Security News
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
A vulnerability in XZ Utils, the XZ format compression utilities included in most Linux distributions, may "Enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely," Red Hat warns. The cause of the vulnerability is actually malicious code present in versions 5.6.0 and 5.6.1 of the xz libraries, which was accidentally found by Andres Freund, a PostgreSQL developer and software engineer at Microsoft.
Today, Red Hat warned users to immediately stop using systems running Fedora development versions because of a backdoor found in the latest XZ Utils data compression tools and libraries. "No versions of Red Hat Enterprise Linux are affected. We have reports and evidence of the injections successfully building in xz 5.6.x versions built for Debian unstable."
Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the...
A vulnerability in the wall command of the util-linux package that is part of the Linux operating system could allow an unprivileged attacker to steal passwords or change the victim's clipboard. WallEscape impacts the 'wall' command, which is typically used in Linux systems to broadcast messages to the terminals of all users logged to the same system, such as a server.
A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also...
On Wednesday, the KDE team warned Linux users to exercise "Extreme caution" when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop's appearance. As KDE said, it currently lacks the resources to review the code used by each global theme submitted for inclusion in its official store.
On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. Synacktiv won the Tesla Model 3 and $200,000 after hacking the Tesla ECU with Vehicle CAN BUS Control in under 30 seconds using an integer overflow.
A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices. Data wipers are a category of malware designed for destructive attacks that delete files and data on targeted devices.
A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The malware, dubbed AcidPour, is compiled for...