March 29, 2024 at 05:50PM A Linux privilege-escalation exploit affecting kernel versions 5.14 to 6.6.14 has been detailed by bug hunter Notselwyn. Dubbed CVE-2024-1086, the flaw allows unauthorized root access, posing risks of damage and system control. Highly severe, it has been patched, prompting essential updates. Notselwyn’s PoC source code enables simple exploitation, underscoring the … Read more
March 25, 2024 at 08:51AM Microsoft discovered a data breach by Russian-state hackers accessing an old, inactive account using a password spray attack. This breach compromised sensitive email accounts and highlighted the vulnerability of all user accounts, not just privileged ones. Organizations are urged to prioritize robust password protection measures, including strong password policies, multi-factor … Read more
March 2, 2024 at 10:58AM Microsoft recently patched a high-severity Windows Kernel vulnerability, CVE-2024-21338, which was actively exploited for six months after it was reported. The flaw allowed attackers to gain SYSTEM privileges without user interaction. Avast discovered that North Korean Lazarus hackers used the vulnerability to gain kernel-level access and evade security tools. Windows … Read more
February 14, 2024 at 03:41PM Zoom’s Desktop and VDI clients and Meeting SDK for Windows are affected by an improper input validation flaw, allowing unauthenticated attackers to conduct privilege escalation. The flaw, tracked as CVE-2024-24691 with a critical rating, impacts specific product versions. Users are advised to update to the latest version to address this … Read more
February 14, 2024 at 09:03AM AMD and Intel released patches for over 100 vulnerabilities, including 21 high-severity vulnerabilities, in their processors and software products. AMD addressed flaws in embedded processors, SEV firmware, and UltraScale and UltraScale+ FPGA series devices. Intel issued patches for various drivers, device firmware, Ethernet tools, and software products, resolving a total … Read more
February 12, 2024 at 05:21PM Summary: Raspberry Robin worm rapidly incorporates one-day exploits, enhancing privilege escalation capabilities. Check Point researchers suspect its developers contract with Dark Web exploit traffickers, allowing quick integration of new exploits, making it a prevalent initial access cyber threat. The worm’s popularity and effectiveness continue to grow, posing significant risks to … Read more
February 7, 2024 at 01:30PM Cisco has addressed critical vulnerabilities in its Expressway Series gateways through patches, mitigating the risk of cross-site request forgery (CSRF) attacks. These security flaws could allow attackers to remotely target and manipulate vulnerable systems. Expressway Series devices with default configurations are impacted by the vulnerabilities, prompting the need for migration … Read more
February 6, 2024 at 10:10AM Three new security vulnerabilities have been identified in Azure HDInsight’s Apache Hadoop, Kafka, and Spark services, enabling privilege escalation and denial-of-service attacks. Specific flaws include XML External Entity Injection Elevation of Privilege and Java Database Connectivity Injection Elevation of Privilege. Microsoft has released fixes following responsible disclosure. Orca previously found … Read more
January 30, 2024 at 06:11PM A vulnerability (CVE-2023-6246) in the GNU C Library (glibc) allows unprivileged attackers to gain root access on major Linux distributions. The flaw, introduced in glibc 2.37, leads to local privilege escalation. Qualys confirmed its exploitability on Debian, Ubuntu, and Fedora systems, emphasizing the critical need for strict security measures in … Read more
January 25, 2024 at 12:52PM Researchers have detected a threat actor utilizing a new, sophisticated downloader named “CherryLoader” to gain admin-level access on systems. The attacker also utilized privilege escalation tools from the “potato” family. CherryLoader’s notable feature is its ability to swap payloads without recompiling code, enhancing flexibility and evading detection. Based on the … Read more