Qualys identified and exploited the vulnerability in Fedora 37/38, Ubuntu 22.04/23.04, Debian 12/13
Daily Archives: October 5, 2023
CVE-2022-3248
A flaw was found in OpenShift API, as admission checks do not enforce “custom-host” permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.
CVE-2022-4145
A content spoofing flaw was found in OpenShift’s OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation.
Cryptojacking – Stop Hackers from Making Money Off You
Your pain is their gain. That’s how things go in a cryptojacking attack.
Cryptomining is the utilization of computers to run processor-intensive computations to acquire cryptocurrency. Cryptojacking involves hijacking a device and using it to mine cryptocurrency for profit. It’s a form of malware that saps your device’s resources, making it run sluggish and potentially overheating it as well.
Meanwhile, the hackers behind those attacks generate cryptocurrency by hijacking your device and thousands of others like it. Together they create virtual illicit networks that turn them a profit.
However, you can absolutely prevent it from happening to you. That starts with a closer look at who’s behind it and how they pull it off.
How cryptojacking works.
What lures hackers to cryptojacking? It’s big business. Gone are the early days when practically anyone with a standard computer could participate in the cryptomining process. Today, the proverbial field is flooded with miners competing against each other to solve the cryptographic puzzles that earn a cryptocurrency reward. Profitable miners run farms of dedicated mining rigs that cost thousands of dollars each.
Visualize row after row of racks after racks stacked with mining rigs in hyper-cooled warehouses. That’s what industrialized cryptomining looks like nowadays.
To put it all into perspective, one study estimated that “(t)he top 10% of [Bitcoin] miners control 90% and just 0.1% (about 50 miners) control close to 50% of mining capacity.” That makes cryptomining a difficult field to break into. And that’s why some people cheat.
Enter the cryptojackers. These hackers forgo the massive up-front and ongoing costs of a cryptomining farm. Instead, they build their cryptomining operations off the backs of other people by hijacking or “cryptojacking” their devices. In doing so, they leach the computing resources of others to mine their cryptocurrency.
Cryptojackers will target just about anyone—individuals, companies, and governmental agencies. They’ll infiltrate phones, laptops, and desktops. In larger instances, they’ll go after large server farms or an organization’s cloud infrastructure. This way, they get the computing power they need. Illegally.
As to how cryptojackers pull that off, they have a couple of primary options:
Malware-based delivery, where a victim’s device gets infected with cryptojacking code through a phishing attack or by installing an app laced with cryptomining
Browser-based delivery, where cryptojackers compromise a victim’s browser while they visit a site that hosts cryptomining code. Sometimes cryptojackers create malicious sites for this specific purpose. In other instances, they infect otherwise legitimate sites.
What can that look like in the real world? We’ve seen Android phones harnessed for cryptomining after downloading malicious apps from Google Play. Cryptojackers have created counterfeit versions of popular computer performance software and infected it with cryptojacking code. We’ve also seen cryptojackers tap into the computing power of internet of things (IoT) and smart home devices as well.
Interestingly enough, the rate of cryptojacking attacks is closely tied to the vagaries of the marketplace. As the value of cryptocurrencies rise and fall, so does cryptojacking. The crooks behind these hacks go where they get the biggest bang for their buck. So as cryptocurrencies drop in value, these crooks drop their cryptojacking attacks. They opt for other attacks that offer a higher return on the resources they invest.
Despite its cyclic nature, cryptojacking remains a stubborn problem. Yet you can do plenty to prevent it from happening to you.
Three ways you can prevent cryptojacking.
Stick to legitimate app stores:
Unlike Google Play and Apple’s App Store, which have measures in place to review and vet apps to help ensure that they are safe and secure, third-party sites might very well not. Further, some third-party sites might intentionally host malicious apps as part of a broader scam.
Granted, hackers have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Further, Google and Apple are quick to remove malicious apps when discovered, making their stores that much safer.
Use online protection software:
Comprehensive online protection software like ours can protect you in several ways. First, our AI-powered antivirus detects, blocks, and removes malware—new and old. This can protect you against the latest cryptojacking attacks. Further, it includes web protection that blocks malicious sites, such as the ones that host web-based cryptojacking attacks. In all, comprehensive online protection software offers a strong line of defense.
Protect yourself from phishing and smishing attacks:
Whether cryptojackers try to reach you by email (phishing) or text (smishing), our new McAfee Scam Protection can stop those attacks dead in their tracks. Using the power of AI, McAfee Scam Protection can alert you when scam texts pop up on your device or phone. No more guessing if a text is real or not. Further, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more.
Keep cryptojackers from making a fast buck off you.
While hackers love pilfering the computing resources of large organizations, their cryptojacking attacks still target everyday folks. Just as is the case with ransomware, hackers will seek to make their money in volume. Targeting under-protected households can still reap plenty of cryptocurrency when hackers do so in numbers.
Protecting yourself is relatively easy. Several of the same general steps you take to protect yourself online offer protection from cryptojacking attacks as well. Stick to legitimate app stores, use the tools that can quash spammy emails and texts, and go online confidently with online protection software. Nobody should make a fast buck off you. Particularly a cryptojacker.
The post Cryptojacking – Stop Hackers from Making Money Off You appeared first on McAfee Blog.
China Poised to Disrupt US Critical Infrastructure with Cyber-Attacks, Microsoft Warns
Microsoft’s annual digital defense report found a rise in Chinese state-affiliated groups attempting to infiltrate sectors like medical infrastructure and telecommunication
USN-6396-2: Linux kernel (KVM) vulnerabilities
It was discovered that some AMD x86-64 processors with SMT enabled could
speculatively execute instructions using a return address from a sibling
thread. A local attacker could possibly use this to expose sensitive
information. (CVE-2022-27672)
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Yang Lan discovered that the GFS2 file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious GFS2 image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-3212)
It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)
It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)
It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)
USN-6419-1: jQuery UI vulnerabilities
Hong Phat Ly discovered that jQuery UI did not properly manage parameters
from untrusted sources, which could lead to arbitrary web script or HTML
code injection. A remote attacker could possibly use this issue to perform
a cross-site scripting (XSS) attack. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-7103)
Esben Sparre Andreasen discovered that jQuery UI did not properly handle
values from untrusted sources in the Datepicker widget. A remote attacker
could possibly use this issue to perform a cross-site scripting (XSS)
attack and execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
(CVE-2021-41182, CVE-2021-41183)
It was discovered that jQuery UI did not properly validate values from
untrusted sources. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 20.04 LTS. (CVE-2021-41184)
It was discovered that the jQuery UI checkboxradio widget did not properly
decode certain values from HTML entities. An attacker could possibly use
this issue to perform a cross-site scripting (XSS) attack and cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 20.04 LTS. (CVE-2022-31160)
Political Disinformation and AI
Elections around the world are facing an evolving threat from foreign actors, one that involves artificial intelligence.
Countries trying to influence each other’s elections entered a new era in 2016, when the Russians launched a series of social media disinformation campaigns targeting the US presidential election. Over the next seven years, a number of countries—most prominently China and Iran—used social media to influence foreign elections, both in the US and elsewhere in the world. There’s no reason to expect 2023 and 2024 to be any different.
But there is a new element: generative AI and large language models. These have the ability to quickly and easily produce endless reams of text on any topic in any tone from any perspective. As a security expert, I believe it’s a tool uniquely suited to Internet-era propaganda.
This is all very new. ChatGPT was introduced in November 2022. The more powerful GPT-4 was released in March 2023. Other language and image production AIs are around the same age. It’s not clear how these technologies will change disinformation, how effective they will be or what effects they will have. But we are about to find out.
Election season will soon be in full swing in much of the democratic world. Seventy-one percent of people living in democracies will vote in a national election between now and the end of next year. Among them: Argentina and Poland in October, Taiwan in January, Indonesia in February, India in April, the European Union and Mexico in June, and the US in November. Nine African democracies, including South Africa, will have elections in 2024. Australia and the UK don’t have fixed dates, but elections are likely to occur in 2024.
Many of those elections matter a lot to the countries that have run social media influence operations in the past. China cares a great deal about Taiwan, Indonesia, India, and many African countries. Russia cares about the UK, Poland, Germany, and the EU in general. Everyone cares about the United States.
And that’s only considering the largest players. Every US national election from 2016 has brought with it an additional country attempting to influence the outcome. First it was just Russia, then Russia and China, and most recently those two plus Iran. As the financial cost of foreign influence decreases, more countries can get in on the action. Tools like ChatGPT significantly reduce the price of producing and distributing propaganda, bringing that capability within the budget of many more countries.
A couple of months ago, I attended a conference with representatives from all of the cybersecurity agencies in the US. They talked about their expectations regarding election interference in 2024. They expected the usual players—Russia, China, and Iran—and a significant new one: “domestic actors.” That is a direct result of this reduced cost.
Of course, there’s a lot more to running a disinformation campaign than generating content. The hard part is distribution. A propagandist needs a series of fake accounts on which to post, and others to boost it into the mainstream where it can go viral. Companies like Meta have gotten much better at identifying these accounts and taking them down. Just last month, Meta announced that it had removed 7,704 Facebook accounts, 954 Facebook pages, 15 Facebook groups, and 15 Instagram accounts associated with a Chinese influence campaign, and identified hundreds more accounts on TikTok, X (formerly Twitter), LiveJournal, and Blogspot. But that was a campaign that began four years ago, producing pre-AI disinformation.
Disinformation is an arms race. Both the attackers and defenders have improved, but also the world of social media is different. Four years ago, Twitter was a direct line to the media, and propaganda on that platform was a way to tilt the political narrative. A Columbia Journalism Review study found that most major news outlets used Russian tweets as sources for partisan opinion. That Twitter, with virtually every news editor reading it and everyone who was anyone posting there, is no more.
Many propaganda outlets moved from Facebook to messaging platforms such as Telegram and WhatsApp, which makes them harder to identify and remove. TikTok is a newer platform that is controlled by China and more suitable for short, provocative videos—ones that AI makes much easier to produce. And the current crop of generative AIs are being connected to tools that will make content distribution easier as well.
Generative AI tools also allow for new techniques of production and distribution, such as low-level propaganda at scale. Imagine a new AI-powered personal account on social media. For the most part, it behaves normally. It posts about its fake everyday life, joins interest groups and comments on others’ posts, and generally behaves like a normal user. And once in a while, not very often, it says—or amplifies—something political. These persona bots, as computer scientist Latanya Sweeney calls them, have negligible influence on their own. But replicated by the thousands or millions, they would have a lot more.
That’s just one scenario. The military officers in Russia, China, and elsewhere in charge of election interference are likely to have their best people thinking of others. And their tactics are likely to be much more sophisticated than they were in 2016.
Countries like Russia and China have a history of testing both cyberattacks and information operations on smaller countries before rolling them out at scale. When that happens, it’s important to be able to fingerprint these tactics. Countering new disinformation campaigns requires being able to recognize them, and recognizing them requires looking for and cataloging them now.
In the computer security world, researchers recognize that sharing methods of attack and their effectiveness is the only way to build strong defensive systems. The same kind of thinking also applies to these information campaigns: The more that researchers study what techniques are being employed in distant countries, the better they can defend their own countries.
Disinformation campaigns in the AI era are likely to be much more sophisticated than they were in 2016. I believe the US needs to have efforts in place to fingerprint and identify AI-produced propaganda in Taiwan, where a presidential candidate claims a deepfake audio recording has defamed him, and other places. Otherwise, we’re not going to see them when they arrive here. Unfortunately, researchers are instead being targeted and harassed.
Maybe this will all turn out okay. There have been some important democratic elections in the generative AI era with no significant disinformation issues: primaries in Argentina, first-round elections in Ecuador, and national elections in Thailand, Turkey, Spain, and Greece. But the sooner we know what to expect, the better we can deal with what comes.
This essay previously appeared in The Conversation.
Record Numbers of Ransomware Victims Named on Leak Sites
A new Secureworks report finds that 2023 is on course to be the biggest year on record for victim naming on ‘name and shame’ sites