March 28, 2024 at 07:50AM Canonical is changing its policies due to the appearance of multiple cryptocurrency credential-stealing apps on the Snap store. Temporary measures include manual review of all new snap name registrations. Former Ubuntu staffer Alan “Popey” Pope detailed the scam apps and Canonical founder Mark Shuttleworth addressed the issue. Canonical also extended … Read more
February 14, 2024 at 11:00AM A logic flaw in Ubuntu’s ‘command-not-found’ package suggestion system allows attackers to promote malicious Snap packages, posing significant supply chain risks for Linux users. Attackers can exploit typos, unreserved snap names, and unclaimed aliases to trick the utility into suggesting harmful packages. Mitigation steps include package authenticity verification and developer … Read more
January 30, 2024 at 06:11PM A vulnerability (CVE-2023-6246) in the GNU C Library (glibc) allows unprivileged attackers to gain root access on major Linux distributions. The flaw, introduced in glibc 2.37, leads to local privilege escalation. Qualys confirmed its exploitability on Debian, Ubuntu, and Fedora systems, emphasizing the critical need for strict security measures in … Read more