Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws
Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices.
It turns out that with precise scheduling, you can cause some processors to recover from a mispredicted vzeroupper incorrectly! This technique is CVE-2023-20593 and it works on all Zen 2 class processors, which includes at least the following products
Cryptojacking: Understanding and defending against cloud compute resource abuse
Cloud cryptojacking, a type of cyberattack that uses computing power to mine cryptocurrency, could result in financial loss to targeted organizations due to the compute fees that can be incurred from the abuse.
Q2 2023 saw an unprecedented escalation in DDoS attack sophistication. Pro-Russian hacktivists REvil, Killnet and Anonymous Sudan joined forces to attack Western sites. Mitel vulnerability exploits surged by a whopping 532%, and attacks on crypto rocketed up by 600%. Read the full story...
Threat Actors Add .zip Domains to Their Phishing Arsenals
In the evolving cybersecurity landscape, understanding the phishing threat has become more critical than ever. Read into a new threat resulting from the addition of a new Top-Level Domain (TLD), '.ZIP'.
JumpCloud says 'nation state' gang hit some customers
JumpCloud says a "sophisticated nation-state" attacker broke into its IT systems and targeted some of its customers. The identity and access management provider, particularly popular with sysadmins wrangling Macs on corporate networks, said it first discovered signs of an intrusion on June 27. The biz at the time determined persons unknown got "unauthorized access to a specific area of our infrastructure" using a "sophisticated spear-phishing campaign" that began five days prior.
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent
The Qualys Threat Research Unit (TRU) has discovered a remote code execution vulnerability in OpenSSH's forwarded ssh-agent. This vulnerability allows a remote…
Typo leaks millions of US military emails to Mali web operator.
Millions of US military emails have been misdirected to Mali through a “typo leak” that has exposed highly sensitive information, including diplomatic documents, tax returns, passwords and the travel details of top officers.
As a result, today we are publishing details of activity by a sophisticated nation-state sponsored threat actor that gained unauthorized access to our systems to target a small and specific set of our customers. Prior to sharing this information, we notified and worked with the impacted customers. We have also been working with our incident response (IR) partners and law enforcement on both our investigation and steps designed to make our systems and our customers’ operations even more secure. The attack vector used by the threat actor has been mitigated.
Inside the subsea cable firm secretly helping American take on China
SubCom is laying deepwater internet cables to boost U.S. economic and military might, including a secret mission to a remote island naval base, Reuters found.
AVrecon malware infects 70,000 Linux routers to build botnet
Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.
BlackLotus UEFI Bootkit Source Code Leaked on GitHub
The source code for the BlackLotus UEFI bootkit has been shared publicly on GitHub, albeit with several modifications compared to the original malware. Designed specifically for Windows, the bootkit emerged on hacker forums in October last year, being advertised with APT-level capabilities such as secure boot and user access control (UAC) bypass and the ability to disable security applications and defense mechanisms on victim systems.
Cybercriminalité : sept suspects identifiés pour du « phishing / hameçonnage »
Entre avril 2022 et juin 2023, une quarantaine de plaintes relatives à des cas de « phishing / hameçonnage », pour un montant de plus de 170'000…
Piratage de Xplain: La Confédération menacée par une vague de plaintes
Depuis le piratage de la société Xplain, les données personnelles de plus de 760 personnes circulent sur le Darknet. Problème: elles auraient dû être effacées depuis 2015, mais sont restées stockées dans des serveurs. Une vague de plaintes se prépare.
Microsoft changes signing key system breached by Chinese hackers to steal US gov’t data
Microsoft has announced changes to a system that was exploited by Chinese hackers over the last month that allowed them to access email accounts and spy on the inner workings of two dozen organizations, including government agencies, a lawmaker’s staff and even Commerce Secretary Gina Raimondo.
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
Cisco Talos discovered 12 memory corruption vulnerabilities in MSRPC implementations on Apple macOS and VMWare vCenter. - Seven vulnerabilities affect Apple macOS only. - Two vulnerabilities affect VMWare vCenter. - Three vulnerabilities affect both.
Chinese hackers breached US government email accounts, Microsoft and White House say | CNN Politics
China-based hackers have breached email accounts at two-dozen organizations, including some United States government agencies, in an apparent spying campaign aimed at acquiring sensitive information, according to statements from Microsoft and the White House late Tuesday.
Chinese hackers breached U.S. and European government email through Microsoft bug
A Chinese hacking group exploited a bug in Microsoft’s cloud email service to spy on two-dozen organizations, including some government agencies, the tech giant said late Tuesday.