Warnings to Linux administrators, and more.
Welcome to Cyber Security Today. Monday, July 31st, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Linux administrators using the Ubuntu distribution are being warned to install the latest version of the operating system. This comes after the discovery by researchers at Wiz of two privilege elevation vulnerabilities. According to the SANS Institute, these holes affect 40 per cent of Ubuntu cloud workloads. The problem opened when Ubuntu modified a critical feature in a driver five years ago, which conflicted with certain changes made in 2019 and last year when the Linux kernel was altered. This means, the SANS Institute notes, the flaws have been out there for some time. Threat actors have known about this and weaponized exploits are publicly available.
More Linux news: The gang behind the Abyss Locker ransomware has added a Linux encryptor to its tools so they can go after VMware virtual servers. According to Bleeping Computer, this brings to 12 the number of ransomware groups that have added Linux ransomware encyptorss to their existing Windows weapon.
The U.S. Senate is again being asked to pass a law preventing online platforms from using deceptive user interfaces to trick people into disclosing personal data. These screens mislead people into agreeing to changing their privacy settings or signing up for services. One way is to push users to hit ‘Agree’ to several options. That makes it hard for them to find other choices that would limit the personal data they give up. Researchers call these interfaces ‘dark patterns.’ The proposed law is aimed at platforms that have over 100 million monthly active users from creating user interfaces with the effect of impairing user choices. It would also forbid designs that create compulsive use of a platform for those under the age of 17. Two Republicans and two Democrats are sponsoring the bill.
Finally, government cybersecurity agencies in the U.S. and Australia are telling web site and application developers to stop creating insecure direct object reference vulnerabilities. Also called IDOR vulnerabilities, these are access control issues. They enable threat actors to modify or delete data by issuing commands to a website or web application programming interface. Coding mistakes mean there’s a failure to perform adequate authentication and authorization checks. Developers are urged to implement secure by design principles when writing code; make sure the applications perform authorization checks for every request that modifies sensitive data; make sure that IDs, names and keys aren’t exposed in URLs; and be careful adding third party libraries or frameworks to applications. There are automated tools that will help review code and find IDOR and other vulnerabilities.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.