#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

GNU C Library | Breaking Cybersecurity News | The Hacker News

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

Jan 31, 2024 Vulnerability / Endpoint Security
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246 (CVSS score: 7.8), the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by  syslog() and vsyslog()  for system logging purposes. It's said to have been accidentally introduced in August 2022 with the release of glibc 2.37. "This flaw allows local privilege escalation, enabling an unprivileged user to gain full root access," Saeed Abbasi, product manager of the Threat Research Unit at Qualys,  said , adding it impacts major Linux distributions like Debian, Ubuntu, and Fedora. A threat actor could exploit the flaw to obtain elevated permissions via specially crafted inputs to applications that employ these logging functions. "Although the  vulnerability  requires specific conditions to be exploited (such as an unusuall
Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)

Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)

Feb 17, 2016
A highly critical vulnerability has been uncovered in the GNU C Library (glibc) , a key component of most Linux distributions, that leaves nearly all Linux machines, thousands of apps and electronic devices vulnerable to hackers that can take full control over them. Just clicking on a link or connecting to a server can result in remote code execution (RCE), allowing hackers to steal credentials, spy on users, seize control of computers, and many more. The vulnerability is similar to the last year's  GHOST vulnerability (CVE-2015-0235) that left countless machines vulnerable to remote code execution (RCE) attacks , representing a major Internet threat. GNU C Library (glibc) is a collection of open source code that powers thousands of standalone apps and most Linux distributions, including those distributed to routers and other types of hardware. The recent flaw, which is indexed as CVE-2015-7547 , is a stack-based buffer overflow vulnerability in glibc's D
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Feb 14, 2024Financial Security / Cyber Threats
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more limited resources. The FinServ Threat Landscape Recent trends show an alarming increase in sophisticated cyber-attacks. Cybercriminals now deploy advanced techniques like deep fake technology and AI-powered attacks, making it increasingly difficult for banks to differentiate between legitimate and malicious activities. These developments necessitate a shift towards more sophisticated and adaptive cybersecurity measures. Take these industry statistics, for example. Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, appl
Cybersecurity Resources