Cyber Security News

Decline in Chinese cyberattacks against U.S. suggests attacks getting more efficient

Cyber Security News - Thu, 09/27/2018 - 03:12
#1230756: Decline in Chinese cyberattacks against U.S. suggests attacks getting more efficient. Trump might still be blaming China for interfering with U.S. elections at the UN, but there are other issues he should be worried about concerning cyberattacks in the private sectors. Three years after the signing of the U.
Categories: Cyber Security News

WhatsApp founder data privacy war with Facebook turns Murky

Cyber Security News - Thu, 09/27/2018 - 03:05
In an interview to Forbes a few days ago, Acton said that after acquiring his company for $19 billion, Mark Zuckerberg and his team were planning to monetize the app by putting the data privacy of users at risk. Marcus gave a befitting reply to Acton yesterday by accusing him of slowing down the progress of the messaging app.
Categories: Cyber Security News

Fujitsu and UTC team up for setting up Cybersecurity College

Cyber Security News - Thu, 09/27/2018 - 03:05
The newly established technical college will aim to prepare students aged in between 14-19 for the job market of the cyber world and is in a strong hope that it will succeed in bridging the gap between security resources and skills by 2021. As per a study conducted by UTC, there could be a shortage of 1.
Categories: Cyber Security News

Uber maksoi kiristäjille ja lakaisi tietomurron maton alle, salailusta 148 miljoonan dollarin sakko – "anteeksiantamatonta"

Cyber Security News - Thu, 09/27/2018 - 03:05
Uberiin kohdistui vuonna 2016 vakava tietomurto, jossa rikolliset onnistuivat viemään noin 600 000 yhdysvaltalaisen Uber-kuljettajan henkilökohtaisia tietoja, muun muassa ajokortteja. Lisäksi rikollisten haltuun joutuivat 57 miljoonan kuskin nimet, sähköpostit ja puhelinnumerot.
Categories: Cyber Security News

AI is changing cybersecurity, but it's not a catch-all solution

Cyber Security News - Thu, 09/27/2018 - 03:04
This web seminar will outline ‘the three Ws’: What the problem is; Why it matters; and What to do to solve it. As part of this, it will examine the risks of ignoring the ‘insider threat’, outlining why human centric security is integral. Date: 27 Sep 2018; Your Computer Multi cloud or hybrid cloud,....
Categories: Cyber Security News

Mutagen Astronomy Linux Kernel vulnerability affects Red Hat, CentOS, and Debian distros

Security Affairs - Thu, 09/27/2018 - 02:59
A new integer overflow vulnerability found in Linux Kernel. Dubbed Mutagen Astronomy, it affects Red Hat, CentOS, and Debian Distributions.

Security researchers have discovered a new integer overflow vulnerability in Linux Kernel, dubbed Mutagen Astronomy, that affects Red Hat, CentOS, and Debian Distributions.

The vulnerability could be exploited by an unprivileged user to gain superuser access to the targeted system.

The flaw was discovered by researchers at security firm Qualys that shared technical details of the Mutagen Astronomy vulnerabilities, including proof-of-concept (PoC) exploits (Exploit 1Exploit 2).

The flaw tracked as CVE-2018-14634 affects the kernel versions released between July 2007 and July 2017, Linux Kernel versions 2.6.x, 3.10.x and 4.14.x, are vulnerable to the Mutagen Astronomy flaw.

The versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 are not affected by the issue.

The Mutagen Astronomy vulnerability exists in the create_elf_tables() function in the Linux kernel that is used to manage memory tables.

“We discovered an integer overflow in the Linux kernel’s create_elf_tables() function: on a 64-bit system, a local attacker can exploit this vulnerability via a SUID-root binary and obtain full root privileges.” reads the security advisory published by Qualys.

“Only kernels with commit b6a2fea39318 (“mm: variable length argument support”, from July 19, 2007) but without commit da029c11e6b1 (“exec: Limit arg stack to at most 75% of _STK_LIM”, from July 7, 2017) are exploitable. Most Linux distributions backported commit da029c11e6b1 to their long-term-supported kernels, but Red Hat Enterprise Linux and CentOS (and Debian 8, the current “oldstable” version) have not, and are therefore vulnerable and exploitable.”

Like other local privilege escalation issue, the exploitation of this flaw requests the access to the targeted system and the execution of exploit code that trigger a buffer overflow.

Once the attacker has triggered a buffer overflow, it can execute arbitrary code on the affected machine and take over it.

“An integer overflow flaw was found in the Linux kernel’s create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system.” reads the security advisory published by Red Hat.

“This issue does not affect 32-bit systems as they do not have a large enough address space to exploit this flaw. Systems with less than 32GB of memory are very unlikely to be affected by this issue due to memory demands during exploitation.

This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5. This issue affects the version of the kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 will address this issue.”

At the time of writing, Red Hat Enterprise Linux, CentOS, and Debian 8 Jessie have not yet addressed the flaw.

Below the timeline for the flaw:

window._mNHandle = window._mNHandle || {}; window._mNHandle.queue = window._mNHandle.queue || []; medianet_versionId = "3121199"; try { window._mNHandle.queue.push(function () { window._mNDetails.loadTag("762221962", "300x250", "762221962"); }); } catch (error) {}

Pierluigi Paganini

(Security Affairs – Linux, hacking)

The post Mutagen Astronomy Linux Kernel vulnerability affects Red Hat, CentOS, and Debian distros appeared first on Security Affairs.

Categories: Cyber Security News

Experts see more than launch opportunities in potential US-Brazil space business

Cyber Security News - Thu, 09/27/2018 - 02:59
Key Points Observers believe Brazil has space business opportunities beyond just launch; The data age drives demand for cyber security and data analytics. The head of a Washington-based industry group sees space business opportunities in Brazil in more than just launch.
Categories: Cyber Security News

New Linux Kernel Flaw Gives Root Access to Attackers

Cyber Security News - Thu, 09/27/2018 - 02:49
A Critical bug in Linux Kernal that affected multiple Linux distributions including all versions of Red Hat and CentOS have been discovered which gives root access to the attacker on a vulnerable machine. The bug identified as CVE-2018-14634 (integer overflow bug) resides in a Linux kernel function....
Categories: Cyber Security News

Remote denial of service in Apache HTTP Server

Cyber Security News - Thu, 09/27/2018 - 02:46
1) Resource management error Description. The vulnerability allows a remote attacker to perform a denial of service (DoS) attack. The vulnerability exists due to incorrect handling of large SETTINGS frames in HTTP/2 connections. A remote attacker can repeatedly send large SETTINGS frames within an....
Categories: Cyber Security News

La sécurité de l’IoT est-elle une bombe à retardement ?

Cyber Security News - Thu, 09/27/2018 - 02:42
Twitter. Alain Baritault Lors d’une table-ronde sur la manière d’aborder la sécurité de l’IoT tenue à la conférence MWCA qui s’est tenue récemment à Los Angeles, il est apparu que tout le monde ne voit pas la sécurité de la même manière, ce qui laisse subsister de véritables zones de non sécurité,....
Categories: Cyber Security News

Aspire Health hacked by phishing scheme, loses some patients' protected health information

Cyber Security News - Thu, 09/27/2018 - 02:35
11 hrs ago Read more: USA Today Aspire Health, a health care company that offers in-home treatment in 25 states, was hacked and lost some patient information to a cyberattacker. Aspire Health hacked by phishing scheme, loses some patients' protected health information Aspire Health, a health care....
Categories: Cyber Security News

BIMCO: Cyber security survey shows more action is needed in the industry

Cyber Security News - Thu, 09/27/2018 - 02:34
According to a recent survey, in which more than 350 individuals responded, more than a fifth reported that they had been the victim of a cyber attack. In addition, 72% of these mentioning that their own company was a victim of a cyber related incident in the last 12 months.
Categories: Cyber Security News

Aadhaar verdict: Why privacy still remains a central challenge

Cyber Security News - Thu, 09/27/2018 - 02:25
By Sandeep Shukla The Supreme Court verdict, responding to 27 petitions against the ‘draconian’ nature of Aadhaar , has been a mixed bag. While the majority opinion of the five-judge Constitution bench has addressed many of the concerns that had been repeatedly raised, the single dissenting opinion needs to be considered very seriously.
Categories: Cyber Security News

Uber to Pay $148 Million as a Settlement for Data Breach Cover

Cyber Security News - Thu, 09/27/2018 - 02:24
Uber Agreed to Pay $148 Million as a Settlement for 2016 Uber data breach which impacts 57 million Uber users around the world and 600,000 drivers names including their license numbers were stolen. The breach took place in October 2016 and the leaked data includes names, email addresses and mobile phone numbers that related to Uber accounts.
Categories: Cyber Security News

tekno.Portal 0.1b Cross Site Scripting

Cyber Security News - Thu, 09/27/2018 - 02:16
===================================================================== tekno.Portal v0.1b - Cross-Site Scripting Vulnerability in "link.php" ===================================================================== ____________________________________________________________________________________ # Exploit Title: tekno.
Categories: Cyber Security News

Citrix StorageZones Controller Improper Access Restrictions / Traversal

Cyber Security News - Thu, 09/27/2018 - 02:16
SEC Consult Vulnerability Lab Security Advisory < 20180924-0 > ======================================================================= title: Multiple Vulnerabilities product: Citrix StorageZones Controller vulnerable version: all versions before 5.4.2 fixed version: 5.4.
Categories: Cyber Security News

Progress Kendo UI Editor 2018.1.221 Cross Site Scripting

Cyber Security News - Thu, 09/27/2018 - 02:16
SEC Consult Vulnerability Lab Security Advisory < 20180926-0 > ======================================================================= title: Stored Cross-Site Scripting product: Progress Kendo UI Editor vulnerable version: v2018.1.221 fixed version: none, see workaround CVE number: CVE-2018-14037 impact: medium homepage: https://www.
Categories: Cyber Security News

WordPress WP Insert 2.4.2 Arbitrary File Upload

Cyber Security News - Thu, 09/27/2018 - 02:16
# Exploit Title: Wordpress Plugin Wp Insert - 'Fckeditor' Arbitrary File Upload # Exploit Author: Mostafa Gharzi # Website: https://www.certcc.ir # Date: 2018-09-27 # Google Dork: /wp-content/plugins/wp-insert # Vendor: Namith Jawahar # Software Link: https://wordpress.org/plugins/wp-insert/ # Affected Version: 2.
Categories: Cyber Security News

Copyright @ 2018 九江市道路运输管理局 Admin Panel Bypass Vulnerability

Cyber Security News - Thu, 09/27/2018 - 02:16
Admin Panel Bypass Exploit GOOGLE DORK:intext:Copyright @ 2018 ä¹ æ±Ÿå¸‚é“è·¯è¿è¾“管ç†å±€ Author:Mustafa ÖztaÅŸ Admin Panel Path:website/root/login Tested On:Windows Category:WebApps Exploit Risk:medium Username/Password: Username:'=''or' Password:'=''or' Demo: http://www.jjyzxx.cn/root/login.
Categories: Cyber Security News

You should prepare for the next mega data breach

Cyber Security News - Thu, 09/27/2018 - 02:13
As of September 2018, it’s been one year since the historical Equifax mega data breach that impacted nearly half of all consumers in the U.S. Since this monumental invasion of personal data, fraudsters have shown little to no notion of slowing down as evident by the continued emergence of additional data breaches .
Categories: Cyber Security News

Pages