The campaign encourages users to download a fake font, which in turn installs more than an innocent font, but rather a malware. Hackers have hacked into legitimate websites (for example by using the WordPress content injection vulnerability that was reported three weeks ago) in order to cause websites to display non-readable characters. The attackers then “offers” the user the ability to view the website’s content by updating their “Chrome font package”.
https://neosmart.net/blog/2017/beware-of-this-new-chrome-font-wasnt-found-hack/
(2) Linux Kernel was found to be vulnerable to yet another decade old privilege escalation exploit (CVE-2017-6074).
While the Dirty Cow exploit (dated back from 2007) was only discovered less than half a year ago, security researcher Andrey Konovalod has managed to discover an older exploit in Linux kernel (dated as far as 2005).
In particular, this vulnerability exploits a use-after-free in the DCCP protocol, which can allow an attacker to alter’s the kernel memory.
Organizations are advised to update their kernel as soon as possible.
Here are all the details:
https://seclists.org/oss-sec/2017/q1/471
https://thehackernews.com/2017/02/linux-kernel-local-root.html
(3) A buffer overflow vulnerably in Cloudflare’s edge servers was reported, allowing users to view sensitive information such as the authentication tokens (when stored in the server’s memory). This vulnerability has resulted by a bad implementation of a Ragel script used for HTTP rewriting, causing the server to return more data than intended.
The data was already cached by search engines, therefore causing Cloudflare to wait for several days before publishing the details of this vulnerability.
While the leaked memory can contain private information, the SSL private key could not have been compromised by this bug.
Here are all the details:
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/