news
Fear, Uncertainty, Doubt (FUD) From Microsoft CISA
-
CVE-2024-1086 Vulnerability: Critical Privilege Escalation Flaw in Linux Kernel Exploited in the Ransomware Attacks [Ed: This is very old, why does that become a talking point so long later?]
Immediately after reports of CVE-2025-59287, a critical RCE flaw in WSUS systems, being exploited in the wild, another high-severity Linux kernel flaw has been observed being actively weaponized in ransomware attacks. CISA confirmed its exploitation and warned that abusing CVE-2024-1086 in offensive campaigns allows attackers with local access to gain root privileges on affected systems.
-
Live exploitation of CVE-2024-1086 across older Linux versions flagged by CISA [Ed: Bringing up very old bugs that got patched ages ago]
CISA’s warning serves as a reminder that ransomware is not confined to Windows. A Linux kernel flaw, CVE-2024-1086, is being exploited in real-world incidents, and federal networks face a November 20 patch-or-disable deadline. Businesses should read it as their cue, too.
-
TechRadar ☛ US government warns Linux flaw is now being exploited for ransomware attacks [Ed: CISA hired too many Microsoft people, now they shift attention to old bugs]
The US government is warning that a Linux flaw introduced more than a decade ago - and fixed more than a year ago - is being actively used in ransomware attacks.
-
Ransomware intrusions with old Linux kernel bug reemerge [Ed: Way to distract from actual back doors in Windows?]
Attacks exploiting the high-severity Linux kernel bug, tracked as CVE-2024-1086, were observed by the Cybersecurity and Infrastructure Security Agency to have been deployed by ransomware groups more than a year after the flaw was included in its Known Exploited Vulnerabilities catalog, reports Security Affairs.