The technique does not allow a hacker to remotely infect a computer unless that computer has been foolishly left exposed on the Internet without a password.
Source: Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months | ZDNet
Since registry keys are also boot persistent, any modifications made to an account’s RID remain permanent, or until fixed.
However, the biggest problem has been with the deletion of user files located in the C:/Users/[username]/Documents/ folder.
Source: Microsoft pulls Windows 10 October Update (version 1809) | ZDNet
With the removal of old architecture and other bits of tidying up, with v4.17 RC1 there were more lines of code removed than added: something described as “probably a first. Ever. In the history of the universe. Or at least kernel releases.”
Source: Linus Torvalds says Linux kernel v5.0 ‘should be meaningless’
Linus describes Secure Boot as being “pushed in your face by people with an agenda.” But his real problem is that Secure Boot would then imply Kernel Lockdown mode.
Source: Torvalds Expresses Concerns Over Current “Kernel Lockdown” Approach – Phoronix
A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.
Source: ‘Kernel memory leaking’ Intel processor design flaw forces Linux, Windows redesign • The Register
There were rumors of a severe hypervisor bug – possibly in Xen – doing the rounds at the end of 2017. It may be that this hardware flaw is that rumored bug: that hypervisors can be attacked via this kernel memory access cockup, and thus need to be patched, forcing a mass restart of guest virtual machines.
“This potential vulnerability requires a Keeper user to be lured to a malicious website while logged into the browser extension, and then fakes user input by using a ‘clickjacking’ technique to execute privileged code within the browser extension,” said Craig Lurey, co-founder and CTO of Keeper Security.
Source: Windows 10 Bundles a Password Manager. Password Manager Bundles a Security Flaw
In 1993/1994, at NASA’s Goddard Space Flight Center, Donald Becker and Thomas Sterling designed a Commodity Off The Shelf (COTS) supercomputer: Beowulf. Since they couldn’t afford a traditional supercomputer, they built a cluster computer made up of 16 Intel 486 DX4 processors, which were connected by channel bonded Ethernet. This Beowulf supercomputer was an instant success.
Source: Linux totally dominates supercomputers | ZDNet
Linux first appeared on the Top500 in 1998. Before Linux took the lead, Unix was supercomputing’s top operating system. Since 2003, the Top500 was on its way to Linux domination. By 2004, Linux had taken the lead for good.
The attack worked first by getting Bogner’s malicious file quarantined by the AV program running on the targeted computer. The pentester then exploited vulnerabilities in the AV programs that allowed unprivileged users to restore the quarantined files. He further abused a Windows feature known as NTFS file junction point to force the restore operation to put his malicious file into a privileged directory of Bogner’s choosing. The technique took advantage of another Windows feature known as Dynamic Link Library search order. With that, Bogner’s malware ran with full privileges.
Source: How AV can open you to attacks that otherwise wouldn’t be possible | Ars Technica
There are various ways to use parallel processing in UNIX
So in order to trigger this behaviour, someone with root-level privileges needs to edit a Unit file and enter a “invalid username”, in this case one that starts with a digit.
But you need root level privileges to edit the file in the first place and to reload systemd to make use of that Unit file.
Source: Giving perspective on systemd’s “usernames that start with digit get root privileges”-bug
It’s an obvious bug (at least on RHEL/CentOS 7), since a valid username does not get accepted by systemd so it triggers unexpected behaviour by launching services as root.
However, it isn’t as bad as it sounds and does not grant any username with a digit immediate root access.