Ghost Vulnerability | Breaking Cybersecurity News | The Hacker News

The GHOST vulnerability is a buffer overflow condition that can be easily exploited locally and remotely, which makes it extremely dangerous. This vulnerability is named after the GetHOSTbyname function involved in the exploit. Attackers utilize buffer overflow vulnerabilities like this one by sending specific packets of data to a vulnerable system. The attack allows the attacker to execute arbitrary code and take control of the victim's vulnerable machine. Unfortunately, the vulnerability exists in the GNU C Library (glibc) , a code library originally released in 2000, meaning it has been widely distributed. Many derivative programs utilize the glibc to carry out common tasks. Although an update released by Linux in 2013 mitigated this vulnerability, most systems and products have not installed the patch. What Can I Do About GHOST Vulnerability? Like with any vulnerability, the best way to mitigate GHOST vulnerability is to identify vulnerable systems, prioritize th

After the disclosure of extremely critical GHOST vulnerability in the GNU C library (glibc) — a widely used component of most Linux distributions, security researchers have discovered that PHP applications, including the WordPress Content Management System (CMS), could also be affected by the bug. " GHOST " is a serious vulnerability ( CVE-2015-0235 ), announced this week by the researchers of California-based security firm Qualys, that involves a heap-based buffer overflow in the glibc function name - "GetHOSTbyname()." Researchers said the vulnerability has been present in the glibc code since 2000. Though the major Linux distributors such as Red Hat , Debian and Ubuntu , have already updated their software against the flaw, GHOST could be used by hackers against only a handful of applications currently to remotely run executable code and silently gain control of a Linux server. As we explained in our previous article, heap-based buffer overflow was found

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

A highly critical vulnerability has been unearthed in the GNU C Library (glibc) , a widely used component of most Linux distributions, that could allow attackers to execute malicious code on servers and remotely gain control of Linux machines. The vulnerability, dubbed " GHOST " and assigned CVE-2015-0235 , was discovered and disclosed by the security researchers from Redwood Shores, California-based security firm Qualys on Tuesday. CRITICAL AS HEARTBLEED AND SHELLSHOCK GHOST is considered to be critical because hackers could exploit it to silently gain complete control of a targeted Linux system without having any prior knowledge of system credentials (i.e. administrative passwords). Also Read:  Top Best Password Managers . The flaw represents an immense Internet threat, in some ways similar to the Heartbleed ,   Shellshock   and Poodle   bugs that came to light last year. WHY GHOST ? The vulnerability in the GNU C Library (glibc) is dubbed GHOST b