FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
☐ β˜† βœ‡ The Hacker News

Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel

By: Newsroom β€” April 10th 2024 at 09:26
Cybersecurity researchers have disclosed what they say is the "first native Spectre v2 exploit" against the Linux kernel on Intel systems that could be exploited to read sensitive data from the memory. The exploit, called Native Branch History Injection (BHI), can be used to leak arbitrary kernel memory at 3.5 kB/sec by bypassing existing Spectre v2/BHI mitigations, researchers from Systems and
☐ β˜† βœ‡ The Hacker News

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

By: Newsroom β€” January 31st 2024 at 05:44
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246 (CVSS score: 7.8), the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes. It's said to have
☐ β˜† βœ‡ The Hacker News

Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware

By: THN β€” July 13th 2023 at 12:56
In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a "crafty" persistence method. "In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha MalladiΒ said.
☐ β˜† βœ‡ The Hacker News

Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability

By: Ravie Lakshmanan β€” July 6th 2023 at 10:55
Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. DubbedΒ StackRotΒ (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date. "As StackRot is a Linux kernel vulnerability found in the memory
☐ β˜† βœ‡ Naked Security

Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads

By: Paul Ducklin β€” April 10th 2023 at 20:20
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!

☐ β˜† βœ‡ Naked Security

β€œDirty Pipe” Linux kernel bug lets anyone write to any file

By: Paul Ducklin β€” March 8th 2022 at 17:37
Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.

pipe-1200

❌