Learn about the latest cyber attacks and vulnerabilities
in our monthly Campaigns.
And the next stop is – root privileges!
Microsoft has recently discovered several vulnerabilities, collectively referred to as Nimbuspwn. This lethal combination could allow an attacker to elevate privileges to “root” on many Linux desktop endpoints.
Nimbuspwn takes advantage of the D-Bus functionality and two vulnerabilities found in the networkd-dispatcher (“CVE-2022-29799” and “CVE-2022-29800”), which include directory traversal, symlink race, and TOCTTOU race condition issues, that could be leveraged to elevate privileges and deploy malware or carry out other malicious activities.
In this unit, you will deep dive into the technicalities behind these vulnerabilities, examine the networked-dispatcher’s execution flow identified by Microsoft’s researchers, analyze the full attack flow and discuss mitigation procedures to defend your organization.
Stay Ahead of the PG_MEM Malware Threat! Protect Your PostgreSQL Servers Today. The PG_MEM Malware is a growing threat targeting PostgreSQL databases. Weak security practices, […]
CVE-2024-38063 is a critical Remote Code Execution (RCE) vulnerability affecting the Windows TCP/IP stack systems with IPv6 enabled. This flaw allows remote code execution without […]
Master regreSSHion: Protect Your Systems from Critical Exploits RegreSSHion (CVE-2024-6387) is a severe vulnerability that grants unauthenticated attackers root privileges on vulnerable machines. This is […]
Argo CD, a popular open-source tool for managing Kubernetes applications through GitOps, has a critical security flaw. A recently discovered vulnerability, CVE-2024-31989, exposes Argo CD’s […]
Kerberos is a commonly used authentication protocol that leverages a robust ticket system to identify users. However, the system isn’t without vulnerabilities that attackers can […]
In January 2024, a critical zero-day exploit sent shockwaves through the cybersecurity landscape. Attackers targeted Ivanti products, exploiting a combination of vulnerabilities that had been […]
Quasar is a remote administration tool that allows administrators to connect to and manage remote computers. Over the years, threat actors have modified Quasar to […]
Scattered Spider is a newly discovered threat actor that targets large players in the business enterprise sector. In September of 2023, the group launched a […]
The Lazarus Group, a well-known cybercrime group from North Korea, has carried out sophisticated and large-scale attacks over the years. Its high-profile attacks have gained […]
Our latest Campaign of the Month, “APT40”, offers a deep dive into this sophisticated and malicious cyber espionage group, covering key topics and areas related […]
The Horabot botnet is a sophisticated threat that has been active for over two years, primarily focusing on targets in the Americas. It uses a […]
Over the last weeks, hundreds of organizations including 2 DOE Agencies, were impacted by ransomware attacks, as a result of the the MOVEit Transfer Vulnerability, […]
APT35 (also known as Charming Kitten, Phosphorus, Newscaster, and more) is an Iranian state-sponsored cyber-espionage group that primarily targets governmental organizations, defense contractors, research institutions, […]
In March 2023, Microsoft published a critical update notifying users of a vulnerability affecting Microsoft Outlook. This vulnerability (CVE-2023-23397) is exploitable by attackers on Windows-based […]
Only recently discovered, “Beep” malware is already making headlines in the world of cybersecurity. Designed to fly under the radar of security software with a […]
Agent Tesla, a leading malware threat to organizations, has the ability to steal sensitive information and is continuing to evolve and spread. It is offered […]
AWS Lambda, one of AWS’ 200 outstanding services, is an event-driven, serverless computing platform that allows you to run code for applications and backend services […]
Multifactor Authentication (MFA) is a popular and crucial security concept used by organizations worldwide. However, it is not invulnerable. A good example of threats to […]
In early August 2022, the Vietnam-based Cybersecurity company GTSC, discovered a zero-day vulnerability in the Microsoft Exchange platform, which received the name “ProxyNotShell”. The Zero […]
Metasploit is one of the most widely used exploit frameworks globally; threat actors, penetration testers and red teams alike use it, as it is completely […]
In the never-ending war between cyber criminals and defense teams across the globe, adversaries continue to develop innovative methods to penetrate organizations. One of the […]
“Tropical Scorpius”, a group of threat actors associated with the Cuba Ransomware (aka COLDDRAW), was recently observed deploying the malware with previously undocumented tactics, techniques, […]
ChromeLoader, aka, ChoziosiLoader, is part of the browser hijacker malware family and targets both Windows and macOS. First discovered in February, it is well-known in […]
Over the past few months, reports about Magniber ransomware infections have been increasing worldwide. Social engineering methods for delivering Magniber have become increasingly sophisticated over […]
On May 19th, 2022, a malware sample uploaded to VirusTotal containing malicious payload, Brute Ratel C4, went undetected by all 56 antiviruses that evaluated it. […]
BluStealer, first detected in May 2021 by Twitter user James_inthe_box, is an information-stealing malware with the ability to steal cyrpto wallet data, swap crypto addresses […]
Conti is a ransomware-as-a-service program and is one of the most prolific ransomwares of the past year. In what is believed to have been an […]
Out of over 200 teams, BCC Grupo Cajamar’s cyber defense team, “Blue’s Boys”, was one of only 13 teams to make it to the finals. […]
Microsoft’s recently discovered vulnerabilities, collectively referred to as ‘Nimbuspwn’, could allow attackers to elevate privileges to root level privileges (the highest level privileges e.g., administrator) […]