Exploit attempts are already hammering a newly disclosed NGINX bug dubbed “NGINX Rift,” proving once again that attackers read patch notes faster than most admins.
Researchers at VulnCheck said they are seeing active exploitation tied to CVE-2026-42945, a heap buffer overflow flaw affecting both NGINX Open Source and NGINX Plus that was disclosed last week after apparently sitting unnoticed for 18 years.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Satori IoT botnet malware code given away for Christmas
January 2, 2018
A hacker has released the working code for a Huawei router exploit used by the Satori botnet over the holiday season as a freebie for cyberattackers seeking to target Huawei devices or bolster botnets. According to NewSky Security principal researcher Ankit Anubhav, the exploit’s code was released on Pastebin over the holiday season. Read more… Source: ZDNet
- Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign
January 2, 2018
A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug. Programmers are scrambling to overhaul the open-source Linux kernel’s virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch ...
- MacOS LPE Exploit Gives Attackers Root Access
January 2, 2018
A researcher that goes by the handle “Siguza” released details of a local privilege escalation attack against macOS that dates back to 2002. A successful attack could give adversaries complete root access to targeted systems. Siguza released details of the attack on Dec. 31 via Twitter, wishing followers a “Happy New Year” and linked to a ...
- Huawei Router Vulnerability Used to Spread Mirai Variant
December 22, 2017
Researchers have identified a vulnerability in a Huawei home router model that is being exploited by an adversary to spread a variant of the Mirai malware called Okiku, also known as Satori. Researchers at Check Point published a report Thursday, and said the flaw is in Huawei’s router model HG532. It said it is tracking hundreds ...
- We need to talk about mathematical backdoors in encryption algorithms
December 15, 2017
Security researchers regularly set out to find implementation problems in cryptographic algorithms, but not enough effort is going towards the search for mathematical backdoors, two cryptography professors have argued. Governments and intelligence agencies strive to control and bypass or circumvent cryptographic protection of data and communications. Backdooring encryption algorithms is considered as the best way to ...
- Pre-Installed Password Manager On Windows 10 Lets Hackers Steal All Your Passwords
December 15, 2017
If you are running Windows 10 on your PC, then there are chances that your computer contains a pre-installed 3rd-party password manager app that lets attackers steal all your credentials remotely. Starting from Windows 10 Anniversary Update (Version 1607), Microsoft added a new feature called Content Delivery Manager that silently installs new “suggested apps” without asking for users’ ...