Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros

By Newsroom — February 7^th 2024 at 13:33

The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as CVE-2023-40547 (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot bypass. Bill Demirkapi of the Microsoft Security Response Center (MSRC) has been&

The Hacker News

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

By Newsroom — January 31^st 2024 at 05:44

Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246 (CVSS score: 7.8), the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes. It's said to have

The Hacker News

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability

By Newsroom — November 29^th 2023 at 04:27

Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group (TAG) have

The Hacker News

Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs

By Ravie Lakshmanan — May 17^th 2023 at 10:17

The second generation version of Belkin's Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely. The issue, assigned the identifier CVE-2023-27217, was discovered and reported to Belkin on January 9, 2023, by Israeli IoT security company Sternum, which reverse-engineered the device and

Naked Security

Ping of death! FreeBSD fixes crashtastic bug in network tool

By Paul Ducklin — December 5^th 2022 at 19:59

It's a venerable program, and this version had a venerable bug in it.

The Hacker News

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

By Ravie Lakshmanan — December 5^th 2022 at 07:40

The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service. "

The Hacker News

OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

By Ravie Lakshmanan — November 1^st 2022 at 16:26

The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email

Naked Security