A threat actor hidden behind Tor nodes is scanning for Windows systems vulnerable to BlueKeep flaw.

There is no released Docker version with a fix for this issue at the
time of writing. I’ve submitted a patch upstream[1] which is still
undergoing code review, and after discussion with them they agreed that
public disclosure of the issue was reasonable. Since the SUSE bug report
contains exploit scripts[2], I’ve attached them here too.

If an attacker can
add a symlink component to the path *after* the resolution but *before*
it is operated on, then you could end up resolving the symlink path
component on the host as root. In the case of ‘docker cp’ this gives you
read *and* write access to any path on the host.

As far as I’m aware there are no meaningful protections against this
kind of attack (other than not allowing “docker cp” on running
containers — but that only helps with his particular attack through
FollowSymlinkInScope). Unless you have restricted the Docker daemon
through AppArmor, then it can affect the host filesystem — I haven’t
verified if the issue is as exploitable under the default SELinux
configuration on Fedora/CentOS/RHEL.

• Intezer has discovered a new, sophisticated malware that we have named “HiddenWasp”, targeting Linux systems.

• The malware is still active and has a zero-detection rate in all major anti-virus systems.

On Tuesday, a virus on ‘a limited number of computers’ in Philadelphia’s court system led to the court shutting down its site and some online filing services as a safety precaution. City officials and the court haven’t said when all systems will go back online.

The popular white hat hacker Tavis Ormandy has announced the discovery of a code execution vulnerability in Microsoft’s Notepad text editor.

Microsoft has issued its second advisory this month urging users to update their systems to prevent a re-run of attacks similar to WannaCry.

A recently uncovered piece of sophisticated malware targeting Linux provides attackers with remote control of the infected systems, Intezer’s security researchers have discovered.

Called HiddenWasp, the threat is active and enjoys zero-detection rate in all major anti-virus systems, the researchers say. The threat appears to be used in targeted attacks on victims who went through heavy reconnaissance or are already compromised by the attackers.

HiddenWasp Malware Stings Targeted Linux Systems
https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/

Overview

• Intezer has discovered a new, sophisticated malware that we have named “HiddenWasp”, targeting Linux systems.

• The malware is still active and has a zero-detection rate in all major anti-virus systems.

• Unlike common Linux malware, HiddenWasp is not focused on crypto-mining or DDoS activity. It is a trojan purely used for targeted remote control.

• Evidence shows in high probability that the malware is used in targeted attacks for victims who are already under the attacker’s control, or have gone through a heavy reconnaissance.