[SANS ISC] Backdooring PAM, (Sun, Nov 21st)

Xavier’s diary entry “(Ab)Using Security Tools & Controls for the Bad” on PAM, reminded me of a script to backdoor pam_unix.so: linux-pam-backdoor.

This script will download the PAM source code, patch it to add an hardcoded skeleton key password, and compile it.

There’s also a script to detect backdoored pam_unix.so files like this: linux-pam-backdoor-detect.sh

This scripts looks if there is an extra string between the following strings:

Didier Stevens
Senior handler
Microsoft MVP

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[HackerNews] Russian TrickBot Gang Hacker Extradited to U.S. Charged with Cybercrime

All posts, HackerNews

A Russian national, who was arrested in South Korea last month and extradited to the U.S. on October 20, appeared in a federal court in the state of Ohio on Thursday to face charges for his alleged role as a member of the infamous TrickBot group. Court documents showed that Vladimir Dunaev, 28, along with […]

Read More

[HackerNews] Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances

All posts, HackerNews

Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying TensorFlow pods on Kubernetes clusters, with the pods running legitimate TensorFlow images from the official Docker Hub account. However, the container images were configured to execute rogue commands that mine Source: Read More (The Hacker News)

Read More

[BleepingComputer] Microsoft fixes Microsoft Edge 91 nag screens and startup page bug

Microsoft has pushed out a fix for the Microsoft Edge 91 startup bugs and nag screens plaguing users since the new version of the browser was released. […] Source: Read More (BleepingComputer)

Read More