SoatDev IT Consulting
SoatDev IT Consulting
  • About us
  • Expertise
  • Services
  • How it works
  • Contact Us
  • News
  • July 31, 2023
  • Rss Fetcher

Warnings to Linux administrators, and more.
Welcome to Cyber Security Today. Monday, July 31st, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Linux administrators using the Ubuntu distribution are being warned to install the latest version of the operating system. This comes after the discovery by researchers at Wiz of two privilege elevation vulnerabilities. According to the SANS Institute, these holes affect 40 per cent of Ubuntu cloud workloads. The problem opened when Ubuntu modified a critical feature in a driver five years ago, which conflicted with certain changes made in 2019 and last year when the Linux kernel was altered. This means, the SANS Institute notes, the flaws have been out there for some time. Threat actors have known about this and weaponized exploits are publicly available.
More Linux news: The gang behind the Abyss Locker ransomware has added a Linux encryptor to its tools so they can go after VMware virtual servers. According to Bleeping Computer, this brings to 12 the number of ransomware groups that have added Linux ransomware encyptorss to their existing Windows weapon.
The U.S. Senate is again being asked to pass a law preventing online platforms from using deceptive user interfaces to trick people into disclosing personal data. These screens mislead people into agreeing to changing their privacy settings or signing up for services. One way is to push users to hit ‘Agree’ to several options. That makes it hard for them to find other choices that would limit the personal data they give up. Researchers call these interfaces ‘dark patterns.’ The proposed law is aimed at platforms that have over 100 million monthly active users from creating user interfaces with the effect of impairing user choices. It would also forbid designs that create compulsive use of a platform for those under the age of 17. Two Republicans and two Democrats are sponsoring the bill.
Finally, government cybersecurity agencies in the U.S. and Australia are telling web site and application developers to stop creating insecure direct object reference vulnerabilities. Also called IDOR vulnerabilities, these are access control issues. They enable threat actors to modify or delete data by issuing commands to a website or web application programming interface. Coding mistakes mean there’s a failure to perform adequate authentication and authorization checks. Developers are urged to implement secure by design principles when writing code; make sure the applications perform authorization checks for every request that modifies sensitive data; make sure that IDs, names and keys aren’t exposed in URLs; and be careful adding third party libraries or frameworks to applications. There are automated tools that will help review code and find IDOR and other vulnerabilities.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.The post Cyber Security Today, July 31, 2023 – Warnings to Linux and web administrators, and more first appeared on IT World Canada.

Previous Post
Next Post

Recent Posts

  • Samsung may incorporate Perplexity’s AI tech in its phones
  • From SaaS Sprawl to AI Strategy: How CIOs Consolidate and Gain Agility
  • Scale AI hires team behind remote developer recruiting platform Pesto AI
  • Momentum Corporate Appoints New Chief Digital and Information Officer
  • Aveshan Aiyer on How the Channel Powers Proactive Cybersecurity

Categories

  • Industry News
  • Programming
  • RSS Fetched Articles
  • Uncategorized

Archives

  • June 2025
  • May 2025
  • April 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023

Tap into the power of Microservices, MVC Architecture, Cloud, Containers, UML, and Scrum methodologies to bolster your project planning, execution, and application development processes.

Solutions

  • IT Consultation
  • Agile Transformation
  • Software Development
  • DevOps & CI/CD

Regions Covered

  • Montreal
  • New York
  • Paris
  • Mauritius
  • Abidjan
  • Dakar

Subscribe to Newsletter

Join our monthly newsletter subscribers to get the latest news and insights.

© Copyright 2023. All Rights Reserved by Soatdev IT Consulting Inc.