Tags: Vulnerabilities

Mozilla and Tor Release Urgent Update for Firefox 0-day Under Active Attack

Developers with both Mozilla and Tor have published browser updates that patch a critical Firefox vulnerability being actively exploited to deanonymize people using the privacy service. "The security flaw responsible for this urgent release is already actively exploited on Windows systems," a Tor...
Read 0 Comments

Mitigating dirtyc0w with systemd

Basic mitigation Known exploits for the CVE-2016–5195 vulnerability involve the madvise syscall, so it’s possible to mitigate by excluding the necessary call via a systemd service or container configuration. This is easy with for a systemd unit: [Service] SystemCallFilter=~madviseThe tilde after...
Read 0 Comments

What We Know About Friday’s Massive East Coast Internet Outage

This morning’s attack started around 7am and was aimed at Dyn, an Internet infrastructure company headquartered in New Hampshire. That first bout was resolved after about two hours; a second attack began just before noon. In both cases, traffic to Dyn’s Internet directory servers on the East Coast...
Read 0 Comments

Systemd Bug Allows Ordinary User to Crash Linux Systems

The systemd project is yet to release a fix for a bug that was disclosed on 28 September but at least one GNU/Linux distribution has patched the same. The bug, allowing a user to crash a system by using a short command as an ordinary user, was disclosed by a developer named Andrew Ayer. After...
Read 0 Comments

Kali Linux 2016.2 Delivers New Security Testing Options

A year ago, Kali Linux moved to a rolling release cycle in an effort to provide a continuous stream of application updates. Kali Linux is a popular open-source Linux distribution for security professionals, loaded with a growing list of tools for information gathering, vulnerability analysis, web...
Read 0 Comments

Pokemon Rootkit Targets Linux Systems

Trend Micro researchers have discovered a stealthy new rootkit family named after Pokemon character Umbreon which could allow hackers to remotely control targeted devices. The rootkit has been designed to target Linux systems – including those running Intel and ARM chips – meaning it could be used...
Read 0 Comments

Linux Flaw Allows Attackers to Hijack Web Connections

Researchers discovered that a Transmission Control Protocol (TCP) specification implemented in Linux creates a vulnerability that can be exploited to terminate connections and conduct data injection attacks. The flaw, tracked as CVE-2016-5696, is related to a feature described in RFC 5961, which...
Read 0 Comments
Click Here!