November 15, SecurityWeek – (International) Cryptsetup flaw exposes Linux systems to attacks. Security researchers discovered a vulnerability affecting the disk encryption utility Cryptsetup that could allow attackers with physical access to a targeted Linux system to gain root access to the system, and copy, modify, or destroy data on the hard disk by holding down the “Enter” key for approximately 70 seconds during boot. The flaw occurs when the system partition is encrypted using the Linux Unified Key Setup (LUKS) disk encryption standard, and is due to the incorrect handling of password checks. Source
November 15, SecurityWeek – (International) Kovter trojan fuels spike in new malware variants. Symantec released a report which revealed that the number of new malware variants increased from roughly 50.1 million in September to 96.1 million in October due to the Kovter trojan family. The report also revealed that the RIG exploit kit (EK) accounted for 37.4 percent of the EK activity spotted during October, among other findings. Source
November 14, SecurityWeek – (International) Hackers find code execution flaw in VMware Workstation. VMware released a patch resolving a critical out-of-bounds memory access vulnerability in its Workstation Player and Pro 12.x, and Fusion Pro 8.x products that can be exploited from the guest to execute arbitrary code on the host operating system (OS) running the products if the drag-and-drop and copy-and-paste functions are enabled. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report