Security News

Cisco SD-WAN Security Bug Allows Root Code Execution
2021-10-22 14:48

Cisco SD-WAN implementations are vulnerable to a high-severity privilege-escalation vulnerability in the IOS IE operating system that could allow arbitrary code execution.The bug is an OS command-injection issue, which enables attackers to execute unexpected, dangerous commands directly on the operating system that normally wouldn't be accessible.

HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform
2021-08-30 21:46

Rated high in severity, HPE warns the Sudo flaw could be part of a "Chained attack" where an "Attacker has achieved a foothold with lower privileges via another vulnerability and then uses this to escalate privileges," according to a recent HPE security bulletin. Sudo is a program used by other platforms that "Allows a system administrator to delegate authority to give certain users the ability to run some commands as root or another user," according to the Sudo license.

Can XDR bring the kill chain back to its roots?
2021-08-10 06:00

Today's higher-value attacks are often iterative, trial-and-error affairs, where attackers try different tactics on different portions of an organization's externally exposed attack surface. XDR was designed to unite all the traditionally siloed security systems that look only at one portion of attack surface or infrastructure, integrate their data, and correlate it to gain a way of finding an in-progress attack early and curtailing it.

Linux eBPF bug gets root privileges on Ubuntu - Exploit released
2021-07-30 16:26

A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF that can give an attacker increased privileges on Ubuntu machines. eBPF is a technology that enables user-supplied programs to run sandboxed inside the operating system's kernel, triggered by a specific event or function.

New Linux kernel bug lets you get root on most modern distros
2021-07-20 16:21

Unprivileged attackers can gain root privileges by exploiting a local privilege escalation vulnerability in default configurations of the Linux Kernel's filesystem layer on vulnerable devices. According to Qualys' research, the vulnerability impacts all Linux kernel versions released since 2014.

Fortinet fixes bug letting unauthenticated hackers run code as root
2021-07-20 10:47

Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges. Both FortiManager and FortiAnalyzer are enterprise-grade network management solutions for environments with up to 100,000 devices.

Software maker removes "backdoor" giving root access to radio devices
2021-07-15 11:21

The author of a popular software-defined radio project has removed a "Backdoor" from radio devices that granted root-level access. The backdoor had been, according to the author, present in all versions of KiwiSDR devices for the purposes of remote administration and debugging.

Week in review: VPN attacks up nearly 2000%, Root of Trust for the cloud era
2021-06-20 07:55

Vaccine passports challenged by data privacy and security implicationsWhile some think vaccine apps could be the key to lifting travel restrictions, challenges have arisen regarding data privacy and security implications. Apple fixes actively exploited vulnerabilities affecting older iDevicesApple has released a security update for older iDevices to fix three vulnerabilities, two of which are zero-days that are apparently actively exploited in attacks in the wild.

Are your cryptographic keys truly safe? Root of Trust redefined for the cloud era
2021-06-17 05:30

In the digital world, cryptographic solutions use encryption keys to secure data at rest, data in use, and data in transit. Now, you can and should encrypt the keys themselves, but then how do you protect those encryption keys? This cycle eventually ends with a root key, which is the most important key in the chain.

Linux system service bug lets you get root on most modern distros
2021-06-11 11:58

Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions. The polkit local privilege escalation bug was publicly disclosed, and a fix was released on June 3, 2021.