FOSS Security
-
Critical Remote Code Execution Flaw Found in Open Source rConfig Utility
The network configuration management utility has two unpatched critical remote code execution vulnerabilities.
Two bugs in the network configuration utility rConfig have been identified, both allowing remote code execution on affected systems. Worse, one is rated critical and allows for a user to attack a system remotely – sans authentication.
RConfig is a free open-source configuration management utility used by over 7,000 network engineers to take snapshots of over 7 million network devices, according the project’s website.
The vulnerabilities (CVE-2019-16663, CVE-2019-16662) are both tied to rConfig version 3.9.2. The more serious of the two vulnerabilities (CVE-2019-16662) allows an attacker to execute system commands on affected devices via GET requests, which can lead to command instructions.
-
Scammers are exploiting an unpatched Firefox bug to send users into a panic
The exploit spotted by Segura is a common subclass of browser lock attacks. This subclass relies on authentication popups. Earlier this year, Mozilla shipped a comprehensive fix for these types of attacks some 12 years after being reported. Chrome and other browsers have also been vulnerable to this variety of attacks.
Segura said he's aware of a separate Firefox browser lock bug that remains unfixed two years after it was reported. Although it was actively exploited in the past, Segura said, he hasn't seen any recent attacks targeting the flaw.
For many people, it's not clear what to do when a browser becomes unresponsive while displaying a scary or threatening message. The most important thing to do is to remain calm and not make any sudden response. Force quitting the browser can be helpful, but as Segura has found, that fix is far from ideal since the offending site can reload once the browser is restarted. Whatever else people may do, they should never call the phone number displayed.
-
How can using open source frameworks hook students in STEM?
The U.S. Department of Labor predicts a shortage of 1.8 million cybersecurity professionals by next year, and educators will play a critical role in meeting this challenge for years to come.
From our vantage point as instructors working at the intersection of education and technology, we believe we’ll meet our goals if we take an open approach to educating tomorrow's cybersecurity experts. And we mean "open" in terms of both software and mindset.
Here at Murray State University in Kentucky, we’ve done just that for the last decade.
Being recently recognized by the NSA as a Center for Academic Excellence in Cyberdefense (CAE-CD), we're using open principles gleaned from open source software communities to empower students to train themselves in the use of tools to resolve problems. In so doing, we prepare students not simply for cybersecurity jobs, but for careers that involve continuous learning — which is critical given the current pace of technological, societal and business change.
- Login or register to post comments
- Printer-friendly version
- 1982 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago