Aggregator

Israel’s military intelligence unit, Unit 8200—specializing in cyber-espionage and electronic surveillance—has been using Microsoft’s cloud servers to store a vast archive of data on residents of Gaza and the West Bank. This trove, leveraged...

The post Microsoft Azure Used to Store Vast Trove of Palestinian Surveillance Data, Investigation Reveals appeared first on Penetration Testing Tools.

Google has announced that the protected KVM (pKVM) hypervisor, used within the Android Virtualization Framework, has become the world’s first software component for mass-market consumer electronics to achieve the SESIP Level 5 security certification....

The post Google’s Android Hypervisor Achieves Highest Security Certification for Consumer Electronics appeared first on Penetration Testing Tools.

The latest Netskope findings show a 50% increase in GenAI platform usage among enterprise end-users, driven by growing employee demand for tools to develop custom AI applications and agents. Top LLM interfaces by percentage in organizations (source: Netskope) Despite an ongoing shift toward safe enablement of SaaS GenAI apps and AI agents, the growth of shadow AI, unsanctioned AI applications in use by employees, continues to compound potential security risks, with over 50% of all … More →

The post Employees race to build custom AI apps despite security risks appeared first on Help Net Security.

Microsoft has alerted Windows 11 users to a new false notification that appears after installing the July 2025 preview update and subsequent 24H2 releases. The issue is linked to the CertificateServicesClient (CertEnroll) component and...

The post Microsoft Confirms Harmless Bug in Windows 11 Update That Generates Misleading Error Logs appeared first on Penetration Testing Tools.

Microsoft has released a new video interview with Pavan Davuluri, head of Windows, in which he outlined the company’s vision for the platform’s evolution and the transformative role artificial intelligence will play. When asked...

The post Ambient and Multi-modal”: Windows Head Outlines a Radical AI-Powered Future for the OS appeared first on Penetration Testing Tools.

Fortinet has disclosed a critical vulnerability in its FortiSIEM system, already accompanied by a working exploit circulating publicly. The flaw enables a remote, unauthenticated attacker to execute arbitrary commands on the targeted system, making...

The post Critical FortiSIEM Flaw: Fortinet Urges Immediate Patching as Public Exploit Circulates appeared first on Penetration Testing Tools.

The Matrix Foundation, the organization behind the eponymous federated communication protocol, has announced the release of an unscheduled update addressing two high-severity vulnerabilities which, if successfully exploited, could have had critical consequences. According to...

The post High-Severity Flaws Found in Matrix Protocol, Posing Risk to Government Communications appeared first on Penetration Testing Tools.

Here’s a look at the most interesting products from the past week, featuring releases from Brivo, Envoy, Prove, Rubrik, and Trellix. Rubrik Agent Rewind enables organizations to undo mistakes made by agentic AI Agent Rewind, powered by Predibase AI infrastructure, will enable organizations to undo mistakes made by agentic AI by providing visibility into agents’ actions and enabling enterprises to rewind those changes to applications and data. Trellix expands data security support to ARM-compatible devices … More →

The post New infosec products of the week: August 15, 2025 appeared first on Help Net Security.

2024年3月首次被发现的XZ-Utils后门程序，目前仍存在于Docker Hub上至少35个Linux系统中，这可能会将用户数据置于风险之中。

Docker Hub是由Docker运营的官方公共容器镜像仓库，开发者和企业可在此上传或下载预构建的镜像，并与社区共享。

许多CI/CD流水线、开发者及生产系统会直接从Docker Hub拉取镜像，将其作为自有容器的基础层。若这些镜像存在安全漏洞，新构建的容器也会继承其中的漏洞或恶意代码。Binarly的研究人员发现，仍有大量Docker镜像受到XZ-Utils后门程序的影响。 

Binarly在报告中指出：“如果发行版软件包被植入后门，那么任何基于这些包构建的Docker镜像也会受到感染。然而，我们发现部分受感染的镜像仍在Docker Hub上公开可用，而其他镜像又以这些受感染的基础镜像为基础进行构建，导致感染范围进一步扩大。”

Binarly已将这些镜像报告给Debian（仍在提供带后门程序镜像的维护者之一），但Debian以风险较低且需保证归档连续性为由，决定不将这些镜像下线。 

XZ-Utils后门程序（追踪编号为CVE-2024-3094）是隐藏在xz-utils压缩工具（5.6.0和5.6.1版本）的liblzma.so库中的恶意代码。

它通过glibc的IFUNC机制挂钩OpenSSH中的RSA_public_decrypt函数，因此，若拥有特殊私钥的攻击者通过SSH连接到受影响的系统，他们便能绕过身份验证，以root权限远程执行命令。

该后门程序由长期参与项目的贡献者“Jia Tan”秘密植入，并被包含在Debian、Fedora、OpenSUSE和Red Hat等官方Linux发行版软件包中，使其成为去年最严重的软件供应链安全事件之一。

由于后门程序发现及时，攻击者几乎没有机会利用它。Binarly、卡巴斯基等机构还发布了扫描工具，以帮助检测依赖的开源软件中是否存在该后门。

Debian的回应

令研究人员感到意外的是，Debian并未从Docker Hub撤回使用带后门版本库的64位镜像，目前至少有35个此类镜像仍可下载。

Binarly表示，这一数字仅部分反映了问题的实际规模，因为他们并未对平台上的所有镜像进行XZ-Utils后门程序扫描。

Binarly在报告中解释道：“我们发现了超过35个包含后门程序的镜像。虽然这个数字看似不大，但我们仅扫描了Docker Hub上发布的一小部分镜像，且只到二级镜像就停止了。”

Debian称，他们有意选择不从Docker Hub移除这些镜像，而是将其作为历史产物保留，并告知用户仅使用最新的镜像，而非旧版本。

维护者做出这一决定的原因是，他们认为该后门程序被利用的条件不太可能满足，例如需要容器中安装并运行sshd、攻击者能够网络访问该容器上的SSH服务，以及使用与后门触发逻辑匹配的私钥等。

Debian维护者的回应

但Binarly不同意这种做法，他们强调，仅仅让这些镜像可被公众获取，就会因意外拉取或在自动构建中使用而带来重大风险。

这一情况同样适用于所有可能包含受感染版本XZ-Utils后门程序的镜像，因此用户应手动检查，确保所用库的版本为5.6.2或更高（最新稳定版为5.8.1）。

Cisco has disclosed a critical security vulnerability in its Secure Firewall Management Center (FMC) Software that could allow unauthenticated attackers to execute arbitrary shell commands with high-level privileges remotely. The vulnerability, tracked as CVE-2025-20265 and assigned the maximum CVSS score of 10.0, represents one of the most severe security flaws discovered in enterprise firewall infrastructure […]

The post Cisco Secure Firewall Vulnerability Allows Hackers to Inject Remote Shell Command Injection appeared first on Cyber Security News.