Weekly Cyber Security News 29/01/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. A few interesting ones to mention this week. One that I experienced personally a few years ago when I setup an Asterisk box at home. Suddenly started receiving random external SIP connections without exposing the ports to the firewall. Found out it was that ALG feature in the router, and one I couldn’t switch off. Had to ditch that one (something from my service provider) and replace it with one I could:

• Knock, knock. Who’s there? NAT. Nat who? A NAT URL-borne killer

Remember that wonderful BASH one that made the headlines years ago? Here is something else but thankfully a little less risky:

• Sudo Bug Gives Root Access to Mass Numbers of Linux Systems – Qualys said the vuln gives any local user root access to systems running the most popular version of Sudo.

Supply chain poisoning again:

• Discord-Stealing Malware Invades npm Packages – The CursedGrabber malware has infiltrated the open-source software code repository.