Enlarge (credit: Getty Images) Vulnerabilities recently discovered by Microsoft make it easy for people with a toehold on many Linux desktop systems to quickly gain root system rights— the latest elevation of privileges flaw to come to light in the open source OS. As operating systems have been hardened to withstand compromises in recent years, […]
Tag: vulnerabilities
Trend says hackers have weaponized SpringShell to install Mirai malware
Enlarge (credit: Getty Images) Researchers on Friday said that hackers are exploiting the recently discovered SpringShell vulnerability to successfully infect vulnerable Internet of Things devices with Mirai, an open-source piece of malware that wrangles routers and other network-connected devices into sprawling botnets. When SpringShell (also known as Spring4Shell) came to light last Sunday, some reports […]
Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks
Enlarge (credit: Getty Images) Hardware manufacturer Zyxel has issued patches for a highly critical security flaw that gives malicious hackers the ability to take control of a wide range of firewalls and VPN products the company sells to businesses. The flaw is an authentication bypass vulnerability that stems from a lack of a proper access-control […]
Explaining Spring4Shell: The Internet security disaster that wasn’t
Enlarge (credit: Getty Images) Hype and hyperbole were on full display this week as the security world reacted to reports of yet another Log4Shell. The vulnerability came to light in December and is arguably one of the gravest Internet threats in years. Christened Spring4Shell—the new code-execution bug in the widely used Spring Java framework—quickly set […]
Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22
Enlarge (credit: Getty Images) A researcher has successfully used the critical Dirty Pipe vulnerability in Linux to fully root two models of Android phones—a Pixel 6 Pro and Samsung S22—in a hack that demonstrates the power of exploiting the newly discovered OS flaw. The researcher chose those two handset models for a good reason: They […]
Linux has been bitten by its most high-severity vulnerability in years
Enlarge (credit: Getty Images) Linux has yet another high-severity vulnerability that makes it easy for untrusted users to execute code capable of carrying out a host of malicious actions including installing backdoors, creating unauthorized user accounts, and modifying scripts or binaries used by privileged services or apps. Dirty Pipe, as the vulnerability has been named, […]
Attackers can force Amazon Echos to hack themselves with self-issued commands
Enlarge / A group of Amazon Echo smart speakers, including Echo Studio, Echo, and Echo Dot models. (Photo by Neil Godwin/Future Publishing via Getty Images) (credit: T3 Magazine/Getty Images) Academic researchers have devised a new working exploit that commandeers Amazon Echo smart speakers and forces them to unlock doors, make phone calls and unauthorized purchases, […]
Millions of WordPress sites get forced update to patch critical plugin flaw
Enlarge (credit: Getty Images) Millions of WordPress sites have received a forced update over the past day to fix a critical vulnerability in a plugin called UpdraftPlus. The mandatory patch came at the request of UpdraftPlus developers because of the severity of the vulnerability, which allows untrusted subscribers, customers, and others to download the site’s […]
Hacking group is on a tear, hitting US critical infrastructure and SF 49ers
Enlarge (credit: Getty Images) A couple days after the FBI warned that a ransomware group called BlackByte had compromised critical infrastructure in the US, the group hacked servers belonging to the San Francisco 49ers football team and held some of the team’s data for ransom. Media representatives for the NFL franchise confirmed a security breach […]
A bug lurking for 12 years gives attackers root on every major Linux distro
Enlarge (credit: Getty Images) Linux users on Tuesday got a major dose of bad news—a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running any major distribution of the open source operating system. Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for […]