Cloud security researchers have discovered two easily exploitable privilege escalation vulnerabilities called GameOver(lay) in the Ubuntu OverlayFS module. These vulnerabilities could affect 40% of Ubuntu users. What is OverlayFS? OverlayFS in Linux is a unified file system used in Docker containers. Its function – modify files without changing the base filesystem. OverlayFS allows one directory… Continue reading GameOver(lay) Vulnerabilities Endanger 40% of Ubuntu Users
Tag: Linux
Information Security Experts Told About The Linux Malware Symbiote That Is Almost Undetectable
BlackBerry and Intezer specialists spoke about the new Symbiote Linux malware that infects all running processes on compromised systems, steals credentials and provides backdoor access to its operators. Let me remind you that we also said that Google Offers up to $91,000 for Linux Kernel Vulnerabilities, and also that Experts list 15 most attacked Linux… Continue reading Information Security Experts Told About The Linux Malware Symbiote That Is Almost Undetectable
Vulnerabilities in Linux Allow Gaining Superuser Rights
A Microsoft specialist has discovered vulnerabilities in Linux systems, the exploitation of which allows quickly gaining superuser rights. In total, two vulnerabilities were discovered (CVE-2022-29799 and CVE-2022-29800) and united under the common name Nimbuspwn. Problems are found in the networkd-dispatcher component of many Linux distributions, which dispatches network status changes and can run various scripts… Continue reading Vulnerabilities in Linux Allow Gaining Superuser Rights
Google Offers up to $91,000 for Linux Kernel Vulnerabilities
Google has almost doubled its rewards for vulnerabilities in the Linux kernel, Kubernetes, Google Kubernetes Engine (GKE), and kCTF. The reward can now be up to $91,337. In November last year, Google already increased the size of payments: then the company tripled rewards for exploits for previously unknown bugs in the Linux kernel. The idea… Continue reading Google Offers up to $91,000 for Linux Kernel Vulnerabilities
Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster
Google Project Zero specialists presented a report according to which software vendors began to fix 0-day vulnerabilities faster. For example, last year organizations needed less time than in previous years to fix 0-day vulnerabilities discovered by experts. On average, companies took 52 days to fix bugs, while three years ago they needed an average of… Continue reading Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster
Atlassian Confluence vulnerability was exploited to install miners
In late August, Atlassian released a hotfix for a Confluence Remote Code Execution (RCE) vulnerability. The issue has ID CVE-2021-26084 and allows an unauthenticated attacker to remotely execute commands on a vulnerable server. The issue has been reported to be dangerous for all versions of Confluence Server and Data Center. After the patch was released,… Continue reading Atlassian Confluence vulnerability was exploited to install miners
Experts list 15 most attacked Linux vulnerabilities
Trend Micro has published a list of the top threats and most attacked vulnerabilities for Linux in the first half of 2021. The results were obtained from honeypots, sensors and anonymous telemetry. In total, the company recorded about 15,000,000 malicious events targeting Linux-based cloud environments and estimates that miners and ransomware account for 54% of… Continue reading Experts list 15 most attacked Linux vulnerabilities
New vulnerabilities help to bypass protection from Specter on Linux systems
On Monday, March 29th, security researchers uncovered two vulnerabilities in Linux distributions that help to bypass protection from speculative attacks like Specter and extract sensitive information from kernel memory. Vulnerabilities CVE-2020-27170 and CVE-2020-27171 (5.5 out of 10 on the CVSS severity scale) were discovered by Symantec Threat Hunter Pyotr Krysiuk and affect all versions of… Continue reading New vulnerabilities help to bypass protection from Specter on Linux systems
Linus Torvalds doubts that Linux will run on Apple M1
Recently on the Real World Technologies forum Linus Torvalds was asked what he thinks of Apple’s new M1 laptops. Torvalds then vague replied, “I would love to have this [laptop] if ran on Linux.” Then, not everyone understood what exactly Torvalds saw as the problem, and now, in an interview with ZDNet journalists, the Linux… Continue reading Linus Torvalds doubts that Linux will run on Apple M1