Security news aggregator

Latest coverage for Root Access

Root access gives an attacker or administrator complete control of a Unix-like system, allowing changes to data, software, accounts, and security settings.

19 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Root access is unrestricted administrative control of a Unix or Linux system. The root account, or an equivalent privilege obtained through mechanisms such as sudo, can read or change nearly any file, alter system configuration, install software, and control running processes. Related uses of “root” may describe equivalent administrator privileges in containers, cloud workloads, network appliances, or mobile devices.

Because root privileges can bypass ordinary access controls, stolen administrative credentials or a vulnerability that enables privilege escalation can let an attacker modify security settings, access protected data, establish persistence, or disrupt the host. Organizations generally reduce exposure by disabling direct root login where practical, using named administrator accounts with least privilege, protecting privileged authentication with strong controls, and recording and reviewing elevation events. Vulnerability management should prioritize flaws that can grant local or remote root-level execution; during an incident, investigators must assess whether root access was obtained and treat the host’s integrity as potentially compromised.

Volume over time

Weekly headline count for the current query.

Showing 19 most recent headlines Filtered view
Bank Info Security 1 month, 3 weeks ago

RondoDox Botnet Exploits 2018 Flaw in Asus Routers

Botnet Operators Execute First Known Exploit of Nearly Decade-Old FlawOperators behind a botnet picked up on a nearly decade-old flaw in Asus routers allowing an unauthenticated attacker to achieve remote code execution as a root user. VulnCheck began observing exploitation of the Asus vulnerability on May 17.

Bank Info Security 2 months, 1 week ago

'Dirty Frag' Gives Root on Linux Distros

No Patches Yet Available, After Third Party Published Vulnerability DetailsSecurity researchers have discovered a new, critical flaw in the Linux kernel that attackers can exploit to gain root access. No patches are yet available to fix "Dirty Frag," the second new local privilege escalation flaw to be found in two weeks, following the similar "Copy Fail" vulnerability.

Bank Info Security 2 months, 2 weeks ago

Linux 'Copy Fail' Flaw Delivers Root-Level Access to Distros

AI-Assisted Offensive Security Researcher Discovered Flaw After 1 Hour of ScanningPatch all Linux kernels issued from 2017 onwards to fix a serious vulnerability in the kernel’s cryptography API that can be easily exploited by a local, unprivileged user to gain root-level access. The major flaw is the latest to be found by an AI-assisted researcher.

Juniper Tells Customers to Tune Their FirewallA critical vulnerability in Juniper Networks' primary operating system could give threat actors root level privileges to execute code on Juniper’s PTX Series routers. Successful exploitation would give attackers full command and control over devices without the need for authentication.

Bank Info Security 5 months, 3 weeks ago

Telnet Flaw: 800,000 Servers at Risk Amid Active Attacks

Telnet Flaw Allows Unauthenticated Users to Gain Root AccessHackers are on the hunt for open telnet ports in servers after discovering that a version of legacy client-server application protocol is vulnerable to an authentication bypass vulnerability. More than 800,000 servers could be actively targeted in the wild.

Bank Info Security 5 months, 3 weeks ago

Zero-Day Flaw in Cisco Unified Communications Being Targeted

Vendor Ships Emergency Fixes, Warning Flaw Facilitates Full System CompromiseAttackers are targeting a zero-day vulnerability in Cisco's Unified Communications and Webex products that facilitates remote code execution and root-level access to the underlying operating system, risking full system compromise. Cisco has released patches, warning that no workarounds exist.

Bank Info Security 7 months, 4 weeks ago

ENISA Is Now a CVE Program Root

European Cybersecurity Agency Can Assign CVE IDs and Publish CVE RecordsThe European Union Agency for Cybersecurity is poised to take on a greater role in coordinating vulnerability disclosures across the trading bloc with its elevation as a "Root"-level participant in the Common Vulnerabilities and Exposures program.

Bank Info Security 7 months, 4 weeks ago

Breach Roundup: Cloudflare Outage Root Cause

Also: Fortinet Flaws, Aisuru Botnet and Dutch Police Seize Bulletproof Host ServersThis week, the root cause of the Cloudflare outage, active exploitation of Fortinet flaws, Logitech disclosed a data breach, Microsoft headed off a record-breaking botnet attack, Dutch police seized bulletproof hosting servers and Princeton University disclosed a data breach after a phishing attack.

Bank Info Security 9 months, 1 week ago

Hackers Exploit LFI Flaw in File-Sharing Platforms

Attackers Read Server Files and Steal Credentials in Gladinet CentreStack, TriofoxHackers are exploiting a flaw allowing them to access without authentication document root folder files in file-sharing and remote-access software, where they obtain access tokens and passwords to unlock remote access to corporate file systems, warn researchers.

Bank Info Security 9 months, 1 week ago

Hackers Exploit LFI Flaw in File-Sharing Platforms

Attackers Read Server Files and Steal Credentials in Gladinet CentreStack, TriofoxHackers are exploiting a flaw allowing them to access without authentication document root folder files in file-sharing and remote-access software, where they obtain access tokens and passwords to unlock remote access to corporate file systems, warn researchers.

Flaw Exposes Remote Privilege Escalation RiskCisco released urgent security updates to fix a critical vulnerability in Unified Communications Manager that could allow unauthenticated attackers gain root access to affected systems. The maximum-severity vulnerability allows unauthenticated remote attackers to log in using static credentials.

Bank Info Security 1 year, 1 month ago

Cybersecurity Firm SentinelOne Suffers Major Outage

After Hours-Long Disruption, XDR Vendor Promises Full Root Cause Analysis of OutageCybersecurity vendor SentinelOne suffered a major, global outage for about six hours on Thursday that disrupted its monitoring of managed response service customers' endpoints and networks, interrupted software updates and kept administrators from accessing consoles for troubleshooting purposes.

Bank Info Security 1 year, 2 months ago

Silence is Golden for Breach Prevention, Not Reporting

Not Just Ransomware But Verbal Disclosure of Personal Data Common, Watchdog FindsTwo decades after California Senate Bill 1386 introduced the world to data breach notifications, organizations have collectively battened down their cybersecurity hatches and fixed the problem once and for all. Of course, I'm joking, with the results of recent data breach root cause report in hand.

Bank Info Security 1 year, 4 months ago

Rethinking Insider Risk in an AI-Driven Workplace

Carnegie Mellon CERT's Dan Costa on Addressing Root Causes of Insider RiskAs layoffs and AI-driven workflows reshape workplace security, insider risk is becoming more complex. Dan Costa, technical manager for the CERT division at Carnegie Mellon University's Software Engineering Institute, outlines proactive strategies to manage insider risk effectively.

Stretched Agency Must Balance HIPAA Enforcement With Policing DEI in HealthcareHHS investigators charged with protecting the civil rights and privacy of patients are now assigned to finding and stamping out diversity, equity and inclusion programs at universities and hospitals, with DEI now deemed discriminatory under the Trump administration.

Bank Info Security 1 year, 7 months ago

Researchers: Iranian Custom Malware Targets Fuel Systems

An Iranian state hacking group is using custom malware to compromise IoT and OT infrastructure in Israel and the United States. An attack wave from Islamic Revolutionary Guard Corps-affiliated "CyberAv3ngers" swept up fuel management systems made by U.S.-based firm Gilbarco Veeder-Root.

Bank Info Security 2 years, 4 months ago

Illicit Credentials Marketplace Admin Gets 42-Month Sentence

More Than 350,000 Credentials Were Likely Listed for Sale on the MarketplaceA co-administrator of an illicit online marketplace received a 42-month prison sentence in U.S. federal court after pleading guilty to two criminal counts that could have put him in prison for 15 years. Sandu Boris Diaconu, 31, helped develop and administer the E-Root marketplace.

Bank Info Security 2 years, 7 months ago

Good Governance: 'It's All Hygiene'

In the constant struggle to manage the other five pillars - identify, protect, detect, respond and recover - security leaders often do not have governance at top of mind, said Netography CEO Martin Roesch, but he added, "Good governance is the root of having good security."

Bank Info Security 2 Dec 2023, 11:30 a.m. Root Access