Security Vulnerabilities - Page 12

Critical Security Update for Google Chrome: Implications & Recommendations

The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary code. Over the next few days or weeks, the Google Stable channel will be updated to 124.0.6367.78 ...
Apr 27, 2024
  0

How to Keep Your Linux System Safe from Kernel Bugs

Linux admins and security practitioners face significan...
Apr 23, 2024
  0
32.Lock Code Circular Esm H115

Spectre V2: A New Threat to Linux Systems

A significant security threat, known as the Spectre v2 ...
Apr 23, 2024
  0
1.Penguin Landscape Esm H115

Discover Security Vulnerabilities News

Sudo Esm H200

The Linux Flaw you can’t afford to Ignore (CVE-2021-3156)

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Like any OS, Linux and Unix OSes require regular patching - but as security professionals, ethical hackers, and criminal hackers will tell you, regular Linux and Unix patching is often neglected. Learn about a new critical rated Linux\Unix vulnerability you can't afford to ignore.

19.Laptop Bed Esm H200

Linux Mint fixes screensaver bypass discovered by two kids

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Linux Mint project has patched a security flaw discovered by two kids that could have allowed a threat actor to bypass the OS screensaver and its password and access locked desktops. Linux Mint is now working on adding a setting that will let users disable the on-screen keyboard, which would make mitigating future bugs in this component easier until patches are generally available.

11.Locks IsometricPattern Esm H200

This Decade's Most Significant Security Vulnerabilities at a Glance

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Thank you to Skynats for contributing this article. This past decade has been plagued with security vulnerabilities. Let’s have a look at the top vulnerabilities that have recently crippled the IT world. Badlock: Badock is a crucial security bug affecting Windows computers and Samba servers. It is identified using the following reference: (CVE-2016-0128(Microsoft) CVE-2016-2118(samba). The RPC services allowed an attacker to become a man in the middle to intercept the communication between a client and a server hosting a SAM database to exploit and force the authentication to downgrade, allowing the attackers to access the SAM database. Blueborne: Blueborne is a virus that spreads through the air. Yes, it of course through the Bluetooth on your device. Everything from your smartphone to other devices (TV, Computer, smart cars, laptops) are Bluetooth enabled and active almost all the time, leaving these devices vulnerable to malware attacks that can remotely seize them without user permission. Cloud Bleed: This was another leading cloud-based security vulnerability affecting Cloudflare's reverse proxies which was discovered on February 17, 2017. Most of the busiest websites and the apps rely on Cloudflare's protection. This security bug caused their edge server to run past the end of a buffer and then return the memory which contained private information such as: 1. HTTP cookies 2. Authentication tokens 3. HTTP post bodies 4. Tons of sensitive data and more The worst part was that some of this data was cached by search engines. Dirty Cow: This was another serious security problem discovered in the way the Linux kernel memory handled the copy on write (COW) that affects Linux-based OSes including Android devices that used an older version (before 2018) of the Linux kernel. Dirty Cow is a local privilege escalation vulnerability bug that exploits a rare condition by implementing the copy on write mechanism. Computers and devices that still using an older version of the Linux kernel remain vulnerable, and any user can become root in less than five seconds. The exploitation of this bug doesn't leave any trace in the log, so you can't detect if someone has used this exploit against your server. Foreshadow: This bug (L1TF or foreshadow) affecting Intel/AMD processors will allow attackers unprecedented access to sensitive information that is  stored on a personal computers and cloud server. Foreshadow has two versions: the original attack which extracts data from SGX enclaves and the second version (next-generation) which targets virtual machines (VMs), hypervisors (VMM), OS Kernel memory and system management mode (SMM) memory. Foreshadow is similar to the Spectre security bug which affects the Intel and AMD chips, and the Meltdown security bug also affects Intel. Nevertheless, applying software patches may help mitigate some concern, but the users may see some considerable changes in overall PC or server power by doing so. Heartbleed: Heartbleed is a serious vulnerability in the popular open SSL cryptographic software library, used widely in implementation of the transport layer security (TLS) protocol. The Heartbleed vulnerability was publicly disclosed in April of 2014. iSee You: This is an Apple webcam vulnerability which is a silent malware attack. Apple laptops affected are capable of running all sort of operating systems, including macOS, Microsoft Windows and Linux. Researchers have released iSightDefender, a macOS kernel extension to reduce the attack surface under the macOS operating system. KRACK: (Key Reinstallation Attack) is a replay attack (a type of exploitable flaw) on the Wi-Fi protected Access protocol (WPA) used to secure the Wi-Fi connections. It was discovered in 2016 by Belgian researchers. All the major software platforms that use Wi-Fi protected access are affectedincluding Microsoft windows, macOS, iOS, Linux, Andriod and OpenBSD. Lazy: Lazy, which is also referred to as Lazy FP State Restore or LazyFP, is a security vulnerability affecting Intel CPUs. The vulnerability is caused by a combination of flaws in the speculation execution technology. This vulnerability is used to leak the content of the FPU registers that belongs to another process. Lazy is related to the Spectre and Meltdown vulnerabilities which were publicly disclosed in January of 2018. Linux .encoder:  This is considered to be the first ransomware Trojan targeting computers and cloud servers running Linux. There are additional variants of this Trojan that target other UNIX and UNIX-like systems which were discovered on November 5, 2015. Meltdown: Meltdown is a severe security vulnerability in tech media that is found in almost all CPUs used in modern devices. Mobile phones, laptops, systems and internet of things (IoT) devices are vulnerable. Meltdown CPU vulnerabilities and exposures will break the fundamental isolation between the user and the application. This will allows a rogue process to access the memory of other programs and the operating system. The Meltdown vulnerabilities primarily affect Intel microprocessors, but will also affect the ARM Cortex-A75 and IBM's Power microprocessors. It does not affect AMD CPUs. Microarchitectural: The Microarchitectural Data Sampling (MDS) vulnerabilities are a set of weaknesses in Intel x86 microprocessors that use hyper-threading to leak data across the protection boundaries that are architecturally supposed to be secure. After Meltdown, Spectre and Foreshadow, Microarchitectural is considered the most critical vulnerability in modern processors. The attack exploits  vulnerabilities have been labeled as Fallout, RIDL (rogue in-flight Data load) and Zombiaload and allows attackers to steal sensitive data and keys. Have another vulnerability that you feel belongs on this list? Please do not hesitate to reach out and let us know!

Cloud Web App Esm H200

RCE ‘Bug’ Found and Disputed in Popular PHP Scripting Framework

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A high-risk RCE bug impacting PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases has been discovered and disputed by Zend. Regardless of the dispute, Zend has issued a patch addressing this vulnerability which "provides type checking of the $streamName property before performing a cleanup operation (which results in an unlink() operation, which, previously, could have resulted in an implied call to an an object’s __toString() method) in the Laminas\Http\Response\Stream destructor".

LibreOffice70 Esm H200

LibreOffice 7.0.3 Released with More Than 90 Bug Fixes, Update Now

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Are you using LibreOffice 7.0 on your PC? If so, you'll want to update to the new version immediately to experience improved stability, reliability and security. The Document Foundation has announced the unexpected availability of the LibreOffice 7.0.3 update to the latest LibreOffice 7.0 office suite series, addressing some important bugs.

Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved