#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Canonical | Breaking Cybersecurity News | The Hacker News

New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager

New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager
Feb 18, 2022
Multiple security vulnerabilities have been disclosed in Canonical's  Snap  software packaging and deployment system, the most critical of which can be exploited to escalate privilege to gain root privileges. Snaps are self-contained application packages that are designed to work on operating systems that use the Linux kernel and can be installed using a tool called snapd. Tracked as  CVE-2021-44731 , the issue concerns a privilege escalation flaw in the  snap-confine  function, a program used internally by snapd to construct the execution environment for snap applications. The shortcoming is rated 7.8 on the CVSS scoring system. "Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host," Bharat Jogi, director of vulnerability and threat research at Qualys,  said , adding the weakness could be abused to "obtain full root privileges on default installations of Ubuntu." Red Hat, in an independ

Ubuntu-Maker Canonical's GitHub Account Gets Hacked

Ubuntu-Maker Canonical’s GitHub Account Gets Hacked
Jul 07, 2019
An unknown hacker yesterday successfully managed to hack into the official GitHub account of Canonical, the company behind the Ubuntu Linux project and created 11 new empty repositories . It appears that the cyberattack was, fortunately, just a "loud" defacement attempt rather than a "silent" sophisticated supply-chain attack that could have been abused to distribute modified malicious versions of the open-source Canonical software. In a statement, David from Canonical confirmed that attacker(s) used a Canonical owned GitHub account whose credentials were compromised to unauthorizedly access Canonical's Github account. "We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities," David said. "Canonical has removed the compromised account from the Canonical organization in GitHub and is still investigating the extent o

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Cybersecurity Resources