Tag: EXPLOIT

Summary: A new Linux privilege-escalation exploit has been discovered, allowing users to gain root access to vulnerable machines. The exploit affects various Linux distributions and has a high success rate on certain kernel versions.

Key Point: ⭐ Exploit grants root access to vulnerable Linux machines ⭐ Vulnerability tracked as CVE-2024-1086 with a severity rating of 7.8 ⭐ Patch released at the end of January, but updates are still rolling out ⭐ Exploit technique involves manipulating page tables to gain unauthorized control over system memory ⭐ Source code for exploit PoC is available on GitHub

———————-

A Linux privilege-escalation proof-of-concept exploit has been published that, according to the bug hunter who developed it, typically works effortlessly on kernel versions between at least 5.14 and 6.6.14. …

Read More

____________________ Summary : The Ubuntu security team has released security updates to address several vulnerabilities in ImageMagick that could lead to denial-of-service attacks. It is crucial for users to update their systems and exercise caution when handling image files from untrusted sources.

Key Point : ⭐ ImageMagick vulnerabilities impact various Ubuntu releases, including 20.04 LTS, 22.04 LTS, 22.10, and 23.04.…

Read More

____________________ Summary: Google’s latest research shows a significant increase in zero-day vulnerabilities exploited by attackers in enterprise-specific software and appliances compared to previous years.

Key Point 🛡️: – The number of found and exploited enterprise-specific technology zero-day vulnerabilities increased by 64% in 2023. – End-user platforms like Windows, Safari, iOS, and Android were also targeted, with notable investments from vendors like Apple, Google, and Microsoft.…

Read More

Summary: Nvidia’s ChatRTX bot has been patched for security vulnerabilities, including privilege escalation and remote code execution, in its latest update.

Key Point 🛡️: – CVE‑2024‑0083 vulnerability could lead to denial of service attacks, data theft, and remote code execution. – CVE‑2024‑0082 vulnerability allows data theft, data tampering, and privilege escalation.…

Read More

This video dives into the analysis of a malware sample involving UAC (User Account Control) bypass techniques. It provides a detailed walkthrough of static and dynamic malware analysis processes, including insights into threat intelligence using tools like any.run. The content focuses on dissecting a Visual Basic Script (VBS) malware that eventually leads to the execution of a Remote Access Trojan (RAT), illustrating various analysis techniques and tools along the way.…

Read More

____________________ Summary: The article discusses a new BOLA vulnerability discovered in Grafana, impacting millions of users worldwide. It explains the vulnerability, potential impacts, and provides solutions and mitigations.

Key Point 🛡️: – BOLA vulnerability (CVE-2024-1313) allows low-privileged users to delete dashboard snapshots of other organizations. – Endpoint allows any user to create snapshot images without complexity checks on secret keys.…

Read More
Background

Huntress SOC analysts continue to see alerts indicating malicious activity on endpoints running MSSQL Server or MSSQL Express, either as stand-alone installations, or as part of a larger application package installation. A recent series of incidents across three endpoints running the Fortinet Enterprise Management Server (EMS) system were initiated by alerts as illustrated in Figure 1.…

Read More

____________________ Summary: Google fixed two zero-day vulnerabilities in Chrome exploited during Pwn2Own 2024.

Key Point: 🔒 CVE-2024-2887: High-severity type confusion weakness in WebAssembly. 🔒 CVE-2024-2886: Use-after-free weakness in WebCodecs API. 🔒 Google released patches in Chrome version 123.0.6312.86/.87 for Windows and Mac. 🔒 Mozilla also fixed two Firefox zero-days on the same day.…

Read More

Written by: Alden Wahlstrom, David Mainor, Daniel Kapellmann Zafra

 

In June 2023, Russian businessman Yevgeniy Prigozhin and his private military company (PMC) “Wagner” carried out an armed mutiny within Russia. The events triggered the meteoric political downfall of Prigozhin, raising questions about the future of his various enterprises that were only underscored when he died two months later under suspicious circumstances.…

Read More
Key FindingsExplosive AI growth: Enterprise AI/ML transactions surged by 595% between April 2023 and January 2024.Concurrent rise in blocked AI traffic: Even as enterprise AI usage accelerates, enterprises block 18.5% of all AI transactions, a 577% increase signaling rising security concerns. Primary industries driving AI traffic: manufacturing accounts for 21% of all AI transactions in the Zscaler security cloud, followed by Finance and Insurance (20%) and Services (17%).…
Read More

Threat Actor: – Unknown individual or group selling the zero-day vulnerability

Victim: – Major financial institutions, including: – Cryptocurrency exchanges – Governmental organizations – Banking institutions

Information: – The zero-day vulnerability is specifically designed to target large financial services companies. – The vulnerability allows buyers to send malicious files from authentic domains.…

Read More
Key TakeawaysIn February, the FBI took down the WarzoneRAT malware operation, seizing its infrastructure and arrested two individuals linked to the cybercrime operation. Recently, Cyble Research and Intelligence Labs (CRIL) observed few samples of malware campaign possibly distributed via tax-themed spam emails, deploying WarzoneRAT (Avemaria) as the final payload. …
Read More

Summary : TheMoon malware infects thousands of ASUS routers in a short period, serving as a proxy for cybercriminals.

Key Point : 🔒 TheMoon malware targets outdated ASUS routers for proxy service. 🌐 Malware operations like IcedID and SolarMarker use the proxy botnet. 🔑 Attackers may exploit known vulnerabilities or weak credentials to breach routers.…

Read More

By Oleg Zaytsev (Guardio Labs)

Guardio Labs discovered a vulnerability in the Microsoft Edge browser, designated CVE-2024–21388. This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user’s knowledge.…

Read More