Security Alerts & News
by Tymoteusz A. Góral

History
#1609 “Most serious” Linux privilege-escalation bug ever is under active exploit
A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible.

While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

"It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time."
Read more
#1617 FruityArmor APT group used recently patched Windows zero-day
#1616 Mobile applications leak device, location data
#1615 This ransomware is now one of the three most common malware threats
#1614 Locky ransomware learns new evasive tricks
#1613 3.2 million debit cards compromised; SBI, HDFC Bank, ICICI, YES Bank and Axis worst hit
#1612 Weebly confirms hack; millions of Foursquare accounts also exposed
#1611 The Reign of Ransomware (PDF)
#1610 Cisco ASA software identity firewall feature buffer overflow vulnerability
#1609 “Most serious” Linux privilege-escalation bug ever is under active exploit
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12