#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

memory corruption vulnerability | Breaking Cybersecurity News | The Hacker News

Category — memory corruption vulnerability
OpenSSL to Release Security Patch for Remote Memory Corruption Vulnerability

OpenSSL to Release Security Patch for Remote Memory Corruption Vulnerability

Jun 28, 2022
The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. The issue has been identified in OpenSSL  version 3.0.4 , which was released on June 21, 2022, and impacts x64 systems with the  AVX-512  instruction set. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected. Security researcher Guido Vranken, who disclosed details of the bug,  said  it "can be triggered trivially by an attacker." Although the shortcoming has been  fixed , no patches have been made available as yet. OpenSSL is a popular cryptography library that offers an open source implementation of the Transport Layer Security ( TLS ) protocol. Advanced Vector Extensions ( AVX ) are extensions to the x86 instruction set architecture for microprocessors from Intel and AMD. "I do not think this is a security vulnerability," Tomáš Mráz of the OpenSSL Foundation said in a GitHub issue thread. "
Libssh Releases Update to Patch 9 New Security Vulnerabilities

Libssh Releases Update to Patch 9 New Security Vulnerabilities

Mar 19, 2019
Libssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released the latest version of its software to patch a total of nine security vulnerabilities. The Libssh2 library is available for all major distributors of the Linux operating systems, including Ubuntu, Red Hat, Debian, and also comes bundled within some distributions and software as a default library. According to an  advisory published Monday, all the below listed vulnerabilities that were patched with the release of libssh2 version 1.8.1 lead to memory corruption issues which could result in arbitrary code execution on a client system in certain circumstances. Here's the list of security vulnerabilities patched in Libssh: 1. CVE-2019-3855: Possible integer overflow in transport read that could lead to an out-of-bounds write. A malicious server, or a remote attacker who compromises an SSH server, could send a specially crafted packet which could result in executing malicious
Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Sep 10, 2024SaaS Security / Risk Management
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers.  Shadow apps may include instances of software that the company is already using. For example, a dev team may onboard their own instance of GitHub to keep their work separate from other developers. They might justify the purchase by noting that GitHub is an approved application, as it is already in use by other teams. However, since the new instance is used outside of the security team's view, it lacks governance. It may store sensitive corporate data and not have essential protections like MFA enabled, SSO enforced, or it could suffer from weak access controls. These misconfigurations can easily lead to risks like stolen source code and other issues. Types of Shadow Apps  Shadow apps can be categorized based on their interac
Google Adds Control-Flow Integrity to Beef up Android Kernel Security

Google Adds Control-Flow Integrity to Beef up Android Kernel Security

Oct 12, 2018
Google has added a new security feature to the latest Linux kernels for Android devices to prevent it against code reuse attacks that allow attackers to achieve arbitrary code execution by exploiting control-flow hijacking vulnerabilities. In code reuse attacks, attackers exploit memory corruption bugs (buffer overflows, type confusion, or integer overflows) to take over code pointers stored in memory and repurpose existing code in a way that directs control flow of their choice, resulting in a malicious action. Since Android has a lot of mitigation to prevent direct code injection into its kernel, this code reuse method is particularly popular among hackers to gain code execution with the kernel because of the huge number of function pointers it uses. In an attempt to prevent this attack, Google has now added support for LLVM's Control Flow Integrity (CFI) to Android's kernel as a measure for detecting unusual behaviors of attackers trying to interfere or modify the contr
cyber security

DevOps Security Best Practices

websiteWizDevOps / Secure Coding
Develop securely from code to cloud with this DevOps Security Cheat Sheet from Wiz. Take a deep dive into secure coding, infrastructure security, and vigilant monitoring and response.
Linux Kernel Gets Patch For Years-Old Serious Vulnerability

Linux Kernel Gets Patch For Years-Old Serious Vulnerability

Mar 16, 2017
Another dangerous vulnerability has been discovered in Linux kernel that dates back to 2009 and affects a large number of Linux distros, including Red Hat, Debian, Fedora, OpenSUSE, and Ubuntu. The latest Linux kernel flaw ( CVE-2017-2636 ), which existed in the Linux kernel for the past seven years, allows a local unprivileged user to gain root privileges on affected systems or cause a denial of service (system crash). Positive Technologies researcher Alexander Popov discovered a race condition issue in the N_HLDC Linux kernel driver – which is responsible for dealing with High-Level Data Link Control (HDLC) data – that leads to double-free vulnerability. " Double Free " is one of the most common memory corruption bug that occurs when the application releases same memory location twice by calling the free() function on the same allocated memory. An unauthenticated attacker may leverage this vulnerability to inject and execute arbitrary code in the security context of curren
Expert Insights / Articles Videos
Cybersecurity Resources