![]() ![]() Several critical ICS vulnerabilities were identified this week, too: If patching isn't immediately possible, Ubuntu suggests disabling the ability for unprivileged users to create namespaces. ![]() Multiple recent Ubuntu kernels are affected, but patches are available. This week's critical vulnerabilities are led by a pair of CVEs identified in the Ubuntu OverlayFS module – a popular Linux overlay filesystem.ĭubbed "GameOver(lay)" by the researchers from cloud security firm Wiz that discovered it, the pair of vulnerabilities stem from previous modifications made by Ubuntu to OverlayFS that could allow an attacker to use a specially crafted executable to escalate to root privileges on affected machines. NSA TAO hackers, say Chinese officials, loaded Trojan software into the WEMC's systems enabling them to snoop on data collected by the organization.Īn unnamed expert who spoke to Chinese outlet The Global Times claimed that such data could be used to infer the location of underground military bases and other subterranean features, and as such is a national security matter.Ĭritical vulnerabilities: Time-to-update-Ubuntu edition Just in case you thought it was just Chinese hackers hitting US targets, or Russians DDoSing Ukraine, Chinese officials want you to know that the US hacks them, too.Īccording to Chinese state-run news sources, the Wuhan Earthquake Monitoring Center was "subjected to a cyber attack by an overseas organization" that Chinese officials have preliminarily identified as the US National Security Agency's office of Tailored Access Operations. Don't forget: Nation-state hacking isn't a one-way street None of what Wyden calls for in the letter is binding. Wyden also asked the FTC to figure out whether Microsoft violated any of its regulations, and whether the hack puts Microsoft in danger of violating a 2002 consent decree it has with the FTC over security failures in its Passport web service. Wyden wants CISA to spin up a review board to investigate the hack, and thinks the DoJ should use civil enforcement tools to determine whether Microsoft may have violated federal contract law through its negligence. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |