An information disclosure vulnerability in the Linux kernel that exposes stack memory (tracked as CVE-2020-28588) can be exploited to leak data and act as a springboard for further compromise.
Google has released version 90.0.4430.85 of the Chrome browser with seven security fixes, including one for a zero-day vulnerability that was exploited in the wild.
Google security researcher Andy Nguyen has disclosed long-awaited details of zero-click vulnerabilities in the Linux Bluetooth subsystem that allow nearby, unauthenticated attackers “to execute arbitrary code with kernel privileges on vulnerable devices”. Nguyen claims that his findings ultimately led to a safer, more stable kernel.
Linux does, occasionally, raise security concerns. While many users see it as the most secure, robust and versatile OS available, security precautions still have to be taken. Linus Torvalds' recent bug warning is a testament to the importance of taking a proactive, vigilant approach to security.
Cybersecurity researchers have identified two new vulnerabilities in Linux-based OSes that, if successfully exploited, could enable attackers to bypass mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory.
Canonical has released another Linux kernel security update for Ubuntu to address six vulnerabilities affecting the Linux 5.8 and 5.4 kernels of several Ubuntu releases. Update ASAP to prevent DoS, information leakage and other security threats.
Researchers have discovered three vulnerabilities capable of granting attackers root privileges on Linux systems if they are able to gain access through other methods. These bugs, which affect the iSCSI kernel subsystem, have existed for more than 15 years.
CentOS Linux 7 and Red Hat Enterprise Linux (RHEL) 7 are vulnerable to over a dozen kernel bugs. Red Hat has issued an important security update mutigating these flaws - patch now!
Canonical has published new Linux kernel security updates for all of its supported Ubuntu OS releases addressing up to six security vulnerabilities affecting all supported kernels. Patch now!
Maliciously constructed Wireshark packet capture files might be used to distribute malware, providing recipients can be tricked into double clicking file URL fields. A CVE has been assigned to the security issue (now resolved through a recent update) due its potential for harm, despite the fact that some social engineering trickery is required.
Three privilege escalation vulnerabilities that have managed to avoid detection since 2006 have been discovered in the Linux kernel. All three have been patched - update now!
Linux Kernel 5.12 RC2 has been released early due to a nasty swap file bug. Do not use Linux Kernel 5.12 RC1 for testing - you stand to lose data!
Linus Torvalds has warned of a nasty security bug in the first release candidate (RC) of the Linux kernel 5.12, which he has deemed a "double ungood" that can have catastrophic consequences for a computer's filesystem.
Five high severity Linux network security vulnerabiities have been found and fixed. Patch your systems immediately to protect your servers against DoS attacks!
Last summer, the GRUB bootloader was impacted by "BootHole" with security issues hitting its UEFI Secure Boot support. Now a new round of GRUB2 vulnerabilities affecting its UEFI Secure Boot support have been made public.
Malicious actors are exploiting a new 'Dependency Confusion' vulnerability to target Amazon, Zillow, Lyft, and Slack NodeJS apps and steal Linux/Unix password files and open reverse shells back to the attackers.
The Python Software Foundation (PSF) has rushed out Python 3.9.2 and 3.8.8 to address two notable security flaws, including one that is remotely exploitable- but in practical terms can only be used to knock a machine offline. Upgrade now!
"Considering the irreparable harm that can be inflicted on users targeted by malware on a permissive SELinux environment, we strongly suggest everyone keep it on enforcing unless absolutely necessary." Learn why you should be wary of installing modules and applications that set SELinux to permissive.
Canonical has released a new Linux kernel security update for its Ubuntu 20.10 (Groovy Gorilla) and Ubuntu 20.04 LTS (Focal Fossa) systems to address a single security vulnerability that could allow a local attacker to crash the system by causing a denial of service (DoS) or run programs as an administrator (root).
Like any OS, Linux and Unix OSes require regular patching - but as security professionals, ethical hackers, and criminal hackers will tell you, regular Linux and Unix patching is often neglected. Learn about a new critical rated Linux\Unix vulnerability you can't afford to ignore.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
