UNIX/Linux Security Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (cacti, postgresql-11, and zfs-linux), Fedora (freeimage, mingw-expat, and mingw-freeimage), Mageia (apache-mod_security-crs, expat, and multipath-tools), Oracle (.NET 7.0 and kernel), Red Hat (kernel, kernel-rt, and kpatch-patch), and Ubuntu (bash, kernel, linux, linux-aws, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, and vim).
-
OpenSSF (Linux Foundation) ☛ OpenSSF Releases Plan for Improving Software Developer Security Education
The Open Source Security Foundation (OpenSSF) has just released its 2024 plan to improve software developer education, titled “Plan for Improving Software Developer Security Education”. This is the plan the OpenSSF Education Special Interest Group (SIG) intends to follow this year.
-
Recent Node.js Vulnerabilities Fixed in Ubuntu
Several vulnerabilities within Node.js were identified, posing a significant threat to Ubuntu systems. These vulnerabilities could enable attackers to execute arbitrary code on compromised systems, potentially leading to severe consequences for affected users. To address these risks, the Ubuntu security team swiftly released security updates across multiple Ubuntu releases, including Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04.
-
Help Net Security ☛ Lynis: Open-source security auditing tool
Lynis conducts a thorough security examination of the system directly. Its main objective is to evaluate security measures and recommend enhancing system hardening. The tool also checks for general system details, identifies vulnerable software packages, and detects potential configuration problems.
-
Ksplice Known Exploit Detection for GLIBC vulnerability CVE-2023-6246
This post is part of a regular series on Oracle Ksplice’s Known Exploit Detection. CVE-2023-6246 is a security vulnerability in the glibc library that allows a local attacker to escalate their privileges. Oracle Linux doesn’t use the vulnerable glibc versions. However, we decided to implement known exploit detection for this vulnerability in the kernel that will allow system administrators to report and alarm future attempts to exploit the vulnerability.
-
Bleeping Computer ☛ New AcidPour data wiper targets Linux x86 network devices
Data wipers are a category of malware designed for destructive attacks that delete files and data on targeted devices. This type of malware is commonly used to disrupt an organization's operations for political reasons or as a distraction from a larger attack.
-
Hacker News ☛ Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices
A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices.
The malware, dubbed AcidPour, is compiled for Linux x86 devices, SentinelOne's Juan Andres Guerrero-Saade said in a series of posts on X.
"The new variant [...] is an ELF binary compiled for x86 (not MIPS) and while it refers to similar devices/strings, it's a largely different codebase," Guerrero-Saade noted.
-
Security Affairs ☛ New AcidPour wiper targets Linux x86 devices. Is it a Russia’s weapon?
A new variant of the Russia-linked wiper AcidRain, tracked as AcidPour, was spotted targeting Linux x86 devices.