Critical vulnerabilities found in Linux and TorchServe.
Welcome to Cyber Security Today. It’s Wednesday, October 4th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Linux administrators are being urged to patch their operating systems to close a just-discovered 16-month-old vulnerability. Default installations of Fedora, Ubutu and Debian are open to being exploited, say researchers at Qualys. The hole is a buffer overflow vulnerability which can give an attacker full root privileges. The researchers believe threat actors can easly produce an exploit. It’s imperative system administrators act swiftly, the researchers say. Only those using Alpine Linux are exempt from being hit by this particular hole.
Executives are being warned to be wary of email messages that appear to come from a someone they trust who references a job application or resume on the Indeed employment platform. If a link in the message is clicked, instead of going to Indeed the victim is redirected to a fake Microsoft login page. If the victim logs in the attacker steals their session cookie. That cookie allows the attacker to log into a real Microsoft login page by bypassing multifactor authentication. Then the attacker could get access to the organization’s IT resources. According to researchers at Menlo Security, the attacker is able to do this by exploiting a vulnerability in the Indeed platform and using a phishing-as-a-service kit offered by threat actors. The report says Indeed has been told of the hole. The report also says this shows the dangers of not using phishing-resistant multifactor authentication solutions. It also shows the importance of training employees to be suspicious of messages with links.
Applications using TorchServe, an open-source Python language package, have to be patched before vulnerabilities are exploited by hackers. That’s the advice from researchers at Oligo, who warn the critical vulnerabilities they found — which they call ShellTorch — could allow threat actors to cause all sorts of mayhem, including messing with AI and machine learning solutions. Amazon has issued a security advisory for IT department with applications using TorchServe, while Meta fixed the default management API in its applications to mitigate the problems. TorchServe is found in the PyTorch framework for building deep-learning models
Most IT and security leaders know the importance of patching software. But what about firmware? Researchers at Forrester Research claim the attitude of many organizations to installing firmware updates is “woefully inadequate.” In a survey sponsored by HP Wolf Security, 42 per cent of respondents said their organization only installs firmware updates once a year. Another 15 per cent said their organization does it only twice a year. What’s even more alarming, says Forrester, is that 12 per cent of respondents only install firmware updates when there’s an imminent threat to security or system stability. However, the survey doesn’t say whether IT departments do a risk assessment before deciding whether to delay the installation of a firmware patch.
Finally, nearly 100,000 industrial control systems around the world are exposed to the public internet. That’s according to researchers at Bitsight. That number has been dropping, but it does beg the question of whether that many industrial control systems need to be open to the internet, and if so whether they are adequately protected from being hacked. Industrial control systems include power and water utilities, security systems, traffic light systems and more. IT leaders with industrial control systems in their environment need to make sure those that don’t need access to the internet are unplugged or have firewalls.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.