The US government is warning that a Linux flaw introduced more than a decade ago – and fixed more than a year ago – is being actively used in ransomware attacks. In February 2014, a vulnerability was introduced into the Linux kernel via a commit.
The bug was first disclosed in late January 2024, and described as a “use-after-free weakness in the netfilter: nf_tables kernel component”. It was fixed later that month, and was given a label CVE-2024-1086. Its severity score is 7.8/10 (high) and can be exploited to achieve local privilege escalation.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- More than 12,500 vulnerabilities disclosed in first half of 2021
August 5, 2021
Risk Based Security has released two new reports covering data breaches and vulnerabilities in the first half of 2021, finding that there was a decline in the overall number of reported breaches but an increase in the amount of vulnerabilities disclosed. The company’s data breach report found that there were 1,767 publicly reported breaches in the ...
- Security company warns of Mitsubishi industrial control vulnerabilities
August 5, 2021
Cybersecurity company Nozomi Networks Labs has warned the industrial control system (ICS) security community about 5 vulnerabilities affecting Mitsubishi safety PLCs. In a new report, the company said Mitsubishi acknowledged the issues — which are focused on the authentication implementation of the MELSOFT communication protocol — after they were discovered at the end of 2020. The Japanese ...
- ‘DeadRinger’ Targeted Exchange Servers Long Before Discovery
August 4, 2021
Threat actors linked to China exploited the notorious Microsoft Exchange ProxyLogon vulnerabilities long before they were publicly disclosed, in attacks against telecommunications companies aimed at stealing sensitive customer data and maintaining network persistence, researchers have found. Researchers from Cybereason have been tracking multiple cyberespionage campaigns – collectively dubbed “DeadRinger” – since 2017, reporting initially on findings ...
- PwnedPiper critical bug set impacts major hospitals in North America
August 2, 2021
Pneumatic tube system (PTS) stations used in thousands of hospitals worldwide are vulnerable to a set of nine critical security issues collectively referred to as PwnedPiper. PTS solutions are part of a hospital’s critical infrastructure as they are used to quickly deliver items like blood, tissue, lab samples, or medication to where they’re needed. Read more… Source: Bleeping ...
- Risks in Telecommunications IT
July 29, 2021
Telecommunications is just one aspect of a 200-year-old field of research in IT. In our latest report, “Islands of Telecoms: Risks in IT,” we liken this field to what seems to be separate islands that are in fact connected by a larger landmass underneath an ocean of IT. Indeed, the features of telecommunications might seem ...
- CISA announces new vulnerability disclosure policy (VDP) platform
July 29, 2021
Last fall, CISA issued the final version of Binding Operational Directive (BOD 20-01), which was issued in support of the Office of Management and Budget M-20-32, “Improving Vulnerability Identification, Management, and Remediation”. This Directive reflects CISA’s commitment to strengthening cybersecurity and resilience for federal civilian agencies by requiring agencies to establish policies enabling the public ...