Author: admin

A decade-old vulnerability in the Linux kernel has reemerged as a powerful weapon for ransomware groups, according to warnings issued by the Cybersecurity and Infrastructure Security Agency (CISA). Tracked as CVE 2024 1086, the flaw resides in the netfilter nf_tables component and enables local privilege escalation (LPE), allowing attackers with initial access to elevate their permissions to root and take full control of a system.

Originally introduced in the kernel’s codebase in 2014, the bug affects Linux versions from 3.15 through 6.8 rc1, impacting major distributions including Debian, Ubuntu, Fedora, and Red Hat. The vulnerability stems from a use after free (UAF) condition in the nft_verdict_init() and nf_hook_slow() functions, which improperly handle packet filtering verdicts. This flaw can lead to double free memory corruption, providing attackers a pathway to execute arbitrary code in the kernel space and gain persistent access.

Although a patch was released in January 2024 and the issue was added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog by May 2024, researchers now confirm that it is being actively weaponized in ransomware campaigns. Security firm CrowdStrike first detected exploitation attempts in April 2024, later escalating the risk rating to “Critical” after public exploit code surfaced online.

Privilege escalation flaws such as CVE 2024 1086 are particularly valuable to ransomware operators. By obtaining root privileges, attackers can disable endpoint protections, encrypt files, delete backups, and move laterally across networks. Even a low privileged user account can become a launchpad for full system compromise, making this bug a prime catalyst for large scale ransomware incidents.

Organizations that rely on Linux for cloud workloads, enterprise servers, or operational technology should treat this vulnerability as actively exploited in the wild and assume exposure until verified otherwise. Especially at a time when security breaches of cloud systems are at their highest.

Islanders are being encouraged to reuse and recycle pumpkins after Halloween.

Guernsey Waste said a “scary amount” of waste was produced at the end of October every year.

It said the pieces of flesh removed when carving pumpkins could be used in recipes such as pumpkin lasagne, spicy pumpkin soup and autumnal pumpkin tart.

The company said the more fibrous flesh from around the seeds could be home composted or put into the food waste caddy, along with the carved pumpkin.

Waste minimisation and sustainability officer Douglas Button said islanders bought thousands of pumpkins each year to carve or for decoration.

But h said the “best – and tastiest- parts of the pumpkin” were often forgotten and ended up being thrown away.

Islanders are also being asked to think about the number of single-use plastics they consume during Halloween, from sweet wrappers to costume items.

Mr Button said decorations and costumes could be reused in following years which also helped to save money.

He added: “Through a few small steps, people can have fun at Halloween while limiting any negative impacts on the environment.

“It’s all about trying to reduce, reuse and recycle as much as we can.”