Last week when a security researcher said he could easily obtain the precise location from any one of the millions of users of a widely used phone-tracking app, we had to see it for ourselves. Eric Daigle, a computer science and economics student at the University of British Columbia in Vancouver, found the vulnerabilities in […]
A persistent social engineering threat faced by enterprises involves attackers trying to obtain login credentials for identity and access management (IAM), cloud resources or single sign-on (SSO)-enabled systems. If successful, these entry points can allow broader access to an organization, leaving the potential for data theft and ransomware. We’ve observed a significant surge in 2024 […]
Jan 31, 2024NewsroomVulnerability / Endpoint Security Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246, the heap-based buffer overflow vulnerability is rooted in glibc’s __vsyslog_internal() function, which is used by syslog() and vsyslog() for […]
Kelvin Security has been active since 2013, targeting public-facing systems to obtain user credentials and steal confidential data, which they would sell or leak on hacking forums.
The SLAM attack exploits hardware features in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from kernel memory, highlighting potential security vulnerabilities.
The vulnerability allows attackers to access files, execute code, and obtain passwords. The exploit takes advantage of an unauthenticated mass-assignment vulnerability and AS2 header parsing.