The US government has issued a warning that attackers are actively exploiting the Dirty Pipe vulnerability in Linux. The vulnerability allows a local user to gain root privileges. Government agencies in the US have been instructed to fix the vulnerability in their systems before May 16.
EFF: Anonymous Twitter Accounts Are Essential for Users
The ability to be anonymous on Twitter is essential for users and an important part of freedom of expression, the EFF believes. The American civil rights movement is concerned that new owner Elon Musk does not fully appreciate the human rights value of pseudonymous speech.
British government discovers new variant of spy malware SparrowDoor
Last year, the UK’s National Cyber Security Center (NCSC) found a variant of the spy malware SparrowDoor on an undisclosed UK network. An analysis of the variant was published today, which can now steal data from the clipboard, among other things. In addition, indicators of compromise and Yara rules have been made available that allow organizations to detect the malware within their own network.
NCSC: logging in with password is the most insecure form of authentication
Logging in with a username and password is the most insecure form of authentication. Organizations that want to better protect their accounts are therefore advised to choose stronger authentication methods, such as two-factor authentication (2FA) and the FIDO2 standard from the FIDO Alliance. This is stated by the National Cyber Security Center (NCSC) in a new fact sheet called “Authenticating adults”.
Homeland Security bug bounty program yields 122 vulnerabilities
The first bug bounty program organized by the US Department of Homeland Security has revealed a total of 122 vulnerabilities, 27 of which have been labeled critical. Last December, Homeland Security launched the “Hack DHS” program. The program consists of three phases. First, a model was developed that other government agencies can also use to strengthen their cyber resilience.
Several Russian government sites inaccessible after ddos attacks
Several Russian government sites are inaccessible after ddos attacks. Among others, the websites of the Kremlin, the Russian government and the Ministry of Defense are down. Several Twitter accounts claim the attacks are in the name of Anonymous.
Nvidia investigates cyber attack on internal systems
Parts of Nvidia have likely been offline for two days due to a cyber attack. It is not yet known if any data was captured or if Nvidia was otherwise harmed.
WordPress Patches Four Serious Threats Ahead of Version 5.9
WordPress introduces an emergency patch for four serious vulnerabilities. WordPress 5.8.3 is available immediately.