Security News

A vulnerability in XZ Utils, the XZ format compression utilities included in most Linux distributions, may "Enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely," Red Hat warns. The cause of the vulnerability is actually malicious code present in versions 5.6.0 and 5.6.1 of the xz libraries, which was accidentally found by Andres Freund, a PostgreSQL developer and software engineer at Microsoft.

Today, Red Hat warned users to immediately stop using systems running Fedora development versions because of a backdoor found in the latest XZ Utils data compression tools and libraries. "No versions of Red Hat Enterprise Linux are affected. We have reports and evidence of the injections successfully building in xz 5.6.x versions built for Debian unstable."

Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the...

A vulnerability in the wall command of the util-linux package that is part of the Linux operating system could allow an unprivileged attacker to steal passwords or change the victim's clipboard. WallEscape impacts the 'wall' command, which is typically used in Linux systems to broadcast messages to the terminals of all users logged to the same system, such as a server.

A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also...

On Wednesday, the KDE team warned Linux users to exercise "Extreme caution" when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop's appearance. As KDE said, it currently lacks the resources to review the code used by each global theme submitted for inclusion in its official store.

On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. Synacktiv won the Tesla Model 3 and $200,000 after hacking the Tesla ECU with Vehicle CAN BUS Control in under 30 seconds using an integer overflow.

A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices. Data wipers are a category of malware designed for destructive attacks that delete files and data on targeted devices.

A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The malware, dubbed AcidPour, is compiled for...

Transitioning to memory-safe languages: Challenges and considerationsIn this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation, discusses the evolution of memory-safe programming languages and their emergence in response to the limitations of languages like C and C++. LastPass' CIO vision for driving business strategy, innovationRecently, LastPass appointed Asad Siddiqui as its CIO. He brings over two decades of experience leading startups and large technology organizations. MobSF: Open-source security research platform for mobile appsThe Mobile Security Framework is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile.