Security Vulnerabilities

Discover Security Vulnerabilities News

Log4j vulnerability now used to install Dridex banking malware

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter.

Brittany Day
Dec 24, 2021

20.Lock AbstractDigital Circular Esm H200

Security firm Blumira discovers major new Log4j attack vector

A basic Javascript WebSocket connection can trigger a local Log4j remote code attack via a drive-by compromise. Wonderful. Truly wonderful.

Brittany Day
Dec 18, 2021

Log4j could be the most serious security threat ever seen, CISA head warns

Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned the recently-revealed Log4j vulnerability was “one of the most serious” she’s seen in her entire career, “if not the most serious”.

Brittany Day
Dec 15, 2021

8.Locks HexConnections CodeGlobe Esm H200

Attackers can get root by crashing Ubuntu’s AccountsService

A local privilege escalation security vulnerability (CVE-2021-3939) could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME's AccountsService component.

Brittany Day
Dec 14, 2021

New Side-Channel Vulnerability in the Linux Kernel Enabling DNS Cache Poisoning

A recent research paper by a team at University of California, Riverside, shows the existence of previously overlooked side channels in the Linux kernels that can be exploited to attack DNS servers. According to the researchers, the issue with DNS roots in its design, that never really took security as a key concern and that made it extremely hard to retrofit strong security features into it.

Brittany Day
Nov 30, 2021

Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover

CloudLinux’s security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug, leaving web servers vulnerable to code execution and tekeover.

Brittany Day
Nov 26, 2021

Critical Linux Kernel Bug Allows Remote Takeover

A critical Linux kernel bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other, and could allow remote takeover.

Brittany Day
Nov 05, 2021

CISA warns of remote code execution vulnerability with Discourse

The CISA recently urged developers to update Discourse versions 2.7.8 and earlier, warning of a critical remote code execution (RCE) vulnerability (CVE-2021-41163) discovered in the platform.

Brittany Day
Oct 28, 2021

LibreOffice, OpenOffice bug allows hackers to spoof signed docs

LibreOffice and OpenOffice have pushed updates to address a vulnerability that makes it possible for an attacker to manipulate documents to appear as signed by a trusted source. "Allowing anyone to sign macro-ridden documents themselves, and make them appear as trustworthy, is an excellent way to trick users into running malicious code."

Brittany Day
Oct 12, 2021

Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects

A high-severity code injection vulnerability has been disclosed in 23andMe's Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code.The flaw, tracked as CVE-2021-38305 (CVSS score: 7.8), involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution.

Brittany Day
Oct 07, 2021

Best Tools To Scan Linux Server For Malware And Rootkits Esm H200

Apache HTTP Server Project patches exploited zero-day vulnerability

Developers behind the Apache HTTP Server Project are urging users to apply a fix immediately to resolve a zero-day vulnerability.

Dave Wreski
Oct 07, 2021

Latest Ubuntu Linux Kernel Security Updates Fix 12 Vulnerabilities, Patch Now

An Ubuntu Linux kernel security update fixes 12 security vulnerabilities affecting the Linux 5.4 LTS kernel in Ubuntu 20.04 LTS and Ubuntu 18.04 LTS systems, as well as the Linux 5.11 kernel in Ubuntu 21.04 systems on all supported architectures and platforms.

Brittany Day
Sep 29, 2021

Apache OpenOffice can be hijacked by malicious documents, fix still in beta

Apache OpenOffice (AOO) is currently vulnerable to a remote code execution vulnerability (CVE-2021-33035) recently discovered by security researcher Eugene Lim, and while the app's source code has been patched, the fix has only been made available as beta software and awaits an official release.

Brittany Day
Sep 21, 2021

OMIGOD: Azure users running Linux VMs need to update now

Azure users running Linux VMs may not be aware they have a severely vulnerable piece of management software installed on their machine by Microsoft, which can be remotely exploited in an incredibly surprising and equally stupid way. "This is a textbook RCE vulnerability that you would expect to see in the 90's -- it's highly unusual to have one crop up in 2021 that can expose millions of endpoints," Wiz security researcher Nir Ohfeld wrote.

Brittany Day
Sep 15, 2021

Canonical Pushes New Ubuntu Kernel Updates to All Supported Releases

Canonical has published Linux kernel updates for all of its supported Ubuntu releases to address several security vulnerabilities discovered in the upstream Linux kernels that could lead to privilege escalation attacks, the execurtion of arbitrary code, the exposure of sensitive information and system crash. Update now!

Brittany Day
Jul 23, 2021

New Windows and Linux Flaws Give Attackers Highest System Privileges

Recently discovered flaws impacting Linux and Windows users alike could give attackers the highest system privileges. Remediations have been released for a security shortcoming affecting all Linux kernel versions from 2014 that can be exploited by malicious users and malware already deployed on a system to gain root-level privileges.

Brittany Day
Jul 21, 2021

Patch your Linux, hackers are actively exploiting the “Dirty COW” flaw

Hackers are exploiting a dangerous privilege escalation Linux kernel security flaw known as “Dirty COW” to hijack vulnerable systems. Patch now!

Brittany Day
Jul 19, 2021

Why Linux’s biggest strength is also its biggest weakness

Learn about the positives and negatives of Linux's peculiar patching process.

Brittany Day
Jul 12, 2021

Major Linux RPM problem uncovered

Red Hat has used RPM for software package distribution for decades, but thanks to CloudLinux developer Dmitry Antipov we now know that RPM contained a nasty hidden security bug since Day One. A repair patch for this major security hole has been submitted, but Antipov fears that it may be months before the fix is released.

Brittany Day
Jul 01, 2021

Ubuntu 21.04 Users Get Major Kernel Security Update, 17 Vulnerabilities Patched

Canonical has released a new major Linux kernel security update for Ubuntu 21.04 (Hirsute Hippo), patching a total of 17 security vulnerabilities!

Brittany Day
Jun 25, 2021

Thunderbird, Firefox DoS, Info Disclosure Vulns Fixed in Ubuntu and Debian

PostgreSQL Security Vulns Allow for XSS, MFA Bypass

Multiple Apache HTTP Server Flaws Fixed in Ubuntu