New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc).
Tracked as CVE-2023-6246 (CVSS score: 7.8), the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes. It's said to have

https://thehackernews.com/2024/01/new-gl...-root.html

CISA Warns of Active Exploitation Apple iOS and macOS Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component.
"An attacker with

https://thehackernews.com/2024/02/cisa-w...on-of.html

FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network

The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network.
"The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security

https://thehackernews.com/2024/02/fritzf...l-and.html

Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs

Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code.
The intrusion, which took place between November 14 and 24, 2023, and detected on November 23, was carried out "with the goal of

https://thehackernews.com/2024/02/cloudf...ckers.html

INTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPs

An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP addresses and URLs.
The law enforcement effort, codenamed Synergia, took place between September and November 2023 in an attempt to blunt the "growth, escalation and professionalization of transnational cybercrime."
Involving 60 law

https://thehackernews.com/2024/02/interp...ation.html

Cloudzy Elevates Cybersecurity: Integrating Insights from Recorded Future to Revolut

Cloudzy, a prominent cloud infrastructure provider, proudly announces a significant enhancement in its cybersecurity landscape. This breakthrough has been achieved through a recent consultation with Recorded Future, a leader in providing real-time threat intelligence and cybersecurity analytics. This initiative, coupled with an overhaul of Cloudzy's cybersecurity strategies, represents a major

https://thehackernews.com/2024/02/cloudz...urity.html

Former CIA Engineer Sentenced to 40 Years for Leaking Classified Documents

A former software engineer with the U.S. Central Intelligence Agency (CIA) has been sentenced to 40 years in prison by the Southern District of New York (SDNY) for transmitting classified documents to WikiLeaks and for possessing child pornographic material.
Joshua Adam Schulte, 35, was originally charged in June 2018. He was found guilty in July 2022. On September 13, 2023, he was&

https://thehackernews.com/2024/02/former...to-40.html

DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe.
The agency attributed the campaign to a threat actor it calls UAC-0027.
DirtyMoe, active since at least 2016, is capable of carrying out cryptojacking and distributed denial-of-service (DDoS) attacks. In March

https://thehackernews.com/2024/02/dirtym...inian.html

Farley, Lawler to Discuss Customer-Focused Ford+ Growth Plan at Feb. 15 Wolfe Confer

Ford President and CEO Jim Farley and CFO John Lawler will discuss the company’s customer-centered Ford+ plan to improve growth, margins and capital efficiency while reducing cyclicality.


https://media.ford.com/content/fordmedia...n-at-.html

Maverick Fanbase Grows; Sales Double as Ford Expands Production

Thousands of customers are getting their Maverick trucks faster thanks to expanded production capacity installed in late 2023.


https://media.ford.com/content/fordmedia...ction.html