WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors.
Secure Shell or SSH is a cryptographic network protocol used for remote login to machines and servers securely over an unsecured network. Dubbed BothanSpy — implant for Microsoft Windows Xshell client, and Gyrfalcon — targets the OpenSSH client on various distributions of Linux OS.Read more
Security experts are warning of a bug that could allow hackers to craft TCP packets that fool Linux's initialization deamon systemd, which could cause systems to crash or make them run malicious code.
Ubuntu maker Canonical has released a patch to address the issue discovered by Chris Coulson, a software engineer at the firm. "A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it," Coulson wrote. The bug could be used by a remote attacker to cause a denial of service in the daemon or execute arbitrary code.Read more
Maintainers of the Samba networking utility just patched a critical code-execution vulnerability that could pose a severe threat to users until the fix is widely installed. The flaw can be reliably exploited with just one line of code to execute malicious code, as long as a few conditions are met.
Those requirements include vulnerable computers that (a) make file- and printer-sharing port 445 reachable on the Internet, (b) configure shared files to have write privileges, and (c) use known or guessable server paths for those files. When those conditions are satisfied, remote attackers can upload any code of their choosing and cause the server to execute it.Read more
Another privilege-escalation vulnerability has been discovered in Linux kernel that dates back to 2005 and affects major distro of the Linux operating system, including Redhat, Debian, OpenSUSE, and Ubuntu.
Over a decade old Linux Kernel bug has been discovered by security researcher Andrey Konovalov in the DCCP implementation using Syzkaller, a kernel fuzzing tool released by Google. The vulnerability is a use-after-free flaw in the way the Linux kernel's "DCCP protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket."Read more
An estimated 80 percent of Android smartphones and tablets running Android 4.4 KitKat and higher are vulnerable to a recently disclosed Linux kernel flaw that allows hackers to terminate connections, spy on unencrypted traffic or inject malware into the parties' communications.
Even the latest Android Nougat Preview is considered to be vulnerable. The security flaw was first appeared in the implementation of the TCP protocol in all Linux systems deployed since 2012 and the Linux Foundation has already patched the Linux kernel. However, the vulnerability is now affecting a large portion of the Android ecosystem.Read more
No software is immune to being hacked! Not even Linux. The Ubuntu online forums have been hacked, and data belonging to over 2 Million users have been compromised, Canonical announced.
The compromised users’ data include their IP addresses, usernames, and email addresses, according to the company, who failed to apply a patch to secure its users' data. However, users should keep in mind that the hack did not affect the Ubuntu operating system, or it was not due to a vulnerability or weakness in the OS. Instead, the breach only affected the Ubuntu online forums that people use to discuss the OS.Read more
Four vulnerabilities in the Graphite font processing library allow attackers to compromise machines by supplying them with malicious fonts. Graphite's authors describe the library as a tool capable of creating "smart fonts" that can display dynamic glyphs for showing complex writing systems.
Many applications use Graphite, and among them are Firefox, Pale Moon, Thunderbird, OpenOffice, LibreOffice, and WorldPad, but the library is also used in many Linux distros. According to an advisory, this library includes four vulnerabilities. The worst is an out-of-bounds read bug that allows attackers to crash the system and even execute arbitrary code on the machine.Read more
Dr.Web, a Russian antivirus maker, has detected a new threat against Linux users, the Linux.Ekocms.1 trojan, which includes special features that allow it to take screengrabs and record audio.
Discovered four days ago, Linux.Ekocms is only the latest threat targeting Linux PCs, after the Linux.Encoder ransomware family and the Linux XOR DDoS malware had caused a large number of issues last autumn and put a dent in Linux's status as impermeable when it comes to malware infections. According to Dr.Web, this particular trojan is part of the spyware family and was specially crafted to take a screenshot of the user's desktop every 30 seconds.Read more
A lot of security vulnerabilities were reported every day in 2014. The number of vulnerabilities discovered each year in operating systems, applications, and hardware has skyrocketed in a nasty trend, according to analysis by GFI Software.
The top spot for vulnerabilities in operating systems no longer goes to Microsoft Windows. 2014 was a tough year for Linux users from internet security point of view, coupled with the fact that some of the most important security issues of the year were reported for applications that usually run on Linux systems. GFI said the worst offender in 2014 for having security flaws was third-party applications.Read more
The funkily-named bug of the week is GHOST. It's a vulnerability caused by a buffer overflow in a system library that is used in many, if not most, Linux distributions. As it happens, the vulnerability is connected with network names and numbers.
The spooky name comes from the system functions where the vulnerable code was found. An attacker may be able to rig up messages or network requests that crash your program; and with a bit of trial and error, they might be able to trigger that crash in a way that gives them control over your computer. That's known as a Remote Code Execution exploit, similar to the bug recently found in the super-secure Blackphone.Read more