Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE
Kim described Dirty Frag as a “universal LPE” affecting “all major distributions” and warned that it delivers the same kind of immediate root access as the recent CopyFail mess – only this time, defenders do not even have patches to throw at the problem.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number
September 27, 2024
In June of 2024 security researchers uncovered a set of vulnerabilities in the Kia dealer portal that allowed them to remotely take over any Kia vehicle built after 2013—and all they needed was a license plate number. According to the researchers: “These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless ...
- Iranian Cyber Actors Targeting Personal Accounts to Support Operations
September 27, 2024
The Federal Bureau of Investigation (FBI), U.S. Cyber Command – Cyber National Mission Force (CNMF), the Department of the Treasury (Treasury), and the United Kingdom’s National Cyber Security Centre (NCSC) are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity by cyber actors working on behalf of the Iranian Government’s Islamic Revolutionary ...
- Multiple Vulnerabilities in Common Unix Printing System (CUPS)
September 27, 2024
On Thursday, September 26, 2024, a security researcher publicly disclosed several vulnerabilities affecting different components of OpenPrinting’s CUPS (Common Unix Printing System). CUPS is a popular IPP-based open-source printing system primarily (but not only) for Linux and UNIX-like operating systems. According to the researcher, a successful exploit chain allows remote unauthenticated attackers to replace existing printers’ ...
- UK data watchdog investigating MoneyGram data breach
September 27, 2024
The U.K.’s data protection regulator has confirmed it’s investigating MoneyGram after receiving a data breach report from the U.S.-based money transfer giant. The U.K.’s Information Commissioner’s Office, which requires that organizations report data breaches within 72 hours of discovering the incident, confirmed to TechCrunch on Friday that the watchdog had received a report from MoneyGram following ...
- Ransomware attacks increasingly target Vietnam’s financial sector
September 26, 2024
At a recent conference on digital finance, Le Van Tuan, Director of the Department of Information Security under the Ministry of Information and Communications, said finance is a sector with a high ranking in digital transformation, but at the same time, the risk of information security is always lurking with the sector. According to statistics from ...
- Storm-0501: Ransomware attacks expanding to hybrid cloud environments
September 26, 2024
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, and ...