China Defence Minister Positioned Under Investigation for Corruption, FT Stories
Private investigator near me: BEIJING (Reuters) – China Defence Minister Dong Jun has been placed below investigation as phase of a vast-ranging anti-corruption probe that has… Read Extra
Examine the forefront of digital research in our Latest News & Blog. Study expert analyses, technological advancements, and key industry insights that keep you informed and prepared in the ever-evolving world of digital forensics.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, including a Linux kernel privilege elevation flaw.
The high-severity flaw tracked as CVE-2024-1086 was first disclosed on January 31, 2024, as a use-after-free problem in the netfilter: nf_tables component, but was first introduced by a commit in February 2014.
Netfilter is a framework provided by the Linux kernel that allows various networking-related operations, such as packet filtering, network address translation (NAT), and packet mangling.
The vulnerability is caused because the ‘nft_verdict_init()’ function allows positive values to be used as a drop error within the hook verdict, causing the ‘nf_hook_slow()’ function to execute a double free when NF_DROP is issued with a drop error that resembles NF_ACCEPT.
Exploitation of CVE-2024-1086 allows an attacker with local access to achieve privilege escalation on the target system, potentially gaining root-level access.
The issue was fixed via a commit submitted in January 2024, which rejects QUEUE/DROP verdict parameters, thus preventing exploitation.
The fix has been backported to multiple stable kernel versions as listed below:
v5.4.269 and later
v5.10.210 and later
v6.6.15 and later
v4.19.307 and later
v6.1.76 and later
v5.15.149 and later
v6.7.3 and later
In late March 2024, a security researcher using the alias ‘Notselwyn’ published a detailed write-up and proof-of-concept (PoC) exploit on GitHub, showcasing how to achieve local privilege escalation by exploiting the flaw on Linux kernel versions between 5.14 and 6.6.
While most Linux distrobutions pushed out fixes fairly quickly, Red Hat had not pushed out a fix until March, making it possible that threat actors used the public exploit on compromised systems.
CISA did not share specific details about how the vulnerability is exploited, but BleepingComputer has seen posts on hacking forums about the public exploits.
The cybersecurity agency has now given federal agencies until June 20, 2024, to apply the available patches.
If updating is not possible, admins are recommended to apply the following mitigations:
Blocklist ‘nf_tables’ if it’s not needed/actively used.
Restrict access to user namespaces to limit the attack surface.
Load the Linux Kernel Runtime Guard (LKRG) module (can cause instability)
Following the vendor’s disclosure and security update release for this flaw, researchers from Watchtowr Labs published their analysis, underlining that the vulnerability is far worse than what Check Point’s bulletin reflected.
Nearly about three a protracted time after two girls had been found ineffective in a nationwide park in Virginia, their killer — a “serial rapist” who died in penitentiary in 2018 — changed into once identified by forensic assessments, the FBI acknowledged Thursday.
DNA assessments determined that Walter “Leo” Jackson Sr. killed Laura “Lollie” Winans, 26, and Julianne “Julie” Williams, 24, at Shenandoah National Park on May perhaps perhaps also honest 24, 1996, the FBI’s Richmond Field Workplace and the U.S. Attorney’s Workplace for the Western District of Virginia acknowledged Thursday in a joint assertion.
“After 28 years, we are actually capable of claim who dedicated the brutal murders,” U.S. Attorney Christopher R. Kavanaugh acknowledged in the assertion. “I are looking out to again lengthen my condolences to the Winans and Williams families and hope nowadays’s announcement supplies some tiny measure of solace.”
Their relatives known as the National Park Carrier when the girls didn’t return dwelling as deliberate. Their our bodies had been found June 1, 1996, following an intensive search.
They’d been killed at their campsite reach the Skyland Resort, the FBI acknowledged.
The case changed into once unsolved for years, and in 2021, a brand unusual FBI group changed into once assigned to review the murders. Special agents, intelligence analysts and a quantity of FBI personnel re-evaluated quite a lot of of leads and interviews, the FBI acknowledged.
The group prioritized evidence from the crime scene and had it retested by an licensed private lab, the FBI acknowledged.
The private lab aloof DNA from “plenty of items of evidence,” and with the encourage of Virginia Inform Police, the DNA profile changed into once despatched to the FBI’s Mixed DNA Index System, the FBI acknowledged. That resulted in a reveal match to Jackson, a convicted serial rapist from Cleveland.
The FBI also compared evidence from the slayings of Winans and Williams to a buccal swab containing Jackson’s DNA, the FBI acknowledged.
“These outcomes confirmed we had the greatest man and at glorious might well perhaps well well describe the victims’ families we all know who’s accountable for this unsuitable crime,” acknowledged Stanley M. Meador, the actual agent responsible of the FBI in Richmond.
Jackson, who changed into once a painter, changed into once an avid hiker who changed into once known to be in contact about with Shenandoah National Park, the FBI acknowledged. He died in penitentiary in March 2018 in Cuyahoga County, Ohio, it acknowledged.
Jackson’s prison rap sheet included kidnapping, rapes and assaults, the FBI acknowledged, noting that it also labored with Cleveland police and Cuyahoga County Prosecutor’s Workplace on the case.
Shares in GameStop doubled on Monday after “Roaring Kitty”, the man at the heart of the stock market frenzy surrounding the video gaming chain three years ago, resurfaced on social media.
Trading of GameStop was halted several times as its shares surged to their highest levels in more than a year when New York opened for trading.
Keith Gill, the influencer known as Roaring Kitty and former marketer at an insurance firm, posted on X for the first time since 2021. He shared a sketch of a gamer leaning forward, as if things were getting serious – and followed up with a stringof clips from movies and TV shows.
In one clip from the Pirates of the Caribbean franchise, Captain Barbossa, having unexpectedly returned from the dead, remarked: “So tell me, what’s become of my ship?”
The posts triggered a surge in GameStop shares, which rallied by as much as 110% during early trading on Monday. They slipped back, and ended the day up 74%.
Gill’s videos on YouTube, and posts on Reddit, where he is known as DeepFuckingValue, placed him at the front of an army of meme-toting day traders who tried to mount a rebellion against Wall Street – and the financial titans dominating the market.
Their bid to engineer a “short squeeze”, whereby the hedge funds that bet against GameStop were left scrambling to shore up their balance sheets after its shares surged, was transformed into a Hollywood movie last year. Paul Dano played Gill, who was the central character in Dumb Money.
Gill himself has largely kept his head down, however – and steered clear of social media – until now. His posts on Sunday evening and Monday unleashed a torrent of speculation around his plans.
Shares in GameStop have fallen dramatically since their extraordinary peak in early 2021, at the height of the so-called “memestock” trading frenzy, when a string of companies were boosted by viral memes.
Questions have been raised, too, about the strength of GameStop’s business, which has endured a series of high-profile departures from its management team. In March, the chain cut an unspecified number of jobs to reduce costs and reported lower fourth-quarter revenue.
Kathleen Brooks, research director at XTB, noted that the stock had rallied despite a “horrible” first quarter. “Monday’s move in GameStop rounds off a good month for the company,” she said. “Its stock price has surged more than 60% in the past month, fueled mostly by demand from retail traders.”
Roaring Kitty “seems to be the most likely suspect for the renewed interest today … but I would be careful not to characterize the participants in this phenomenon as investors”, said Art Hogan, chief market strategist at B Riley Wealth.
“There’s no fundamental change in any of the companies that are popularized in this phenomenon.”
Monday’s rally spread beyond GameStop to other top memestocks. Shares in AMC Entertainment, the movie chain, rose 78% while Trump Media, the former president’s media business, rallied before losing steam, to finish the day up 1%.