August 19, 2024 at 11:37PM The North Korean Lazarus hacking group exploited a zero-day flaw in Windows AFD.sys driver to install the FUDModule rootkit on targeted systems. Microsoft fixed the flaw (CVE-2024-38193) in August 2024, along with seven other zero-day vulnerabilities. Gen Digital warned about the activities and targeting of the notorious group, which is … Read more
August 6, 2024 at 04:00AM Google announced its August 2024 Android security patches, including a high-severity zero-day vulnerability, CVE-2024-36971, in the kernel that could be exploited for remote code execution. Other updates address over 40 vulnerabilities, many with ‘high severity’ ratings, in components like framework, system, Arm, Imagination Technologies, MediaTek, and Qualcomm. Wear OS patches … Read more
August 3, 2024 at 03:41PM SLUBStick, a novel Linux Kernel cross-cache attack, has a 99% success rate in escalating privileges and escaping containers by exploiting a heap vulnerability. It works with modern kernel defenses and will be presented at the upcoming Usenix Security Symposium. The attack provides benefits to attackers, including privilege escalation and container … Read more
March 6, 2024 at 01:03AM Apple has released security updates to fix actively exploited vulnerabilities, CVE-2024-23225 and CVE-2024-23296, in its iOS and iPadOS, addressing them with improved validation. The flaws can be exploited by attackers to bypass kernel memory protections. This development adds to a total of three zero-days that Apple has addressed since the … Read more