CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware By Orbit Brain October 21, 2022 0 199 views Residence › Virus & ThreatsCISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by MalwareBy Eduard Kovacs on October 21, 2022TweetThe US Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added a Linux kernel flaw to its Identified Exploited Vulnerabilities Catalog and instructed federal companies to deal with it inside three weeks.The vulnerability is tracked as CVE-2021-3493 and it’s associated to the OverlayFS file system implementation within the Linux kernel. It permits an unprivileged native consumer to achieve root privileges, however it solely seems to have an effect on Ubuntu.CVE-2021-3493 has been exploited within the wild by a stealthy Linux malware named Shikitega, which researchers at AT&T Alien Labs detailed in early September. Shikitega is designed to focus on endpoints and IoT units operating Linux, permitting the attacker to achieve full management of the system. It has additionally been used to obtain a cryptocurrency miner onto the contaminated system.As a part of the malware’s an infection chain, two Linux vulnerabilities are exploited for privilege escalation: CVE-2021-3493 and CVE-2021-4034.CVE-2021-4034 is known as PwnKit and it impacts Polkit’s Pkexec, a SUID-root program present in all Linux distributions. CISA warned about this vulnerability being exploited in assaults in June. Cisco talked about exploitation in a current report describing a Chinese language assault framework and its related RAT, which targets Home windows, Linux, and macOS methods.The information stories revealed when Shikitega’s existence got here to gentle targeted on the malware itself and didn’t spotlight the truth that this seemed to be the primary identified occasion of CVE-2021-3493 being exploited for malicious functions.Technical particulars and proof-of-concept (PoC) exploits for this vulnerability are publicly obtainable.CISA has now added the flaw to its Identified Exploited Vulnerabilities Catalog and has instructed federal companies to patch their methods till November 10. Whereas federal companies are required by a binding operational directive to repair these flaws, CISA strongly urges all organizations to prioritize patching for vulnerabilities listed in its catalog.As well as, CISA has added a current Zimbra vulnerability to the catalog. The safety gap was solely patched after exploitation started.*up to date to make clear that solely Ununtu is affected by CVE-2021-3493Associated: CISA Clarifies Standards for Including Vulnerabilities to ‘Should Patch’ RecordAssociated: CISA’s ‘Should Patch’ Record Places Highlight on Vulnerability Administration ProcessesAssociated: CISA: Vulnerability in Delta Electronics ICS Software program Exploited in AssaultsGet the Day by day Briefing Most LatestMost LearnFBI Warns of Iranian Cyber Agency’s Hack-and-Leak OperationsKnowledge of three Million Advocate Aurora Well being Sufferers Uncovered by way of Malformed PixelText4Shell Vulnerability Exploitation Makes an attempt Began Quickly After DisclosureDozen Excessive-Severity Vulnerabilities Patched in F5 MerchandiseCISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by MalwareFrance Slaps High-quality on Face Recognition Agency Clearview AIGoogle’s GUAC Open Supply Software Centralizes Software program Safety MetadataPassword Report: Honeypot Knowledge Reveals Bot Assault Developments Towards RDP, SSHSIM Swappers Sentenced to Jail for Hacking Accounts, Stealing CryptocurrencyAnonos Raises $50 Million for Knowledge Privateness PlatformSearching for Malware in All of the Unsuitable Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By way of Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureTips on how to Establish Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EngagingTips on how to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp catalog CISA CVE-2021-3493 exploited Linux kernel malware Shikitega vulnerability Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
API Security Firm FireTail Raises $5 MillionIntroducing the Cyber Security News API Security Firm FireTail Raises $5 Million.... December 16, 2022 Cyber Security News
Irish Regulator Fines Meta 265 Million Euros Over Data BreachIntroducing the Cyber Security News Irish Regulator Fines Meta 265 Million Euros Over Data Breach.... November 28, 2022 Cyber Security News
New ‘Hertzbleed’ Remote Side-Channel Attack Affects Intel, AMD ProcessorsIntroducing the Cyber Security News New ‘Hertzbleed’ Remote Side-Channel Attack Affects Intel, AMD Processors.... June 15, 2022 Cyber Security News
Google Unveils KataOS ‘Verifiably-Secure’ Operating System for Embedded DevicesIntroducing the Cyber Security News Google Unveils KataOS ‘Verifiably-Secure’ Operating System for Embedded Devices.... October 19, 2022 Cyber Security News
Israeli Defence Minister’s Cleaner Sentenced for Spying AttemptIntroducing the Cyber Security News Israeli Defence Minister’s Cleaner Sentenced for Spying Attempt.... September 7, 2022 Cyber Security News
Academics Devise New Speculative Execution Attack Against Apple M1 ChipsIntroducing the Cyber Security News Academics Devise New Speculative Execution Attack Against Apple M1 Chips.... June 13, 2022 Cyber Security News
Pantera Capital Plans $250M Solana (SOL) Buy, Analyst Predicts Record Rally Toward $1000March 8, 2024 75