This posting is here to collect cyber security news in October 2023.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in October 2023.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
265 Comments
Tomi Engdahl says:
Popular online services like Grammarly, Vidio, and Bukalapak faced critical security vulnerabilities in their OAuth implementation that could have allowed hackers to hijack user accounts.
Find details here: https://thehackernews.com/2023/10/critical-oauth-flaws-uncovered-in.html
#infosec #cybersecurity
Tomi Engdahl says:
https://www.darkreading.com/vulnerabilities-threats/citrix-urges-clients-patch-researchers-release-exploit
Tomi Engdahl says:
https://www.darkreading.com/vulnerabilities-threats/citrix-urges-clients-patch-researchers-release-exploit?fbclid=IwAR3x9UYSZrsTKAiwMCCklpWI5suzj1sec3mgBi923c_hYrw1iUQe9Edtx5c
Tomi Engdahl says:
https://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/Openssl-Openssl.html?page=1&year=2023&order=1&trc=17&sha=c285b8fb30367a2401dfe04bb6a7a45da877442c
Tomi Engdahl says:
https://techcrunch.com/2023/10/24/censys-lands-new-cash-to-grow-its-threat-detecting-cybersecurity-service/
Tomi Engdahl says:
https://securityonline.info/microsoft-exchange-server-rce-cve-2023-36745-flaw-gets-poc-exploit/
Tomi Engdahl says:
https://thehackernews.com/2023/10/backdoor-implant-on-hacked-cisco.html
Tomi Engdahl says:
https://www.windowscentral.com/software-apps/winrar-has-a-major-security-bug-and-you-have-to-install-its-fix-manually
Tomi Engdahl says:
https://thehackernews.com/2023/10/alert-poc-exploits-released-for-citrix.html
Tomi Engdahl says:
‘Looney Tunables’ Bug Opens Millions of Linux Systems to Root Takeover
https://www.darkreading.com/vulnerabilities-threats/millions-linux-systems-looney-tunables-bug-root-takeover
The flaw poses a significant risk of unauthorized data access, system alterations, potential data theft, and complete takeover of vulnerable systems, especially in the IoT and embedded computing space.
Attackers can now gain root privileges on millions of Linux systems — by exploiting an easy-to-exploit, newly discovered buffer overflow flaw in a common library used on most major distributions of the open source OS. Dubbed “Looney Tunables,” the bug could mean “that’s all, folks” for sensitive data, and could lead to even worse ramifications.
Fedora, Ubuntu, and Debian are the systems most at risk from the bug (CVE-2023-4911 CVSS 7.8), Qualys researchers revealed in a blog post late on Oct. 3. It’s found in the GNU C Library (glibc) in the GNU system, which is found in most systems running the Linux kernel, according to the firm.
Glibc is a library that defines the system calls and other basic functionalities, such as open, malloc, printf, exit, etc., that a typical program requires. The vulnerability occurs in how the dynamic loader of glibc processes the GLIBC_TUNABLES environment variable, the researchers said, thus giving the bug its name.
IoT devices running in a Linux environment in particular are extremely vulnerable to an exploit of the flaw, “due to their extensive use of the Linux kernel within custom operating systems,” warns John Gallagher,
Tomi Engdahl says:
https://www.f-secure.com/en/articles/f-alert/2023-09-exposing-the-dark-web
Tomi Engdahl says:
https://www.scmagazine.com/news/more-cybersecurity-firm-closures-expected-after-ironnet-shutters
Tomi Engdahl says:
https://spectrum.ieee.org/homomorphic-encryption-rise
Tomi Engdahl says:
https://www.pcgamer.com/red-cross-issues-rules-of-engagement-to-war-focused-hacker-groups-who-say-why-should-i-listen-to-the-red-cross/
Tomi Engdahl says:
https://insinoori-lehti.fi/tasta-on-kysymys/sinun-datasi-on-meidan-tuotteemme/