arbitrary code on the machine the server is running on.