The Wiz research team has discovered a security issue in Azure App Service on Linux. This exposed the source code of client applications written in PHP, Python, Ruby or Node, which were deployed using “Local Git”.
Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter.
A basic Javascript WebSocket connection can trigger a local Log4j remote code attack via a drive-by compromise. Wonderful. Truly wonderful.
Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned the recently-revealed Log4j vulnerability was “one of the most serious” she’s seen in her entire career, “if not the most serious”.
A local privilege escalation security vulnerability (CVE-2021-3939) could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME's AccountsService component.
A recent research paper by a team at University of California, Riverside, shows the existence of previously overlooked side channels in the Linux kernels that can be exploited to attack DNS servers. According to the researchers, the issue with DNS roots in its design, that never really took security as a key concern and that made it extremely hard to retrofit strong security features into it.
