Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL. The vulnerabilities assigned CVE-2024-4216 and CVE-2024-4215 affect the tool's cross-site scripting and multi-factor authentication featu...
A preliminary study released February 18, which we directed alongside the Linux Foundation, numerous troubling trends in open source security underscore the importance of understanding where open source is most used and could be vulnerable to attack.
Server-side exploitation is possible when the attacker connects to the OpenSMTPD server and sends an email that creates a bounce. When OpenSMTPD connects back to deliver the bounce, the attacker can take advantage of the client-side vulnerability.
What if I told you that there is an exploitable security risk hiding in plain sight that could result in the compromise of your Linux or Windows machine? What if I told you that the attack vector has been exploited since 2015 and that both vendors and attackers are well aware of it?
A flaw that gave out root privileges gets patched. It is a utility that, saidDan Goodin in Ars Technica, can be found in "dozens of Unix-like operating systems."
Security researchers have discovered a vulnerability inside a core email-related library used by many BSD and Linux distributions.The vulnerability, tracked as CVE-2020-7247, impactsOpenSMTPD, an open-source implementation of the server-sideSMTP protocol.
Are you a RHEL user? Severe bugs in the ubiquitous SQLite engine – used in thousands of software applications – continue to pose a major security threat, security researchers say, with Red Hat admitting that its flagship Red Hat Enterprise Linux (RHEL) 8 remains vulnerable, despite patching other products this week.
Are you aware that Intel has published a total of six advisories for security vulnerabilities impacting its products, including the Intel Processor Graphics on Windows and Linux?
Are you aware that memory access protections baked into the ARMv8 64-bit specification are vulnerable to being bypassed? The Arm team has just recently mitigated the bug, which would allow an attacker to circumvent its “Privileged Access Never” (PAN) controls in the kernel.
Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems? If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla's website. Why the urgency? Mozilla earlier today released Firefox 72.0.1 and Firefox ESR 68.4.1 versions to patch a critical zero-day vulnerability in its browsing software that an undisclosed group of hackers is actively exploiting in the wild. Learn more:
In a new research paper published on the last day of 2019, a team of American and German academics has shown that field-programmable gate array (FPGA) cards can be abused to launch better and faster Rowhammer attacks. Learn more about how FPGA cards can be abused for faster and more reliable Rowhammer attacks:
Security experts from Netlab 360 have uncovered a new Remote Access Trojan (RAT) used on Linux and Windows operating systems – currently being used in the wild by exploiting a known code execution vulnerability. Dubbed Dacls, the malware was in use since at least May this year and is attributed to the North Korean advanced persistent threat group Lazarus, also known as Hidden Cobra, Guardians of Peace, or Zinc. Learn more:
The funky vulnerability of the month – what we call aBWAIN, short forBug With an Impressive Name– isPlundervolt, also known asCVE-2019-11157. Learn more about this vulnerability, how it works and what actions you should be taking to protect you system in an informative Naked Security article:
Researchers have discovered a security flaw in macOS, Linux, and several other operating systems that could let attackers hijack a wide range of virtual private network (VPN) connections. Learn more about this networking attack:
Are you an OpenBSD user? OpenBSD, one of the internet’s most popular free operating systems allowed attackers to bypass its authentication controls, effectively leaving the keys in the back door, according to an advisory released this week. The developers of the OpenBSD system have already patched the vulnerability. Learn more:
A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. Learn more about the bug and how it could impact your system:
Canonical has published a new security advisory today where the company behind the popular Ubuntu Linux operating system apologizes for a regression introduced by the latest Intel microcode firmware update.
Aviatrix, a supplier of open source enterprisevirtual private networks(VPNs) to customers including BT, Nasa and Shell, has patched a serious vulnerability in its client that could have given an attacker escalation privileges on a machine to which they already had access. Learn more about this vulnerability and its implications for Linux users in an informative Computer Weekly article:
Are you a security-conscious WordPress user? WPScan is an open source WordPress security scanner. You can use it to scan your WordPress website for known vulnerabilities within the WordPress core, as well as popular WordPress plugins and themes. Learn more about WPScan and how you can use this tool to improve your security in WordPress in an informative Security Boulevard article:
