CISA called on private and state organizations to urgently fix the Looney Tunables bug to prevent the loss of control over their networks.
The US Cybersecurity and Infrastructure Security Agency (CISA) has announced the need to strengthen the protection of federal systems from a vulnerability in Linux that is actively exploited by intruders.
The Looney Tunables vulnerability (CVE-2023-4911 CVSS: 7.8) was discovered by the Qualys research team and is related to a buffer overflow in the dynamic loader. ld.so GNU C libraries The bug affects the latest versions of popular Linux distributions, such as Fedora, Ubuntu, and Debian. Administrators are urgently advised to update their systems, given the active use of the vulnerability and the presence of several exploits published on the Internet since its disclosure in October.
CISA included the vulnerability in its Known Exploited Vulnerabilities Catalog (KEVC, KEV), noting it as a frequent attack vector and a significant risk to the federal enterprise, as well as private companies. In accordance with mandatory operating directive BOD 22-01, U.S. federal civil enforcement agencies must address this flaw in their networks by December 12.
It is noted that operators of the Kinsing malware actively use Looney Tunables in attacks aimed at cloud environments. Researchers from Aqua Nautilus have discovered that Kinsing attacks start with exploiting a known vulnerability in the PHP framework PHPUnit, which allows attackers to gain control over systems. After gaining root access, hackers install a JavaScript web wrapper to further control and steal cloud service credentials, as well as to access AWS data.
The Kinsing malware is known for using the power of compromised cloud systems to mine cryptocurrencies and has already attacked platforms such as Kubernetes , the Docker API, and others. Microsoft and TrendMicro also observed attacks by the Kinsing group exploiting various vulnerabilities, including the recently discovered critical vulnerability in Apache ActiveMQ.
The US Cybersecurity and Infrastructure Security Agency (CISA) has announced the need to strengthen the protection of federal systems from a vulnerability in Linux that is actively exploited by intruders.
The Looney Tunables vulnerability (CVE-2023-4911 CVSS: 7.8) was discovered by the Qualys research team and is related to a buffer overflow in the dynamic loader. ld.so GNU C libraries The bug affects the latest versions of popular Linux distributions, such as Fedora, Ubuntu, and Debian. Administrators are urgently advised to update their systems, given the active use of the vulnerability and the presence of several exploits published on the Internet since its disclosure in October.
CISA included the vulnerability in its Known Exploited Vulnerabilities Catalog (KEVC, KEV), noting it as a frequent attack vector and a significant risk to the federal enterprise, as well as private companies. In accordance with mandatory operating directive BOD 22-01, U.S. federal civil enforcement agencies must address this flaw in their networks by December 12.
It is noted that operators of the Kinsing malware actively use Looney Tunables in attacks aimed at cloud environments. Researchers from Aqua Nautilus have discovered that Kinsing attacks start with exploiting a known vulnerability in the PHP framework PHPUnit, which allows attackers to gain control over systems. After gaining root access, hackers install a JavaScript web wrapper to further control and steal cloud service credentials, as well as to access AWS data.
The Kinsing malware is known for using the power of compromised cloud systems to mine cryptocurrencies and has already attacked platforms such as Kubernetes , the Docker API, and others. Microsoft and TrendMicro also observed attacks by the Kinsing group exploiting various vulnerabilities, including the recently discovered critical vulnerability in Apache ActiveMQ.
