Security News
So what do you do? In this TechRepublic Premium article, written by Jack Wallen, we'll share a handy list of nine things you should consider for all of your Ubuntu Server deployments. Ubuntu ships with a root account that isn't accessible, because no password has been set.
On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. Synacktiv won the Tesla Model 3 and $200,000 after hacking the Tesla ECU with Vehicle CAN BUS Control in under 30 seconds using an integer overflow.
A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users. [...]
Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems...
Ubuntu, the most popular Linux distribution, has pulled its Desktop release 23.10 after its Ukrainian translations were discovered to contain hate speech. According to the Ubuntu project, a malicious contributor is behind anti-Semitic, homophobic, and xenophobic slurs that were injected into the distro via a "Third party tool" that lives outside of the Ubuntu Archive.
Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users.
Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices. [...]
Canonical announced on Tuesday that Ubuntu Pro is available in a subscription-included model on Amazon Web Services. With Ubuntu Pro on AWS, users can launch Ubuntu Pro on-demand instances and purchase Ubuntu Pro compute savings plans directly from the Amazon Elastic Compute Cloud console.
On the third day of the Pwn2Own hacking contest, security researchers were awarded $185,000 after demonstrating 5 zero-day exploits targeting Windows 11, Ubuntu Desktop, and the VMware Workstation virtualization software. The highlight of the day was the Ubuntu Desktop operating system getting hacked three times by three different teams, although one of them was a collision with the exploit being previously known.
On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3. The STAR Labs team demoed a zero-day exploit chain targeting Microsoft's SharePoint team collaboration platform that brought them a $100,000 reward and successfully hacked Ubuntu Desktop with a previously known exploit for $15,000.