News Wrap: Linux Utility Backdoor, Steam Zero Day Disclosure Drama

20:55
 
Share
 

Manage episode 240416027 series 64813
By Mike Mimoso, Chris Brook, Mike Mimoso, and Chris Brook. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Why did Valve-owner Steam say it made a "mistake" turning a researcher away from its bug bounty program? Who was behind a backdoor that was purposefully introduced into a utility utilized by Unix and Linux servers? And why is Facebook coming under fire for its "Clear History" feature? Threatpost editors Lindsey O'Donnell and Tom Spring break down the top stories of the week that have the infosec space buzzing, including:

  • A backdoor that was intentionally planted in Webminin 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code.
  • A researcher disclosing a zero-day vulnerability (the second in two weeks) for the Steam gaming client after he said he was barred from the bug bounty programof Steam's owner, Valve.
  • Facebook being met with vitriol after users discovered its "Clear History" feature, rolled out in some countries this week, wasn't what they had thought.

314 episodes