Vulnerabilities in the headlines: Linux Kernel, Yahoo Stored XSS, and Open SSH

Linux Kernel Vulnerability and how to fix it

A flaw in the Linux Kernel has made big news lately, labelled as a local privilege escalation vulnerability. In fact, the company ‘Perception Point’ which released news of the flaw is under criticism as after reporting it to the Linux kernel maintainers, who were then developing a patch, they went ahead and released the details, dubbing it a zeroday. The vulnerability concerns the Keyrings facility, which is used to cache authentication keys, encryption keys and security data. Exploiting the flaw could allow a normal user to become a super user. However, critics have pointed out that you would need to be a user to begin with, this is not something which could be exploited by a remote hacker. All Linux distributions have now provided a patch however this will only be effective once updated, meaning millions of machines remain unprotected.

Cyber security companies and insurers next to take the blame?

As companies continue to lose large sums of money as a result of cyber security breaches, it’s of little surprise that those entrusted with protecting them are expected to take some of the blame. The first of these to hit headlines this week was a case against cyber security company Trustwave, who were hired to strengthen the security of the Affinity Gaming casino in 2013. Having since suffered another breach, Affinity are claiming that Trustwave’s work was ‘woefully inadequate’ and are seeking damages in excess of $100,000.

The second lawsuit concerns a cyber insurance provider, Federal Insurance, who are being taken to court over failure to pay $480,000 in a case of CEO fraud. CEO fraud is an increasingly common form of attack whereby an attacker impersonates a CEO in order to generate a payment, this time to an account in China. According to the FBI, such scams caused losses in the US of over $750m in just two years. This case serves as a reminder to business to take great care to check the small print of any insurance they take out. With numerous attacks and scams on the rise, good insurance is becoming an essential element of any cyber security strategy.

Open SSH vulnerability leaves cryptokeys open to theft

A serious vulnerability was recently discovered in Open SSH, one of the most widely used open source versions of the SSH protocol. The vulnerability could have been leveraged by hackers, stealing cryptographic keys and carrying out ‘man in the middle’ attacks, however this would be difficult to do making the vulnerability less serious than first made out. The flaw actually consists of two CVEs, an information sharing vulnerability and a buffer overflow vulnerability, both part of the ‘roaming’ feature. A patch has been released and users are advised to update the implementation of Open SSH on their machine. As the vulnerability has now been publicly disclosed, users should act fast before an attacker can take advantage of any unpatched users.

Antivirus software leaving door open for hackers

Antivirus provider Trend Micro have been left with egg on their face following the discovery of a bug which allows attackers to execute remote commands and steal all of a user’s’ passwords from their password manager tool. The NodeJS server which allows the password manager to run was found to be leaving a number of HTTP RPC ports open and was also exposing more than 70 APIs. The remote code execution bug was discovered by Tavis Ormandy as part of Google’s Project Zero and he has since worked with Trend Micro to patch the vulnerability.

French government rejects proposal to make hardware backdoors mandatory

In the aftermath of the Paris terrorist attacks, one Republican politician proposed an addition to the Digital Republic Bill. The draft proposed that all hardware should be designed with mandatory encryption backdoors, allowing the manufacturer to access data when requested by the police, courts or government. The proposal has been rejected by the government, with deputy minister for digital affairs Alex Lamaire being quoted as calling the proposal ‘vulnerability by design’. France is the latest country to reject such a move, with the US and the Netherlands also having considered and rejected such a method.

Yahoo! Mail Stored XSS vulnerability fixed

A Stored XSS vulnerability was found in Yahoo! Mail last month, as part of a bug bounty programme. The vulnerability would allow an attacker to embed malicious JavaScript within emails, which when read would execute the code and allow an attacker to take control of the account. The problem apparently stemmed from the way in which Yahoo! filter HTML-formatted emails, allowing some to pass through the net. The vulnerability has already been patched and is not known to ever have been discovered and exploited in the wild prior to its discovery.

Time Warner Cable breach, 320000 passwords stolen

Earlier this month, Time Warner Cable admitted that 320,000 customer passwords are likely to have been stolen. They were unable to specify how this breach might have occurred, but speculated that it might have been through a third party or due to malware. Users are being urged to change their passwords, particularly those that use the Roadrunner service. The FBI have been informed, apparently part of a larger disclosure including other affected firms. However, no other firms seem to have come forward to make their own breaches public.

Annual Australia-US Cybersecurity collaboration announced

Australian Prime Minister Malcolm Turnbull has announced a new annual event to be held with long term allies the US. Beginning this year, the annual Australia-US ‘Cyber Security Dialogue’ is intended to bring senior representatives from both countries together to discuss cyber threats, promote cybersecurity innovation and encourage new business opportunities. He went on to say ‘We will continue to work closely together to ensure the internet remains open, free, and secure by promoting peacetime ‘norms’ for cyberspace,’ Following the announcement of a $30m investment in a Cybersecurity Growth Centre last month it’s clear that cybersecurity is currently high on the government’s agenda.

Share this post

Leave a Reply

Your email address will not be published.