Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE
Kim described Dirty Frag as a “universal LPE” affecting “all major distributions” and warned that it delivers the same kind of immediate root access as the recent CopyFail mess – only this time, defenders do not even have patches to throw at the problem.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices
November 18, 2024
There is a big incentive for both espionage motivated actors and financially motivated actors to set up proxy botnets. These can serve as an anonymization layer, which can provide plausibly geolocated IP addresses to scrape contents of websites, access stolen or compromised online assets, and launch cyber-attacks. Examples of proxy botnets set up by advanced persistent ...
- Palo Alto Releases Critical Security Bulletin for Firewall Devices
November 18, 2024
Palo Alto has issued a critical severity security bulletin for an unauthenticated remote command execution vulnerability affecting the management interface for firewall devices. The vulnerability is still under investigation by Palo Alto but has not yet received a CVE designation. Palo Alto has tentatively given the vulnerability an initial CVSSv4 score of 9.3. However, if access ...
- Don’t Hold Down The Ctrl Key – New Warning As Cyber Attacks Confirmed
November 18, 2024
Just as security professionals will tell you that layered defensive strategies are the best when it comes to staving off successful attacks, so attackers will often look to precisely the same when executing their cyber attacks. Two-step phishing attacks have, in the words of security researchers from Perception Point, “become a cornerstone of modern cybercrime,” leveraging ...
- T-Mobile Targeted in Chinese Cyber-Espionage
November 16, 2024
Chinese hackers feasted on T-Mobile as their latest cyber espionage victim. The leading carrier in the US is not the only company affected as other telecom giants are at risk of getting infiltrated. Hackers linked to a Chinese intelligence agency invaded T-Mobile’s network in a months-long operation designed to monitor cellphone communications of high-value intelligence targets, ...
- Schneider Electric Data Breach Leaks Critical Data, Hellcat Ransomware Group Demands Hefty Ransom in Baguettes
November 15, 2024
French digital automation and energy management giant Schneider Electric is investigating a data breach after a hacker claimed they stole dozens of gigabytes and demanded a hefty ransom in Baguettes, a classic popular French bread item. Schneider Electric manufactures various energy management and automation products, from home electrical components to industrial control systems. The Rueil-Malmaison, France-based ...
- Сrimeware and financial cyberthreats in 2025
November 14, 2024
Kaspersky’s Global Research and Analysis Team constantly monitors known and emerging cyberthreats directed at the financial industry, with banks and fintech companies being the most targeted. Kaspersky researchers also closely follow threats that aim to infiltrate a wider range of industries, namely ransomware families that are financially motivated. These observations, as part of our Kaspersky Security ...