You are here

LinuxSecurity.com

Subscribe to Feed LinuxSecurity.com LinuxSecurity.com
Përditësimi: 3 orë 48 min më parë

Qualys Research Team Warns of Significant polkit Vulnerability Affecting All Linux Users>

Mër, 26/01/2022 - 7:52md
The Qualys Research Team reached out to LinuxSecurity after discovering a memory corruption vulnerability in polkit's pkexec. Pkexec is a SUID-root program that is installed by default on every major Linux distribution of the open-source operating system. This vulnerability is easily exploited and gives hackers the opportunity to gain full root privileges on a vulnerable host. Much like the Log4j vulnerability, the severity of this flaw is high and it is imperative that vulnerabilities are reported in a timely fashion. Experts also expressed that due to the simple possibility for exploitation the vulnerability needs to be patched and mitigated immediately.

LVFS Exploring Alternate, Open-Source Firmware For Capable End-Of-Life Devices>

Mër, 26/01/2022 - 1:00md
The Linux Vendor Firmware Service (LVFS) with Fwupd for firmware updating on Linux could soon be making it easier to transition older, end-of-life devices off official firmware packages and onto the likes of open-source Coreboot for capable aging PC hardware. This not only would make the system run on more free software but would extend the life of the hardware with firmware updates where the vendor has ceased their support.

Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks>

Mar, 25/01/2022 - 1:00md
Researchers have disclosed details of two critical security vulnerabilities (CVE-2021-45467) in Control Web Panel, an open-source Linux control panel software used for deploying web hosting environments, that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution (RCE) on affected servers.

Nasty Linux kernel bug found and fixed>

Pre, 21/01/2022 - 3:11md
A heap overflow bug was recently discovered in the Linux kernel. The patch is available now in most major Linux distributions.

Intel's Unaccepted Memory Support Updated For Substantially Faster Booting Of TDX VMs>

Pre, 21/01/2022 - 1:00md
Way back in August Intel posted a set of Linux kernel patches for supporting "unaccepted memory" by the Linux kernel in preparation for next-generation Xeon processors and speeding up the boot time for guest virtual machines making use of Intel's Trust Domain Extensions (TDX) security feature. Unaccepted memory support hasn't yet made it to the mainline kernel but now a second iteration of the patches have been posted.

Fileless Malware on Linux: Anatomy of an Attack>

Enj, 20/01/2022 - 1:00md
Recent years have demonstrated that Windows users are not the only ones who should be concerned about malware. Linux is becoming an increasingly popular target among malware operators due to the growing popularity of the open-source OS and the high-value devices it powers worldwide. Security researchers from AT&T Alien Labs are now warning that ''cyber gangs have started infecting Linux machines via a fileless malware installation technique that until recently was more commonly used against Windows-based systems''.