Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE
Kim described Dirty Frag as a “universal LPE” affecting “all major distributions” and warned that it delivers the same kind of immediate root access as the recent CopyFail mess – only this time, defenders do not even have patches to throw at the problem.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Researchers Warn of Flaw Affecting Millions of IoT Devices
August 19, 2020
Researchers are urging connected-device manufacturers to ensure they have applied patches addressing a flaw in a module used by millions of Internet-of-Things (IoT) devices. If exploited, researchers speculated that the flaw could allow attackers to knock out a city’s electricity or even overdose a medical patient. The vulnerability exists in a widely used Cinterion module, a ...
- New FritzFrog P2P botnet has breached at least 500 enterprise, government servers
August 19, 2020
A P2P botnet newly-discovered by researchers has struck at least 500 government and enterprise SSH servers over 2020. On Wednesday, cybersecurity firm Guardicore Labs published research into FritzFrog, a peer-to-peer (P2P) botnet that has been detected by the company’s sensors since January this year. According to researcher Ophir Harpaz, FritzFrog has attempted to brute-force SSH servers belonging ...
- Phishing scams dominate the Philippines cybercrime landscape
August 19, 2020
Cybercrime in the Philippines is on a rapid rise, with phishing campaigns alone up 200% since the country went into lockdown in March In today’s highly-digitalized society, wanton cybercrimes have proven to be difficult to eradicate, and the cyberattack threat matrix just got riskier when recent quarantine and lockdown restrictions forced everyone indoors. Not only did ...
- The Cybersecurity Blind Spots Of Connected Cars
August 18, 2020
Technology has accelerated the pace in which vehicles provide mobility and convenience. Nowadays, it’s common for connected cars to let their users have instant access to navigation and traffic data, play desired media content, and get up-to-the-minute weather and collision alerts, among other capabilities — thanks to connected technologies such as vehicle-to-everything (V2X) communication and ...
- Ukraine arrests gang who ran 20 crypto-exchanges and laundered money for ransomware gangs
August 18, 2020
Law enforcement in Ukraine has announced today the arrest of a cybercrime gang who ran 20 cryptocurrency exchanges where they laundered more than $42 million in funds for criminal groups. The group, which authorities said had three members, has been operating from Ukraine’s Poltava region since 2018. According to Ukrainian officials, the group has advertised its ...
- Dharma RaaS is ‘targeting and menacing’ SMBs
August 17, 2020
Dharma ransomware as-a-service (RaaS), which is among the world’s most popular, is being used predominantly to target small and medium-sized businesses (SMBs), according to a new report from Sophos. Offers as a service, Dharma ransomware is available to whoever is willing to pay for its use. User groups (called affiliates) rely “almost entirely” on a menu-driven ...