Archive for the ‘security’ category: Page 5
Mar 15, 2022
New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access
Posted by Saúl Morales Rodriguéz in categories: computing, security
A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic.
Tracked as CVE-2022–25636 (CVSS score: 7.8), the vulnerability impacts Linux kernel versions 5.4 through 5.6.10 and is a result of a heap out-of-bounds write in the netfilter subcomponent in the kernel. The issue was discovered by Nick Gregory, a senior threat researcher at Sophos.
Mar 14, 2022
Warning: Objects in driverless car sensors may be closer than they appear
Posted by Chima Wisdom in categories: robotics/AI, security, transportation
Researchers at Duke University have demonstrated the first attack strategy that can fool industry-standard autonomous vehicle sensors into believing nearby objects are closer (or further) than they appear without being detected.
The research suggests that adding optical 3D capabilities or the ability to share data with nearby cars may be necessary to fully protect autonomous cars from attacks.
The results will be presented Aug. 10–12 at the 2022 USENIX Security Symposium, a top venue in the field.
Mar 13, 2022
How GitHub Uses Machine Learning to Extend Vulnerability Code Scanning
Posted by Kelvin Dafiaghor in categories: robotics/AI, security
Applying machine learning techniques to its rule-based security code scanning capabilities, GitHub hopes to be able to extend them to less common vulnerability patterns by automatically inferring new rules from the existing ones.
GitHub Code Scanning uses carefully defined CodeQL analysis rules to identify potential security vulnerabilities lurking in source code.
Mar 11, 2022
1 out of 3 WordPress plugins does not receive security updates; millions of websites at risk
Posted by Saúl Morales Rodriguéz in category: security
A report specialized in WordPress security points to a 150% increase in reported flaws during 2021 compared to the previous year, in addition to establishing that almost 30% of the vulnerabilities detected in plugins for WordPress do not receive updates.
Since this is the most widely used content management system (CMS) in the world, this should be a worrisome issue for tens of millions of website administrators.
Mar 11, 2022
Critical Security Patches Issued
Posted by Saúl Morales Rodriguéz in category: security
Microsoft’s Patch Tuesday update for the month of March has been made officially available with 71 fixes spanning across its software products such as Windows, Office, Exchange, and Defender, among others.
Of the total 71 patches, three are rated Critical and 68 are rated Important in severity. While none of the vulnerabilities are listed as actively exploited, three of them are publicly known at the time of release.
It’s worth pointing out that Microsoft separately addressed 21 flaws in the Chromium-based Microsoft Edge browser earlier this month.
Mar 11, 2022
Dell opts out of Microsoft’s Pluton security for Windows
Posted by Shubham Ghosh Roy in category: security
Mar 8, 2022
Microsoft Azure ‘AutoWarp’ Bug Could Have Let Attackers Access Customers’ Accounts
Posted by Saúl Morales Rodriguéz in categories: finance, robotics/AI, security, transportation
Details have been disclosed about a now-addressed critical vulnerability in Microsoft’s Azure Automation service that could have permitted unauthorized access to other Azure customer accounts and take over control.
“This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer,” Orca Security researcher Yanir Tsarimi said in a report published Monday.
The flaw potentially put several entities at risk, including an unnamed telecommunications company, two car manufacturers, a banking conglomerate, and big four accounting firms, among others, the Israeli cloud infrastructure security company added.
Mar 6, 2022
Merritt considering 3D printer to help build homes for evacuees
Posted by Shubham Ghosh Roy in categories: 3D printing, habitats, security
Following November’s catastrophic flooding events, roughly 600 Merritt residents still haven’t returned to their homes, but a 3D printer may speed up the process. Greg Solecki, the Merritt’s recovery manag.
“Our biggest priority is getting people back to Merritt and into homes and this 3D-printed option is looking like the most viable one right now,” Solecki said.
READ MORE: 3D printing’s new challenge: Solving the US housing shortage
Continue reading “Merritt considering 3D printer to help build homes for evacuees” »