August 7, 2024 at 10:57AM A new Linux kernel exploitation technique named SLUBStick has been uncovered, offering the potential to escalate a limited heap vulnerability to an arbitrary memory read-and-write primitive. This method demonstrates the ability to modify kernel data and overcome existing defenses, but it relies on the existence of a heap vulnerability and … Read more
June 17, 2024 at 04:57PM An advanced persistent threat (APT) from Pakistan is conducting cyber espionage against Indian government organizations using the “Dirty Pipe” Linux bug and the Discord-based malware, Disgomoji. The malware utilizes emojis for commands, making it user-friendly but not significantly impacting security software detections. UTA0137 has also been observed exploiting the old … Read more
December 8, 2023 at 06:42AM A Bluetooth vulnerability enables attackers to bypass authentication and perform keystroke injection on Android, Linux, and Apple devices. Meeting Takeaways: 1. A security vulnerability has been identified that affects Android, Linux, and Apple devices pertaining to Bluetooth connections. 2. This vulnerability allows attackers to execute a Bluetooth authentication bypass. 3. … Read more
November 21, 2023 at 01:01PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their systems against an actively exploited vulnerability called ‘Looney Tunables.’ The vulnerability allows attackers to gain root privileges on major Linux distributions. The flaw affects popular platforms like Fedora, Ubuntu, and Debian. Administrators are advised to … Read more