Warnings to Linux and HP device administrators, Samsung confirms data theft and more.
Welcome to Cyber Security Today. It’s Wednesday, March 9th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Linux administrators and developers are urged to update to the latest version of the kernel or their Linux distribution after the discovery of a major vulnerability. The problem is in Linux kernels going back to version 5.8. It allows an attacker to overwrite supposedly read-only files. That could lead to an escalation of data access privileges because an attacker could inject malware into root processes. The vulnerability has been disclosed to the Linux kernel security team and the Android security team. The bug has to be patched in Android.
IT administrators are urged to find and install the latest security patches for HP devices. This comes after cybersecurity researchers at a company called Binarly discovered 16 high severity vulnerabilities in the implementations of firmware used in some models of HP laptops, desktops, point of sale systems and edge computing nodes. Attackers could leverage the vulnerabilities to compromise systems.
Samsung has confirmed to Bloomberg News that source code for its Galaxy smartphones was among the corporate data stolen recently. This comes after the Lapsus$ hacking group claimed over the weekend that it successfully compromised the company and released what it said was 190 GB of data from Samsung. According to the news site HackRead, that code was described as including the Trusted Applet used for access control and encryption, as well as code for other sensitive security functions. Samsung said customers’ personal data wasn’t copied. The Lapsus$ group also announced last week it had hacked graphics card maker Nvidia.
The RagnarLocker ransomware gang has hit 52 American organizations, including those in the energy financial, IT and government sectors. This is according to an FBI report sent to eligible organizations and seen by the Bleeping Computer news service. The document is one of a series of background papers on ransomware groups created for information purposes. It includes indicators of compromise IT security teams should watch for.
Microsoft is notifying unnamed firms using its Azure cloud service that a serious security vulnerability has been fixed. The problem was in the Azure Automation service. Under certain conditions an attacker able to run an automation scan in Azure Sandbox could have acquired the Managed Identities tokens for other automation jobs without permission. The tokens could then be used to access an organization’s data stored on Azure. The vulnerability was reported to Microsoft by Orca Security in December. It was mitigated four days later.
Finally, yesterday was Microsoft’s Patch Tuesday for the month of March, when it released security updates for Windows and other company products. Note also that Adobe, SAP and other major application companies also released updates yesterday. IT administrators who have automatic updates enabled on systems should make sure those patches are installed. For those who need to test patches before installation make sure you have a rigorous patch management process. A SANS Institute webinar I covered last week recommended firms first patch network security appliances, web servers, web apps and their host operating systems, then desktops and finally internal servers and applications.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.