Residence › Virus & Threats

CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware

By Eduard Kovacs on October 21, 2022

Tweet

The US Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added a Linux kernel flaw to its Identified Exploited Vulnerabilities Catalog and instructed federal companies to deal with it inside three weeks.

The vulnerability is tracked as CVE-2021-3493 and it’s associated to the OverlayFS file system implementation within the Linux kernel. It permits an unprivileged native consumer to achieve root privileges, however it solely seems to have an effect on Ubuntu.

CVE-2021-3493 has been exploited within the wild by a stealthy Linux malware named Shikitega, which researchers at AT&T Alien Labs detailed in early September. Shikitega is designed to focus on endpoints and IoT units operating Linux, permitting the attacker to achieve full management of the system. It has additionally been used to obtain a cryptocurrency miner onto the contaminated system.

As a part of the malware’s an infection chain, two Linux vulnerabilities are exploited for privilege escalation: CVE-2021-3493 and CVE-2021-4034.

CVE-2021-4034 is known as PwnKit and it impacts Polkit’s Pkexec, a SUID-root program present in all Linux distributions. CISA warned about this vulnerability being exploited in assaults in June. Cisco talked about exploitation in a current report describing a Chinese language assault framework and its related RAT, which targets Home windows, Linux, and macOS methods.

The information stories revealed when Shikitega’s existence got here to gentle targeted on the malware itself and didn’t spotlight the truth that this seemed to be the primary identified occasion of CVE-2021-3493 being exploited for malicious functions.

Technical particulars and proof-of-concept (PoC) exploits for this vulnerability are publicly obtainable.

CISA has now added the flaw to its Identified Exploited Vulnerabilities Catalog and has instructed federal companies to patch their methods till November 10. Whereas federal companies are required by a binding operational directive to repair these flaws, CISA strongly urges all organizations to prioritize patching for vulnerabilities listed in its catalog.

As well as, CISA has added a current Zimbra vulnerability to the catalog. The safety gap was solely patched after exploitation started.

*up to date to make clear that solely Ununtu is affected by CVE-2021-3493

Associated: CISA Clarifies Standards for Including Vulnerabilities to ‘Should Patch’ Record

Associated: CISA’s ‘Should Patch’ Record Places Highlight on Vulnerability Administration Processes

Associated: CISA: Vulnerability in ​​Delta Electronics ICS Software program Exploited in Assaults

Get the Day by day Briefing

• Most Latest
• Most Learn

• FBI Warns of Iranian Cyber Agency’s Hack-and-Leak Operations
• Knowledge of three Million Advocate Aurora Well being Sufferers Uncovered by way of Malformed Pixel
• Text4Shell Vulnerability Exploitation Makes an attempt Began Quickly After Disclosure
• Dozen Excessive-Severity Vulnerabilities Patched in F5 Merchandise
• CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware
• France Slaps High-quality on Face Recognition Agency Clearview AI
• Google’s GUAC Open Supply Software Centralizes Software program Safety Metadata
• Password Report: Honeypot Knowledge Reveals Bot Assault Developments Towards RDP, SSH
• SIM Swappers Sentenced to Jail for Hacking Accounts, Stealing Cryptocurrency
• Anonos Raises $50 Million for Knowledge Privateness Platform

Searching for Malware in All of the Unsuitable Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Pc Says About You

Be in a Place to Act By way of Cyber Situational Consciousness

Report Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice 12 months To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

Tips on how to Establish Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Engaging

Tips on how to Defend Towards DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

Orbit Brain

https://orbitbrain.com/

Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.