A high severity vulnerability was discovered in the common Unix and Linux networking tool curl and its library, libcurl. Though not exploitable under default conditions, trigger requirements for the vulnerability include pointing curl to a malicious server via a SOCKS5 proxy and setting the buffer size to a smaller size. To secure systems, security teams must identify all systems using curl and libcurl and apply updates. Monitoring inappropriate curl flags for large strings is also recommended.
Novel SSH backdoor leveraged in Chinese cyberespionage attacks
The new Coyote trojan variant attack uses a LNK file to execute a PowerShell command, which helps retrieve a PowerShell script for launching the trojan.
