In the current digital era, enterprises across the world heavily rely on information systems for day-to-day operations and for accessing business-related data. In essential institutions, such as banking and financial, health, and government, protecting information is critical and any security mishap could disrupt daily operations. The intention of attackers is to either deny services until a ransom is paid or breach security to gain access to critical information.

A critical vulnerability in sudo has been disclosed, that when exploited, enables users to bypass security restrictions and execute commands as the root user. This security flaw has to be swiftly remediated as sudo is one of the most integral and commonly used functionalities in Linux operating systems.

A recent flaw, CVE-2019-14287, has been found in sudo. In this blogpost, we are going to show you how to use Falco or Sysdig Secure, to detect any exploit attempts against this vulnerability. sudo allows users to run commands with other user privileges. It is typically used to allow unprivileged users to execute commands as root. The issue exists in the way sudo has implemented running commands with an arbitrary user ID in versions earlier than 1.8.28.

The past few months have seen both Android and iOS fall prey to various security attacks, with more malware attacks and exploits being uncovered on a daily basis. First, let’s look at the newest zero-day Android vulnerability. This vulnerability leverages the ”use-after-free” memory flaw to wreak havoc on mobile devices. In layperson terms, the use-after-free flaw allows access to memory recently freed (after performing some operation) to execute malicious code.

We are releasing a recommended security update via Mattermost Team Edition 5.9.1, 5.8.2 and 4.10.9 (ESR) and Mattermost Enterprise Edition 5.9.1, 5.8.2 and 4.10.9 (ESR). This security update addresses a high-level vulnerability discovered during a security research review by Leandro Chaves.

This week CVE-2019-3874 was discovered which details a flaw in the Linux kernel where an attacker can circumvent cgroup memory isolation using the SCTP socket buffer. In containerised environments, this has the potential for a container running as root to create a DoS.

Recently, a new Kubernetes related vulnerability was announced that affected the kube-apiserver. This was a denial of service vulnerability where authorized users with write permissions could overload the API server as it is handling requests. The issue is categorized as a medium severity (CVSS score of 6.5) and can be resolved by upgrading the kube-apiserver to v1.11.8, v1.12.6, or v1.13.4.

Amp up your endpoint security game with ManageEngine’s all-new Vulnerability Manager Plus. Pinpoint, prioritize, and eliminate vulnerabilities with ease. Attackers are constantly coming up with new ways to carry out exploits, making it even harder for your organization to reduce its attack surface and keep its endpoints secure.

Web browsers have revolutionized the way we use the internet. They’ve escalated employee productivity, but have also opened up organizations to a plethora of security loopholes. Browsers are the easiest point of entry for hackers to exploit a system because they contain vulnerable components like plug-ins and cookies.

Today CVE-2019-5736 was announced which impacts all known versions of runc. Runc is the underlying component that creates containers in Docker, Kubernetes, and many other container systems. The full details of this vulnerability are available in the Openwall oss-security mailing. Due to the severity of this issue, exploits will not be published for another week, giving people time to patch.