Glibc library vulnerability published | Kaspersky official blog

/in

On January 30, security researchers published information about a vulnerability they discovered in the glibc (GNU C Library), which could potentially allow attackers elevate their privileges on Linux systems to root level. The library provides system calls and basic system functions – including syslog and vsyslog, which are used to write messages to the system message log. The vulnerability has received the identifier CVE-2023-6246, and a score of 8.4 on the CVSS v3.1 scale. Despite the fact that the level of this threat is not critical – it’s just high – there’s a high probability of its exploitation in large-scale attacks since glibc is the main system library that’s used by almost all Linux programs.

Which systems are affected by CVE-2023-6246?

The Qualys researchers who discovered the vulnerability tested a number of popular Linux-based system installations, and identified several vulnerable systems: Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora Linux versions 37 through 39. However, experts add that other distributions are probably also affected by this vulnerability. CVE-2023-6246 is present in the library version 2.36 and older. The glibc developers fixed the vulnerability in version 2.39 on January 31 – a day after information about it was published.

What is the CVE-2023-6246 vulnerability and where did it come from?

The vulnerability CVE-2023-6246 is related to a dynamic memory buffer overflow and belongs to the LPE (Local Privilege Escalation) class. In simple terms, an attacker who already has user access to a system can use vulnerable function calls to escalate their privileges to the super-user level.

This vulnerability was first added to the library in version 2.37, in August 2022, in an attempt to close the less dangerous vulnerability CVE-2022-39046. Subsequently, the library developers made the same change in version 2.36.

How to stay safe?

First you need to update the glibc library to version 2.39. Since attackers must already have access to the system to exploit this vulnerability (and all LPE vulnerabilities in general), CVE-2023-6246 will most likely be exploited in complex multi-stage attacks. Therefore, we recommend using solutions that can protect Linux as well. For example, our Kaspersky Endpoint Security solution includes the Kaspersky Endpoint Security for Linux application, which combats modern threats to Linux-based systems.

Kaspersky official blog – ​Read More

The Rise of Python-Scripted Ransomware

/in

The ransomware, named “grinchv3,” self-copies itself to the startup folder for persistence, encrypts user data using the Fernet symmetric key encryption algorithm, and adds a pop-up message after encryption.

Cyware News – Latest Cyber News – ​Read More

Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping 

/in

Daniel James Junk sentenced to six years in prison for stealing millions in cryptocurrency through SIM swapping.

The post Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping  appeared first on SecurityWeek.

SecurityWeek – ​Read More

Football Australia Data Leak Exposes Players’ Contracts, Fans’ Personal Details

/in

The leak included passports, player contracts, and personal data, potentially affecting every Australian football fan. Cybersecurity experts believe the breach was likely due to human error, and the FA is investigating the matter.

Cyware News – Latest Cyber News – ​Read More

Why Are Cybersecurity Automation Projects Failing?

/in

The cybersecurity industry has taken limited action to reduce cybersecurity process friction, reduce mundane tasks and improve overall user experience.

The post Why Are Cybersecurity Automation Projects Failing? appeared first on SecurityWeek.

SecurityWeek – ​Read More

Ransomware Incidents Hit Record High, But Law Enforcement Takedowns Slow Growth

/in

According to Corvus, the number of active ransomware groups grew by 34% between Q1 and Q4 2023, linked to the fracturing of well-known ransomware groups that leaked their proprietary encryptors.

Cyware News – Latest Cyber News – ​Read More

CISA Warns of Active Exploitation of Critical Flaws in Apple iOS and macOS

/in

The flaw allows attackers with arbitrary read and write capability to bypass Pointer Authentication, and it’s recommended that Federal Civilian Executive Branch (FCEB) agencies apply the fixes by February 21, 2024.

Cyware News – Latest Cyber News – ​Read More

Brazilian Police Make Arrests in Grandoreiro Banking Malware Case

/in

The Grandoreiro malware can track keyboard inputs, simulate mouse activity, and initiate communication with criminals’ servers, making it a potent threat to banking activities.

Cyware News – Latest Cyber News – ​Read More

AI-Generated Code Leads to Security Issues for Most Businesses: Report

/in

According to a survey by Snyk, over three-quarters of developers are bypassing established protocols to use AI-powered code completion tools, raising concerns about security implications.

Cyware News – Latest Cyber News – ​Read More

CISA Warns of Active Exploitation of Critical Vulnerability in iOS, iPadOS, and macOS

/in

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component.
“An attacker with

The Hacker News – ​Read More