‘Dirty Frag’ Linux flaw one-ups CopyFail with no patches and public root exploit

Posted onAuthorCyber Security Review

Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE

A fresh Linux privilege escalation bug dubbed “Dirty Frag” has dropped into the wild with no patches, no CVE, and a public exploit that hands attackers root access across major distributions.Security researcher Hyunwoo Kim disclosed the local privilege escalation flaw on Friday after what he said was a broken embargo forced the issue into the open.

Kim described Dirty Frag as a “universal LPE” affecting “all major distributions” and warned that it delivers the same kind of immediate root access as the recent CopyFail mess – only this time, defenders do not even have patches to throw at the problem.

Read more…
Source:  The Register News

Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox

Related:

  • Cyber threats continue to plague Philippine financial institutions

    September 17, 2024

    The financial industry remains a prime target for cyberattacks, despite the Bangko Sentral ng Pilipinas’ (BSP) new framework to enhance cyber resilience, a global cybersecurity and digital privacy company has warned. Kaspersky, a cybersecurity firm, reported that the finance sector experiences the highest losses due to online fraud, as scammers increasingly exploit customer data for account ...

  • TikTok just had the most important two hours of its life

    September 16, 2024

    Who really controls TikTok’s magical algorithm — the US-based company that runs the app or its Chinese parent, ByteDance? That’s the question that bedeviled a trio of federal judges on Monday charged with deciding whether to allow the implementation of a law that could ultimately result in TikTok being banned for all Americans. After more than ...

  • Malware exploits braille characters to breach Windows security flaws

    September 16, 2024

    The Windows operating system (OS) had a vulnerability that allowed people to hide a file’s true extension, which hackers were able to use and distribute files that looked like .PDF documents, but were in fact weaponized .HTA files. In the most recent Patch Tuesday cumulative update, Microsoft addressed a flaw described as “Windows MSHTML spoofing vulnerability”, ...

  • Education, Health Sectors Facing Challenges as Nigeria Records 586,130 Cyber Threats in 6 Months

    September 14, 2024

    Between January and June 2024, a staggering 586,130 cyber threats were launched against Nigeria, especially the financial institutions and telecoms companies, with other sectors also facing specific challenges. According to the report, various industries face unique cybersecurity challenges. The education sector grappled with maintaining security amidst digital transformation. The healthcare industry struggled to balance handling sensitive ...

  • I stole 20 GB of data from Capgemini – and now I’m leaking it, says cybercrook

    September 13, 2024

    A miscreant claims to have broken into Capgemini and leaked a large amount of sensitive data stolen from the technology services giant – including source code, credentials, and T-Mobile’s virtual machine logs. The French multinational IT and consulting firm did not immediately respond to The Register’s request for comment, and has yet to formally confirm or ...

  • Chinese-made cargo equipment enables cyber, espionage risks in US ports

    September 12, 2024

    A year-long probe led by GOP members of two House panels found that numerous seaports around the U.S. contain technology originating from Chinese manufacturers that could enable espionage and sabotage. The study conducted by lawmakers and staff on the House Homeland Security Committee and Select Committee on the Chinese Communist Party said that it was an ...