Does allowing binfmt_misc significantly increase the attack surface for unprivileged users that already can launch – native – binaries?

The Linux kernel lets me register and execute additional binary formats as if they were regular executables.
I am thinking of this mostly as a convenience method, completing what specifying the interpreter via Shebang already partially acc… Continue reading Does allowing binfmt_misc significantly increase the attack surface for unprivileged users that already can launch – native – binaries?

Exporting shellcode to environment variable doesn’t work as expected

(This is a question regarding a challenge in a wargame on overthewire.org called Narnia similar to Shellcode does not execute as the owner )
When exporting shellcode to EGG environment variable
export EGG=`python3 -c "import sys; sys…. Continue reading Exporting shellcode to environment variable doesn’t work as expected

Is Android SOS being used as privilege escalation or settings bypass?

I have been getting random SOS countdowns triggered on my phone. Every time this happens, a pop-up appears telling me that unknown numbers have been temporarily unblocked. The most recent instance was immediately followed by a call from a … Continue reading Is Android SOS being used as privilege escalation or settings bypass?

Is Your Critical SaaS Data Secure?

Increasingly sophisticated adversaries create a significant challenge as organizations increasingly use Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) to deliver applications and services. This mesh of cloud-based applications and services creates new complexities for security teams. But attackers need only one success, while defenders need to succeed 100% of the time. Organizations are contending with […]

The post Is Your Critical SaaS Data Secure? appeared first on Security Intelligence.

Continue reading Is Your Critical SaaS Data Secure?

what are legitimate reason for a program to need access to /proc/self/mem [migrated]

I have noticed that both browsers Firefox and Chromium on linux do open the file /proc/self/mem for reading. No other program on my system reads this file, as far as I can tell.
/proc/self/mem is notorious for being vector for endless priv… Continue reading what are legitimate reason for a program to need access to /proc/self/mem [migrated]