LockBit Ransomware Extorts $91 Million from U.S. Companies
The threat actors behind the LockBit ransomware-as-a-service (RaaS) scheme have extorted $91 million following hundreds of attacks against numerous U.S. organizations since 2020.
That’s according to a joint bulletin published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center ( Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Joomla fixes XSS flaws that could expose sites to RCE attacks
Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites. […] Read More
10-Year Old Flaws In Ubuntu Server needrestart Package Let Attackers Gain Root Access
The cybersecurity community is on high alert following the discovery of five critical Local Privilege Escalation (LPE) vulnerabilities in the needrestart component, a default package in Ubuntu Server.
These flaws, present for nearly a decade, potentially allow any unprivileged user to obtain full root access without user interaction, posing a significant threat to system security.
The Qualys Threat Research Unit (TRU) identified these vulnerabilities and tracked them as:-
CVE-2024-48990
CVE-2024-48991
CVE-2024-48992
CVE-2024-10224
CVE-2024-11003
The flaws have existed since the introduction of interpreter support in needrestart version 0.8, released in April 2014, affecting all versions prior to 3.8.
Needrestart, a utility that scans systems to determine if restarts are necessary after updates, is automatically executed following APT operations.
Security experts at Qualys observed that the vulnerabilities allow local attackers to execute arbitrary code as root by manipulating environment variables that influence Python/Ruby interpreters, passing unsanitized data to libraries expecting safe input.
Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar
Technical Analysis
The vulnerabilities impact Ubuntu Server installations since version 21.04, potentially affecting a vast number of deployments worldwide. Organizations running these versions are at risk of unauthorized access, data breaches, and system compromises.
To address these vulnerabilities, system administrators are advised to:-
Update needrestart to version 3.8 or later.
Alternatively, disable the interpreter heuristic in needrestart’s configuration file (/etc/needrestart/needrestart.conf) by setting: text $nrconf{interpscan} = 0;
The cybersecurity industry is responding swiftly to these revelations. Qualys has announced the release of QIDs for vulnerability detection and is offering mitigation solutions through its TruRisk Eliminate platform.
Other security firms are expected to follow suit with updates to their vulnerability scanners and management tools. This discovery underscores the importance of regular security audits and prompt patching, even for long-standing system components.
As the situation develops, system administrators and security professionals are urged to stay vigilant, apply necessary patches, and monitor for any signs of exploitation.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free
CISA warns of actively exploited Apache HugeGraph-Server bug
The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server. […] Read More