#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

system security | Breaking Cybersecurity News | The Hacker News

Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros

Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros

Feb 07, 2024 Device Security / Vulnerability
The maintainers of shim have released  version 15.8  to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as  CVE-2023-40547  (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot bypass. Bill Demirkapi of the Microsoft Security Response Center (MSRC) has been  credited  with discovering and reporting the bug. Major Linux distributions that use shim such as Debian , Red Hat , SUSE , and Ubuntu have all released advisories for the security flaw. "The shim's http boot support (httpboot.c) trusts attacker-controlled values when parsing an HTTP response, leading to a completely controlled out-of-bounds write primitive," Oracle's Alan Coopersmith  noted  in a message shared on the Open Source Security mailing list oss-security. Demirkapi, in a  post  shared on X (formerly Twitter) late last month, said the vulnerability "exists in every Linux bo
Dozens of Security Flaws Discovered in UEFI Firmware Used by Several Vendors

Dozens of Security Flaws Discovered in UEFI Firmware Used by Several Vendors

Feb 02, 2022
As many as 23 new high severity security vulnerabilities have been disclosed in different implementations of Unified Extensible Firmware Interface ( UEFI ) firmware used by numerous vendors, including Bull Atos, Fujitsu, HP, Juniper Networks, Lenovo, among others. The vulnerabilities reside in Insyde Software's InsydeH2O UEFI firmware, according to enterprise firmware security company  Binarly , with a majority of the anomalies diagnosed in the System Management Mode ( SMM ). UEFI is a software specification that provides a standard programming interface connecting a computer's firmware to its operating system during the booting process. In x86 systems, the UEFI firmware is usually stored in the flash memory chip of the motherboard. "By exploiting these vulnerabilities, attackers can successfully install malware that survives operating system re-installations and allows the bypass of endpoint security solutions (EDR/AV),  Secure Boot , and Virtualization-Based Securit
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Common Security Misconfigurations and Their Consequences

Common Security Misconfigurations and Their Consequences

Dec 21, 2020
Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later - so let's look at a few common security misconfigurations. The first one is development permissions that don't get changed when something goes live. For example, AWS S3 buckets are often assigned permissive access while development is going on. The issues arise when security reviews aren't carefully performed prior to pushing the code live, no matter if that push is for the initial launch of a platform or for updates. The result is straight-forward; a bucket goes live with the ability for anyone to read and write to and from it. This particular misconfiguration is dangerous; since the application is working and the site is loading for users, there's no visible indication that something is wrong until a threat actor hunting for open buckets stum
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Microsoft WARNING — 'Use Windows 7 at Your Own Risk'

Microsoft WARNING — 'Use Windows 7 at Your Own Risk'

Jan 06, 2016
Someone is threatening Windows 7 users with a misleading warning. Guess who? Microsoft itself… Microsoft has just issued a clear warning saying Windows 7 users should remain on the aging operating system " at your own risk, at your own peril. " But why particularly Windows 7 Users? Since Windows 7 runs on 55 percent of all the computers on the planet, Microsoft is worried that its goal to reach 1 Billion Windows 10 installations by 2017 could be harder. During a recent interview with the Windows Weekly , Microsoft chief marketing officer Chris Capossela warned about the risks of using Windows 7 and urged users that it's time to switch to the new Windows 10 operating system instead. Capossela also stressed that Windows 7 is apparently less secure than Windows 10, so it is "so incredibly important to try to end the fragmentation of the Windows install base" as well as to get them to a "safer place." Here the so-called saf
DuckDuckGo Goodies that every SysAdmin Should Know

DuckDuckGo Goodies that every SysAdmin Should Know

Feb 04, 2014
DuckDuckGo , a private search engine that doesn't track your data over the internet and respects your online privacy ,  offers hundreds of Goodies that let you quickly do certain things like Programming, Math, Geek, Music related things. In our previous article, we have posted Cryptography hacks using DuckDuckGo search engine and today we are going to give another tutorial on DuckDuckGo Goodies for Sysadmins . Meaning of FTP Code: Being a system administrator, you might need to connect to a number of FTP servers. While handling FTP service you must be aware of the response code that it will give you when you initiate a connection or a new command. The FTP server response code will be of three digits and each digit has a special meaning. First digit denotes whether the response is good, bad or incomplete. There are hundreds of such FTP response codes. DuckDuckGo provides system administrators a facility to find the meaning of the response code received from the FTP
Mac OS X Flashback Trojan is still alive, recently infected 22,000 Apple machines

Mac OS X Flashback Trojan is still alive, recently infected 22,000 Apple machines

Jan 11, 2014
The Flashback Trojan, the most sophisticated piece of malware that infected over 600,000 Apple's Macs systems back in April, 2012 is still alive and has infected about 22,000 machines recently, according to the researchers from Intego . For a refresh, Flashback Trojan was first discovered in September 2011, basically a trojan horse that uses a social engineering to trick users into installing a malicious Flash player package. Once installed, the Flashback malware injects a code into that web browser and other applications like Skype to harvest passwords and other information from those program's users. The Trojan targets a known vulnerability in Java on Mac OS X systems. The system gets infected after the user redirects to a compromised website, where a malicious javascript code to load the exploit with Java applets. Then an executable file is saved on the local machine, which is used to download and run malicious code from a remote location. It took Apple months to recogni
Kali Linux introducing Emergency Self Destruct feature to Full Disk Encryption

Kali Linux introducing Emergency Self Destruct feature to Full Disk Encryption

Jan 08, 2014
Full disk encryption is expected to be the top security technology to be adopted this year. Take a moment to think about the information that is present on your personal computer, i.e. Photo s , passwords, emails, Important documents from work or  Financial data and  trade secrets. Many of us from the Security Industry obviously have enough confidential and important data regarding our work, source codes, or researches stored in our laptops or systems. What if your computer is stolen or seized by any Law enforcement agency at the Airport? Best example to explain the situation is as follows: We all know  Guardian journalist ' Glenn Greenwald ', who  has written a series of stories in July 2013 revealing the NSA's secret surveillance programs, leaked by whistleblower Edward Snowden . In August 2013,  The partner of the Guardian journalist ' Glenn Greenwald ', was returning from a trip to Berlin when he was stopped by officers at the Airport under Terrorism Act 20
Cybersecurity Resources