BleepingComputer cybersecurity experts: The malware group submitted a ZIP archive with the decryptors to VirusTotal and now it plans to switch to cryptojacking.
CISA adds 3 new vulnerabilities to the Known Exploited Catalog. They are the CVE-2021-3156, CVE-2021-31166 and CVE-2017-0148. One is linked to Sudo and the other two to Microsoft
Cybercrime-Cyber Warfare actors are exploited three new vulnerabilities to attack targets worldwide. It has been denounced by CISA cybersecurity experts who added them to the Known Exploited Vulnerabilities Catalog. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the “Date Added to Catalog” column, which will sort by descending dates. They are the CVE-2021-3156, CVE-2021-31166 and CVE-2017-0148. The first one is linked to Sudo. It contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation. The other two, instead, refers to Microsoft. HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution and the SMBv1 server allows remote attackers to execute arbitrary code via crafted packets.