____________________ Summary: The XZ Utils Data Compression Library has a vulnerability that impacts multiple Linux distributions. It is recommended to downgrade to an uncompromised version or migrate to updated releases.

Key Points: * The vulnerability, CVE-2024-3094, has a critical severity level. * The vulnerability is a result of a supply chain compromise in versions 5.6.0 and 5.6.1 of XZ Utils.…

Read More

Threat Actor: Unknown Victim: Windows users

Information: 🌟 The threat actor is offering a Windows 1-day Local Privilege Escalation (LPE) exploit for sale. 🌟 The exploit is identified as CVE-2024-26169 and is categorized as a Windows Error Reporting Service Elevation of Privilege Vulnerability. 🌟 The vulnerability allows attackers to gain SYSTEM privileges.…

Read More

Summary: A new Linux privilege-escalation exploit has been discovered, allowing users to gain root access to vulnerable machines. The exploit affects various Linux distributions and has a high success rate on certain kernel versions.

Key Point: ⭐ Exploit grants root access to vulnerable Linux machines ⭐ Vulnerability tracked as CVE-2024-1086 with a severity rating of 7.8 ⭐ Patch released at the end of January, but updates are still rolling out ⭐ Exploit technique involves manipulating page tables to gain unauthorized control over system memory ⭐ Source code for exploit PoC is available on GitHub

———————-

A Linux privilege-escalation proof-of-concept exploit has been published that, according to the bug hunter who developed it, typically works effortlessly on kernel versions between at least 5.14 and 6.6.14. …

Read More

Summary: Nvidia’s ChatRTX bot has been patched for security vulnerabilities, including privilege escalation and remote code execution, in its latest update.

Key Point 🛡️: – CVE‑2024‑0083 vulnerability could lead to denial of service attacks, data theft, and remote code execution. – CVE‑2024‑0082 vulnerability allows data theft, data tampering, and privilege escalation.…

Read More
Key Takeaways

Threat actors (TAs) are actively exploiting platforms like Google Ads and social media platforms such as X (formerly Twitter) to disseminate crypto drainers, employing tactics such as compromising famous accounts, generating counterfeit profiles, and using malicious advertisements. 

Cyble Research and Intelligence Labs (CRIL) found multiple drainer source codes leaked on cybercrime forums, including a recent leak of a Solana drainer’s source code. …
Read More
Key TakeawaysIn February, the FBI took down the WarzoneRAT malware operation, seizing its infrastructure and arrested two individuals linked to the cybercrime operation. Recently, Cyble Research and Intelligence Labs (CRIL) observed few samples of malware campaign possibly distributed via tax-themed spam emails, deploying WarzoneRAT (Avemaria) as the final payload. …
Read More

By Oleg Zaytsev (Guardio Labs)

Guardio Labs discovered a vulnerability in the Microsoft Edge browser, designated CVE-2024–21388. This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user’s knowledge.…

Read More

Summary : Germany has warned about 17,000 vulnerable Microsoft Exchange servers exposed online, with many critical security vulnerabilities.

Key Point : 🔒 Approximately 37% of Exchange servers in Germany are severely vulnerable, affecting various institutions and companies. 🔒 Admins are urged to use current Exchange versions, install security updates, and secure instances exposed online.…

Read More

Thousands of publicly exposed Ray servers compromised as a result of Shadow Vulnerability

TL;DR

The Oligo research team has recently discovered an active attack campaign targeting a vulnerability in Ray, a widely used open-source AI framework. Thousands of companies and servers running AI infrastructure are exposed to the attack through a critical vulnerability that is under dispute and thus has no patch.…

Read More

This blog entry discusses the Agenda ransomware group’s use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.

 

Since its discovery in 2022, the Agenda Ransomware group  (also known as Qilin) has been active and in development. Agenda, which Trend Micro tracks as Water Galura, continues infecting victims globally with the US, Argentina, and Australia, and Thailand being among its top targets (based on the threat actor’s leak site data).…

Read More