Linux kernel | Breaking Cybersecurity News | The Hacker News

Security tools company Pwnie Express is making a network hacking focused Android device called the Pwn Pad . The device is based on the Google Nexus 7 specs, with USB-based Bluetooth, Ethernet and WiFi to gauge the security of a network beyond what Google's tablet can manage on its own. Pwn Pad  will be introduced at the RSA security conference in San Francisco next week and Pwnie Express is also releasing the Pwn Pad source code. This will allow hackers to download the software and get it up and running on other types of Android phones and tablets. " Every pen tester we know has a phone and a tablet and a laptop, but none of them has been able to do pen-testing from the tablet ," says Dave Porcello, Pwnie Express's CEO said to  wired . Most interesting part is that, first time the most popular wireless hacking tools like Aircrack-ng and Kismet introduced on an Android device.  The complete list of the tool available  in this...

Creator of the GNU Project & Free Software Foundation's Leader Richard Stallman has called out Ubuntu as being "spyware". Why ?  Because the operating system sends data to Ubuntu maker Canonical when a user searches the desktop. How ? Due to the Amazon search capabilities that have been integrated into Ubuntu's  Unity desktop environment with the Dash. First introduced in Ubuntu 12.10. Surveillance Program ?  Stallman equates the Amazon search integration into the Ubuntu desktop as having installed surveillance code. He said, " Ubuntu, a widely used and influential GNU/Linux distribution, has installed surveillance code. When the user searches her own local files for a string using the Ubuntu desktop, Ubuntu sends that string to one of Canonical's servers. (Canonical is the company that develops Ubuntu.) " Stallman's post , " The ads are not the core of the problem ," " The main issue is the spying. Canonical says it doe...

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...

Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of this year, was written especially for servers that run Debian Squeeze and NGINX, on 64 bits. About Rootkit :  Rootkit.Linux.Snakso.a is designed to infect the Linux kernel version 2.6.32-5-amd64 and adds an iframe to all served web pages by the infected Linux server via the nginx proxy.  Based on research, the rootkit may have been created by a Russia-based attacker. The recently discovered malware is very dangerous because it does not infect a specific website. It infects the entire server and this can endanger all websites hosted on that server. Drive-by-downloads expose web surfers to malicious code that attempt to exploit unpatched software vulnerabilities in the...

Two new vulnerabilities affecting Linux were uncovered this week. These vulnerabilities could potentially allow malicious hackers to gain root privileges. CVE-2010-3904: Reliable Datagram Sockets (RDS) Protocol Vulnerability The first vulnerability, reported on Tuesday by security firm VSR, arises from a flaw in the implementation of the Reliable Datagram Sockets (RDS) protocol in versions 2.6.30 through 2.6.36-rc8 of the Linux kernel. Known as CVE-2010-3904 , this bug could allow a local attacker to issue specially crafted socket function calls. This would enable the attacker to write arbitrary values into kernel memory, thereby escalating their privileges to root and gaining "superuser" status. The problem exists only in Linux installations where the CONFIG_RDS kernel configuration option is set and there are no restrictions preventing unprivileged users from loading packet family modules. This is the case for most stock distributions, as VSR notes. A proof-of-concept e...