grub2 security vulnerability

grub2 is a Linux system boot program from the American GNU community. A security vulnerability exists in grub2 that stems from GRUB using the device's UUID to search for a configuration file containing a password hash for GRUB's password protection feature, resulting in an authentication bypass...

Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload

Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic or AMOS, indicating that the threat actors behind the malware are actively enhancing its capabilities. "It looks like Atomic Stealer was updated around mid to late December 2023, where its...

Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer

Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. "These YouTube videos typically feature content related to cracked applications, presenting users with similar...

PT-2024-12979 · Undefined · Undefined

NCC Group выпустила третье исследование с оценкой безопасности популярных инструментов RMM, в котором представила обзор на 18 уязвимостей в PandoraFMS. Ранее в поле зрения исследователей попадали множественные уязвимости в Faronics Insight и Nagios XI. PandoraFMS - это приложение для мониторинга ...

glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

New JinxLoader Targeting Users with Formbook and XLoader Malware

A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor XLoader. The disclosure comes from cybersecurity firms Palo Alto Networks Unit 42 and Symantec, both of which highlighted multi-step attack sequences th...

New Rugmi Malware Loader Surges with Hundreds of Daily Detections

A new malware loader is being used by threat actors to deliver a wide range of information stealers such as Lumma Stealer aka LummaC2, Vidar, RecordBreaker aka Raccoon Stealer V2, and Rescoms. Cybersecurity firm ESET is tracking the trojan under the name Win/TrojanDownloader.Rugmi. "This malware ...

SUSE CVE-2023-51106

A floating point exception divide-by-zero vulnerability was discovered in mupdf 1.23.4 in function pnmbinaryreadimage of load-pnm.c when fzcolorspacen returns zero...

ProcessStomping - A Variation Of ProcessOverwriting To Execute Shellcode On An Executable'S Section

A variation of ProcessOverwriting to execute shellcode on an executable's section What is it For a more detailed explanation you can read my blog post Process Stomping, is a variation of hasherezade’s Process Overwriting and it has the advantage of writing a shellcode payload on a targeted sectio...

Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn't survive a reboot on the infected...

The vulnerability of OMICARD’s system file loading function allows a hacker to execute arbitrary code or cause service failure.

The vulnerability of the system’s file loading function in OMICARD’s marketing emails relates to the unlimited loading of dangerous types of files. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code or cause service failures...

Glibc Tunables Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 561, '3602eac894717d56555552c84fc6b0e4d6a4af72' = 561, 'a99db3715218b641780b04323e4ae5953d68a927' = 561, 'a8daca28288575ffc8c7641d40901b0148958fb1...

Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)

A buffer overflow exists in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue allows an local attacker to use maliciously crafted GLIBCTUNABLES when launching binaries with SUID permission to execute code in the context of the root user...

Server Side Template Injection (SSTI)

mlflow is vulnerable to Server-side Template Injection SSTI. The vulnerability is due to not using the sandboxed jinja2 loader while merging and rendering profile/recipe configuration yaml files in the renderandmergeyamlfunction within mlflow/utils/fileutils.py. If a user loads a malicious recipe...

PT-2023-7996 · Plantronics · Plantronics Hub

Name of the Vulnerable Software and Affected Versions: Plantronics Hub affected versions not specified Description: The issue is related to a loader update vulnerability in the Plantronics Hub application for managing audio device settings. It is associated with synchronization errors when using ...

The vulnerability of the qcom_mdt_read_metadata() function in the drivers/soc/qcom/mdt_loader.c file of the Qualcomm Linux kernel driver allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the qcommdtreadmetadata function in the drivers/soc/qcom/mdtloader.c file of the Qualcomm Linux kernel driver is related to the lack of control over the upper limit of allowable values. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

Rhadamanthys Stealer Version 0.5.0 Upgrade Overview

Summary: Rhadamanthys, the information-stealing malware, has taken a significant leap with its v0.5.0 upgrade, introducing expanded stealing features, raw syscalls, and an enhanced loader design, showcasing advanced evasion techniques. Its modular architecture allows for continuous updates,...

CVE-2023-48424

U-Boot shell vulnerability resulting in Privilege escalation in a production device...

Advisory ROSA-SA-2023-2300

Software: grub2 2.02 OS: ROSA Virtualization 2.1 packageevrstring: grub2-2.02-106.0.3.rv3.src.rpm CVE-ID: CVE-2020-14372 BDU-ID: 2022-00326 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Secure Boot protocol implementation of the Grub2 operating system boot loader is related to an incorrect...

Improper Restriction of Operations within the Bounds of a Memory Buffer

Overview Affected versions of this package are vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer via the wasmloaderpreparebytecode function in core/iwasm/interpreter/wasmloader.c. An attacker can cause a denial of service by exploiting this vulnerability...