A high severity vulnerability was discovered in the common Unix and Linux networking tool curl and its library, libcurl. Though not exploitable under default conditions, trigger requirements for the vulnerability include pointing curl to a malicious server via a SOCKS5 proxy and setting the buffer size to a smaller size. To secure systems, security teams must identify all systems using curl and libcurl and apply updates. Monitoring inappropriate curl flags for large strings is also recommended.
GuidePoint warns of Python backdoor used in ransomware
GuidePoint Security identified a threat actor using a Python-based backdoor to persistently access breached endpoints and release RansomHub encryptors across compromised networks. The backdoor was