Security Vulnerabilities

Discover Security Vulnerabilities News

20.Lock AbstractDigital Circular Esm H200

Multiple Apache HTTP Server Flaws Fixed in Ubuntu

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected several versions of Ubuntu and could potentially lead to server disruption and injection of malicious code.

Brittany Day
May 01, 2024

Linux Kernel Vulnerability Exposes Unauthorized Data to Hackers

A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential risks to systems worldwide. The vulnerability, CVE-2024-26925, arises from improperly releasing a mutex within the garbage collection (GC) sequence of nf_tables. It could potentially lead to race conditions and compromise the stability and security of the Linux kernel.

Brittany Day
Apr 30, 2024

Critical Security Update for Google Chrome: Implications & Recommendations

The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary code. Over the next few days or weeks, the Google Stable channel will be updated to 124.0.6367.78 for Linux. As security practitioners, Linux admins, infosec professionals, and sysadmins must be aware of the implications of such vulnerabilities and take appropriate action.

Brittany Day
Apr 29, 2024

Hacked VMs Reveal New Attack Risks

Researchers have exposed new and sophisticated types of attacks that endanger the security and confidentiality of virtual machines (VMs). Two variations of Ahoi attacks, Heckler and WeSee, have been identified targeting hardware-based trusted execution environments, specifically AMD’s Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) and Intel’s Trust Domain Extensions (TDX) technologies.

Brittany Day
Apr 25, 2024

Native Spectre v2 Exploit Uncovered: Implications & Analysis for Linux Security Practitioners

The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle against Spectre v2 vulnerabilities. Researchers have revealed that BHI can bypass existing Spectre v2/BHI mitigations to read sensitive data from the memory of Intel systems.

Dave Wreski
Apr 25, 2024

Spectre V2: A New Threat to Linux Systems

A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's delve into the details of the Spectre v2 exploit, its implications, and the measures being taken to mitigate its impact.

Brittany Day
Apr 23, 2024

How to Keep Your Linux System Safe from Kernel Bugs

Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs. Understanding and mitigating the vulnerabilities in the Linux kernel is essential in safeguarding your systems against exploits leading to compromise. Let's examine why kernel vulnerabilities are such a severe threat and mitigation strategies for protecting against them.

Dave Wreski
Apr 23, 2024

New Thunderbird, Firefox Vulns Threaten Sensitive Data, System Availability [Updated]

Several significant vulnerabilities have been found in the Thunderbird email client and Firefox web browser. An attacker could exploit these issues to disrupt services, obtain sensitive data, bypass security restrictions, perform cross-site tracing, run rogue programs on your computer, or escalate privileges on impacted systems.

Brittany Day
Apr 22, 2024

The XZ Utils Linux Backdoor: How It Happened & What We Can Learn [Updated]

The alarming discovery of a backdoor in the xz data compression library, which had the potential to compromise Linux systems, has dominated recent security news. While the backdoor did not make its way into production Linux distributions, the incident raises crucial questions about open-source security and the need for vigilance in the face of emerging threats.

Brittany Day
Apr 21, 2024

Linux Kernel 'Make-Me-Root' Flaw Threatens Popular Distros [Updated]

In the world of open-source software, security vulnerabilities can have widespread consequences. The recent publication of a Linux privilege-escalation proof-of-concept exploit has sent shockwaves through the Linux community, demanding the immediate attention of Linux admins, infosec professionals, internet security enthusiasts, and sysadmins.

Brittany Day
Apr 19, 2024

Severe X.Org Memory Safety, Code Execution Vulns Fixed [Updated]

After recent heap overflow, out-of-bounds write, and privilege escalation flaws brought X.Org into the spotlight, more severe memory safety, use-after-free, heap buffer overread, and code execution vulnerabilities have been identified in the popular X server. These issues affect the X.Org X11 server.

Anthony Pell
Apr 15, 2024

Latest Ubuntu Beta, Other Linux Distro Releases Delayed by xz-utils Vuln

The recent security issue with xz-utils has delayed the latest Ubuntu beta release and other major Linux distros. The delay follows the discovery of a critical vulnerability, CVE-2024-3094, which has prompted developers to push back the release by a week to ensure the safety of the upcoming Ubuntu version, codenamed Noble Numbat.

Brittany Day
Apr 05, 2024

Decade-Old Linux 'wall' Bug Helps Generate Fake SUDO Prompts, Threatens Password Security

A critical vulnerability has been found in the wall command of the util-linux package that poses a severe security threat to Linux systems. This vulnerability, known as WallEscape and tracked as CVE-2024-28085, has been present in every package version for the past 11 years.

Anthony Pell
Mar 29, 2024

Multiple Chromium DoS, Info Disclosure Vulns Fixed [Updated]

Multiple severe security issues were discovered in Chromium before version 122.0.6261.128, which could result in arbitrary code execution, denial of service, or information disclosure. Let's examine these vulnerabilities, their impact, and how to protect against them.

Brittany Day
Mar 24, 2024

New GhostRace Attack Impacts Major CPU, Software Vendors

A new data leakage attack called GhostRace (CVE-2024-2193) was recently discovered. It affects major CPU manufacturers and widely used software. This critical analysis will investigate the implications of this attack and discuss its significance for Linux admins, infosec professionals, and Internet security enthusiasts.

Brittany Day
Mar 15, 2024

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Multiple severe security issues have been found in the popular Mozilla Firefox web browser and Thunderbird email client that significantly threaten the confidentiality, integrity, and availability of impacted systems.

Brittany Day
Mar 03, 2024

New DDoS Malware Puts Apache Servers at Risk

A Lucifer DDoS botnet malware variant has been identified, specifically targeting Apache Hadoop and Apache Druid servers. This sophisticated malware campaign exploits existing vulnerabilities and misconfigurations within these systems to carry out malicious activities, including cryptojacking and distributed denial-of-service (DDoS) attacks.

Brittany Day
Mar 02, 2024

RunC Container Escape Flaws Grant Attackers Host Access

A series of severe security vulnerabilities have been discovered in the popular runC command line tool. These vulnerabilities, collectively known as Leaky Vessels, allow threat actors to break out of containers and gain unauthorized access to the host operating system.

Anthony Pell
Feb 27, 2024

Joomla XSS Bug Puts Millions of Websites at Risk of RCE

A critical security vulnerability has been found in the popular Joomla open-source content management system that has left millions of websites open to the risk of remote code execution (RCE) due to multiple cross-site scripting (XSS) bugs. The vulnerability is linked to a fundamental flaw in Joomla's core filter component and is tracked as CVE-2024-21726.

Brittany Day
Feb 22, 2024

Bootloader Bug Threatens Linux Distros Supporting Secure Boot

A critical vulnerability in the Shim program, which is used in Linux distributions that support secure boot. The bug, CVE-2023-40547, allows an attacker to execute remote code, potentially resulting in complete system compromise.

Brittany Day
Feb 17, 2024

Multiple Apache HTTP Server Flaws Fixed in Ubuntu

Linux Kernel Vulnerability Exposes Unauthorized Data to Hackers

Critical Security Update for Google Chrome: Implications & Recommendations

Discover Security Vulnerabilities News

Multiple Apache HTTP Server Flaws Fixed in Ubuntu

Linux Kernel Vulnerability Exposes Unauthorized Data to Hackers

Critical Security Update for Google Chrome: Implications & Recommendations

Hacked VMs Reveal New Attack Risks

Native Spectre v2 Exploit Uncovered: Implications & Analysis for Linux Security Practitioners

Spectre V2: A New Threat to Linux Systems

How to Keep Your Linux System Safe from Kernel Bugs

New Thunderbird, Firefox Vulns Threaten Sensitive Data, System Availability [Updated]

The XZ Utils Linux Backdoor: How It Happened & What We Can Learn [Updated]

Linux Kernel 'Make-Me-Root' Flaw Threatens Popular Distros [Updated]

Severe X.Org Memory Safety, Code Execution Vulns Fixed [Updated]

Latest Ubuntu Beta, Other Linux Distro Releases Delayed by xz-utils Vuln

Decade-Old Linux 'wall' Bug Helps Generate Fake SUDO Prompts, Threatens Password Security

Multiple Chromium DoS, Info Disclosure Vulns Fixed [Updated]

New GhostRace Attack Impacts Major CPU, Software Vendors

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

New DDoS Malware Puts Apache Servers at Risk

RunC Container Escape Flaws Grant Attackers Host Access

Joomla XSS Bug Puts Millions of Websites at Risk of RCE

Bootloader Bug Threatens Linux Distros Supporting Secure Boot

LinuxSecurity Poll

What is the best browser with a built-in VPN?

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By