Security News
The snap-confine tool in the Linux world's Snap software packaging system can be potentially exploited by ordinary users to gain root powers, says Qualys. Snap was developed by Ubuntu maker Canonical, and can be used with Ubuntu and on other Linux distributions, if one so wishes, to install applications and services.
Multiple security vulnerabilities have been disclosed in Canonical's Snap software packaging and deployment system, the most critical of which can be exploited to escalate privilege to gain root privileges. Snaps are self-contained application packages that are designed to work on operating systems that use the Linux kernel and can be installed using a tool called snapd.
Google says it bumped up rewards for reports of Linux Kernel, Kubernetes, Google Kubernetes Engine, or kCTF vulnerabilities by adding bigger bonuses for zero-day bugs and exploits using unique exploitation techniques. "We increased our rewards because we recognized that in order to attract the attention of the community we needed to match our rewards to their expectations," Google Vulnerability Matchmaker Eduardo Vela explained.
Offensive Security has released Kali Linux 2022.1, the latest version of its popular open source penetration testing platform. Visually refreshed and with improved usability for visually impaired users, it comes also with a new "Kali-linux-everything" image, wider compatibility for Kali's SSH client, and new tools.
Kali Everything Image - An all-packages-in-one solution now available to download. Kali-Tweaks Meets SSH - Connect to old SSH servers using legacy SSH protocols and ciphers. As the first version of the new year, the Kali Team has performed a visual refresh adding new backgrounds for the desktop, login, and boot displays, and a new installer theme.
The bug hunters at Google's Project Zero team have released their latest time-to-fix data and Linux is smashing the opposition. Between 2019 and 2021 open-source developers fixed Linux issues in an average of 25 days, compared to 83 for Microsoft and Oracle pulling last place at 109 days, albeit from a very low number of cases.
Contextualizing supply chain risks in a SaaS environmentIn the wake of the SolarWinds and Kaseya attacks, third-party cybersecurity risks remain top of mind for security leaders. The four types of remote workers your security awareness program must addressNo matter how much technology you acquire or how many specific technical controls you install, when it comes to your information security awareness program, the most important control to tune within your environment is your people.
As the most common cloud operating system, Linux is a core part of digital infrastructure and is quickly becoming an attacker's ticket into a multi-cloud environment. Current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks that target Linux-based workloads, VMware reveals.
A critical vulnerability in Samba, a widely used open source implementation of the Server Message Block networking protocol, could allow attackers to execute arbitrary code as root on affected Samba installations. Several updated versions of Samba have been released on Monday, fixing CVE-2021-44142 and two other flaws, but since the software is included in most Linux and Unix-like operating systems, users of those are advised to keep an eye out for specific updates by those developer teams.
That's the sort of glitch behind CVE-2022-0330, a Linux kernel bug in the Intel i915 graphics card driver that was patched last week. Permission to load and run code on the GPU. Once again, in some environments, users might have graphics processing uniut "Coding powers" not because they are avid gamers, but in order to take advantages of the GPU's huge performance for specialised programming - everything from image and video rendering, through cryptomining, to cryptographic research.