#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

root access | Breaking Cybersecurity News | The Hacker News

Category — root access
Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted

Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted

Oct 14, 2019
Attention Linux Users! A new vulnerability has been discovered in Sudo —one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the "sudoers configuration" explicitly disallows the root access. Sudo, stands for "superuser do," is a system command that allows a user to run applications or commands with the privileges of a different user without switching environments—most often, for running commands as the root user. By default on most Linux distributions, the ALL keyword in RunAs specification in /etc/sudoers file, as shown in the screenshot, allows all users in the admin or sudo groups to run any command as any valid user on the system. However, since privilege separ
Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit

Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit

Sep 28, 2018
A cybersecurity researcher with Google Project Zero has released the details, and a proof-of-concept (PoC) exploit for a high severity vulnerability that exists in Linux kernel since kernel version 3.16 through 4.18.8. Discovered by white hat hacker Jann Horn, the kernel vulnerability (CVE-2018-17182) is a cache invalidation bug in the Linux memory management subsystem that leads to use-after-free vulnerability, which if exploited, could allow an attacker to gain root privileges on the targeted system. The use-after-free (UAF) vulnerabilities are a class of memory corruption bug that can be exploited by unprivileged users to corrupt or alter data in memory, enabling them to cause a denial of service (system crash) or escalate privileges to gain administrative access on a system. Linux Kernel Exploit Takes an Hour to Gain Root Access However, Horn says his PoC Linux kernel exploit made available to the public "takes about an hour to run before popping a root shell."
How to Get Going with CTEM When You Don't Know Where to Start

Want To Excel in Cybersecurity Risk Management?

Georgetown UniversityWebinar / Risk Management
Manage cybersecurity risk with a Georgetown master's degree. Learn more in our Oct. 23 webinar.
Backdoor found in Chinese Tenda Wireless Routers, allows Root access to Hackers

Backdoor found in Chinese Tenda Wireless Routers, allows Root access to Hackers

Oct 19, 2013
Last week Craig Heffner, specialized on the embedded device hacking exposed a serious backdoor in number of D-Link routers allows unauthorized backdoor access. Recently he published his another researcher, Titled ' From China, With Love ', exposed that D-Link is not only the vendor who puts backdoors in their products. According to him, China based networking device and equipment manufacturer - Tenda Technology  (www.tenda.cn) also added potential backdoors into their Wireless Routers. He unpacked the software framework update and locate the httpd binary an found that the manufacturer is using GoAhead server, which has been substantially modified. These routers are protected with standard Wi-Fi Protected Setup (WPS) and WPA encryption key, but still by sending a UDP packet with a special string , an attacker could take over the router. Routers contain a flaw in the httpd component, as the MfgThread() function spawns a backdoor service that listens fo
cyber security

Master the Art of AI-powered Cybersecurity

websiteNVIDIAArtificial Intelligence / Cybersecurity
Learn to build and manage advanced AI workflows that safeguard data against emerging threats, enhancing your ability to detect and respond to potential security breaches with this free course.
Samsung smart TV vulnerability allow attacker to read storage remotely

Samsung smart TV vulnerability allow attacker to read storage remotely

Dec 10, 2012
ReVuln Ltd. , a small security company headed by Donato Ferrante and Luigi Auriemma, post a video that demonstrates that how attacks can gain root on the appliances. Samsung Smart TV contain a vulnerability which allows remote attackers to swipe data from attached storage devices. In this demonstration readers will see how it is possible to use a 0-day vulnerability to retrieve sensitive information, root access, and ultimately monitor and fully control the device remotely. Auriemma said, " We have tested different Samsung televisions of the latest generations running the latest version of their firmware.  Unfortunately we can't disclose additional information but we can only say that almost all the people having a Samsung TV at home or in their offices are affected by this vulnerability. ".
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources