Security Alerts & News
by Tymoteusz A. Góral

History
#1734 Elegant 0-day unicorn underscores “serious concerns” about Linux security
Recently released exploit code makes people running fully patched versions of Fedora and other Linux distributions vulnerable to drive-by attacks that can install keyloggers, backdoors, and other types of malware, a security researcher says.

One of the exploits—which targets a memory corruption vulnerability in the GStreamer framework that by default ships with many mainstream Linux distributions—is also noteworthy for its elegance. To wit: it uses a rarely seen approach to defeat address space layout randomization and data execution prevention, which are two of the security protections built in to Linux to make software exploits harder to carry out. ASLR randomizes the locations in computer memory where software loads specific chunks of code. As a result, code that exploits existing flaws often results in a simple computer crash rather than a catastrophic system compromise. Meanwhile, DEP, which is often referred to as NX or No-Execute, blocks the execution of code that such exploits load into memory.
Read more
#1739 Siemens-branded CCTV webcams require urgent firmware patch
#1738 Ransomware abusing encrypted chat app Telegram protocol cracked
#1737 Great. Now even your headphones can spy on you
#1736 WordPress plugins leave BlackFriday shoppers vulnerable
#1735 Exploit code released for NTP vulnerability
#1734 Elegant 0-day unicorn underscores “serious concerns” about Linux security
#1733 Cisco: Security landscape plagued by too many vendors
#1732 InPage zero-day used in attacks against banks
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12