| by Arround The Web

New Linux Kernel Vulnerability Patched in All Supported Ubuntu Systems, Update Now

Discovered by William Liu and Jamie Hill-Daniel, the new security flaw (CVE-2022-0185) is an integer underflow vulnerability found in Linux kernel’s file system context functionality, which could allow an attacker to crash the system or run programs as an administrator. The security vulnerability affects all supported Ubuntu releases, including Ubuntu 21.10 (Impish Indri) systems running […]

The post New Linux Kernel Vulnerability Patched in All Supported Ubuntu Systems, Update Now appeared first on Linux Today.

Share Button
Read More
| by Arround The Web

How to Configure a Nessus Vulnerability Scan Policy

In this guide we will explore how to configure a scan policy on Nessus, later we will also use this policy to create a scan. We will then select a target system for scanning.
The post How to Configure a Nessus Vulnerability Scan Policy appeared first o…

Share Button
Read More
| by Arround The Web

Nation-State Attackers, Ransomware Groups Take Aim at Apache Log4j Flaw

Nation-state cyber threat groups and ransomware attackers are moving in to exploit a critical flaw found in the seemingly ubiquitous Apache Log4j open-source logging tool, as attacks spread just days after the vulnerability that could affect hundreds o…

Share Button
Read More
| by Arround The Web

BREAKING – Log4Shell Exploitation Grows as Cybersecurity Firms Scramble to Contain Threat

Cybercriminals are quickly ramping up efforts to exploit the critical flaw found in the widely used Log4j open-source logging tool, targeting everything from cryptomining to data theft to botnets that target Linux systems. The cybersecurity community is responding with tools for detecting exploitation of the vulnerability, a remote code execution (RCE) flaw dubbed Log4Shell and tracked as CVE-2021-44228. Efforts include a Log4j emergency […]

The post BREAKING – Log4Shell Exploitation Grows as Cybersecurity Firms Scramble to Contain Threat appeared first on Linux Today.

Share Button
Read More
| by Arround The Web

BigSig: Vulnerability in Mozilla NSS Could Allow Code Execution when Handling Certificates

A cryptographic library set NSS Mozilla (Network Security Services) has been identified in the critical vulnerability (( CVE-2021-43527 CVE-2021-43527)) that could lead to malicious code execution when processing DSA or RSA-PSS digital signatures specified using the DER ( Distinguished Encoding Rules). The issue codenamed BigSig has been fixed in NSS 3.73 and NSS ESR 3.68.1. […]

The post BigSig: Vulnerability in Mozilla NSS Could Allow Code Execution when Handling Certificates appeared first on Linux Today.

Share Button
Read More
| by Arround The Web

8 Dangerous Vulnerabilities Fixed in Samba

Corrective releases package Samba 4.15.2, 4.14.10, and 4.13.14 eliminates eight vulnerabilities, most of which can lead to a complete compromise of the Active Directory domain. It is noteworthy that one of the problems was corrected in 2016, and five – from 2020, though one correction led to the inability to run winbindd in the presence […]

The post 8 Dangerous Vulnerabilities Fixed in Samba appeared first on Linux Today.

Share Button
Read More
| by Arround The Web

ThreatMapper: Open-Source Platform for Scanning Runtime Environments

ThreatMapper is an open source platform for scanning runtime environments for software supply chain vulnerabilities and contextualizing threats to help organizations determine which to address and when.
The post ThreatMapper: Open-Source Platform for S…

Share Button
Read More
| by Arround The Web

UPDATE NOW: CVE-2021-42013 Vulnerability in Apache httpd Allows Access Outside the Site Root Directory

A new attack vector was found against the Apache http server, which remained unpatched in the 2.4.50 update and allows access to files from areas outside the root directory of the site. In addition, researchers have found a way that, in the presence of certain non-standard settings, not only read system files but also remotely […]

The post UPDATE NOW: CVE-2021-42013 Vulnerability in Apache httpd Allows Access Outside the Site Root Directory appeared first on Linux Today.

Share Button
Read More
| by Arround The Web

Vulnerability Could Expose HAProxy to HTTP Request Smuggling Attack

A critical vulnerability discovered in the open-source load balancer and proxy server HAProxy could enable bad actors to launch an HTTP Request Smuggling attack, which would let them bypass security controls and gain unauthorized access to sensitive da…

Share Button
Read More
| by Arround The Web

How To Setup A Virtual Penetration Testing Lab

This post will give you a step-by-step guide on setting up your virtual penetration testing lab, along with how to install the various operating systems and vulnerable machines you want to test.
The post How To Setup A Virtual Penetration Testing Lab a…

Share Button
Read More
| by Arround The Web

CVE-2021-28372: Critical Bug Allows Remote Compromise, Control of Millions of IoT Devices

A vulnerability (CVE-2021-28372) in the SDK that allows IoT devices to use ThroughTek’s Kalay P2P cloud platform could be exploited to remotely compromise and control them, Mandiant researchers have discovered. Further attacks are possible depending on the functionality exposed by a device. Due to how the Kalay protocol is integrated by original equipment manufacturers (OEMs) […]

The post CVE-2021-28372: Critical Bug Allows Remote Compromise, Control of Millions of IoT Devices appeared first on Linux Today.

Share Button
Read More
  • 1
  • 2