Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected

September 27, 2024 at 06:21AM Researcher Simone Margaritelli revealed an unauthenticated remote code execution (RCE) vulnerability affecting all GNU/Linux systems, initially considered highly critical. The flaw, related to OpenPrinting’s Common UNIX Printing System (CUPS), was later disclosed alongside its CVE identifiers. Exploitation requires certain conditions and mitigating factors lower the real-world applicability and severity of … Read more

New Linux Kernel Exploit Technique ‘SLUBStick’ Discovered by Researchers

August 7, 2024 at 10:57AM A new Linux kernel exploitation technique named SLUBStick has been uncovered, offering the potential to escalate a limited heap vulnerability to an arbitrary memory read-and-write primitive. This method demonstrates the ability to modify kernel data and overcome existing defenses, but it relies on the existence of a heap vulnerability and … Read more

Emojis Control the Malware in Discord Spy Campaign

June 17, 2024 at 04:57PM An advanced persistent threat (APT) from Pakistan is conducting cyber espionage against Indian government organizations using the “Dirty Pipe” Linux bug and the Discord-based malware, Disgomoji. The malware utilizes emojis for commands, making it user-friendly but not significantly impacting security software detections. UTA0137 has also been observed exploiting the old … Read more

Android, Linux, Apple Devices Exposed to Bluetooth Keystroke Injection Attacks

December 8, 2023 at 06:42AM A Bluetooth vulnerability enables attackers to bypass authentication and perform keystroke injection on Android, Linux, and Apple devices. Meeting Takeaways: 1. A security vulnerability has been identified that affects Android, Linux, and Apple devices pertaining to Bluetooth connections. 2. This vulnerability allows attackers to execute a Bluetooth authentication bypass. 3. … Read more

CISA orders federal agencies to patch Looney Tunables Linux bug

November 21, 2023 at 01:01PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their systems against an actively exploited vulnerability called ‘Looney Tunables.’ The vulnerability allows attackers to gain root privileges on major Linux distributions. The flaw affects popular platforms like Fedora, Ubuntu, and Debian. Administrators are advised to … Read more