- 11-Year Old Linux Kernel Local Privilege Escalation Flaw Discovered
New privilege-escalation vulnerability has been discovered in Linux kernel and affects major distro of the Linux operating system, including Redhat, Debian, OpenSUSE, and Ubuntu. Vulnerability is a use-after-free flaw in the way the Linux kernel’s “DCCP protocol implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket.” The DCCP double-free vulnerability could allow a local unprivileged user to alter the Linux kernel memory. This vulnerability does not provide any way for an outsider to break into your system in the first place, as it is not a remote code execution (RCE) flaw and require an attacker to have a local account access on the system to exploit the flaw.
Cyber Security Tips: Vulnerability has already been patched in the mainline kernel. So, if you are an advanced Linux user, apply the patch and rebuild kernel yourself or you can wait until new patches release.
- Beware! Don’t Fall For “Font Wasn’t Found” Google Chrome Malware Scam
You are always visiting some website and sometime it asking for installing fonts to read website, but be careful it can be install malware. Scammers and hackers are targeting Google Chrome users with this new hacking scam that’s incredibly easy to fall for, prompting users to download a fake Google Chrome font pack update just to trick them into installing malware on their systems. Security firm NeoSmart Technologies recently identified the malicious campaign while browsing an unnamed WordPress website. Hackers are inserting java code in poorly secured websites, which causes the sites to look all jumbled with mis-encoded text containing symbols and other random characters. If you click on the install notification the malware will start installation and once malware successfully installed it can be harmful.
Cyber Security Tips: Users are strictly recommended never click on install notification, always keep updated antivirus in your system, and check the plugin, extension before installing.
- South Korea’s Asiana Airlines Website Hacked with Pro-Serbian Messages
The website of Asiana Airlines briefly went offline Monday due to cyberattacks. According to the company, cyber vandals attacked its external web server at 4:35 a.m., publishing a hateful message toward Albanians. When asked how Asiana Airlines website was hacked Kuroi’SH explained that “it was done through DNS hijacking from their hosting provider.” Furthermore, the hacker stated that he has nothing to do with Serbia, but he feels that truth needs to be spoken. Asiana Airlines has also acknowledged the Domain Name System (DNS) compromised redirecting users to another website according to news published in HackRead.
Cyber Security Tips: To protect from website hacking keep your webserver up to date, keep using updated antiviruses, do Vulnerability Assessment and Penetration Testing (VAPT), to get excellent VAPT service visit http://www.anacyber.com/