Critical F5 BIG-IP vulnerability now targeted in ongoing attacks

On Thursday, cybersecurity firm NCC Group said that it detected successful in the wild exploitation of a recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking devices. The exploitation attempts have started earlier this week and have escalated during the last 24 hours, with mass scanning activity being detected by NCC Group and Bad … Continue reading Critical F5 BIG-IP vulnerability now targeted in ongoing attacks

Can a Programming Language Reduce Vulnerabilities?

Rust offers a safer programming language, but adoption is still a problem despite recent signs of increasing popularity. When Microsoft wanted to rewrite a security-critical network processing agent to eliminate memory-safety vulnerabilities causing recurring headaches for the Microsoft Security Response Center (MSRC), the company tasked an intern and told him to rewrite the code in … Continue reading Can a Programming Language Reduce Vulnerabilities?

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. Netgear has released security and firmware updates to address 15 vulnerabilities in its JGS516PE Ethernet switch, including an unauthenticated remote code execution flaw rated as critical. The flaws were discovered by researchers … Continue reading Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156

Sudo has released an advisory addressing a heap-based buffer overflow vulnerability—CVE-2021-3156—affecting sudo legacy versions 1.8.2 through 1.8.31p2 and stable versions 1.9.0 through 1.9.5p1. Sudo is a utility included in many Unix- and Linux-based operating systems that allows a user to run programs with the security privileges of another user. An attacker could exploit this vulnerability … Continue reading Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156

New Linux SUDO flaw lets local users gain root privileges

A now-fixed Sudo vulnerability allowed any local user to gain root privileges on Unix-like operating systems without requiring authentication. Sudo is a Unix program that enables system admins to provide limited root privileges to normal users listed in the sudoers file, while at the same time keeping a log of their activity. It works on … Continue reading New Linux SUDO flaw lets local users gain root privileges