The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
CVE-2017-7358
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
Vuln: IETF IPv6 Protocol CVE-2016-10142 Denial of Service Vulnerability
IETF IPv6 Protocol CVE-2016-10142 Denial of Service Vulnerability
Vuln: Linux kernel CVE-2017-6345 Local Denial of Service Vulnerability
Linux kernel CVE-2017-6345 Local Denial of Service Vulnerability
Vuln: Linux Kernel CVE-2017-2636 Local Privilege Escalation Vulnerability
Linux Kernel CVE-2017-2636 Local Privilege Escalation Vulnerability
Android Variant of Notorious Pegasus Spyware Found
Researchers say a variant of the notorious surveillance software called Pegasus has been targeting Android users allowing third parties to take screenshots, capture audio, read email and exfiltrate data from targeted phones.
AVG Business by Avast awarded ‘Security Vendor of the Year’
AVG Business by Avast proudly accepted the “Security Vendor of the Year” award at the European IT & Software Excellence Awards held in London on March 30.
The annual awards is the leading pan-European awards for resellers, ISVs, Solution Providers and Systems Integrators, and their vendor and distributor partners. Avast’s PR Director, Stephanie Kane, accepted the award on behalf of the AVG Business team.
Run by top European channel publication, IT Europa, the awards are in their ninth year. More than 500 entries were received this year with 154 finalists vying for just 26 trophies, so the competition was fierce. The Security Vendor of the Year award recognizes best practices in customer solutions, as well as service excellence from vendors and distributors.
“This category is voted for exclusively by readers of the magazine,” said Kevin Chapman, Senior Vice President and General Manager for Avast’s SMB business. “This award is a great testament to our products and to our people who work with our channel partners every day. We should be very proud of winning this well-deserved accolade for the second year in a row.”
“The investments we have begun to make this year in rigorously improving our products and expanding our partner program offerings will lay the foundation for another year of joint success that we believe will enable us to win more such industry awards in the future,” said Chapman.
“We look forward to maintaining a strong relationship with IT Europa, a publication that has been instrumental in keeping AVG Business by Avast in the minds of our channel partners and end users.”
Lessons From Top-to-Bottom Compromise of Brazilian Bank
Hackers pulled off a stunning compromise of a Brazilian bank’s operations, gaining control of each of the bank’s 36 domains, corporate email and DNS.
SolarWind LEM Default SSH Password Remote Code Execution
This Metasploit module exploits the default credentials of SolarWind LEM. A menu system is encountered when the SSH service is accessed with the default username and password which is “cmc” and “password”. By exploiting a vulnerability that exist on the menuing script, an attacker can escape from restricted shell. This Metasploit module was tested against SolarWinds LEM v6.3.1.
Trump Signs Repeal of ISP Privacy Rules
President Trump signed a resolution to complete the overturning of internet privacy protections that would have prevented ISPs from tracking you online without first asking users to opt-in.