Aggregator

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

A vulnerability classified as critical has been found in Linux Kernel up to 6.11.5. This affects an unknown part of the component mtk_eth_soc. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2024-50206. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.59/6.11.6. Affected is the function iio_gts_build_avail_scale_table of the component gts-helper. The manipulation leads to memory leak. This vulnerability is traded as CVE-2024-50231. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.11.7 and classified as problematic. This vulnerability affects the function ufshcd_rtc_work of the component scsi. The manipulation leads to improper initialization. This vulnerability was named CVE-2024-53067. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.6.59/6.11.6. This issue affects the function copy_page_from_iter_atomic of the component iov_iter. The manipulation leads to infinite loop. The identification of this vulnerability is CVE-2024-50222. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.11.3. It has been declared as problematic. This vulnerability affects the function write_ext_msg of the file drivers/net/netconsole.c. The manipulation leads to excessive iteration. This vulnerability was named CVE-2024-50092. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.11.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component panthor. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2024-53080. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

新闻速览 •美国网络安全机构发布联合咨文，防范Ghost勒索软件攻击 •虚假认证网络安全合规，这家公司被罚11 […]

网安领导者和CISO发现，近年来大量影子AI应用程序已危及企业网络，有些甚至持续运行一年多。 这些应用并非典型 […]

新型CipherLocker勒索病毒样本分析

NVIDIA 免费放出全球最大基因研究 AI 系统：9 兆个基因信息； OPPO Find N5 手机发布：打破全球最薄折叠旗舰纪录，8999 元起； 电影《哪吒之魔童闹海》海外票房破亿，北美开画影院达「史无前例」945 间

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.