Comment
Author: Admin | 2025-04-27
Vulnerability impacting the Mitel Service Appliance component of MiVoice Connect, to obtain a reverse shell and subsequently used Chisel as a tunnelling tool to pivot into the environment.”Full news: https://thehackernews.com/2022/09/lorenz-ransomware-exploit-mitel-voip.html New Research Warn self-spreading malware via YouTube.The malware has been targeting the gaming community for the one that searches a quick win. Gamers looking for cheats on YouTube are being targeted with links to rogue password-protected archive files. Once opened, the malware launch a crypto miner.“The videos advertise cheats and cracks and provide instructions on hacking popular games and software,” Kaspersky security researcher Oleg Kupreev said in a new report published today.Microsoft Security Update (13 Sept) Fixes 64 New Flaws, Including a Zero-DaySecurity patch day for Microsoft releasing and fixing 64 new security flaws, including a zero-day. The patches are in addition to 16 vulnerabilities that Microsoft addressed in its Chromium-based Edge browser earlier this month.Attackers have been exploiting CVE-2022-37969 (CVSS score: 7.8) a vulnerability affecting the Windows Common Log File System (CLFS) Driver. The vulnerability, a privilege escalation, could be leveraged by an adversary to gain SYSTEM privileges on an already compromised asset.Vulnerability EPSS Score: 0.01178 and low usage (4.5% of activity in monitored Honeynet) Currently, the vulnerability sits at 10-25K; before, it was around 50-100K while unpatched. “In terms of CVEs released, this Patch Tuesday may appear on the lighter side in comparison to other months,” Bharat Jogi, director of vulnerability and threat research at Qualys, said in a statement shared with The Hacker News.CVE-2022-37969 is also the second actively exploited zero-day flaw in the CLFS component after CVE-2022-24521 (CVSS score: 7.8) since the start of the year, the latter of which was resolved by Microsoft as part of its April 2022 Patch Tuesday updates.It’s not immediately clear if CVE-2022-37969 is a patch bypass for CVE-2022-24521. Other critical flaws of note are as follows –CVE-2022-34718 (CVSS score: 9.8) – Windows TCP/IP Remote Code Execution VulnerabilityCVE-2022-34721 (CVSS score: 9.8) – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution VulnerabilityCVE-2022-34722 (CVSS score: 9.8) – Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution VulnerabilityCVE-2022-34700 (CVSS score: 8.8) – Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityCVE-2022-35805 (CVSS score: 8.8) – Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityHacksGTA 6 source code leaked on rockstar game hackAn early version of GTA6 and gameplay videos have been leaked by a hacker that claims to have stolen GTA5 and GTA 6 source code threat actor ‘teapotuberhacker’ shared a link to a RAR archive containing 90 stolen videos.RAR archive containing the 90 leaked GTA 6 videosHowever, the threat actor says they accept offers over $10,000 for the GTA V source code and assets but are not selling the GTA 6 source code.Selling GTA V source code on TelegramSource: BleepingComputerSome of the underground forums where hacked data gets disclosed showed the attacker leaking proof of content. In an unverified claim, the threat actor claimed he was behind the recent cyberattack on Uber and leaked screenshots of source code from Grand Theft Auto
Add Comment