Linux kernel development | Breaking Cybersecurity News | The Hacker News

Google has added a new security feature to the latest Linux kernels for Android devices to prevent it against code reuse attacks that allow attackers to achieve arbitrary code execution by exploiting control-flow hijacking vulnerabilities. In code reuse attacks, attackers exploit memory corruption bugs (buffer overflows, type confusion, or integer overflows) to take over code pointers stored in memory and repurpose existing code in a way that directs control flow of their choice, resulting in a malicious action. Since Android has a lot of mitigation to prevent direct code injection into its kernel, this code reuse method is particularly popular among hackers to gain code execution with the kernel because of the huge number of function pointers it uses. In an attempt to prevent this attack, Google has now added support for LLVM's Control Flow Integrity (CFI) to Android's kernel as a measure for detecting unusual behaviors of attackers trying to interfere or modify the contr

What just happened would definitely gonna surprise you. Linus Torvalds—father of the Linux open-source operating system—finally admitted his behavior towards other developers in the Linux community was hurting people and Linux. In a surprising move this weekend, Torvalds apologized for insulting and abusing other developers for almost three decades and took a break from the open-source software to work on his behavior. In an email to the Linux Kernel Mailing List (LKML) on Sunday, Torvalds said that he was confronted by people of the Linux community this week about his lifetime of not understanding emotions, and apologized for his personal behavior that has hurt people and possibly has driven some of them away from working in kernel development altogether. Torvalds wrote, "I need to change some of my behavior, and I want to apologize to the people that my personal behavior hurt and possibly drove away from kernel development entirely." "I am going to take

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Another privilege-escalation vulnerability has been discovered in Linux kernel that dates back to 2005 and affects major distro of the Linux operating system, including Redhat, Debian, OpenSUSE, and Ubuntu. Over a decade old Linux Kernel bug ( CVE-2017-6074 ) has been discovered by security researcher Andrey Konovalov in the DCCP (Datagram Congestion Control Protocol) implementation using Syzkaller , a kernel fuzzing tool released by Google. The vulnerability is a use-after-free flaw in the way the Linux kernel's "DCCP protocol implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket." The DCCP double-free vulnerability could allow a local unprivileged user to alter the Linux kernel memory, enabling them to cause a denial of service ( system crash ) or escalate privileges to gain administrative access on a system. "An attacker can control what object that would be and overwrite

Last month, I Got a Canon's amazing and powerful video-capable DSLR Camera and was wondering if I could play a hack on it. Yes, Just like last time I installed and run Linux on my PlayStation 3 gaming console and the popular game console, the Nintendo Wii . What If I could port Linux Kernel to my DSLR Camera ?? Well, it's now possible for you to port Linux to your Canon DSLR cameras, thanks to the fine folks behind the well-known third-party software add-on, Magic Lantern . The developers of Magic Lantern have provided some incredible features to DSLR video world for free, with an open-source firmware add-on called Magic Lantern. Magic Lantern is actually an enhancement that works on top of Canon's DSLR firmware to provide professional video features that were lacking in the early video-capable Canon DSLR, including better control over audio, helpful exposure, programmable focus, audio tools and more. However, the latest work by the Magic Lantern team sounds much more e