The US government is warning that a Linux flaw introduced more than a decade ago – and fixed more than a year ago – is being actively used in ransomware attacks. In February 2014, a vulnerability was introduced into the Linux kernel via a commit.
The bug was first disclosed in late January 2024, and described as a “use-after-free weakness in the netfilter: nf_tables kernel component”. It was fixed later that month, and was given a label CVE-2024-1086. Its severity score is 7.8/10 (high) and can be exploited to achieve local privilege escalation.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Weapon Systems Cybersecurity: DOD Just Beginning to Grapple with Scale of Vulnerabilities
October 9, 2018
In recent cybersecurity tests of major weapon systems DOD is developing, testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected. DOD’s weapons are more computerized and networked than ever before, so it’s no surprise that there are more opportunities for attacks. Yet until relatively recently, DOD ...
- Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users’ Data
October 8, 2018
Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers. According to the tech giant, a security vulnerability in one of Google+’s People APIs allowed third-party developers to access data for ...
- PoC Attack Escalates MikroTik Router Bug to ‘As Bad As It Gets’
October 7, 2018
A new hacking technique used against vulnerable MikroTik routers gives attackers the ability to execute remote code on affected devices. The technique is yet another security blow against the MikroTik router family. Previous hacks have left the routers open to device failures, cyptojacking and network eavesdropping. The hacking technique, found by Tenable Research and outlined on ...
- Facebook security breach: Up to 50m accounts attacked
September 28, 2018
Facebook has said “almost 50 million” of its users were left exposed by a security flaw. The company said attackers were able to exploit a vulnerability in a feature known as “View As” to gain control of people’s accounts. The breach was discovered on Tuesday, Facebook said, and it has informed police. Users that had potentially been affected ...
- New Linux Kernel Bug Affects Red Hat, CentOS, and Debian Distributions
September 26, 2018
Security researchers have published the details and proof-of-concept (PoC) exploits of an integer overflow vulnerability in the Linux kernel that could allow an unprivileged user to gain superuser access to the targeted system. The vulnerability, discovered by cloud-based security and compliance solutions provider Qualys, which has been dubbed “Mutagen Astronomy,” affects the kernel versions released between ...
- Over 80 Cisco Products Affected by FragmentSmack DoS Bug
September 25, 2018
Cisco is currently looking into its product line to determine which products and services use Linux kernel 3.9 or above, which is vulnerable to the FragmentSmack denial-of-service (DoS) bug. The networking hardware manufacturer already assembled a list of more than 80 products that are affected by the vulnerability. Many of them expect a fix by February ...