shaken

a vulnerability has just shaken almost all its versions

by

Linux has a reputation as a robust system. Not invulnerable, of course, but especially resistant, to the point of having become one of the silent bases of the Internet, business servers and many environments where security is part of the contract. That is why a vulnerability like CopyFaThis is especially serious: we are not talking about a minor bug in an isolated application, but rather a problem in the kernel that can allow someone who already runs code with few permissions to end up gaining root access. CopyFail. The vulnerability, identified as CVE-2026-31431came to light when the Theori firm made public the details of the bug and the exploitation code after having notified the Linux kernel security team five weeks earlier. That timing nuance is important because the kernel had already received patches in several branches, from 7.0 to 5.10.254. What had not happened yet, at least in a general way, was its effective transfer to many Linux distributions. What are we talking about. CopyFail is a local privilege escalation. It doesn’t mean that anyone can simply attack a Linux machine from the outside, but rather that someone who can already run code inside the system with limited permissions, for example from a regular account, a compromised web service, a container, or a CI/CD job, can try to escalate to root. On Linux, root is the account with full administrative control. That is why the risk is not in the first entry door, but in what happens right after: limited access can become system control. An overly reliable exploit. There is another element that explains the alarm. Many kernel vulnerabilities depend on very specific conditions to function, such as memory corruption that can vary by version, distribution, or even machine. CopyFail is based on a logical flaw in the kernel’s cryptographic API, and that changes the terrain. Bugcrowd researchers explain that Because it is a logical flaw, the exploit does not depend on such specific internal settings, a feature that reduces friction for attackers and complicates the work of defenders. The patch. The case also leaves a lesson about how vulnerabilities in Linux are coordinated. As mentioned above, Theori reported the bug to the kernel security team five weeks before releasing it publicly. The problem is that, for most users, fixes do not arrive directly, but rather through distributions that package, test, and release their own patches or mitigations. When the exploit became public, that process had not yet finished in many distributions or versions, leaving a window of exposure that was difficult to ignore. Current situation. Over the days, part of the ecosystem has begun to close the gap, but not in a uniform way. At the time of publishing this article, distributions like Debian, Arch, fedora, SUSE and Amazon Linux had already published patches or advisories for certain branches, while Ubuntu insisted on updating the system and apply mitigations if the fixed kernel was not yet available or had not been loaded after a reboot. Images | Xataka with Nano Banana In Xataka | The European Central Bank has taken a look at Mythos and made a decision: prepare for the worst-case scenario

An earthquake has shaken the coast of Almeria. And Middle Andalusia has learned thanks to Google

by

An earthquake of magnitude 5.5 located in Almeria waters has shaken multiple locations Andalusians in Almería, Granada, Jaén and areas of the Spanish Levante such as Murcia. Along with it, thousands of Android mobile users have received an unknown notification to date: a directly related to the detection of farms. The earthquake. According to information from National Geographic Instituteat 7:13 a.m. on July 14, there has been an earthquake of magnitude 5.4 to two kilometers deep in the corporal of sticks, having special incidence in populations of the Andalusian coast. The consequent replicas have lasted until 8:49, with intensities of 3.4 and 2.7. Local media They report that at the moment there have been no consequences of gravity, ensuring the 112 that “no damage to the region has been notified by the earthquake.” The message. Virtually immediately, Android phones have issued an automatic notification to thousands of phones through Google Play services. This alert is framed within the Google seismic detection system, Shakealert. In it, the estimated magnitude of the earthquake is noticed as well as recommended practices to keep us safe in earthquake cases. Through a map, both the time and distance from the earthquake are shown, with the possibility of consulting the latest updates through the same section. How it works. Google’s Seísos alert System It is more than curious. In the United States (California, Washington and Oregon) uses a network of 1675 seismic sensors to detect tremors and earthquakes. Outside these territories, the seismographs are our own phones through the accelerometer. If a phone detects movement changes that can be interpreted as an earthquake, send a signal to the Google server. At that time, the server combines this signal with that of other phones to try to find out if an earthquake is taking place. In case of determining what is taking place, an alert is sent on two levels. The key to using this system is that it works predictively. In fact, Google warns that these notifications can reach even before the earthquake occurs. The alerts. The network of more than 2,000 million Android devices, according to Google, acts as a minisismographers front capable of giving precise data on the earthquake. In the event that the alert is of 4.5 or higher scale (in MMI scale, no Richter, here is measured in surface perceived, not energy released from the epicenter), a strong sound alarm is sent ignoring the modes not to disturb and lighting the screen. If the alert is of lower magnitude, such as the one lived today, only an informative notification is sent. What about Es-alert. The doubts that have assaulted upon receiving the alarm have to do with the alternative system we have in Spain: Es-alert. Here we have a system with three levels of alert and civil protection as in charge of sending the notification through Cell Broadcast (radio emission without having active mobile data). System Who detects Who sends the alert How the alert is sent You need Internet connection Android Earthquake Alerts System Android phones themselves, through their sensors Google Push notifications Yeah es-alert National Geographic Institute (IGN) Civil defense Radio emission (Cell Broadcast) No In this case, Es-Alert has not worked. The system is active, working, and detecting cases Like fire in Tarragonabut it is Civil Protection who determines the supposed severity of the phenomenon and whether or not notification is to be sent. The legal framework. A Law 17/2015, of July 9, of the National Civil Protection System determines that only the competent authorities can issue official alerts: Civil Protection, Aemet, IGN or the communities and municipalities themselves. Private companies cannot issue official alerts … but they can send private notifications that do not violate any law. That Android informs you about a possible earthquake It does not differ too much than the time app I inform you that it is raining in your area. Google notices do not supply these official notification systems, act as an informative complement to the official framework. Here the debate enters into the own responsibility of a private company to alert the population of a gravity event as an “unofficial” earthquake. One that clashes with the slowness (or direct inactivity according to circumstances) of national systems in specific cases like this. Image | Xataka In Xataka | The ghost of the earthquakes returns to Lisbon: how a savage earthquake in 1755 took the entire city ahead

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.