'Looney Tunables' Bug Opens Millions of Linux Systems to Root Takeover

The flaw poses a significant risk of unauthorized data access, system alterations, potential data theft, and complete takeover of vulnerable systems, especially in the IoT and embedded computing space. [TechWeb]( Follow Dark Reading: [RSS]( October 05, 2023 LATEST SECURITY NEWS & COMMENTARY ['Looney Tunables' Bug Opens Millions of Linux Systems to Root Takeover]( The flaw poses a significant risk of unauthorized data access, system alterations, potential data theft, and complete takeover of vulnerable systems, especially in the IoT and embedded computing space. [Patch Confusion for Critical Exim Bug Puts Email Servers at Risk — Again]( Defenders have been left scrambling after the way patches were released for six flaws in the open source mail server, which is the most popular mail transfer agent on the Internet. [Bing Chat LLM Tricked into Circumventing CAPTCHA Filter]( By reframing the narrative of the filter, the large-language model chatbot was more willing to solve the visual puzzle and override its programming. [Turnkey Rootkit for Amateur Hackers Makes Supply Chain Attacks Easy]( It's never been easier to hide malware in plain sight in open source software package repositories, and "DiscordRAT 2.0" now makes it easy to take advantage of those who stumble upon it. [AWS Plans Multifactor Authentication Mandates for 2024]( Amazon will add new MFA requirements for users with the highest privileges, with plans to include other user levels over time. [Breaches Are the Cost of Doing Business, but NIST Is Here to Help]( Treating the NIST Cybersecurity Framework as a business requirement is a strong step toward preventing breaches. [How to Measure Patching and Remediation Performance]( Tracking metrics like MTTR, MTTD, MTTP, and MTTC can demonstrate the effectiveness of your patch management process and your value to the business. [(Sponsored Article) AI in Software Development: The Good, the Bad, and the Dangerous]( Just like with using open source, organizations need to be diligent about testing AI components and understanding where and how it is used in their software. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Attacks on Maximum Severity WS_FTP Bug Have Been Limited — So Far]( While CVE-2023-40044 is critical, threat watchers hope it won't be another MOVEit for customers of Progress Software's file transfer technology. [Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot]( Combining robust decryption and orchestration of encrypted traffic with threat prevention is crucial to staying ahead of attackers. [USPS Anchors Snowballing Smishing Campaigns]( Researchers found 164 domains connected to a single threat actor located in Tehran. [Threat Data Feeds and Threat Intelligence Are Not the Same Thing]( It's important to know the difference between the two terms. Here's why. [MORE]( EDITORS' CHOICE [Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials]( Thousands of messages are being sent weekly in a campaign that uses links hosted on legitimate websites to evade natural language processing and URL-scanning email protections. LATEST FROM THE EDGE [Insurance Companies Have a Lot to Lose in Cyberattacks]( Not only do insurance companies collate sensitive information from their clients, but they also generate their own corporate data to protect. LATEST FROM DR TECHNOLOGY [7 Ways SMBs Can Secure Their WordPress Sites]( This Tech Tip outlines seven easy fixes that small and midsize businesses can use to prevent the seven most common WordPress vulnerabilities. LATEST FROM DR GLOBAL [On the Dark Web, Prices Are Down for Middle Eastern Network Access]( A mere $35 can buy you stealth access to corporate networks across the region, according to new research. WEBINARS - [The Enterprise View to Cloud Security]( Today's enterprises may have dozens and dozens of cloud applications and services running in their environment. Enterprises need to coordinate security, manage privileges and access, and handle incident response - the service provider will do only so much. In this ... - [Tips for A Streamlined Transition to Zero Trust]( From identifying the potential attack surface to determining policy, there is a clear path to zero trust and best practices to make the transition as smooth as possible - both for your organization and your customers. Zero trust is more ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Crucial Considerations when Enabling Secure Industrial Digital Transformation]( - [Causes and Consequences of IT and OT Convergence]( - [The Ultimate Guide to the CISSP]( - [2023 Global Future of Cyber Report]( - [Cybersecurity in a post pandemic world: A focus on financial services]( - [Cybersecurity in 2023 and beyond: 12 leaders share their forecasts]( - [Know your customer: Enable a 360-degree view with customer identity & access management]( [View More White Papers >>]( FEATURED REPORTS - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - [Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware]( - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [ForAllSecure Announces First Dynamic Software Bill of Materials for Application Security]( [Mitiga Secures Strategic Investment From Cisco]( [Okta Launches Cybersecurity Workforce Development Initiative to Help Close the Tech and Cybersecurity Skills Gap]( [37% Intimidated, 39% Frustrated With Online Security Highlighting Digital Anxiety]( [BeyondID Introduces Identity-First Model for Zero-Trust Maturity]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How to Deploy Zero Trust for Remote Workforce Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=118571&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_10.05.23&sp_cid=50033&utm_content=DR_NL_Dark%20Reading%20Daily_10.05.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#36 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)