Cyber Security Today, July 31, 2023 – Warnings to Linux and web administrators, and more

Share post:

Warnings to Linux administrators, and more.

Welcome to Cyber Security Today. Monday, July 31st, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Linux administrators using the Ubuntu distribution are being warned to install the latest version of the operating system. This comes after the discovery by researchers at Wiz of two privilege elevation vulnerabilities. According to the SANS Institute, these holes affect 40 per cent of Ubuntu cloud workloads. The problem opened when Ubuntu modified a critical feature in a driver five years ago, which conflicted with certain changes made in 2019 and last year when the Linux kernel was altered. This means, the SANS Institute notes, the flaws have been out there for some time. Threat actors have known about this and weaponized exploits are publicly available.

More Linux news: The gang behind the Abyss Locker ransomware has added a Linux encryptor to its tools so they can go after VMware virtual servers. According to Bleeping Computer, this brings to 12 the number of ransomware groups that have added Linux ransomware encyptorss to their existing Windows weapon.

The U.S. Senate is again being asked to pass a law preventing online platforms from using deceptive user interfaces to trick people into disclosing personal data. These screens mislead people into agreeing to changing their privacy settings or signing up for services. One way is to push users to hit ‘Agree’ to several options. That makes it hard for them to find other choices that would limit the personal data they give up. Researchers call these interfaces ‘dark patterns.’ The proposed law is aimed at platforms that have over 100 million monthly active users from creating user interfaces with the effect of impairing user choices. It would also forbid designs that create compulsive use of a platform for those under the age of 17. Two Republicans and two Democrats are sponsoring the bill.

Finally, government cybersecurity agencies in the U.S. and Australia are telling web site and application developers to stop creating insecure direct object reference vulnerabilities. Also called IDOR vulnerabilities, these are access control issues. They enable threat actors to modify or delete data by issuing commands to a website or web application programming interface. Coding mistakes mean there’s a failure to perform adequate authentication and authorization checks. Developers are urged to implement secure by design principles when writing code; make sure the applications perform authorization checks for every request that modifies sensitive data; make sure that IDs, names and keys aren’t exposed in URLs; and be careful adding third party libraries or frameworks to applications. There are automated tools that will help review code and find IDOR and other vulnerabilities.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.

The post Cyber Security Today, July 31, 2023 – Warnings to Linux and web administrators, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

WordPress Co-Founder Warns Lawsuits Could End WordPress.org: Hashtag Trending for Wednesday, January 15, 2025

WordPress Co-Founder Warns Lawsuits Could Mean The End Of  WordPress.org. Tech Leaders Launch $30M Campaign to Protect Bluesky...

YouTubers Targeted With Malware Links: Cyber Security Today for Wednesday, January 15, 2025

YouTubers targeted with malware links, fitness apps leaking military secrets, a UK ransomware payment ban proposal, AWS encryption...

YouTubers Targeted As Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers have found a new way to infect people seeking pirated or cracked software: planting malicious download links...

New macOS Malware Exploits Apple’s Security Features to Stay Hidden and Steal User Data

A newly discovered variant of the Banshee macOS Stealer malware is putting 100 million Apple users at risk...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways