learn Hands-on hacking
Guardian of the digital realm 🛡️ | Sharing cyber secrets to keep you secure online. Let's lock down
15/05/2024
has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild.
Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity. This is in addition to 30 vulnerabilities resolved in the Chromium-based Edge browser over the past month, including two recently disclosed zero-days (CVE-2024-4671 and CVE-2024-4761) that have been tagged as exploited in attacks.The two security shortcomings that have been weaponized in the wild are below -
CVE-2024-30040 (CVSS score: 8.8) - Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2024-30051 (CVSS score: 7.8) - Windows Desktop Window Manager (DWM) Core Library Elevation of Privilege Vulnerability.
"An unauthenticated attacker who successfully exploited this vulnerability could gain code ex*****on through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user," the tech giant said in an advisory for CVE-2024-30040.
However, successful exploitation requires an attacker to convince the user to load a specially crafted file onto a vulnerable system, distributed either via email or an instant message, and trick them into manipulating it. Interestingly, the victim doesn't have to click or open the malicious file to activate the infection.
On the other hand, CVE-2024-30051 could allow a threat actor to gain SYSTEM privileges. Three groups of researchers from Kaspersky, DBAPPSecurity WeBin Lab, Google Threat Analysis Group, and Mandiant have been credited with discovering and reporting the flaw, indicating likely widespread exploitation.
We have seen it used together with QakBot and other malware, and believe that multiple threat actors have access to it," Kaspersky researchers Boris Larin and Mert Degirmenci said.
Both vulnerabilities have been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the latest fixes by June 4, 2024.
Also resolved by Microsoft are several remote code ex*****on bugs, including nine impacting Windows Mobile Broadband Driver and seven affecting Windows Routing and Remote Access Service (RRAS).
Other notable flaws encompass privilege escalation flaws in the Common Log File System (CLFS) driver – CVE-2024-29996, CVE-2024-30025 (CVSS scores: 7.8), and CVE-2024-30037 (CVSS score: 7.5) – Win32k (CVE-2024-30028 and CVE-2024-30030, CVSS scores: 7.8), Windows Search Service (CVE-2024-30033, CVSS score: 7.0), and Windows Kernel (CVE-2024-30018, CVSS score: 7.8).
In March 2024, Kaspersky revealed that threat actors are attempting to actively exploit now-patched privilege escalation flaws in various Windows components owing to the fact that "it's a very easy way to get a quick NT AUTHORITY\SYSTEM."
Akamai has further outlined a new privilege escalation technique affecting Active Directory (AD) environments that takes advantage of the DHCP administrators group.
"In cases where the DHCP server role is installed on a Domain Controller (DC), this could enable them to gain domain admin privileges," the company noted. "In addition to providing a privilege escalation primitive, the same technique could also be used to create a stealthy domain persistence mechanism.
Rounding off the list is a security feature bypass vulnerability (CVE-2024-30050, CVSS score: 5.4) impacting Windows Mark-of-the-Web (MotW) that could be exploited by means of a malicious file to evade defenses.
13/05/2024
researchers discovered a malicious Python package called requests-darwin-lite, posing as an extension of the requests library. It hides a Golang version of the Sliver command-and-control framework within a PNG image of the project's logo. Despite being downloaded 417 times before its removal from PyPI, it's now flagged as dangerous. Phylum, a software supply chain security firm, noted that requests-darwin-lite masquerades as a variant of the popular requests package, with a significant difference being the inclusion of the concealed malicious binary.
12/05/2024
-coréens🇱🇦 déploient le nouveau logiciel malveillant Golang « Durian » contre les entreprises de cryptographie👽👽👽
The North Korean threat group Kimsuky has been identified deploying a new Golang-based malware named Durian in targeted cyber attacks against South Korean cryptocurrency companies. According to Kaspersky's APT trends report for Q1 2024, Durian is a sophisticated backdoor capable of executing commands, downloading files, and exfiltrating data. The attacks, occurring in August and November 2023, utilized legitimate South Korean software as an infection vector, though the exact method remains unknown. The malware establishes a connection to the attacker's server to retrieve a malicious payload, initiating the infection process. Initial stages involve installing additional malware for persistence and executing Durian through a loader.
12/05/2024
🔥🔥🔥 , a financially motivated hacker group, uses malicious Google ads to distribute NetSupport RAT by impersonating well-known brands. Originally targeting point-of-sale devices, they've evolved to breach large firms with ransomware. Deploying custom malware like BIRDWATCH
03/04/2024
Radicle has announced the launch of Radicle 1.0, which it says will transform how developers publish and distribute open-source code, AI models, and research.
Decentralized Alternative to Github Goes Live with Radicle 1.0
03/04/2024
Hackers Using Microsoft OneNote Files to Orchestrate Cyber Attacks
Hackers Using Microsoft OneNote Files to Orchestrate Cyber Attacks Hackers have been found leveraging Microsoft OneNote files as a vector to compromise systems across various industries.
03/04/2024
Google se met à appliquer les nouvelles règles imposées aux utilisateurs de Gmail.
Gmail : Google prend de nouvelles mesures fortes contre le phishing et les spams Google se met à appliquer les nouvelles règles imposées aux utilisateurs de Gmail. Depuis le mois d'avril, Google rejette certains des mails qui ne respectent ses normes. Avec ce nouveau tour de vis, la firme cherche à lutter contre le phishing et le spam.
17/03/2024
Many people guess what the future will look like
Bill Gates has a stark message about the limitations of AI Bill Gates has issued a message to those who believe AI will solve all of life's problems.
09/05/2023
free short courses
Free Short Course – Ransomware Techniques | IT Masters The total number of Master degree and Graduate Certificate enrolments since Charles Sturt University and IT Masters launched our first qualification in 2003.
Aujourd'hui, les failles de sécurité sont trop courantes les hacker trouvant constamment de nouvelles façons innovantes d'infiltration les entreprises a la recherche d'informations précieuses
Click here to claim your Sponsored Listing.