USBCreator D-Bus Privilege Escalation in Ubuntu Desktop

A vulnerability in the USBCreator D-Bus interface allows an attacker with access to a user in the sudoer group to bypass the password security policy imposed by the sudo program. The vulnerability allows an attacker to overwrite arbitrary files with arbitrary content, as root – without supplying a password. This trivially leads to elevated privileges, for instance, by overwriting the shadow file and setting a password for root. The issue was resolved in June when Ubuntu patched the relevant packages in response to a vulnerability disclosure from Unit 42.

TCP SACK Panics Linux Servers

The newly discovered Linux vulnerabilities, CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479, affect all Linux operating systems newer than kernel 2.6.29 (released on March 2009) or above can cause a kernel panic to systems with services listening on TCP connection. This remote attack can put a server into Denial of Service (DoS) state, but remote code execution is not of concern.

A Look Into Fysbis: Sofacy’s Linux Backdoor

Introduction The Sofacy group, also known as APT28 and Sednit, is a fairly well known cyber espionage group believed to have ties to Russia. Their targets have spanned all across the world, with a focus on government, defense organizations and various Eastern European governments. There have been numerous reports on their activities, to the extent

Palo Alto Networks Addresses Bash Vulnerability Shellshock: Mitigation for CVE-2014-6271

Around 6:00 am PST on September 24, the details of a vulnerability in the widely used Bourne Again Shell (Bash) were disclosed by multiple Linux vendors. The vulnerability, assigned CVE-2014-6271 by Mitre, was originally discovered by Stephane Chazelas, a Unix and Linux network and telecom administrator and IT manager at UK robotics company SeeByte, Ltd.

Iptables Backdoor: Even Linux Is At Risk of Intrusion

A backdoor implant is an increasingly common mechanism for maintaining unauthorized access and control over a computer asset. The terms remote administration tool (RAT) and trojan downloader are often used synonymously with such implants. Once installed (i.e. implanted on a system), the modern backdoor typically offers much more than simple (i.e. command line) access to