The US government is warning that a Linux flaw introduced more than a decade ago – and fixed more than a year ago – is being actively used in ransomware attacks. In February 2014, a vulnerability was introduced into the Linux kernel via a commit.
The bug was first disclosed in late January 2024, and described as a “use-after-free weakness in the netfilter: nf_tables kernel component”. It was fixed later that month, and was given a label CVE-2024-1086. Its severity score is 7.8/10 (high) and can be exploited to achieve local privilege escalation.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA Releases Seven Industrial Control Systems Advisories
July 18, 2023
CISA released seven Industrial Control Systems (ICS) advisories on July 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-199-01 Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A ICSA-23-199-02 Keysight N6845A Geolocation Server ICSA-23-199-03 Iagona ScrutisWeb Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- DDoS threat report for 2023 Q2
July 18, 2023
The second quarter of 2023 was characterized by thought-out, tailored and persistent waves of DDoS attack campaigns on various fronts, including: Multiple DDoS offensives orchestrated by pro-Russian hacktivist groups REvil, Killnet and Anonymous Sudan against Western interest websites. An increase in deliberately engineered and targeted DNS attacks alongside a 532% surge in DDoS attacks exploiting the Mitel ...
- US energy department, other agencies hit in global hacking spree
July 16, 2023
The U.S. Department of Energy and several other federal agencies were hit in a global hacking campaign that exploited a vulnerability in widely used file-transfer software, officials said on Thursday. Data was “compromised” at two entities within the energy department when hackers gained access through a security flaw in MOVEit Transfer, the department said in a ...
- FortiGuard Labs Discovers Multiple Vulnerabilities in Adobe InDesign
July 13, 2023
This past March, Fortinet researcher Yonghui Han discovered and reported several zero-day vulnerabilities in Adobe InDesign to Adobe. And on Patch Tuesday, July 11, 2023, Adobe released their security patches to fix them. The vulnerabilities are identified as CVE-2023-29308, CVE-2023-29309, CVE-2023-29310, CVE-2023-29311, CVE-2023-29312, CVE-2023-29313, CVE-2023-29314, CVE-2023-29315, CVE-2023-29316, CVE-2023-29317, CVE-2023-29318, and CVE-2023-29319. All of these vulnerabilities have been ...
- Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
July 13, 2023
Cisco Talos discovered 12 memory corruption vulnerabilities in MSRPC implementations on Apple macOS and VMWare vCenter. Seven vulnerabilities affect Apple macOS only Two vulnerabilities affect VMWare vCenter. Three vulnerabilities affect both. Read more… Source: Cisco Talos
- CISA Releases Nine Industrial Control Systems Advisories
July 13, 2023
CISA released nine Industrial Control Systems (ICS) advisories on July 13, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-194-01 Siemens RUGGEDCOM ROX ICSA-23-194-02 Siemens SiPass Integrated ICSA-23-194-03 Siemens SIMATIC CN 4100 Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency