Security News

Dubbed PwnKit, it's been sitting in a user policy module used in Linux distros for over a decade and can be used by anyone to gain root privileges. Heads up, Linux users: A newly discovered vulnerability in pretty much every major distro allows any unprivileged user to gain root access to their target, and it's been hiding in plain sight for 12 years.

The report compiles responses from 428 leaders and executives in IT, security and development roles to identify the latest trends on how organizations are adapting to new security challenges of the software supply chain. Managing software supply chain security a significant or top focus in 2022.

After a year of unprecedented ransomware attacks on hospitals and healthcare systems - and with healthcare now the #1 target for cybercriminals - critical medical device risks in hospital environments continue to leave hospitals and their patients vulnerable to cyber attacks and data security issues.Data shows that 53% of connected medical devices and other IoT devices in hospitals have a known critical vulnerability.

Researchers have discovered two critical bugs in Control Web Panel - a popular web hosting management software used by 200K+ servers - that could allow for remote code execution as root on vulnerable Linux servers. CWP, formerly known as CentOS Web Panel, is an open-source Linux control panel software used for creating and managing web hosting environments.

Successful exploitation can let remote unauthenticated attackers execute code as the 'nobody' user in compromised SonicWall appliances. "There are no temporary mitigations. SonicWall urges impacted customers to implement applicable patches as soon as possible," the company said in December after releasing CVE-2021-20038 security updates adding that it found no evidence the bug was exploited in the wild at the time.

There's a dangerous remote-code execution bug in the Dark Souls video game that could let attackers brick the PCs of online players. The main problem is with Dark Souls III, but the remote code-execution vulnerability also affects earlier games in the Dark Soul series, leading the developers to temporarily turn off player-versus-player servers across Dark Souls Remastered, Dark Souls II and Dark Souls III. PvP refers to players being able to interact and duel with each other.

Bandai Namco has deactivated the online PvP mode for the Dark Souls role-playing game, taking its servers offline to investigate reports about a severe security issue that may pose a risk to players. Bandai Namco allegedly ignored the report but given the severity of the flaw, the reporter decided to demonstrate it on popular streamers to raise awareness and show how critical it is.

Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion vulnerability, which occurs when a web application is tricked into exposing or running arbitrary files on the web server.

Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. "An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled," Cisco said in an advisory.

Cisco released a security update warning about a handful of vulnerabilities lurking in its networking technology, led by a critical bug in the company's StarOS debug services. Cisco pushed out a fix for its Cisco StarOS Software on Wednesday.