Enlarge (credit: Getty Images) Vulnerabilities recently discovered by Microsoft make it easy for people with a toehold on many Linux desktop systems to quickly gain root system rights— the latest elevation of privileges flaw to come to light in the open source OS. As operating systems have been hardened to withstand compromises in recent years, […]
Enlarge (credit: Getty Images) Researchers on Friday said that hackers are exploiting the recently discovered SpringShell vulnerability to successfully infect vulnerable Internet of Things devices with Mirai, an open-source piece of malware that wrangles routers and other network-connected devices into sprawling botnets. When SpringShell (also known as Spring4Shell) came to light last Sunday, some reports […]
Enlarge (credit: Getty Images) Hardware manufacturer Zyxel has issued patches for a highly critical security flaw that gives malicious hackers the ability to take control of a wide range of firewalls and VPN products the company sells to businesses. The flaw is an authentication bypass vulnerability that stems from a lack of a proper access-control […]
Enlarge (credit: Getty Images) Hype and hyperbole were on full display this week as the security world reacted to reports of yet another Log4Shell. The vulnerability came to light in December and is arguably one of the gravest Internet threats in years. Christened Spring4Shell—the new code-execution bug in the widely used Spring Java framework—quickly set […]
Enlarge (credit: Getty Images) A researcher has successfully used the critical Dirty Pipe vulnerability in Linux to fully root two models of Android phones—a Pixel 6 Pro and Samsung S22—in a hack that demonstrates the power of exploiting the newly discovered OS flaw. The researcher chose those two handset models for a good reason: They […]
Enlarge (credit: Getty Images) Linux has yet another high-severity vulnerability that makes it easy for untrusted users to execute code capable of carrying out a host of malicious actions including installing backdoors, creating unauthorized user accounts, and modifying scripts or binaries used by privileged services or apps. Dirty Pipe, as the vulnerability has been named, […]
Enlarge / A group of Amazon Echo smart speakers, including Echo Studio, Echo, and Echo Dot models. (Photo by Neil Godwin/Future Publishing via Getty Images) (credit: T3 Magazine/Getty Images) Academic researchers have devised a new working exploit that commandeers Amazon Echo smart speakers and forces them to unlock doors, make phone calls and unauthorized purchases, […]
Enlarge (credit: Getty Images) Millions of WordPress sites have received a forced update over the past day to fix a critical vulnerability in a plugin called UpdraftPlus. The mandatory patch came at the request of UpdraftPlus developers because of the severity of the vulnerability, which allows untrusted subscribers, customers, and others to download the site’s […]
Enlarge (credit: Getty Images) A couple days after the FBI warned that a ransomware group called BlackByte had compromised critical infrastructure in the US, the group hacked servers belonging to the San Francisco 49ers football team and held some of the team’s data for ransom. Media representatives for the NFL franchise confirmed a security breach […]
Enlarge (credit: Getty Images) Linux users on Tuesday got a major dose of bad news—a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running any major distribution of the open source operating system. Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for […]