Cyber Security Today, March 9, 2022 – Warnings to Linux and HP device administrators, Samsung confirms data theft and more

Share post:

Warnings to Linux and HP device administrators, Samsung confirms data theft and more.

Welcome to Cyber Security Today. It’s Wednesday, March 9th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts


Linux administrators and developers are urged to update to the latest version of the kernel or their Linux distribution after the discovery of a major vulnerability. The problem is in Linux kernels going back to version 5.8. It allows an attacker to overwrite supposedly read-only files. That could lead to an escalation of data access privileges because an attacker could inject malware into root processes. The vulnerability has been disclosed to the Linux kernel security team and the Android security team. The bug has to be patched in Android.

IT administrators are urged to find and install the latest security patches for HP devices. This comes after cybersecurity researchers at a company called Binarly discovered 16 high severity vulnerabilities in the implementations of firmware used in some models of HP laptops, desktops, point of sale systems and edge computing nodes. Attackers could leverage the vulnerabilities to compromise systems.

Samsung has confirmed to Bloomberg News that source code for its Galaxy smartphones was among the corporate data stolen recently. This comes after the Lapsus$ hacking group claimed over the weekend that it successfully compromised the company and released what it said was 190 GB of data from Samsung. According to the news site HackRead, that code was described as including the Trusted Applet used for access control and encryption, as well as code for other sensitive security functions. Samsung said customers’ personal data wasn’t copied. The Lapsus$ group also announced last week it had hacked graphics card maker Nvidia.

The RagnarLocker ransomware gang has hit 52 American organizations, including those in the energy financial, IT and government sectors. This is according to an FBI report sent to eligible organizations and seen by the Bleeping Computer news service. The document is one of a series of background papers on ransomware groups created for information purposes. It includes indicators of compromise IT security teams should watch for.

Microsoft is notifying unnamed firms using its Azure cloud service that a serious security vulnerability has been fixed. The problem was in the Azure Automation service. Under certain conditions an attacker able to run an automation scan in Azure Sandbox could have acquired the Managed Identities tokens for other automation jobs without permission. The tokens could then be used to access an organization’s data stored on Azure. The vulnerability was reported to Microsoft by Orca Security in December. It was mitigated four days later.

Finally, yesterday was Microsoft’s Patch Tuesday for the month of March, when it released security updates for Windows and other company products. Note also that Adobe, SAP and other major application companies also released updates yesterday. IT administrators who have automatic updates enabled on systems should make sure those patches are installed. For those who need to test patches before installation make sure you have a rigorous patch management process. A SANS Institute webinar I covered last week recommended firms first patch network security appliances, web servers, web apps and their host operating systems, then desktops and finally internal servers and applications.

Remember links to details about podcast stories are in the text version at

You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, March 9, 2022 – Warnings to Linux and HP device administrators, Samsung confirms data theft and more first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Forget Recall, Windows is already tracking what you do. Hashtag Trending for Thursday, June 13, 2024

Forget Recall, Microsoft is already tracking you since Windows 10. Adobe says they must see your projects or...

Cyber Security Today, June 12, 2024 – More Snowflake storage victims found, Microsoft issues new Windows patches,

More Snowflake storage victims found, Microsoft issues new Windows patches, and more. Welcome to Cyber Security Today. It's Wednesday,...

Laptops “bricked” by routine update. Hashtag Trending for Wednesday, June 11, 2024

It’s official, ChatGPT will be integrated with Siri for free in iOS 18 and MacOS Sequoia, HP ProBooks...

25% of bosses hoped Return to Work policies would cause employees to quit. Hashtag Trending for Tuesday, June 11, 2024

25% of Bosses Hoped RTO Would Make Staff Quit, HP Reports 20% Drop in Printed Pages Since Pandemic,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways