Linux kernel development | Breaking Cybersecurity News | The Hacker News

Google has added a new security feature to the latest Linux kernels for Android devices to prevent it against code reuse attacks that allow attackers to achieve arbitrary code execution by exploiting control-flow hijacking vulnerabilities. In code reuse attacks, attackers exploit memory corruption bugs (buffer overflows, type confusion, or integer overflows) to take over code pointers stored in memory and repurpose existing code in a way that directs control flow of their choice, resulting in a malicious action. Since Android has a lot of mitigation to prevent direct code injection into its kernel, this code reuse method is particularly popular among hackers to gain code execution with the kernel because of the huge number of function pointers it uses. In an attempt to prevent this attack, Google has now added support for LLVM's Control Flow Integrity (CFI) to Android's kernel as a measure for detecting unusual behaviors of attackers trying to interfere or modify the contr

What just happened would definitely gonna surprise you. Linus Torvalds—father of the Linux open-source operating system—finally admitted his behavior towards other developers in the Linux community was hurting people and Linux. In a surprising move this weekend, Torvalds apologized for insulting and abusing other developers for almost three decades and took a break from the open-source software to work on his behavior. In an email to the Linux Kernel Mailing List (LKML) on Sunday, Torvalds said that he was confronted by people of the Linux community this week about his lifetime of not understanding emotions, and apologized for his personal behavior that has hurt people and possibly has driven some of them away from working in kernel development altogether. Torvalds wrote, "I need to change some of my behavior, and I want to apologize to the people that my personal behavior hurt and possibly drove away from kernel development entirely." "I am going to take

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Another privilege-escalation vulnerability has been discovered in Linux kernel that dates back to 2005 and affects major distro of the Linux operating system, including Redhat, Debian, OpenSUSE, and Ubuntu. Over a decade old Linux Kernel bug ( CVE-2017-6074 ) has been discovered by security researcher Andrey Konovalov in the DCCP (Datagram Congestion Control Protocol) implementation using Syzkaller , a kernel fuzzing tool released by Google. The vulnerability is a use-after-free flaw in the way the Linux kernel's "DCCP protocol implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket." The DCCP double-free vulnerability could allow a local unprivileged user to alter the Linux kernel memory, enabling them to cause a denial of service ( system crash ) or escalate privileges to gain administrative access on a system. "An attacker can control what object that would be and overwrite

Last month, I Got a Canon's amazing and powerful video-capable DSLR Camera and was wondering if I could play a hack on it. Yes, Just like last time I installed and run Linux on my PlayStation 3 gaming console and the popular game console, the Nintendo Wii . What If I could port Linux Kernel to my DSLR Camera ?? Well, it's now possible for you to port Linux to your Canon DSLR cameras, thanks to the fine folks behind the well-known third-party software add-on, Magic Lantern . The developers of Magic Lantern have provided some incredible features to DSLR video world for free, with an open-source firmware add-on called Magic Lantern. Magic Lantern is actually an enhancement that works on top of Canon's DSLR firmware to provide professional video features that were lacking in the early video-capable Canon DSLR, including better control over audio, helpful exposure, programmable focus, audio tools and more. However, the latest work by the Magic Lantern team sounds much more e