What do Linux vulnerabilities and natural disasters have in common? Something seemingly dormant can suddenly spring to life, exposing activity beneath the surface. Several days ago, a security researcher published a high-severity vulnerability named PwnKit that impacts most major Linux distributions. The scary part? It’s existed since May of 2009. Polkit is a component for controlling privileges in Unix-like operating systems and is included by default on most major Linux distributions.

According to Cybersecurity Ventures, cybercrime will cost the world $10.5 trillion annually by 2025. However, it is alarming how many companies are unaware of the aftermath of being attacked. A successful attack can cause irreversible damage to companies’ finances. This is because attacks include money theft, damage, and destruction of data, interruption in services, decreased productivity, theft of intellectual property, theft of personal and financial data, reputational harm, and others.

Organizations often have their confidential information illicitly for sale on the darknets, but they don’t know it. Statistically, over 75% of compromised credentials are reported to the victim organization by law enforcement when it has become too late. That’s why dark web monitoring tools providers are the appropriate solution to help you know on time when your credentials are stolen and exposed on the dark web.

The Cybersecurity Maturity Model Certification (CMMC) is a well-known framework for assessing the maturity of an organization’s cybersecurity. It’s designed to help organizations improve their cybersecurity by raising awareness about best practices and implementing a roadmap.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week we will explore the concept of the metaverse and what it holds for the future of technology and user experience. Illustration by Dorathe Victor When Facebook changed its name to Meta in September 2021, a new buzzword took over the tech world: the metaverse.

On January 25, 2022, Qualys announced the discovery of a local privilege escalation vulnerability that it identified as PwnKit. The PwnKit vulnerability affects PolicyKit’s pkexec, a SUID-root program installed by default on many Linux distributions. The same day of the announcement, a proof of concept (PoC) exploit was built and published by the security research community.

Nowadays you need a scorecard to keep track of the monthly acquisitions and mergers in the cybersecurity industry. Mergers and acquisition (M&A) of products, capabilities, and companies has become a common strategy for business and market growth. Even through the Covid19 pandemic, trends in acquisition and consolidation of information security oriented companies remained quite strong. In fact, the volume of U.S.

Disruptive and destructive cyber operations have been levied against elements of Ukrainian society by adversaries attributed to the Russian government — or groups highly likely to be controlled by them — since at least 2014. These operations have impacted several sectors, including energy, transportation and state finance, and have attempted to influence political processes and affect businesses more broadly within the country.

A new advisory from Qualys discloses a local privilege escalation bug in SUID-set program ‘pkexec’. The flaw has been designated the CVE ID of CVE-2021-4034 and nicknamed “pwnkit” by the vulnerability finders. The CVSSv3 base score is calculated to be a high 7.8 out of 10.0. The vulnerable program is a part of Polkit, which manages process privileges.