The US government is warning that a Linux flaw introduced more than a decade ago – and fixed more than a year ago – is being actively used in ransomware attacks. In February 2014, a vulnerability was introduced into the Linux kernel via a commit.
The bug was first disclosed in late January 2024, and described as a “use-after-free weakness in the netfilter: nf_tables kernel component”. It was fixed later that month, and was given a label CVE-2024-1086. Its severity score is 7.8/10 (high) and can be exploited to achieve local privilege escalation.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 80,000 printers are exposing their IPP port online
June 23, 2020
For years, security researchers have warned that every device left exposed online without being protected by a firewall is an attack surface. Hackers can deploy exploits to forcibly take control over the device, or they can just connect to the exposed port if no authentication is required. Devices hacked this way are often enslaved in malware botnets, ...
- Ripple20 Vulnerability Mitigation Best Practices
June 22, 2020
On June 16th, the Department of Homeland Security and CISA ICS-CERT issued a critical security advisory warning covering multiple newly discovered vulnerabilities affecting Internet-connected devices manufactured by multiple vendors. This set of 19 vulnerabilities in a low-level TCP/IP software library developed by Treck has been dubbed “Ripple20” by researchers from JSOF. A networking stack is a software component that provides ...
- Australian PM says nation under serious state-run ‘cyber attack’ – Microsoft, Citrix, Telerik UI bugs ‘exploited’
June 19, 2020
Australian Prime Minister Scott Morrison has called a snap press conference to reveal that the nation is under cyber-attack by a state-based actor, but the nation’s infosec advice agency says that while the attacker has gained access to some systems it has not conducted “any disruptive or destructive activities within victim environments.” Morrison said the attack ...
- AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations
June 17, 2020
When the news broke in 2014 about a new sophisticated threat actor dubbed the Turla Group, which the Estonian foreign intelligence service believes has Russian origins and operates on behalf of the FSB, its kernelmode malware also became the first publicly-described case that abused a third-party device driver to disable Driver Signature Enforcement (DSE). This security mechanism was introduced in Windows Vista ...
- Ripple20 vulnerabilities will haunt the IoT landscape for years to come
June 16, 2020
Cyber-security experts have revealed today 19 vulnerabilities in a small library designed in the 90s that has been widely used and integrated into countless of enterprise and consumer-grade products over the last 20+ years. The number if impacted products is estimated at “hundreds of millions” and includes products such as smart home devices, power grid equipment, ...
- Black Kingdom ransomware hacks networks with Pulse VPN flaws
June 13, 2020
Operators of Black Kingdom ransomware are targeting enterprises with unpatched Pulse Secure VPN software or initial access on the network, security researchers have found. The malware got caught in a honeypot, allowing researchers to analyze and document the tactics used by the threat actors. They’re exploiting CVE-2019-11510, a critical vulnerability affecting earlier versions of Pulse Secure VPN ...