Cyber Security Today, July 31, 2023 – Warnings to Linux and web administrators, and more

Share post:

Warnings to Linux administrators, and more.

Welcome to Cyber Security Today. Monday, July 31st, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Linux administrators using the Ubuntu distribution are being warned to install the latest version of the operating system. This comes after the discovery by researchers at Wiz of two privilege elevation vulnerabilities. According to the SANS Institute, these holes affect 40 per cent of Ubuntu cloud workloads. The problem opened when Ubuntu modified a critical feature in a driver five years ago, which conflicted with certain changes made in 2019 and last year when the Linux kernel was altered. This means, the SANS Institute notes, the flaws have been out there for some time. Threat actors have known about this and weaponized exploits are publicly available.

More Linux news: The gang behind the Abyss Locker ransomware has added a Linux encryptor to its tools so they can go after VMware virtual servers. According to Bleeping Computer, this brings to 12 the number of ransomware groups that have added Linux ransomware encyptorss to their existing Windows weapon.

The U.S. Senate is again being asked to pass a law preventing online platforms from using deceptive user interfaces to trick people into disclosing personal data. These screens mislead people into agreeing to changing their privacy settings or signing up for services. One way is to push users to hit ‘Agree’ to several options. That makes it hard for them to find other choices that would limit the personal data they give up. Researchers call these interfaces ‘dark patterns.’ The proposed law is aimed at platforms that have over 100 million monthly active users from creating user interfaces with the effect of impairing user choices. It would also forbid designs that create compulsive use of a platform for those under the age of 17. Two Republicans and two Democrats are sponsoring the bill.

Finally, government cybersecurity agencies in the U.S. and Australia are telling web site and application developers to stop creating insecure direct object reference vulnerabilities. Also called IDOR vulnerabilities, these are access control issues. They enable threat actors to modify or delete data by issuing commands to a website or web application programming interface. Coding mistakes mean there’s a failure to perform adequate authentication and authorization checks. Developers are urged to implement secure by design principles when writing code; make sure the applications perform authorization checks for every request that modifies sensitive data; make sure that IDs, names and keys aren’t exposed in URLs; and be careful adding third party libraries or frameworks to applications. There are automated tools that will help review code and find IDOR and other vulnerabilities.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.

The post Cyber Security Today, July 31, 2023 – Warnings to Linux and web administrators, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Digital humans make inroads into customer service: Hashtag Trending for Tuesday, April 23, 2024

Before we get to our stories, coincidentally leading with one on digital humans used in customer service, we...

Cyber Security Today, April 22, 2024 -Vulnerability in CrushFTP file transfer software, security updates for Cisco’s controller management application, and more

This episode reports on a new campaign to steal credentials from LastPass users, a warning to admits of Ivanti Avalanche mobile device management software

Cyber Security Today, April 22, 2024 -Vulnerability in CrushFTP file transfer software, security updates for Cisco’s controller management application, and more

This episode reports on a new campaign to steal credentials from LastPass users, a warning to admits of Ivanti Avalanche mobile device management software

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways