A newly discovered security vulnerability in the Linux kernel, referred to as StackRot (CVE-2023-3269, CVSS score: 7.8), presents a potential avenue for privilege escalation on affected systems. This vulnerability impacts Linux kernel versions 6.1 through 6.4 and has no known instances of exploitation in real-world scenarios thus far. The StackRot…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently revealed critical details regarding a sophisticated backdoor malicious software identified as SUBMARINE. This malware has reportedly been employed by threat actors in connection with an exploit targeting Barracuda Email Security Gateway (ESG) appliances, which has raised alarms within the cybersecurity landscape.…
Recent investigations have uncovered a series of memory corruption vulnerabilities within the ncurses library, which is instrumental for managing terminal displays on Unix-like operating systems, including Linux and macOS. These vulnerabilities, if exploited, could allow malicious actors to execute harmful code on susceptible systems, heightening the risk for organizations utilizing…
A newly identified security vulnerability in the GNU C library has come to light, referred to as Looney Tunables. This flaw exists within the ld.so dynamic loader, and if exploited, could result in local privilege escalation, thereby providing malicious actors the ability to obtain root access. The vulnerability is cataloged…
In the latest cybersecurity alert, a critical unpatched zero-day vulnerability has emerged within the Android operating system, the most prevalent mobile OS globally. This vulnerability, discovered by a researcher from Google’s Project Zero team, poses significant risks as it has been actively exploited in the wild by the notorious Israeli…
A significant cybersecurity threat has emerged as the Kinsing group exploits a severe vulnerability in Apache ActiveMQ servers, leading to infections of Linux systems with cryptocurrency miners and rootkits. This critical flaw is identified as CVE-2023-46604, categorized as having a maximum CVSS score of 10.0, which allows remote code execution.…
A significant security vulnerability affecting Bluetooth technology poses risks to Android, Linux, macOS, and iOS devices. Identified as CVE-2023-45866, this flaw allows malicious actors to bypass authentication procedures, enabling unauthorized access to susceptible devices and the capability to execute commands remotely. According to security researcher Marc Newlin, who disclosed these…
New Linux Malware Targets VoIP Systems to Steal Call Metadata Cybersecurity experts have identified a novel strain of Linux malware named “CDRThief,” specifically engineered to exploit vulnerabilities in voice over IP (VoIP) softswitches. This malware aims to extract sensitive phone call metadata from compromised systems, raising significant concerns for businesses…
On Wednesday, a joint alert was issued by the Federal Bureau of Investigation (FBI), the Departments of Homeland Security, and Health and Human Services (HHS), signaling an urgent escalation in ransomware attacks directed at the healthcare sector. This warning highlights an alarming trend where malicious cyber actors are targeting hospitals…
