Pierluigi Paganini February 14, 2024
Abusing the Ubuntu ‘command-not-found’ utility to install malicious packages

Researchers reported that attackers can exploit the ‘command-not-found’ utility to trick users into installing rogue packages on Ubuntu systems. Cybersecurity researchers from cloud security firm Aqua discovered that it is possible to abuse, the popular utility ‘called ‘command-not-found’ that can lead to deceptive recommendations of malicious packages. “Aqua Nautilus researchers have identified a security issue […]

Pierluigi Paganini July 27, 2023
Two flaws in Linux Ubuntu affect 40% of Ubuntu users

Wiz researchers discovered two Linux vulnerabilities in the Ubuntu kernel that can allow an unprivileged local user to gain elevated privileges. Wiz Research discovered two privilege escalation vulnerabilities, tracked as CVE-2023-2640 and CVE-2023-32629, in the OverlayFS module in the Linux distro Ubuntu. According to the researchers, the flaws impact 40% of the users of the […]

Pierluigi Paganini March 19, 2020
Pwn2Own 2020 Day1 -researchers earned $180K for hacking Windows, Ubuntu, and macOS

During the first day of the Pwn2Own 2020 hacking competition, participants earned a total of $180,000 for exploits targeting Windows 10, Ubuntu Desktop and macOS. The Coronavirus outbreak hasn’t stopped the Pwn2Own hacking conference, for the first time its organizer, the Zero Day Initiative (ZDI), has decided to arrange the event allowing the participants to […]

Pierluigi Paganini February 13, 2019
Ubuntu snapd flaw allows getting root access to the system.

Expert discovered a privilege escalation vulnerability in default installations of Ubuntu Linux that resides in the snapd API. Security researcher Chris Moberly discovered a vulnerability in the REST API for Canonical’s snapd daemon that could allow attackers to gain root access on Linux machines. Canonical, the makers of Ubuntu Linux, promotes their “Snap” packages to roll all […]

Pierluigi Paganini September 13, 2017
Bashware attack, how to run Linux malware on Windows systems

Experts found a new alarming method dubbed Bashware attack that allows attackers to silently run malware to bypass even the most common security solutions, The new Windows 10 feature Windows Subsystem for Linux (WSL) that implements the Linux bash terminal in Microsoft operating system could be exploited by malware to run undetected. The feature was recently […]

Pierluigi Paganini July 14, 2017
Ubuntu Linux distro is now available for Windows 10

Microsoft announced that Canonical’s Ubuntu Linux Distro is now available in the Windows Store and can be installed on any Windows Insider build=>#16215. Windows and Linux always closer. During the Microsoft Build developer conference held in Seattle in May the company announced that three free Linux distro will be included in its official app store, […]

Pierluigi Paganini May 12, 2017
Linux on Windows – Microsoft will offer Ubuntu, Suse, and Fedora Linux distros in the Windows Store

Linux on Windows – Microsoft is, even more, Linux friendly, the IT giant announced that three free Linux distro will be included in its official app store. Last year the tech giant announced the support for the Bash shell and Ubuntu Linux binaries into Windows 10, news of the day is that Microsoft has announced […]

Pierluigi Paganini March 17, 2017
Welcome to Pwn2Own 2017 – Researchers hacked Adobe Reader, Edge, Ubuntu, and Safari

Pwn2Own 2017 is started, as usual, it is a great event to see hackers at work. In the first day, experts hacked Edge, Safari, Ubuntu, and Adobe Reader. Pwn2Own 2017 competition held in Vancouver (Canada) is started, as usual, it is a great event to see hackers at work. In the first day Bug bounty hunters […]

Pierluigi Paganini December 18, 2016
Security expert disclosed a full zero-day drive-by exploit for Linux leveraging SNES

The security expert Chris Evans has disclosed a zero-day exploit successfully tested on Ubuntu and Fedora distributions that may affect other distros. The security expert Chris Evans has disclosed a zero-day exploit for Ubuntu and Fedora distributions. The flaw is a full drive-by download exploit that may impact also other Linux distributions. The researcher successfully the full […]

Pierluigi Paganini February 24, 2015
A critical remote execution flaw spotted in Samba Win-Linux interop code

CVE-2015-0240 is a critical security flaw in Samba that resides in the smbd file server daemon and can be exploited by a malicious Samba client remotely. Linux administrators urge to update their systems due to the discovery of a critical vulnerability the open source Linux-and-Windows-compatibility software Samba. The vulnerability in Samba, coded as CVE-2015-0240, affects versions […]