Ars Technica - All content
Windows 0-day was exploited by North Korea to install advanced rootkitDan Goodin
Enlarge (credit: Getty Images) A Windows zero-day vulnerability recently patched by Microsoft was exploited by hackers working on behalf of the North Korean government so they could install custom malware that’s exceptionally stealthy and advanced, researchers reported Monday. The vulnerability, tracked as CVE-2024-38193, was one of six zero-days—meaning vulnerabilities known or actively exploited before the vendor has a patch—fixed in Microsoft’s monthly update release last
20. Srpen 2024 v 01:37

Windows 0-day was exploited by North Korea to install advanced rootkit

Od: Dan Goodin

20. Srpen 2024 v 01:37

Windows 0-day was exploited by North Korea to install advanced rootkit

A Windows zero-day vulnerability recently patched by Microsoft was exploited by hackers working on behalf of the North Korean government so they could install custom malware that’s exceptionally stealthy and advanced, researchers reported Monday.

The vulnerability, tracked as CVE-2024-38193, was one of six zero-days—meaning vulnerabilities known or actively exploited before the vendor has a patch—fixed in Microsoft’s monthly update release last Tuesday. Microsoft said the vulnerability—in a class known as a "use after free"—was located in AFD.sys, the binary file for what’s known as the ancillary function driver and the kernel entry point for the Winsock API. Microsoft warned that the zero-day could be exploited to give attackers system privileges, the maximum system rights available in Windows and a required status for executing untrusted code.

Lazarus gets access to the Windows kernel

Microsoft warned at the time that the vulnerability was being actively exploited but provided no details about who was behind the attacks or what their ultimate objective was. On Monday, researchers with Gen—the security firm that discovered the attacks and reported them privately to Microsoft—said the threat actors were part of Lazarus, the name researchers use to track a hacking outfit backed by the North Korean government.

Read 6 remaining paragraphs | Comments

Massively Overpowered
Old School RuneScape brings back slayer partners after a four-year absenceJustin Olivetti
It’s been four years since Old School RuneScape offered a feature called “slayer partners” that lets duos of players team up to grind out tasks for progress and rewards. While this was taken out due to exploits, the studio’s reintroducing it after a rework. “In June 2020, we removed Slayer Partners due to a number […]
2. Srpen 2024 v 17:30

Old School RuneScape brings back slayer partners after a four-year absence

Massively Overpowered

Od: Justin Olivetti

2. Srpen 2024 v 17:30

It’s been four years since Old School RuneScape offered a feature called “slayer partners” that lets duos of players team up to grind out tasks for progress and rewards. While this was taken out due to exploits, the studio’s reintroducing it after a rework. “In June 2020, we removed Slayer Partners due to a number […]

Eurogamer.net
Destiny 2 disables rewards in private Crucible matches after players discover loot farm exploitVikki Blake
Destiny 2 developer Bungie has disabled rewards generated in private Crucible matches because of "an issue".Whilst the studio stopped short of revealing what, exactly, that issue is, Destiny 2 fans believe it has to do with a glitch that enables players to farm a whole host of items and consumables in private matches, even if they're away from their consoles/PCs.As detailed in a video by Cheese Forever, the "game breaking" farm "will give you everything you ever wanted, and you don't even need
23. Červen 2024 v 17:10

Destiny 2 disables rewards in private Crucible matches after players discover loot farm exploit

Eurogamer.net

Od: Vikki Blake

23. Červen 2024 v 17:10

Destiny 2 developer Bungie has disabled rewards generated in private Crucible matches because of "an issue".

Whilst the studio stopped short of revealing what, exactly, that issue is, Destiny 2 fans believe it has to do with a glitch that enables players to farm a whole host of items and consumables in private matches, even if they're away from their consoles/PCs.

As detailed in a video by Cheese Forever, the "game breaking" farm "will give you everything you ever wanted, and you don't even need to move".

Maximum-severity GitLab flaw allowing account hijacking under active exploitation

Ars Technica - All content

Od: Dan Goodin

2. Květen 2024 v 21:02

Maximum-severity GitLab flaw allowing account hijacking under active exploitation

A maximum severity vulnerability that allows hackers to hijack GitLab accounts with no user interaction required is now under active exploitation, federal government officials warned as data showed that thousands of users had yet to install a patch released in January.

A change GitLab implemented in May 2023 made it possible for users to initiate password changes through links sent to secondary email addresses. The move was designed to permit resets when users didn’t have access to the email address used to establish the account. In January, GitLab disclosed that the feature allowed attackers to send reset emails to accounts they controlled and from there click on the embedded link and take over the account.

While exploits require no user interaction, hijackings work only against accounts that aren’t configured to use multifactor authentication. Even with MFA, accounts remained vulnerable to password resets, but the attackers ultimately are unable to access the account, allowing the rightful owner to change the reset password. The vulnerability, tracked as CVE-2023-7028, carries a severity rating of 10 out of 10.

Read 9 remaining paragraphs | Comments

Normální zobrazení

Lazarus gets access to the Windows kernel