UBUNTU-CVE-2023-52704

In the Linux kernel, the following vulnerability has been resolved: freezer,umh: Fix callusermodehelperexec vs SIGKILL Tetsuo-San noted that commit f5d39b020809 "freezer,sched: Rewrite core freezer logic" broke callusermodehelperexec for the KILLABLE case. Specifically it was missed that the...

SUSE CVE-2024-36009

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix netdev refcount issue The devtracker is added to ax25cb in ax25bind. When the ax25 device is detaching, the devtracker of ax25cb should be deallocated in ax25killbydevice instead of the devtracker of ax25dev. The log...

RHEL 8 / 9 : OpenShift Container Platform 4.14.4 (RHSA-2023:7473)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7473 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

New details on TinyTurla’s post-compromise activity reveal full kill chain

Cisco Talos is providing an update on its two recent reports on a new and ongoing campaign where Turla, a Russian espionage group, deployed their TinyTurla-NG TTNG implant. We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures TTPs...

UBUNTU-CVE-2021-47119

In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4fillsuper Buffer head references must be released before calling killbdev; otherwise the buffer head and its page referenced by bdata will not be freed by killbdev, and subsequently that bh will be...

CVE-2021-47128

In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a "security,lockdown,selinux: implement SELinux lockdown" added an implementation of the lockeddown LSM hook to SELinux, with the aim to restric...

CVE-2023-52572 cifs: Fix UAF in cifs_demultiplex_thread()

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix UAF in cifsdemultiplexthread There is a UAF when xfstests on cifs: BUG: KASAN: use-after-free in smb2isnetworknamedeleted+0x27/0x160 Read of size 4 at addr ffff88810103fc08 by task cifsd/923 CPU: 1 PID: 923 Comm: cifsd...

DEBIAN-CVE-2023-52475

In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermateconfigcomplete syzbot has found a use-after-free bug 1 in the powermate driver. This happens when the device is disconnected, which leads to a memory free from the powermatedevice...

UBUNTU-CVE-2023-52475

In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermateconfigcomplete syzbot has found a use-after-free bug 1 in the powermate driver. This happens when the device is disconnected, which leads to a memory free from the powermatedevice...

Backdoor.Win32.AutoSpy.10 MVID-2024-0671 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.AutoSpy.10 Vulnerability: Unauthenticated Remote Command Execution...

Announcing TotalCloud™ 2.0 with TruRisk™ Insights: The Future of Cloud and SaaS Security

Rapid cloud and SaaS adoption is driving digital transformation thats reshaping business agility and scalability, making cloud and SaaS security more critical than ever. Recognizing this shift, in November 2022, Qualys launched TotalCloud – an AI-powered cloud-native application protection platfo...

See List and kill current AAA VPN Session on the CLI

See and Kill current AAA Sessions...

Unveiling the Deceptive Dance: Phobos Ransomware Masquerading As VX-Underground

During a recent hunt, Qualys Threat Research has come across a ransomware family known as Phobos, impersonating VX-Underground. Phobos ransomware has been knocking on our door since early 2019 and is often seen being distributed via stolen Remote Desktop Protocol RDP connections. Strongly believe...

Modern Asian APT groups’ tactics, techniques and procedures (TTPs)

Almost every quarter, someone publishes major research focusing on campaigns or incidents that involve Asian APT groups. These campaigns and incidents target various organizations from a multitude of industries. Likewise, the geographic location of victims is not limited to just one region. This...

kernel: bpf: Skip task with pid=1 in send_signal_common()

In the Linux kernel, the following vulnerability has been resolved: bpf: Skip task with pid=1 in sendsignalcommon The following kernel panic can be triggered when a task with pid=1 attaches a prog that attempts to send killing signal to itself, also see 1 for more details: Kernel panic - not...

Mysterious Kill Switch Disrupts Mozi IoT Botnet Operations

The unexpected drop in malicious activity connected with the Mozi botnet in August 2023 was due to a kill switch that was distributed to the bots. "First, the drop manifested in India on August 8," ESET said in an analysis published this week. "A week later, on August 16, the same thing happened ...

PT-2023-18047 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a permissions bypass in the killBackgroundProcesses function of ActivityManagerService.java, which could allow escaping Google Play protection. This might lead to...

Rapid7 Delivers Visibility Across All 19 Steps of Attack in 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

Over seven years ago, we set out to change the way that SOCs approach threat detection and response. With the introduction of InsightIDR, we wanted to address the false positives and snowballing complexity that was burning out analysts, deteriorating security posture, and inhibiting necessary...

canTot

This is a Python-based CLI framework called "canTot" that is designed for CAN Bus hacking and exploitation. It is similar to an exploit framework but focused on known CAN Bus vulnerabilities or "fun CAN Bus hacks." The framework is made up of several modules, each with its own specific...

CLSA-2023-1693427752 Update of alt-php

Jammy update: v5.15.97 upstream stable release LP: 2015599 - net: Remove WARNONONCEsk-skforwardalloc from skstreamkillqueues...