Security researchers have discovered a set of seven vulnerabilities in dnsmasq - a utility used in many Linux-based systems, especially routers and other IoT devices, to provide DNS services - which allow attackers to redirect users or execute malicious code. This dangerous set of flaws has been named DNSpooq. Patch dnsmasq now!
The Linux Mint project has patched a security flaw discovered by two kids that could have allowed a threat actor to bypass the OS screensaver and its password and access locked desktops. Linux Mint is now working on adding a setting that will let users disable the on-screen keyboard, which would make mitigating future bugs in this component easier until patches are generally available.
Thank you to Skynats for contributing this article.
This past decade has been plagued with security vulnerabilities. Let’s have a look at the top vulnerabilities that have recently crippled the IT world.
Badlock: Badock is a crucial security bug affecting Windows computers and Samba servers. It is identified using the following reference: (CVE-2016-0128(Microsoft) CVE-2016-2118(samba).
The RPC services allowed an attacker to become a man in the middle to intercept the communication between a client and a server hosting a SAM database to exploit and force the authentication to downgrade, allowing the attackers to access the SAM database.
Blueborne: Blueborne is a virus that spreads through the air. Yes, it of course through the Bluetooth on your device. Everything from your smartphone to other devices (TV, Computer, smart cars, laptops) are Bluetooth enabled and active almost all the time, leaving these devices vulnerable to malware attacks that can remotely seize them without user permission.
Cloud Bleed: This was another leading cloud-based security vulnerability affecting Cloudflare's reverse proxies which was discovered on February 17, 2017. Most of the busiest websites and the apps rely on Cloudflare's protection. This security bug caused their edge server to run past the end of a buffer and then return the memory which contained private information such as:
1. HTTP cookies
2. Authentication tokens
3. HTTP post bodies
4. Tons of sensitive data and more
The worst part was that some of this data was cached by search engines.
Dirty Cow: This was another serious security problem discovered in the way the Linux kernel memory handled the copy on write (COW) that affects Linux-based OSes including Android devices that used an older version (before 2018) of the Linux kernel. Dirty Cow is a local privilege escalation vulnerability bug that exploits a rare condition by implementing the copy on write mechanism. Computers and devices that still using an older version of the Linux kernel remain vulnerable, and any user can become root in less than five seconds. The exploitation of this bug doesn't leave any trace in the log, so you can't detect if someone has used this exploit against your server.
Foreshadow: This bug (L1TF or foreshadow) affecting Intel/AMD processors will allow attackers unprecedented access to sensitive information that is stored on a personal computers and cloud server. Foreshadow has two versions: the original attack which extracts data from SGX enclaves and the second version (next-generation) which targets virtual machines (VMs), hypervisors (VMM), OS Kernel memory and system management mode (SMM) memory.
Foreshadow is similar to the Spectre security bug which affects the Intel and AMD chips, and the Meltdown security bug also affects Intel.
Nevertheless, applying software patches may help mitigate some concern, but the users may see some considerable changes in overall PC or server power by doing so.
Heartbleed: Heartbleed is a serious vulnerability in the popular open SSL cryptographic software library, used widely in implementation of the transport layer security (TLS) protocol. The Heartbleed vulnerability was publicly disclosed in April of 2014.
iSee You: This is an Apple webcam vulnerability which is a silent malware attack. Apple laptops affected are capable of running all sort of operating systems, including macOS, Microsoft Windows and Linux. Researchers have released iSightDefender, a macOS kernel extension to reduce the attack surface under the macOS operating system.
KRACK: (Key Reinstallation Attack) is a replay attack (a type of exploitable flaw) on the Wi-Fi protected Access protocol (WPA) used to secure the Wi-Fi connections. It was discovered in 2016 by Belgian researchers. All the major software platforms that use Wi-Fi protected access are affectedincluding Microsoft
windows, macOS, iOS, Linux, Andriod and OpenBSD.
Lazy: Lazy, which is also referred to as Lazy FP State Restore or LazyFP, is a security vulnerability affecting Intel CPUs. The vulnerability is caused by a combination of flaws in the speculation execution technology. This vulnerability is used to leak the content of the FPU registers that belongs to another process. Lazy is related to the Spectre and Meltdown vulnerabilities which were publicly disclosed in January of 2018.
Linux .encoder: This is considered to be the first ransomware Trojan targeting computers and cloud servers running Linux. There are additional variants of this Trojan that target other UNIX and UNIX-like systems which were discovered on November 5, 2015.
Meltdown: Meltdown is a severe security vulnerability in tech media that is found in almost all CPUs used in modern devices. Mobile phones, laptops, systems and internet of things (IoT) devices are vulnerable. Meltdown CPU vulnerabilities and exposures will break the fundamental isolation between the user and the application. This will allows a rogue process to access the memory of other programs and the operating system. The Meltdown vulnerabilities primarily affect Intel microprocessors, but will also affect the ARM Cortex-A75 and IBM's Power microprocessors. It does not affect AMD CPUs.
Microarchitectural: The Microarchitectural Data Sampling (MDS) vulnerabilities are a set of weaknesses in Intel x86 microprocessors that use hyper-threading to leak data across the protection boundaries that are architecturally supposed to be secure. After Meltdown, Spectre and Foreshadow, Microarchitectural is considered the most critical vulnerability in modern processors. The attack exploits vulnerabilities have been labeled as Fallout, RIDL (rogue in-flight Data load) and Zombiaload and allows attackers to steal sensitive data and keys.
Have another vulnerability that you feel belongs on this list? Please do not hesitate to reach out and let us know!
