Cyber security news October 2023

This posting is here to collect cyber security news in October 2023.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

265 Comments

  1. Tomi Engdahl says:

    Popular online services like Grammarly, Vidio, and Bukalapak faced critical security vulnerabilities in their OAuth implementation that could have allowed hackers to hijack user accounts.

    Find details here: https://thehackernews.com/2023/10/critical-oauth-flaws-uncovered-in.html

    #infosec #cybersecurity

    Reply
  2. Tomi Engdahl says:

    ‘Looney Tunables’ Bug Opens Millions of Linux Systems to Root Takeover
    https://www.darkreading.com/vulnerabilities-threats/millions-linux-systems-looney-tunables-bug-root-takeover

    The flaw poses a significant risk of unauthorized data access, system alterations, potential data theft, and complete takeover of vulnerable systems, especially in the IoT and embedded computing space.

    Attackers can now gain root privileges on millions of Linux systems — by exploiting an easy-to-exploit, newly discovered buffer overflow flaw in a common library used on most major distributions of the open source OS. Dubbed “Looney Tunables,” the bug could mean “that’s all, folks” for sensitive data, and could lead to even worse ramifications.

    Fedora, Ubuntu, and Debian are the systems most at risk from the bug (CVE-2023-4911 CVSS 7.8), Qualys researchers revealed in a blog post late on Oct. 3. It’s found in the GNU C Library (glibc) in the GNU system, which is found in most systems running the Linux kernel, according to the firm.

    Glibc is a library that defines the system calls and other basic functionalities, such as open, malloc, printf, exit, etc., that a typical program requires. The vulnerability occurs in how the dynamic loader of glibc processes the GLIBC_TUNABLES environment variable, the researchers said, thus giving the bug its name.

    IoT devices running in a Linux environment in particular are extremely vulnerable to an exploit of the flaw, “due to their extensive use of the Linux kernel within custom operating systems,” warns John Gallagher,

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*