In mid-October, a 9-year-old serious flaw on the kernel of Linux operating system was discovered. Named Dirty COW, the flaw affects all Linux system from version 2.6.22. According to Bkav, Vietnam now has 5,058 affected systems including important services such as FTP Server and Webserver.

Dirty COW is cataloged a privilege escalation vulnerabilitiy. Exploiting successfully Dirty COW, a hacker with an user account (limited right) can escalate to admin on the system. There are two reasons that make the vulnerability the most serious privilege escalation ever. First, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. Bkav has recorded many sources publishing COW Dirty exploit.

Mr. Bui Tien Dung – Bkav System Security expert said: "In the actual attacks, Dirty COW can be combined with several common errors such as SQL injection, Buffer Overflow... to take full control of the victim system with the highest authority (root, system ...)".

Bkav provides testing tool combined patch update at link:

Users and system administrators should download the tool and run the command [python DirtyCOW] to fix the problem as soon as possible. The tool will automatically check whether the system has vulnerabilities or not and patch it (system required Python installation).

Bkav Corporation has just announced the analysis which showed that malware attacking Vietnam Airlines – the nation’s flag air carrier also appeared in many other organizations and businesses.

Not offcially launched in Vietnam as well as many other countries, the wildly popular new game Pokémon GO can still be downloaded from unofficial sources on the Internet, from which fake apps appear and some cases have put user’s smartphone at risk. Taking a deep look into several of such apps, Bkav identified the malware capable of taking full control of Android devices.

Early March, researchers discovered deadly DROWN vulnerability in OpenSSL that affects more than 11 million modern websites and e-mail services protected by SSLv2 protocol. Bkav took a deep look into Viet Nam’s situation, and learned that hundreds of important websites were affected, putting users’ data as passwords, private information, credit card details at risk of being stolen.

In early November, vBulletin forum software was hacked, typically with the attack on the official website of vBulletin causing a breach of critical data of its customers. vBulletin then issused a security patch and recommended its users update as soon as possible. However, according to Bkav, users are still highly at risk.

Showing 1 - 5 of 135 results.
Items per Page 5
of 27

Popup Date Time Portlet

Recent Posts

Blog Category Portlet


Store Portlet


Vote Baby Portlet