“As Nasty as Dirty Pipe” — 8 Year Old Linux Kernel Vulnerability Uncovered
Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is “as nasty as Dirty Pipe.” Dubbed DirtyCred by a group of academics from Northwestern University, the security weakness exploits a previously unknown flaw (CVE-2022-2588) to escalate privileges to the maximum level. “DirtyCred is a kernel exploitation concept that swaps unprivileged kernel credentials with privileged ones to escalate privilege,” researchers Zhenpeng Lin, Yuhang Wu, and Xinyu Xing noted. “Instead of overwriting any critical data fields on kernel heap, DirtyCred abuses the heap memory reuse mechanism to get privileged.”
Ex-Apple engineer pleads guilty to stealing Apple’s car secrets
Xiaolang Zhang, a former Apple employee charged by the FBI in 2018 for stealing trade secrets about Apple’s autonomous vehicle project, pleaded guilty in a federal court in San Jose on Monday. Zhang stole the trade secrets while preparing to work for Chinese electric vehicle startup Xiaopeng Motors, also known as XPeng. The FBI arrested Zhang at San Jose airport, California, on 7 July, while he was en route to China. Zhang was hired by Apple in 2015 where he would eventually work on hardware for Apple’s secretive autonomous vehicle project.
Fake Reservation Links Prey on Weary Travelers
A longtime threat group identified as TA558 has ramped up efforts to target the travel and hospitality industries. After a lull in activity, believed tied to COVID-related travel restrictions, the threat group has ramped up campaigns to exploit an uptick in travel and related airline and hotel bookings. Warnings come from security researchers who say TA558 cybercriminals have revamped their 2018 campaigns with fake reservation emails that contain links – that if clicked – deliver a malicious malware payload containing a potpourri of malware variants. What makes this most recent campaign unique, according to a report by Proofpoint, is the use of RAR and ISO file attachments linked to messages. ISO and RAR are single compressed files, that if executed, decompress the file and folder data inside of them.
Hackers demand $10 million from Paris hospital after ransomware attack
Malicious hackers are demanding $10 million from a French hospital they hit with ransomware last weekend. The Hospital Center Sud Francilien (CHSF) in Corbeil-Essonnes, south-east of Paris, was struck late on Saturday night, causing major disruption to health services. The following morning, CHSF announced that it had initiated an emergency “white plan” after the attack made it impossible for the hospital to access its business software, storage systems (including medical imaging), and information systems related to patient admissions. In the absence of working computer systems, medical staff are resorting to the use of pen and paper with the inevitable disruption that can cause.
Why patching quality, vendor info on vulnerabilities are declining
Those who apply security patches are finding that it’s becoming harder to time updates and determine the impact of patching on their organizations. Dustin Childs of the ZDI Zero Day Initiative and Trend Micro brought this problem to light at the recent Black Hat security conference: Patch quality has not increased and in fact is getting worse. We are dealing with repatching bugs that weren’t fixed right or variant bugs that could have been patched the first time. Childs also pointed out that vendors are not providing good information about the Common Vulnerability Scoring System (CVSS) risk to easily analyze whether to patch. The vendor might give a high CVSS risk score to a bug that wouldn’t be easily exploited. I am having to dig more into details of a bug to better understand the risk of not applying an update immediately. Vendors are adding obscurity to bug information and making it harder to understand the risk.