Posts

Showing posts with the label Exploit

Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations

Image
  Multiple critical security flaws have been reported in  Ivanti Avalanche , an enterprise mobile device management solution that's used by 30,000 organizations. The vulnerabilities, collectively tracked as  CVE-2023-32560  (CVSS score: 9.8), are stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0. Cybersecurity company Tenable said the shortcomings are the result of buffer overflows arising as a consequence of processing specific data types. An unauthenticated remote attacker can specify a long hex string or long type 9 item to overflow the buffer, it noted. Successful exploitation of both issues could be exploited by a remote adversary to achieve code execution or a system crash. Stack-based buffer overflow vulnerabilities occur when the buffer being overwritten is in the stack, leading to a scenario where program execution can be altered to run arbitrary code with elevated privileges. Ivanti has released Avalanche version 6.4.1 to remediate the problem

BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities

Image
                     The Russian nation-state actor known as BlueBravo has been observed targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton, exemplifying the continuous evolution of the threat. The phishing campaign is characterized by the use of legitimate internet services (LIS) for command-and-control (C2) obfuscation, Recorded Future said in a new report published Thursday. The activity was observed between March and May 2023. BlueBravo, also known by the names APT29, Cloaked Ursa, and Midnight Blizzard (formerly Nobelium), is attributed to Russia's Foreign Intelligence Service (SVR), and has in the past used Dropbox, Firebase, Google Drive, Notion, and Trello to evade detection and stealthily establish communications with infected hosts. To that end, GraphicalProton is the latest addition to a long list of malware targeting diplomatic organizations after GraphicalNeutrino (aka SNOWYAMBER), HALFRIG, and QUAR

Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability

Image
  Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed StackRot ( CVE-2023-3269 , CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date. "As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger," Peking University security researcher Ruihan Li said. "However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging." Following responsible disclosure on June 15, 2023, it has been addressed in stable versions 6.1.37, 6.3.11, and 6.4.1 as of July 1, 2023, after a two-week effort led by Linu