A Linux privilege-escalation proof-of-concept exploit has been published that, according to the bug hunter who developed it, typically works effortlessly on kernel versions between at least 5.14 and 6.6.14.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-30 07:06:312024-03-30 07:06:31Easy Privilege Escalation Exploit Lands for Linux Kernels
RedHat on Friday released an “urgent security alert” warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access.
The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ Utils
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-30 06:07:532024-03-30 06:07:53Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-30 03:07:052024-03-30 03:07:05TheMoon Malware Rises Again with Malicious Botnet for Hire
A majority of enterprises that employ cloud-based email spam filtering services are potentially at risk, thanks to a rampant tendency to misconfigure them.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-30 03:07:042024-03-30 03:07:04Cloud Email Filtering Bypass Attack Works 80% of the Time
The lead investor in this round is One Peak, the U.K. later-stage firm focusing on enterprise tech. Previous backers Energy Impact Partners and Balderton Capital are also participating.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-29 19:06:302024-03-29 19:06:30Coro, Building Cybersecurity for SMBs, Locks Down $100M at a $750M Valuation
According to the indictment, between 2015 and 2024, the APT31 group, linked to China’s Ministry of State Security, targeted thousands of U.S. and Western politicians, foreign policy experts, academics, journalists, and democracy activists.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-29 16:06:432024-03-29 16:06:43Chinese Hackers Target Family Members to Surveil Hard Targets
The company published a document containing recommendations against password spray attacks aimed at Remote Access VPN (RAVPN) services. The IT giant pointed out that the attacks are also targeting third-party VPN concentrators.
Harvard Pilgrim said the files involved may contain personal data and protected health information on current and former subscribers and dependents, as well as current contracted providers.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-29 14:07:032024-03-29 14:07:03Update: Harvard Pilgrim Health Network Updates Data Breach Total to Nearly 2.9 Million
The discovery and exploitation of zero-day vulnerabilities in enterprise-specific software and appliances appears to be outpacing the leveraging of zero-day bugs overall, judging by Google’s latest research.
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Easy Privilege Escalation Exploit Lands for Linux Kernels
/in General NewsA Linux privilege-escalation proof-of-concept exploit has been published that, according to the bug hunter who developed it, typically works effortlessly on kernel versions between at least 5.14 and 6.6.14.
Cyware News – Latest Cyber News – Read More
Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros
/in General NewsRedHat on Friday released an “urgent security alert” warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access.
The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ Utils
The Hacker News – Read More
TheMoon Malware Rises Again with Malicious Botnet for Hire
/in General NewsOutdated SOHO routers and IoT devices being hijacked by TheMoon to operate an anonymous hacker botnet service called Faceless.
darkreading – Read More
Cloud Email Filtering Bypass Attack Works 80% of the Time
/in General NewsA majority of enterprises that employ cloud-based email spam filtering services are potentially at risk, thanks to a rampant tendency to misconfigure them.
darkreading – Read More
TheMoon Malware Returns: 6,000 Asus Routers Hacked in 72 Hours
/in General NewsBy Waqas
A new variant of “TheMoon Malware” has emerged, specifically targeting vulnerable IoT devices, particularly Asus routers.
This is a post from HackRead.com Read the original post: TheMoon Malware Returns: 6,000 Asus Routers Hacked in 72 Hours
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Coro, Building Cybersecurity for SMBs, Locks Down $100M at a $750M Valuation
/in General NewsThe lead investor in this round is One Peak, the U.K. later-stage firm focusing on enterprise tech. Previous backers Energy Impact Partners and Balderton Capital are also participating.
Cyware News – Latest Cyber News – Read More
Chinese Hackers Target Family Members to Surveil Hard Targets
/in General NewsAccording to the indictment, between 2015 and 2024, the APT31 group, linked to China’s Ministry of State Security, targeted thousands of U.S. and Western politicians, foreign policy experts, academics, journalists, and democracy activists.
Cyware News – Latest Cyber News – Read More
Cisco Warns of Password-Spraying Attacks Targeting Secure Firewall Devices
/in General NewsThe company published a document containing recommendations against password spray attacks aimed at Remote Access VPN (RAVPN) services. The IT giant pointed out that the attacks are also targeting third-party VPN concentrators.
Cyware News – Latest Cyber News – Read More
Update: Harvard Pilgrim Health Network Updates Data Breach Total to Nearly 2.9 Million
/in General NewsHarvard Pilgrim said the files involved may contain personal data and protected health information on current and former subscribers and dependents, as well as current contracted providers.
Cyware News – Latest Cyber News – Read More
Attackers Increasingly Exploit Enterprise Tech Zero-Days
/in General NewsThe discovery and exploitation of zero-day vulnerabilities in enterprise-specific software and appliances appears to be outpacing the leveraging of zero-day bugs overall, judging by Google’s latest research.
Cyware News – Latest Cyber News – Read More