DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector

In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society. Shifting ransomware payloads over time from BlackCat, QuantumLocker, and Zeppelin,...

DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector

In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society. Shifting ransomware payloads over time from BlackCat, QuantumLocker, and Zeppelin,...

SUSE SLED15 / SLES15 Security Update : multipath-tools (SUSE-SU-2022:3711-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3711-1 advisory. - multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in...

DEBIAN-CVE-2022-43044

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gfisomgetmetaiteminfo at /isomedia/meta.c...

CVE-2022-43039

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gfisommetarestoreitemsref at /isomedia/meta.c...

CVE-2022-43045

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gfdumpvrmlsffield at /scenemanager/scenedump.c...

Prestige Ransomware impacts transportation industry in Ukraine and Poland

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Prestige Ransomware is using already-gained ADMIN access to target organizations in Ukraine and Poland by deploying its payload. The activity has been associated with DEV-0960...

New Prestige Ransomware Targeting Polish and Ukrainian Organizations

A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on October 11 with a previously unknown payload dubbed Prestige. "The activity shares victimology with recent Russian state-aligned activity, specifically on affected geographies and countries, and...

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...

CVE-2022-42464

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmzuserdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel...

CVE-2022-41686

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmzuserdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading...

CVE-2022-42464 Kernel memory pool override in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in furth ...

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmzuserdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel...

CVE-2022-42464

CVE-2022-42464 affects OpenHarmony v3.1.2 and earlier (including 3.0.6 and prior) with a Kernel memory pool override in the /dev/mmz_userdev device driver. The vulnerability allows an unprivileged process to mmap kernel memory pools and override them, potentially exposing kernel pointers and enab...

PT-2022-26447 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions 3.1.2 and prior OpenHarmony versions 3.0.6 and prior Description: The issue is related to a Kernel memory pool override vulnerability in the /dev/mmz userdev device driver. The impact depends on the privileges of the...

CVE-2022-40133

A use-after-free vulnerability was found in the Linux kernel's vmwgfx driver in vmwexecbuftiecontext. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl on the resulting file descriptor, to crash the system, causin...

CVE-2022-27810

It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode when asserts were enabled. This issue affects Hermes versions prior to v0.12.0...

Design/Logic Flaw

It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode when asserts were enabled. This issue affects Hermes versions prior to v0.12.0...