Oct 13, 2024Ravie Lakshmanan The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. "The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for … [Read more...] about OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf
kernel
CrowdStrike’s Kernel Access and Security Architecture
Context In today’s rapidly evolving threat landscape, the need for dynamic security measures is critical. Due to Windows’s current architecture and design, security products running in the platform, particularly those involved in endpoint protection, require kernel access to provide the highest level of visibility, enforcement and tamper-resistance, while meeting the strict … [Read more...] about CrowdStrike’s Kernel Access and Security Architecture
New Linux Kernel Exploit Technique ‘SLUBStick’ Discovered by Researchers
Aug 07, 2024Ravie LakshmananLinux / Vulnerability Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive. "Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably," a … [Read more...] about New Linux Kernel Exploit Technique ‘SLUBStick’ Discovered by Researchers
HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver
Jul 18, 2024NewsroomMalware / Windows Security Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The malware, dubbed HotPage, gets its name from the eponymous … [Read more...] about HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver
New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container
Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host. The shortcoming resides in a Linux kernel feature called control groups, also referred to as cgroups version 1 (v1), which allows processes to be organized into hierarchical … [Read more...] about New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container
Kubernetes Container Escape Using Linux Kernel Exploit
On Jan. 18, 2022, researchers found a heap base buffer overflow flaw (CVE-2022-0185) in the Linux kernel (5.1-rc1+) function “legacy_parse_param” of filesystem context functionality, which allows an out-of-bounds write in kernel memory. Using this primitive, an unprivileged attacker can escalate its privilege to root, bypassing any Linux namespace restrictions. CVE-2022-0185 … [Read more...] about Kubernetes Container Escape Using Linux Kernel Exploit
How to Enable Kernel Exploit Prevention
Introduction This document and video will demonstrate how to enable kernel exploit prevention to protect hosts from sophisticated attacks that attempt kernel code execution. Video Overview Malware, and in particular ransomware, is increasingly using sophisticated attack chains to bypass traditional AV and execute successfully. As an example, the Robinhood … [Read more...] about How to Enable Kernel Exploit Prevention