Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE
Kim described Dirty Frag as a “universal LPE” affecting “all major distributions” and warned that it delivers the same kind of immediate root access as the recent CopyFail mess – only this time, defenders do not even have patches to throw at the problem.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- TDoS Attacks Take Aim at Emergency First-Responder Services
February 22, 2021
Telephony denial-of-service (TDoS) attacks, which affect the availability and readiness of call centers, are hitting critical first-responder facilities, according to the Federal Bureau of Investigation (FBI). A TDoS attack is designed to prevent incoming and outgoing calls, by flooding a target with junk calls. “The objective is to keep the distraction calls active for as long as ...
- Chinese hackers cloned attack tool belonging to NSA’s Equation Group
February 22, 2021
Chinese threat actors “cloned” and used a Windows zero-day exploit stolen from the NSA’s Equation Group for years before the privilege escalation flaw was patched, researchers say. On Monday, Check Point Research (CPR) said the tool was a “clone” of software developed by the US National Security Agency (NSA)’s Equation Group, identified by FireEye in 2015 ...
- Lakehead University shuts down campus network after cyberattack
February 21, 2021
Canadian undergraduate research university Lakehead has been dealing with a cyberattack that forced the institution earlier this week to cut off access to its servers. The school’s services, including its website, have been down since Tuesday, with personnel shutting down computers on the Thunder Bay and Orillia campuses to stop the attack from spreading. In a communication ...
- Recently fixed Windows zero-day actively exploited since mid-2020
February 20, 2021
Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data. The actively exploited zero-day bug is tracked as ‘CVE-2021-1732 – Windows Win32k Elevation of Privilege Vulnerability.’ It allows local attackers to elevate their privileges to ...
- SonicWall releases additional update for SMA 100 vulnerability
February 20, 2021
SonicWall has released a second firmware update for an SMA-100 zero-day vulnerability known to be used in attacks and is warning to install it immediately. Last month, SonicWall disclosed that their internal systems were attacked using a zero-day vulnerability in their SMA-100 remote access devices. A week later, cybersecurity firm NCC Group discovered the zero-day vulnerability used ...
- Malaysia arrests 11 suspects for hacking government sites
February 19, 2021
Malaysian officials announced on Thursday the arrest of 11 suspects believed to be part of a hacktivist group that defaced government websites during late January. The group, calling itself Anonymous Malaysia, defaced 17 websites for local governments and universities, according to posts they made on a Facebook page earlier this month. The defacements were part of a ...