Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending May, 2024
Subscribers favorite #1
Mallox Ransomware deployed exploiting SQL Honeypots
Researchers have identified that Mallox ransomware has been deployed using MS-SQL honeypot with sophisticated tactics employed by cyber-attackers. The honeypot was targeted by an intrusion set utilizing brute-force techniques to deploy the Mallox ransomware via PureCrypter, exploiting various MS-SQL vulnerabilities.
Upon analyzing, the researchers identified two distinct affiliates using different approaches. One focused on exploiting vulnerable assets, while the other aimed at broader compromises of information systems on a larger scale………
Subscribers favorite #2
Google Patches emergency Zeroday Vulnerability in Chrome-CVE-2024-4671
Google has released emergency security update for its Chrome browser to address a critical vulnerability already being exploited by threat actors.
The vulnerability tracked as CVE-2024-4671, is a “use after free” bug located within the browser’s “Visuals” component. This type of vulnerability refers to incorrect usage of dynamic memory during program operation. If an application fails to clear the pointer to the memory after freeing a memory location, an attacker can exploit this oversight to execute arbitrary code on the system. This can lead to unauthorized data access, data manipulation, or even control over the affected system……..
Subscribers favorite #3
PoC Exploit Released for CVE-2024-27842
A security researcher Wang Tielei published a PoC exploit codes for a privilege escalation vulnerability CVE-2024-27842 in macOS. The vulnerability has been patched by Apple. The vulnerability is a critical privilege escalation vulnerability affecting macOS. Apple addressed this flaw on May 13 with the release of macOS Sonoma 14.5, implementing improved checks to mitigate the issue.
The vulnerability resides in the UDF (Universal Disk Format) component, specifically within the VNOP_IOCTL function. This flaw allows an attacker to execute arbitrary code with kernel privileges by sending an arbitrary command to an arbitrary vnode, leading to memory corruptions. UDF, a kernel extension presents in macOS for decades, becomes the focal point of this exploit……..
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Subscribers favorite #4
ShrinkLocker Ransomware Dissection
Researchers from Kaspersky have uncovered a new ransomware strain named ShrinkLocker, exploiting Microsoft’s built-in BitLocker encryption tool. The ransomware, which has already targeted industrial, pharmaceutical, and government organizations, utilizes a sophisticated VBS script to hijack BitLocker, encrypting entire volumes and stealing the decryption keys.
Threat actors turned this Microsoft’s protective feature into a tool for malicious encryption. By deploying an advanced VBS script, attackers are able to encrypt entire volumes and steal decryption keys, effectively holding critical data hostage…….
Subscribers favorite #5
Microsoft Zeroday Bug CVE-2024-30051 exploited to install QakBot
Microsoft has addressed a critical zero-day vulnerability during this moth patch Tuesday release. The vulnerability tracked as CVE-2024-30051 with a CVS score of 7.8, that was actively exploited by attackers to deliver the notorious QakBot malware and other malicious payloads. This security flaw, residing in the Windows Desktop Window Manager (DWM) core library, allowed threat actors to escalate their privileges to the highest system level, gaining full control over compromised machines.
The vulnerability was uncovered by researchers at Kaspersky during an investigation into another DWM-related zero-day exploit. They discovered a document uploaded to VirusTotal that contained information about the flaw, which could be leveraged to elevate privileges to SYSTEM level. Despite some missing details, Kaspersky confirmed the existence of the vulnerability and promptly reported it to Microsoft…….
This brings end of this month in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
