unix root | Breaking Cybersecurity News | The Hacker News

X.Org Foundation develops the X-Window System, the standard window system for open source operating systems and devices. Most of the graphical user interfaces for Unix and Linux systems rely on it. At the 30th Chaos Communication Congress (CCC) in Germany, Ilja van Sprundel , a security researcher gave the presentation titled  " X11 Server security with being 'worse than it looks.'". He found more than 120 bugs in a few months. In the presentation, he has presented a 23 year old Stack overflow vulnerability in X11 System that could lead to privilege escalation to root and affects all versions of the X Server back to X11R5. Later today, X.Org Foundation released a security Advisory , states " A BDF font file containing a longer than expected string could overflow the buffer on the stack. Testing in X servers built with Stack Protector resulted in an immediate crash when reading a user-provided specially crafted font. " The flaw resides in a file at " libXfo

When you sign up on Facebook, you have to enter an email address and that email address becomes your primary email address on Facebook. In a recent disclosure by a Security researcher, Stephen Sclafani - The Social Networking site Facebook was  vulnerable to disclosure of primary email address of any Facebook user to hackers and spammers . The flaw resides in the invitation mechanism of Facebook, using which one can invite his all contacts emails to Facebook for making new account. As shown in following screenshot, an invitation received on an email, where one need to click the Signup URL: After clicking that URL, invited user will be redirected to a signup page filled in with the email address and the name of a person who used the link to sign up for an account was displayed: There are two parameters in this URL, i.e "re" and "mid". According to Stephen changing some part of "mid" parameter can expose the email address of another user. http:/

As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn't have access as well as trim unnecessary permissions. In addition to saving some unnecessary license fees, a clean user inventory significantly enhances the security of your SaaS applications. From reducing risk to protecting against data leakage, here is how you can start the new year with a clean user list.  How Offboarded Users  Still  Have Access to Your Apps When employees leave a company, they trigger a series of changes to backend systems in their wake. First, they are removed from the company's identity provider (IdP), which kicks off an automated workflow that deactivates their email and removes access to all internal systems. When enterprises use an SSO (single sign-on), these former employees lose access to any online properties – including SaaS applications – that require SSO for login.  However, that doesn't mean that former employee