Security Leftovers
-
Cyber Security News ☛ ANY.RUN Sandbox Now Analyzes Complex Linux Malware For SOC & DFIR Teams
The ANY.RUN sandbox has recently undergone an update to include support for Linux, strengthening its capacity to offer a safe and isolated atmosphere for examining malware and conducting threat analysis.
-
New Glibc Flaw Allows Full Root Access on Major Linux Distros
As a fundamental element of nearly every Linux-based system, the GNU C Library, or glibc, acts as a core library connecting applications with the Linux kernel. It provides essential functions for system calls, input/output operations, memory management, and other low-level functionalities that programs need to interact with the operating system. The recent discovery of a glibc flaw poses a significant concern due to its potential impact on millions of systems worldwide.
The vulnerability, tracked as CVE-2023-6246 with a CVSS score of 7.8, was found in the __vsyslog_internal() function, which is used by common logging functions like syslog and vsyslog. It allows attackers with local access to escalate their privileges to root, granting them complete control over the system. This glibc flaw stems from a heap-based buffer overflow inadvertently introduced in glibc version 2.37 in August 2022. This issue was subsequently backported to glibc version 2.36 while addressing a less severe vulnerability tracked as CVE-2022-39046.
-
LWN ☛ Security updates for Friday
Security updates have been issued by Debian (webkit2gtk), Fedora (atril, chromium, gnutls, python-aiohttp, and webkitgtk), Gentoo (libxml2), Mageia (gnutls, gpac, kernel, kernel-linus, microcode, pam, and postfix), Red Hat (container-tools:2.0, container-tools:3.0, container-tools:4.0, container-tools:rhel8, gimp, libmaxminddb, python-pillow, runc, and unbound), SUSE (cosign, netpbm, python, python-Pillow, python3, and python36), and Ubuntu (libde265, linux-gcp, linux-gcp-5.4, and linux-intel-iotg).
-
Data Breaches ☛ LockBitSupp banned as a “ripper:” drama on the Russian-language forums
Anastasia Sentsova and Jon DiMaggio have written about the latest drama in the ransomware world: LockBitSupp was banned from XSS.is, and as is their policy, he was therefore also banned on Exploit.in. Banned in the two well-known Russian-language forums, LockBitSupp tried to appeal the decision to RAMP. Even though it seems RAMP agreed with him, XSS.is and Exploit.in did not reverse their bans.
LockBitSupp’s ban comes as a surprise as he is a well-known figure and was active on the forums. Being on RAMP won’t give him as much publicity as being on the other forums that are available on clearnet.
-
Data Breaches ☛ Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline [Ed: Windows TCO]
The following figure from their report captures 2023 in terms of the number of different groups, the median ransom payment and frequency of payments per group. A text description is provided in their report.
-
Maltese suspected hacker to be extradited to United States for computer malware crimes
An operation by the Maltese police assisting the FBI in investigations in the United States, has led to the arrest of a 27-year-old Maltese individual in connection with the sale of illegal malware on the dark web.
[…]
The suspect was arrested at his workplace in Gudja on 7 February, and during searches conducted at various locations related to the suspect, numerous items linked to this investigation were seized.
The 27-year-old man appeared in court on Thursday afternoon before Magistrate Dr. Giannella Camilleri Busuttil LL.D, to begin extradition proceedings to the United States, where he will face charges before the American court.
He has consented to extradition and is being held in custody at the Correctional Facility in Kordin.
In connection with this investigation, a Nigerian accomplice, residing in Nigeria, was also arrested.
-
BakerHostetler Files Amicus Brief on Behalf of 30 Hospitals and Health Systems
As noted back in December 2022, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued dramatic guidance (often called the Bulletin) that targets the use of so-called Internet “tracking technologies” on the public websites of HIPAA-covered entities. Fueled by this guidance, healthcare providers have faced a dual threat of regulatory inquiries and widespread class-action litigation.
A recently filed lawsuit is challenging this regulatory guidance, arguing that the Bulletin exceeds the OCR’s regulatory authority and violates administrative law because it is arbitrary and capricious and was issued without proper notice and comment. See Am. Hosp. Assn. et al. v. Becerra et al., No. 4:23-cv-01110 (N.D. Tex. filed Nov. 2, 2023).