New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

December 13, 2024 at 04:45AM Researchers have identified a sophisticated Linux rootkit named PUMAKIT, capable of privilege escalation and evasion from detection. It uses multi-stage architecture, advanced stealth techniques, and hooks into system calls to conceal its presence while communicating with command-and-control servers. This highlights increasing malware complexity on Linux systems. **Meeting Takeaways from December … Read more

New stealthy Pumakit Linux rootkit malware spotted in the wild

December 12, 2024 at 05:38PM A newly discovered Linux rootkit malware, Pumakit, incorporates stealth and privilege escalation techniques. It consists of multiple components, including a dropper and kernel/userland rootkits. Discovered by Elastic Security, it targets older Linux kernels for espionage and theft, employing sophisticated infection methods and hiding capabilities from system tools and logs. ### … Read more

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

December 11, 2024 at 02:30AM Microsoft’s October 2024 Patch Tuesday addressed 72 security flaws, including a critical privilege escalation vulnerability (CVE-2024-49138) actively exploited in the wild. The update opened paths for further security measures against threats. Additionally, Microsoft plans to phase out NTLM in favor of Kerberos to bolster security against exploitation. ### Meeting Takeaways: … Read more

Microsoft holds last Patch Tuesday of the year with 72 gifts for admins

December 10, 2024 at 03:55PM This month, Microsoft has released 72 fixes, with CVE-2024-49138 posing an immediate risk due to active exploitation. Adobe, on the other hand, issued 167 fixes, including 91 for Adobe Experience Manager and critical updates for Adobe Connect. Users are urged to patch vulnerabilities across all platforms promptly. ### Meeting Takeaways … Read more

VMware Patches High-Severity Vulnerabilities in Aria Operations

November 26, 2024 at 09:39AM VMware released a high-severity bulletin addressing five security vulnerabilities in its Aria Operations product, affecting versions 8.x and VMware Cloud Foundation 4.x and 5.x. Patches are available to fix local privilege escalation and cross-site scripting exploits. Users are urged to apply patches urgently as no workarounds exist. ### Meeting Takeaways … Read more

Ubuntu Linux impacted by decade-old ‘needrestart’ flaw that gives root

November 20, 2024 at 02:11PM Five local privilege escalation vulnerabilities in Ubuntu’s needrestart utility were discovered by Qualys, tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. All were fixed in version 3.8. Attackers with local access could exploit these flaws to gain root privileges. ### Meeting Takeaways: 1. **Vulnerability Overview**: Five local privilege escalation (LPE) … Read more

Critical RCE bug in VMware vCenter Server now exploited in attacks

November 18, 2024 at 02:00PM Broadcom has warned that two VMware vCenter Server vulnerabilities, CVE-2024-38812 (a critical remote code execution flaw) and CVE-2024-38813 (a privilege escalation flaw), are being actively exploited. Customers are urged to apply new security updates to mitigate risks, as no workarounds are available for these vulnerabilities. ### Meeting Takeaways 1. **Active … Read more

Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost

November 14, 2024 at 05:30PM A critical vulnerability (CVE-2024-47574) in Fortinet’s FortiClient VPN could allow unauthorized code execution and privilege escalation on Windows systems. Patched in version 7.4.1, it has a 7.8 CVSS rating. Another flaw (CVE-2024-50564) allows altering SYSTEM-level registry keys. Both vulnerabilities were not exploited in the wild. **Meeting Takeaways:** 1. **High-Severity Vulnerability … Read more

Admins can give thanks this November for dollops of Microsoft patches

November 12, 2024 at 08:32PM Microsoft’s recent Patch Tuesday update addressed 89 security flaws, including two under active attack. Vulnerabilities CVE-2024-49039 and CVE-2024-43451 enable privilege escalation and account impersonation, respectively. Additionally, severe flaws in Azure and .NET products could lead to remote code execution. CISA highlighted an increase in zero-day exploitations throughout 2023. ### Meeting … Read more

Citrix Issues Patches for Zero-Day Recording Manager Bugs

November 12, 2024 at 12:52PM Citrix has released patches for two vulnerabilities in its Virtual Apps and Desktop technology that could allow privilege escalation or remote code execution by attackers. Discovered by watchTowr, the flaws affect the Session Recording Manager. Citrix assigned a medium severity score, which watchTowr disputes, deeming the threat more critical. ### … Read more