Linux kernel | Breaking Cybersecurity News | The Hacker News

Security tools company Pwnie Express is making a network hacking focused Android device called the Pwn Pad . The device is based on the Google Nexus 7 specs, with USB-based Bluetooth, Ethernet and WiFi to gauge the security of a network beyond what Google's tablet can manage on its own. Pwn Pad  will be introduced at the RSA security conference in San Francisco next week and Pwnie Express is also releasing the Pwn Pad source code. This will allow hackers to download the software and get it up and running on other types of Android phones and tablets. " Every pen tester we know has a phone and a tablet and a laptop, but none of them has been able to do pen-testing from the tablet ," says Dave Porcello, Pwnie Express's CEO said to  wired . Most interesting part is that, first time the most popular wireless hacking tools like Aircrack-ng and Kismet introduced on an Android device.  The complete list of the tool available  in this...

Creator of the GNU Project & Free Software Foundation's Leader Richard Stallman has called out Ubuntu as being "spyware". Why ?  Because the operating system sends data to Ubuntu maker Canonical when a user searches the desktop. How ? Due to the Amazon search capabilities that have been integrated into Ubuntu's  Unity desktop environment with the Dash. First introduced in Ubuntu 12.10. Surveillance Program ?  Stallman equates the Amazon search integration into the Ubuntu desktop as having installed surveillance code. He said, " Ubuntu, a widely used and influential GNU/Linux distribution, has installed surveillance code. When the user searches her own local files for a string using the Ubuntu desktop, Ubuntu sends that string to one of Canonical's servers. (Canonical is the company that develops Ubuntu.) " Stallman's post , " The ads are not the core of the problem ," " The main issue is the spying. Canonical says it doe...

Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of this year, was written especially for servers that run Debian Squeeze and NGINX, on 64 bits. About Rootkit :  Rootkit.Linux.Snakso.a is designed to infect the Linux kernel version 2.6.32-5-amd64 and adds an iframe to all served web pages by the infected Linux server via the nginx proxy.  Based on research, the rootkit may have been created by a Russia-based attacker. The recently discovered malware is very dangerous because it does not infect a specific website. It infects the entire server and this can endanger all websites hosted on that server. Drive-by-downloads expose web surfers to malicious code that attempt to exploit unpatched software vulnerabilities in the...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Two new vulnerabilities affecting Linux were uncovered this week. These vulnerabilities could potentially allow malicious hackers to gain root privileges. CVE-2010-3904: Reliable Datagram Sockets (RDS) Protocol Vulnerability The first vulnerability, reported on Tuesday by security firm VSR, arises from a flaw in the implementation of the Reliable Datagram Sockets (RDS) protocol in versions 2.6.30 through 2.6.36-rc8 of the Linux kernel. Known as CVE-2010-3904 , this bug could allow a local attacker to issue specially crafted socket function calls. This would enable the attacker to write arbitrary values into kernel memory, thereby escalating their privileges to root and gaining "superuser" status. The problem exists only in Linux installations where the CONFIG_RDS kernel configuration option is set and there are no restrictions preventing unprivileged users from loading packet family modules. This is the case for most stock distributions, as VSR notes. A proof-of-concept e...