Security News

libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks
2023-10-10 06:50

A new security flaw has been disclosed in the libcue library impacting GNOME Linux systems that could be exploited to achieve remote code execution (RCE) on affected hosts. Tracked as...

GNOME Linux systems exposed to RCE attacks via file downloads
2023-10-09 20:24

A memory corruption vulnerability in the open-source libcue library can let attackers execute arbitrary code on Linux systems running the GNOME desktop environment. Libcue, a library designed for parsing cue sheet files, is integrated into the Tracker Miners file metadata indexer, which is included by default in the latest GNOME versions.

Exploits released for Linux flaw giving root on major distros
2023-10-05 19:44

Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Library's dynamic loader, allowing local attackers to gain root privileges on major Linux distributions. One of these PoC exploits, confirmed as working by vulnerability and exploit expert Will Dormann, was released by independent security researcher Peter Geissler earlier today.

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911)
2023-10-05 13:06

A vulnerability in the GNU C Library can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. Dubbed "Looney Tunables", CVE-2023-4911 is a buffer overflow vulnerability in the dynamic loader's processing of the GLIBC TUNABLES environment variable.

Make-me-root 'Looney Tunables' security hole on Linux needs your attention
2023-10-04 21:27

The flaw, dubbed Looney Tunables, arises from the GNU C Library's dynamic loader mishandling of the GLIBC TUNABLES environmental variable. Because GNU C Library, commonly known as glibc, is found in most Linux systems, this is something of an issue.

Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions
2023-10-04 07:21

A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library's ld.so dynamic loader that, if successfully exploited, could lead to a local privilege...

New 'Looney Tunables' Linux bug gives root on major distros
2023-10-03 20:36

A new Linux vulnerability known as 'Looney Tunables' enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library's ld. The GNU C Library is the GNU system's C library and is in most Linux kernel-based systems.

Free Download Manager releases script to check for Linux malware
2023-09-20 19:02

The developers of Free Download Manager have published a script to check if a Linux device was infected through a recently reported supply chain attack. Free Download Manager is a popular cross-platform download manager that offers torrenting, proxying, and online video downloads through a user-friendly interface.

Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities
2023-09-19 11:10

The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary's attacks against public and private sector entities across Asia, Australia, Europe, North America. Active since 2021, the group has relied on spear-phishing and watering hole attacks to pull off its cyber espionage schemes.

Windows Subsystem for Linux gets new 'mirrored' network mode
2023-09-18 21:52

Microsoft has released Windows Subsystem for Linux 2.0.0 with a set of new opt-in experimental features, including a new network mode and automated memory and disk size cleanup. This WSL update introduces "Mirrored mode networking," a new networking mode that not only brings new capabilities but also enhances network compatibility.