Tag Archive for: Defenses

Holding down the Enter key can smash through Linux’s defenses

/in
Got 70 seconds? Holding down the Enter key can smash through Linux's defenses

An attacker can abuse a vulnerability to launch a shell with root privileges on most Linux machines… just by holding down the ‘Enter’ key for 70 seconds.

David Bisson reports.

Graham Cluley

Gartner: DDoS defenses have been backsliding but starting a turnaround

/in

Distributed denial-of-service attacks have been getting bigger and lasting longer, and for the past few years defenses haven’t kept pace, but that seems to be changing, Gartner analysts explained at the firm’s Security and Risk Management Summit.

Gartner tracks the progress of new technologies as they pass through five stages from the trigger that gets them started to the final stage where they mature and are productive. The continuum is known as the Hype Cycle.

lawrence orans Gartner

Gartner analyst Lawrence Orans

To read this article in full or to leave a comment, please click here

Network World Tim Greene

Latest Flash Player version has improved exploit defenses

/in

The Flash Player update released Tuesday not only fixed two vulnerabilities that were being targeted by attackers, but added additional protections that will make entire classes of security flaws much harder to exploit in the future.

There were three low-level defenses added in Flash Player 18.0.0.209, two of which block a technique that has been used by many Flash exploits since 2013.

The technique involves corrupting the length of an ActionScript Vector buffer object so that malicious code can be placed at predictable locations in memory and executed. ActionScript is the programming language in which Flash applications are written.

This method was used by at least two of the Flash Player exploits found among the files leaked from Italian surveillance software maker Hacking Team, as well as in two other flash zero-day exploits used by cyberespionage groups this year, researchers from Google said in a blog post Thursday.

To read this article in full or to leave a comment, please click here

Network World Security