The Red Hat owned Enterprise Linux (RHEL) platform is solely targeted at enterprise market, as it restricts free re-distribution of officially supported versions, though the source code is still freely provided.

Now, the upcoming upgrade to Red Hat Enterprise Linux, RHEL 8.4, which will be generally available in the coming weeks, is bringing edge computing capabilities with the addition of container deployment geared at supporting edge usage. While RHEL 8.3 brought a number of new changes, including system roles for logging, system metrics, disk encryption, and bootloader, to help users to manage large installations through consistent and repeatable configurations at scale.

RHEL 8.4 builds on these capabilities, coupled with standardization and control across Linux container images, starting with updates to Red Hat’s Podman container engine, for managing containers from a single point across the hybrid cloud.

What features to expect in the Upcoming RHEL 8.4 update?



The upgrade to RHEL 8.4 will include the Red Hat Universal Base Image (UBI), which is currently available in a lightweight, micro image for building cloud-native applications that are redistributable, on a RHEL foundation without full kernel deployment.



Also, RHEL 8.4 aims for greater flexibility for cloud applications, with more “holistic” view of subscription deployment via the Red Hat Insights Subscriptions with improved support for the Red Hat Cloud Access. As RHEL serves as the baseline of the Red Hat Edge initiative, it is intended to extend the capabilities of the Red Hat hybrid cloud to edge computing, with support for applications from enterprise devices and automobiles.

Additionally, RHEL 8.4 brings extended security features, including the addition of a RHEL system role for cryptocurrency policies and network-bound disk encryption offered as a container, and automated system configuration and management via RHEL Web Console updates and the Tracer utility.

How to Upgrade to Red Hat Enterprise Linux (RHEL) 8.4?



RHEL 8.4 is scheduled for release in the coming weeks, then you can download it directly from Red Hat’s Portal. If you're a new user who wants to try out RHEL 8.4, you can download it from developer.redhat.com as part of the no-cost Red Hat Enterprise Linux Developer Subscription.

And if you want to try out the latest RHEL 8.4 beta release which is accessible for subscription holders via the Red Hat Customer Portal, you can obtain a subscription by joining the Red Hat Developer Program.

Upcoming RHEL 8.4 update to bring Edge Computing capabilities

Gatekeeper is a security feature in Apple Mac which is supposed to allow only trusted apps to run on the system by ensuring that the application has been signed and cleared via an automated process known as "app notarization" which scans the app for malicious content.

The security feature, by default, accepts all software directly from Apple's own Mac App Store, as well as apps "signed" by developers approved by Apple, which it assume to be safe. But there is a flaw in Gatekeeper, tracked as CVE-2021-30657, which vulnerability was reported by Cedric Owens, a security engineer on March 25, 2021.

Apple had promptly released an update to macOS operating systems to address the vulnerability which could be exploited to circumvent all security protections, allowing unapproved applications to run on Macs.

How Hackers could have Exploited the Gatekeeper Flaw to Attack macOS Computers?



The Gatekeeper flaw uncovered by Owens could allow an adversary to craft rogue applications to deceive the Gatekeeper service and get executed without triggering security warnings, by packaging a malicious shell script as a "double-clickable app" of which the malware could be double-clicked and run like an app.



As the malware is run as an app in the sense that you can double click it and have macOS view it as an app when you right click, it's also shell script in that shell scripts aren't checked by Gatekeeper even if the quarantine attribute is present.

Given that unsigned, unnotarized, script-based proof of concept application could trivially and reliably sidestep all of macOS's security mechanisms (including Gatekeeper and Notarization Requirements), even on a fully patched M1 macOS system, with such a capability malware authors could succeed in their proven methods of infecting macOS users.

In a previous Gatekeeper flaw, hackers exploited it to sneak in malicious code to run as "signed" software, by inserting malware into the code libraries, or dylibs, that most large applications share; while the second, bundle malware into compressed installer packages (.dmg files) for signed software.

Albeit, Apple's attempt to patch the vulnerability by including verification of dylibs to block the first exploit, was too narrow to contain the flaw. It remains clear that Gatekeeper still doesn't block every piece of unsigned software, only the most obvious ones get blocked.

Mac users are thereby recommended to update their system to the latest versions of macOS to mitigate the risk associated with the Gatekeeper flaws.

Gatekeeper Flaw actively exploited in attacks on macOS Computers

The popular instant messaging platform, Telegram, has enjoyed a surge in usage as a result of the controversial privacy policy changes made by its rival, WhatsApp.

While Telegram has surpassed 500 million monthly active users, cybercriminals are finding it a lot more appealing, and malware authors are increasingly using it as a ready-made command and control (C&C) system for their malicious activities, and distributing malware within organizations that would then be used to capture sensitive information from targeted systems.

According to Check Point Research (CPR), there has been over 130 attacks using a new multi-functional remote access trojan (RAT) known as ‘ToxicEye’ which spreads via phishing emails and managed by attackers over Telegram, using it to communicate with the C&C server and exfiltration of data.

How Cybercriminals use Telegram Messenger to control ToxicEye Malware?



ToxicEye spreads via phishing emails containing a malicious .exe file, which when the user opens, installs itself on the victim’s machine with the ability to perform a range of exploits without the victim’s knowledge, such as data stealing, deleting or transferring files, among other malicious activities.



First, the attacker creates a Telegram account and bot, which Telegram bot account serves as a special remote account with which users can interact by chat or by simply adding them to a Telegram group, or by sending direct requests from the input field by typing the bot’s Telegram username and followed by a query.

Then, the Telegram bot is embedded in the ToxicEye RAT configuration file, which is compiled into an executable file and if a victim is infected with the malicious payload, it can be controlled via the Telegram bot, as it connects the victim’s device to the attacker’s C&C via Telegram.

How to Identify Infected system and tips to keep your System protected



Obviously, every remote access Trojan (RAT) using this method has its own key capabilities that characterize most of the recent attacks, such as ransomware and data stealing features – as the RAT can locate and steal passwords, computer information, browser history and cookies.

Therefore, if you want to ensure that your system is not infected, search for a file called C:\Users\ToxicEye\rat.exe which if this file exists on your PC, means you've been infected and need to immediately contact your organization's help desk and make sure to erase this file from your system.

Additionally, you should monitor the traffic generated from PCs in your organization to a Telegram C&C, if such traffic exists, and Telegram isn't installed as an enterprise solution, it is a possible indicator of compromise.

Hackers using Telegram to send Malicious commands remotely

Mozilla's Python-in-the-browser project, Pyodide is an experimental project to create a full Python data science stack that runs entirely in the browser.

While Pyodide is the offshoot of another Mozilla project, known as Iodide, which is a tool for data science experimentation and communication based on state-of-the-art web technologies. Now, Mozilla has spin out Pyodide into an independent, community-driven project.

Going forward, the project will be maintained by community of volunteers and Mozilla has published a governance document with a project roadmap, which outlines what the goals are, such as reducing download sizes, better performance of Python code, and simplification of package loading.

Pyodide aim to Bring the scientific Python stack to the browser



JavaScript, the common browser language doesn’t have a mature suite of data science libraries, and missing a number of features that are necessary for numerical computing, like operator overloading.



Pyodide is designed to perform data science computation within the browser rather than a remote kernel, it gives you a full, standard Python interpreter that runs entirely in the browser, with access to the browser’s Web APIs. Also, Pyodide can install Python packages with a pure Python wheel directly from PyPi, the Python Package Index.

Pyodide includes a foreign function interface which exposes Python packages to JavaScript and the browser UI, including the DOM, to Python, making several Python scientific packages, including Matplotlib, SciPy, NumPy, Pandas, and Scikit-learn, available in the browser.

What does the Community-driven development for Pyodide means?



The Community-driven development for Pyodide means that control of the development process, resources and decision making authority will now come directly from groups in the community.

Therefore, developers are invited to try out Pyodide in a REPL in their browser, even as Mozilla has recently announced the release of Pyodide 0.17, bringing major improvements, and a redesign of central APIs, with elimination of error and memory leaks.

Mozilla's Python-in-the-browser project now Community-driven

Malvertising groups infiltrates the advertising ecosystem as media buyers, with an ongoing campaign tracked as "Tag Barnakle" resulting to the breach of over 120 ad servers in an attempt to serve their malicious ads.

The Tag Barnakle campaign is able to bypass the initial scrutiny by going straight for the jugular, that is, mass compromise of ad serving infrastructure, to inject code in order to serve malicious advertisements that redirect users to rogue websites, and exposing victims to malware.

According to security researchers at Confiant, Tag Barnakle is now able to push mobile targeted campaigns, whereas they were happy to take only desktop traffic last year.

How 120 Ad Servers were Compromised to Target Millions of Internet Users?



The threat actors behind Tag Barnakle were able to compromise nearly 60 ad servers in April 2020, primarily targeting an open-source ad server called Revive.



Now, the latest attacks aren't any different, albeit the actors seems to have upgraded their working tools to target even more ecosystem, such as mobile devices. As it currently pushes mobile targeted campaigns, and given that Revive is used by a sizable number of ad companies, Confiant believes the reach of Tag Barnakle should be in the range of "tens if not hundreds of millions" of devices.

Over the last 12 months, Confiant has identified over 120 revive instances that bear some attribution markers of Tag Barnakle related compromise with several still impacted today.

Tag Barnakle's interesting Pivot towards Mobile



Tag Barnakle’s targeting criteria now includes a WebGL debug parameters that are consistent with mobile devices, with many of these campaigns meant to lure the victim to the app store listing for obscure Security / Safety / VPN apps with hidden subscription costs or just to siphon off traffic for nefarious ends.

However, it is incredibly difficult to calculate the full reach of Tag Barnakle’s malvertisements, even though the compromise appears to impact several of long-tail websites, the list of which includes a sizable amount of ad companies that have built their technical stack on Revive.

Mass compromise of Ad serving infrastructures for malvertising

There is an ongoing spear-phishing attack campaign, which is believed to be carried out by the advanced persistent threat group, the Lazarus Group, a North Korean threat actor targeting its southern counterpart.

According to researchers at Malwarebytes, the APT group conceal its malicious code in a bitmap (.BMP) image file which it then uses to drop a remote access trojan (RAT) capable of stealing personal data and other sensitive information.

Lazarus Group is perhaps the most sophisticated and notorious of the North Korean Threat Actors and has been active since 2009; known to majorly target South Korea, but also includes several other countries.

How the APT hackers conceals malicious code within BMP image to spread its RAT?



The attack scenario follows distributing of phishing emails weaponized with a malicious document, which document shows a blue theme in Korean requesting that the user should enable the macro to view the document.



Once the macro is enabled, a message will pop up and on clicking the message the final lure will be loaded onto the system, as the document is weaponized with a macro that is executed upon opening. It starts by calling MsgBoxOKCancel function, which function pops up a message box to the user with a message that claims to be an older version of Microsoft Office.

Then after execution, it converts the image in PNG format into BMP format by calling WIA_ConvertImage. And since the BMP file format is an uncompressed graphics file format, converting PNG file format into BMP file format will automatically decompress the malicious zlib object embedded from PNG to BMP.

This clever method used by the threat actor enables them to bypass security mechanisms which can detect embedded objects within images and because the document having the zlib malicious object is compressed it can't be detected by any static detection system.

APT Hackers using BMP images to conceal RAT malware

Logica is an open source logic programming language developed by Google to “solve problems of SQL” using syntax of mathematical propositional logic instead of natural language.

While Google had earlier introduced Yedalog language, Logica is replacing it as a logic language to serve data scientists, and other specialists; which compiles code to SQL and runs on the Google BiqQuery, with experimental support for PostgreSQL and SQLite.

Logica is a more concise language and supports reusable abstraction mechanisms that SQL lacks, with modules and imports support as well; it can be used from interactive Python notebook and even makes testing of queries more natural and easy.

How Logica Programming language solves SQL flaws?



Albeit, SQL is widely adopted by developers, yet it is not flawless. As statements constructed from long chains of English words can be very verbose, with a single query spanning hundreds of lines is a routine occurrence. But, the main flaw of SQL lies in its very limited support for abstraction.



Thus, Logic programming languages tend to solve these problems of SQL by using syntax of mathematical propositional logic instead of natural English language. And the language of formal logic designed by mathematicians specifically is to make expression of complex statements easier and it suits the purpose much better than natural language.

Logica extends classical Logic programming syntax further, notably with aggregation, as the name stands for Logic + Aggregation. SQL operates with relations, which are sets of rows, with logic programming the analog of a relation is a predicate, which in turn is a set of rows, but think of it as a logical condition, which describes the rows of a relation.

However, there is much more to Logica, you can start with this tutorial here to learn more about Logica. Besides using it in your next project, the learning of a new powerful language could open your mind to new ideas and perspectives on data processing and computing in general.

What is Logica? Google's Logic programming language for solving SQL flaws

Microsoft’s creation of dotnet/csharpstandard completes the move of C# standardization work to open source, providing a public space for the ongoing work to document the latest C# language versions.

While the C# compilers have been open source since 2014, now available in the dotnet/roslyn repository, but the dotnet/csharplang split off provides a dedicated public space for the innovation and evolution of the C# language. And the dotnet/csharpstandard repo now available on GitHub will be the working space for the ECMA C# standards committee, TC-49-TG2 which is still responsible for creating the proposed standard for the C# language.

Thus, the C# language innovation and feature design through to implementation and standardization will now take place in the “open” with the contributions all public.

Innovation and evolution of the C# Programming language



Microsoft had earlier open sourced C# compilers, and now, there are now about three such repos dedicated to the C# programming language:





The move means that developers can now see the work in progress and work to incorporate features also as it is taking place.

And it'll be easier to ask questions among the design team, the compiler implementers, and the committee; as the conversations will also be public. The changes planned for the coming months include: Issues in csharplang and dotnet/docs for the spec text will move to the new dotnet/csharpstandard repo.

The C# spec on docs.microsoft.com is going to be replaced with the version from the standards committee. And the C# 6 draft spec removed from the dotnet/csharplang repo, once the proposed C# 6 draft is published on docs.microsoft.com.

Open Source C# gets a home on GitHub for documentation

IcedID is a notorious banking Trojan targeted at Windows users that exfiltrate banking credentials, with capabilities that allows it to connect to remote server for deployment of additional payloads.

While Microsoft has issued a warning about new IcedID malware attack campaign that abuses website's contact forms published to deliver malicious links to business organizations via emails with fake legal threats, thus abusing legitimate system to carry out evasive campaigns that bypass security protections.

And once a system is infected, the malware deploys additional payloads such as ransomware that are capable of moving across the affected networks to performing hands-on-keyboard attacks and stealing of credentials.

How Hackers are using Website's Contact Forms to deliver IcedID Malware?



Typically, a website's contact form allows the site visitors to communicate with site owners, by removing the necessity of having to reveal their email address which could be used by potential spammers.



The IcedID malware campaign has resulted an influx of contact form emails targeted at businesses by means of abusing companies’ website contact forms. The attackers may have used a tool that automates the process by circumventing CAPTCHA protections, as the malicious email arrives in the recipient’s inbox from the contact form as if it was sent from trusted email marketing systems, which seemingly legitimacy helps it to evade detection.

The message is generated by filling out and submitting the web-based form to the associated contact form recipient or targeted enterprise, the attacker-generated message uses strong and urgent language and pressures the recipient to act immediately, compelling the recipients to click on the links to avoid a supposed legal action.

Besides the fake legal threats written in the comments, the message also includes a link to a page on sites.google.com for the recipient to view alleged stolen photos.

And with the sense of urgency, the victim is bound to click on the link or open the malicious file, and this infection chain, which is simply a link to a sites.google.com page, requires that users sign in with their Google credentials, before a ZIP archive file is automatically downloaded to the system.

How to Mitigate against such sophisticated phishing attacks



The above scenarios offer a glimpse into how sophisticated attackers’ techniques have grown; and the goal of delivering dangerous malware payloads such as IcedID.

Therefore, for such highly evasive campaign, users are advised to ensure that their system is running Microsoft Defender for Office 365 which inspects the email body and URL for known patterns. The Defender for Office 365 leverages its deep visibility into email threats and advanced detection technologies powered by AI and machine learning, backed by Microsoft's constantly monitor of the threat landscape for new attacker tools and techniques.

Microsoft warns on IcedID Malware spreading via Contact Forms

There is a previously undocumented malware downloader, dubbed "Saint Bot," which has been spotted in the wild in several phishing attacks that deploy other malicious payloads including credential stealers.

According to Aleksandra "Hasherezade" Doniec, a threat intelligence analyst at Malwarebytes, Saint Bot is a downloader which first appeared in January 2021, and is slowly gaining momentum. The malware dropper has been found dropping stealers such as Taurus Stealer or other loaders, which it deploys for distributing other kind of malware.

It employs a variety of techniques to evade detection, which although nothing novel, but does indicate some level of sophistication on the part of the malware authors considering it's a new malware.

How Saint Bot Malware steals credentials and deploy malicious Payloads?



The Saint Bot Malware infection chain analyzed by Malwarebytes begins with a phishing email that contains an embedded ZIP file ("bitcoin.zip") which claims to be a bitcoin wallet, but in fact, it is a PowerShell script with .LNK shortcut file extension.



The PowerShell script downloads the next stage malware, which is a WindowsUpdate.exe executable, and in turn, drops a second executable (InstallUtil.exe) to take care of downloading more executables namely: def.exe and putty.exe. With the former as a batch script for disabling Windows Defender, while putty.exe contains malicious payload that connects to a command-and-control (C2) server for more exploitation.

The malware's obfuscation techniques in each stage of the infection, allows the operators to exploit the infected system without attracting any attention, coupled with the anti-analysis techniques employed by the malware.

How to mitigate against such Phishing attacks



Saint Bot is yet another tiny downloader, and it is suspected to be sold as a commodity in one of the darknet forums, as it isn't linked with any specific actor.

Just like other similar malware, it pretty much has the same functionalities, though the targets may change or some features could be added, but it's primarily based on keylogging, and extracting personal data from victims. Therefore, it is recommended that online users should ensure they aptly cross-check received emails for any suspicious attachments and patches for known vulnerabilities should be applied when available, especially against weaponized exploits that target Internet tools, such as mail clients and browsers.

New Malware downloader spotted in the wild in Phishing attacks

Pwn2Own 2021 annual hacking contest, where hackers and cybersecurity researchers try to exploit popular software and operating systems was concluded last week on April 8.

This year’s event is perhaps the largest in Pwn2Own history, with about 23 separate entries targeting 10 different products, including: Web Browsers, Servers, Virtualization, Local Escalation of Privilege, and the newest category of Enterprise Communications.

Among the targets with successful exploits included Microsoft Exchange, Microsoft Teams, Zoom, Apple Safari, Windows 10, and Ubuntu operating systems. Also, last year event, Pwn2Own 2020 had the Georgia Tech Team hitting a $70,000 bounty by targeting Apple Safari.

How the Major exploits were executed by the hackers



There was a zero-click exploit targeting Zoom which employed a three-bug chain to exploit the app and gain code execution on the target system. And the Zoom vulnerabilities were exploited by Daan Keuper and Thijs Alkemade of Computest Security, which exploits are particularly noteworthy as the flaws required no interaction of the victim other than initiating a Zoom call.



The flaws affects both Windows and Mac versions of the Zoom app, albeit it isn't yet clear if the Android and iOS versions are also vulnerable.

While Tao Yan of Palo Alto Networks targeting Windows 10 in the Local Escalation of Privilege category, used a Race Condition bug to escalate to SYSTEM on the fully patched Windows 10 machine, thereby earning himself a whopping $40,000 and 4 points towards Master of Pwn.

Manfred Paul targeted Ubuntu Desktop in the Local Escalation of Privilege category, using an OOB Access bug to escalate to a root user on Ubuntu Desktop and the Pwn2Own veteran earns himself a $30,000 price money and 3 points towards Master of Pwn.

Alisa Esage, an independent researcher, made history as the first woman to have won Pwn2Own for finding a bug in virtualization software Parallels, albeit she was awarded a partial win because the flaw had already been reported to ZDI prior to the hacking event. You can check here for a more detailed explanation of all the exploits recorded at Pwn2Own 2021.

Pwn2Own 2021: Windows 10 and Ubuntu Desktop operating systems Pwned

Mobile apps have played significant roles in our daily living, in virtually every sector, such applications have been pretty useful.

In this article, we'll focus on how the education sector has benefited from these improved technology. With some applications haven simplified how students can accomplish their assignments without much struggle. By ordering academic term papers you can get more insights on student's welfare in matters relating to technology advancement.

From the teachers, students, and even other academic staff, all deserves a smooth experience within the learning environment. For instance, teachers find it challenging to manage a large number of students. It becomes challenging for a teacher to evaluate a student at a personal level.

However, with improved tech, students can access tablets and communicate with teachers on complex concepts personally. Still, the mobile apps have enabled teachers, students, parents, and other staff in handling different matters with ease.

7 Ways Mobile Applications have Improved the Education Sector



So, below are ways in which mobile applications have contributed to a better learning experience.



  • Real-time Tracking


As a student, you have several activities to accomplish. Without proper planning and organization, you might forget some of the essential details. For instance, there could be an upcoming exam which you must revise for. If you forget and get to the exam room minus revising, you can panic and end up getting low grades. However, with mobile apps, you can create a clear schedule and reminders of upcoming and urgent tasks to work upon them effectively.

  • Student Groups


It is now easier than before. Each student can create a profile with all their details and connect with other online platforms via mobile apps. This is an excellent idea because students can discuss different matters relating to education and get a solution. For instance, if, as a student, you didn't understand a particular concept in class, you can raise the topic and discuss it with others to find a real-time solution. The advantage here is that each person gives their opinion, and the more they discuss, the more you understand—besides, the response rate in real-time.

  • View Assignments & Grades


Mobile applications benefit the teachers and students at large in different ways. For example, teachers can easily allocate assignments to students via the mobile apps. On the other hand, students can access the projects and instructions and work on them as required. Still, students can view their progress via these apps and evaluate areas they need to put in more effort.

  • Seamless Learning


Another benefit of mobile apps for education is the smooth learning experience. Even if students aren't in the school, they can still access all the school programs via the app. For instance, the school can share the plans for lessons, assignments, the syllabus, course evaluation, among other requirements. Students can then analyze the report and plan their time well to manage all the activities in school.

  • Develop Problem-solving Skills


With education apps, students have to embrace creative thinking to solve some issues. Sometimes, the teacher isn't present, and the students must think on their own. In such a case, when the matter at hand is urgent, the students have to figure out ways to solve the issue. In the end, they become experts in solving different problems without close supervision.

  • Offline Data Storage


Mobile applications offer excellent storage space that students can access documents and files while offline. This simplifies students' work because they don't have to sync the app's data to get the required files.

  • Event Scheduling & Notifications


In a school environment, some events take place and calls for students to participate in one way or the other. It can be challenging for such essential information to reach all students within the required time frame. However, with mobile apps, the school updates the list of events and respective dates in advance so that students can plan their schedules appropriately.

7 Advantages of Mobile Apps in the Educational sector

Google has been working on the Android Open Source Project (AOSP) since last 18 months, in a bid to prevent memory safety bugs, by adding support for Rust programming language.

The company had preferred languages like Java and Kotlin as the best options for Android app development, and with the Android OS use of Java extensively, thereby protecting large portions of the Android platform from memory safety bugs.

However, Java and Kotlin languages aren't an option for the lower layers of the Android OS, with code written in C and C++ languages requiring robust isolation when parsing untrustworthy input, the technique of containing the code in a strictly constrained sandbox can be expensive, and results additional memory usage and latency issues.

What Rust Programming Language brings to the table



Rust programming language provides memory safety guarantees through a combination of compile-time checks that enforce object lifetime/ownership and runtime checks which ensures that every memory access is valid.



Given the memory safety bugs in C and C++ which constitutes about 70% of all high severity security vulnerabilities in Android, the idea to switch to a memory-safe language like Rust is to prevent such from happening in the first instance.

Albeit, Google would not have to rewrite all of its existing C and C++ code into the underlying OS, but rather to focus its memory-safe language efforts on new or recently modified code with higher likelihood of memory bugs.

Some other efforts at Memory Safety with Rust Language



Microsoft has been working on new ‘memory safe’ programming language, which internally is referred to as “Safe Infrastructure Programming” based on Rust language.

The experiment with the Rust language is in a bid to improve its software, under Project Verona initiative, as Rust programming language is better than the C/C++ languages commonly used to write micro-controller firmware.

Google turns to Rust Language to prevent Android Memory Safety bugs

Microsoft has released a preview of its own build of OpenJDK, known as Microsoft Build of OpenJDK, an open source and freely available, long-term support distribution of Java.

Microsoft Build of OpenJDK binaries of Java 11 is available for download on Windows, Linux, and MacOS, with Microsoft publishing an early access binary for Java 16, which is the latest version of standard Java, for Windows on Arm. With Builds for Java 11 based on OpenJDK source code, and follows the same build scripts employed in the Eclipse Adoptium project, formerly AdoptOpenJDK.

Azure cloud users can also try the build via Azure Cloud Shell, albeit Microsoft’s binaries have passed the Java Technology Compatibility Kit (TCK) for Java 11.

What you need to know about Microsoft Build of OpenJDK



Microsoft Build of OpenJDK is to serve as a simple drop-in replacement for other OpenJDK distribution in the Java ecosystem. And the company has pledged to support Java 11 until at least 2024.



Also, Microsoft will offer support for Java 8 binaries from Eclipse Adoptium on Azure-managed services, with Java 8 offered as a target runtime option. While OpenJDK binaries for Java 17 will be due for release by the end of the year. Microsoft is a huge contributor to OpenJDK, with more than 50 patches for OpenJDK, covering areas such as garbage collection fixes, MacOS packaging, build and infrastructure.

Microsoft Build of OpenJDK binaries may come with backported fixes and enhancements deemed important to users. Though some of the fixes may not have been formally backported upstream and signposted in OpenJDK release notes.

Open competition with Oracle in the Java distribution space



The move has been seen by analysts as a serious competition for Oracle in the Java space, as Java is one of the most popular programming languages today, used for almost everything from enterprise applications to robots.

Microsoft is increasingly experiencing growth in its customer use of Java across the company’s cloud services and development tools, haven deployed more than 500,000 JVMs internally, excluding Azure services and customer workloads. Indeed, Microsoft Build of OpenJDK would set up the company to compete with Oracle in the Java space.

Microsoft Build of OpenJDK to compete with Oracle in the Java space

Cybercriminals are increasingly targeting professionals on LinkedIn with weaponized job offers via a new spear-phishing campaign in an attempt to infect targeted victims with a backdoor trojan known as "more_eggs."

According to cybersecurity firm eSentire's Threat Response Unit (TRU), the phishing lures follows a malicious ZIP archive file that has the same name as that of the victim's job titles taken from their LinkedIn profile. And once the fake job offer is opened, the victim has unwittingly initiated the stealthy installation of the fileless backdoor.

The backdoor upon execution can download additional malicious plugins and provide hands-on access to the victim’s computer and the threat group behind more_eggs, Golden Chickens, are known to sell the backdoor under a malware-as-a-service(MaaS) arrangement to other cybercriminals.

How More_Eggs Attacks are targeted at Professionals on LinkedIn



The TRU team analysis shows that the targets were professionals working in the healthcare technology industry, which upon downloading and executing the alleged job file, the victim unwittingly executed VenomLNK, an initial stage of more_eggs.



VenomLNK enables the malware’s plugin loader, TerraLoader, which then hijacks legitimate Windows processes, cmstp and regsvr32 by abusing Windows Management Instrumentation. With TerraLoader initiated, which is a decoy word document presented to the victim, designed to impersonate a legitimate employment application; but it serves no functional purpose in the infection.

Then, TerraLoader will install msxsl in the victim’s roaming profile and loads the payload, TerraPreter, which is an ActiveX control (.ocx file) downloaded from Amazon Web Services, as TerraPreter begins to beacon to a Command & Control server (C2) via the rogue copy of msxsl.

This signals that the more_eggs backdoor is ready for the threat group’s customer to gain access and carry out their malicious activities, whether it is to infect the victim with additional malware, such as ransomware, or getting a foothold into the victim’s network so as to exfiltrate data.

Risks posed by More_Eggs Backdoor to Organizations and Professionals



The threat actors went after employees of the healthcare technology sector with fake job offers, and cleverly using the job title listed on their LinkedIn profiles, in communications to the employees. They also used malicious email attachments which if the target clicked on the attachment, they'll get their system infected with more_eggs.

While the TRU team don't know for certainty what the end game is for this campaign, but what is clear is that this current activity mirrors an eerily similar campaign which was reported in the U.S. retail, entertainment and pharmaceutical companies in February 2019, where online shopping, were targeted.

Coincidentally, the hacking group, Evilnum is also known to spearphish employees of companies they are targeting by enclosing malicious zip files, which upon execution, gets the employees hit with the more_eggs backdoor, along with other malware.

New spear-phishing campaign targeting professionals on LinkedIn

Ubuntu is a popular Linux distribution based on Debian, released in three editions, namely: Server, Desktop, and Core, with all editions capable of running on PC or a virtual machine.

While Ubuntu 21.04 is the latest version of the distro, and third version to receive a codename with the letter “H”, with the earlier version, Ubuntu 5.04 which was released in 2005 codenamed “Hoary Hedgehog”, and followed by Ubuntu 8.04 LTS “Hardy Heron” in 2008. And the codename for Ubuntu 21.04 was revealed as “Hirsute Hippo“ which is a rather humongous name.

The Beta version of Ubuntu 21.04 Hirsute Hippo arrived on April 1, 2021, and the final freeze milestone is expected on April 15, with the final stable version to be made available on April 22, 2021.

What's new in Ubuntu 21.04 Hirsute Hippo Beta?



Unlike previous Ubuntu releases that came with tons of core and visual changes, Ubuntu 21.04 Hirsute Hippo Beta is rather straightforward, with the absence of GNOME 40 as a disappointment to many users, albeit it does come with GNOME 40 apps.



Ubuntu 21.04 Hirsute Hippo Beta features Wayland as the default session, whch is a replacement for X.org’s windowing system, with such advantages as support for emerging HDR technology and significantly easier to maintain. Also, Ubuntu 21.04 comes with the ability to change the power profile mode with Pipewire support.

Additionally, it brings a new set of preloaded wallpapers and there are other flavors like Xubuntu, Lubuntu, Kubuntu, Ubuntu MATE, and Xubuntu versions.

How to Update to Ubuntu 21.04 Hirsute Hippo Beta



If you wish to update from older Ubuntu versions to Ubuntu 21.04 Hirsute Hippo Beta, check the Updates section and in the Notify me of a new Ubuntu version dropdown, select the For any new version option and close the app.

But note that Ubuntu is distributed on three types of images, with the Desktop image allowing you to try Ubuntu without changing your PC at all, and at your option to install it permanently later. However, you will need at least 1024MiB of RAM to install Ubuntu from this image.

And the second type, which is the server install image allows you to install Ubuntu permanently on a computer for use as a server, but it does not install a graphical user interface.

Therefore, the 64-bit PC (AMD64) desktop image should be prefered if you have a computer based on the AMD64 or EM64T architecture (e.g., Athlon64, Opteron, EM64T Xeon, Core 2). And the 64-bit PC (AMD64) server install image is prefered if you have a computer based on the AMD64 or EM64T architecture (e.g., Athlon64, Opteron, EM64T Xeon, Core 2).

If you need help in burning these images to disk, you can refer to the Image Burning Guide.

Ubuntu 21.04 Hirsute Hippo Beta features and how to update your system

The Windows Background Intelligent Transfer Service (BITS) was introduced with Windows XP to simplify the downloading and uploading of large files; with applications using BITS to deliver updates for minimal usage disruption.

While the BITS service runs in a service host process and able to schedule transfers to happen at any time, but such files and data are stored in a local database. And like many such technologies, BITS can also be used by malicious applications to create files that are downloaded or uploaded in the context of the service host process.

According to researchers at FireEye, there is a previously unknown mechanism that shows the hackers made use of BITS to launch their backdoor.

How Hackers leverages on BITS to infiltrate Windows systems



Hackers use malicious applications to create BITS jobs and files which are downloaded or uploaded in the context of the service host process to evade firewalls that could block such malicious or unknown processes, and to obscure which application requested the transfer.



As BITS transfers can also be scheduled, it enables the attackers to schedule the attacks to occur at specific times without relying on long-running processes or the task scheduler. Also, BITS transfers are asynchronous, which results in a situation whereby the application that created a job may not be running when the requested transfer is complete.

This scenario is remedied when BITS jobs are created with a user-specified notification command, which executes after the job completes or in case of errors. Then, the notification commands associated with BITS jobs can specify the executable or command to run.

But attackers can also utilize this feature as a method for maintaining persistence of their malicious applications, since the command data is stored in a database instead of traditional registry locations, it can be overlooked by forensic investigators or tools that attempt to identify persistence executables and commands.

How to secure your Windows machine against such infiltration



This new exploit is perhaps another reminder of how even useful tools like BITS can be repurposed by hackers to their own advantage.

Therefore, the researchers have made available a Python utility known as BitsParser that aims to parse BITS database files and extract job and file information for additional analysis to aid incident response and forensic investigations.

Hackers leverages on the Windows Background Intelligent Transfer Service