‘Dirty Frag’ Linux flaw one-ups CopyFail with no patches and public root exploit

Posted onAuthorCyber Security Review

Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE

A fresh Linux privilege escalation bug dubbed “Dirty Frag” has dropped into the wild with no patches, no CVE, and a public exploit that hands attackers root access across major distributions.Security researcher Hyunwoo Kim disclosed the local privilege escalation flaw on Friday after what he said was a broken embargo forced the issue into the open.

Kim described Dirty Frag as a “universal LPE” affecting “all major distributions” and warned that it delivers the same kind of immediate root access as the recent CopyFail mess – only this time, defenders do not even have patches to throw at the problem.

Read more…
Source:  The Register News

Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox

Related:

  • Zimbabwe faces alarming rise in cyber attacks amid bank hacking

    October 3, 2024

    Zimbabwe has witnessed a significant surge in cyber attacks in recent months, with local entities, including banks, falling victim to hacking, the country’s Minister of Information Communication Technology, Tatenda Mavetera has revealed. Mavetera said the threat is also a local phenomenon, citing recent bank hacks in the country. Mavetera stated that cybercrime is not just a ...

  • CISA flags major Ivanti security flaw – patch now

    October 3, 2024

    The US Cybersecurity and Infrastructure Security Agency (CISA) has added a known Ivanti bug to its Known Exploited Vulnerabilities (KEV) catalog, signalling that it’s being actively abused in the wild. The bug that was just added is an SQL Injection vulnerability, found this spring in the Core server of Ivanti Endpoint Manager (EPM) 2022 SU5 and ...

  • Threat Awareness – Shifting Phishing Techniques & Tips for Staying Safe

    October 3, 2024

    Phishing remains a significant and ever-evolving cybersecurity threat, with recent data showing a 28% rise in attacks between Q1 and Q2 of 2024. This trend highlights how persistent and evolving phishing tactics continue to be, impacting a staggering 94% of cybersecurity decision-makers in 2023. Attackers are increasingly using compromised internal accounts, shifting the platforms they ...

  • Russian Authorities Arrest 96 in Major Money Laundering Operation

    October 3, 2024

    In a coordinated effort against cybercrime-related money laundering, Russian authorities have made nearly 100 arrests in connection with an extensive criminal operation involving cryptocurrency exchanges and illegal financial activities. The arrests were part of a nationwide crackdown tied to the UAPS payment system and the Cryptex cryptocurrency exchanges, both of which have been linked to cybercriminals ...

  • News agency AFP notifies French authorities of potential data breach

    October 2, 2024

    Agence France-Presse (AFP), one of the world’s largest news organizations, has notified French regulators of a potential data breach following a cyberattack last week. The AFP, which has an editorial presence in 260 cities across 150 countries, said in a brief statement on Saturday that it detected an “attack on its systems” that affected part of ...

  • Key Group: another ransomware group using leaked builders

    October 1, 2024

    Key Group, or keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group is known for negotiating with victims on Telegram and using the Chaos ransomware builder. The first public report on Key Group’s activity was released in 2023 by BI.ZONE, a cybersecurity solutions vendor: the attackers drew attention when they left an ...