This week, we’ll talk about a vulnerable module in the Linux kernel and two fairly new platforms that help the cyber security industry recognize and mitigate vulnerabilities.
Linux Kernel Arbitrary Code Execution (CVE-2021-43267)
According to a recent report released by Sentinel Labs, the TIPC module in versions between 5.10 and 5.15 of the Linux kernel contains a vulnerability allowing remote and local arbitrary code execution.
Transparent Inter-Process Communication (TIPC) is a protocol specially designed for intra-cluster communication. Sentinel Labs reports that because of the lack of proper checks in this kernel module, an attacker can craft a packet that would allow them to execute arbitrary code by writing outside the bounds of memory allocated for the packet. The CVSS score for the vulnerability is a whopping 9.8, but fortunately, there are no reports of anyone actively exploiting it. We recommend that our customers update their Linux kernels to a patched version to address this issue.
CI/CD Threat Matrix
According to RedHat, CI/CD is a method to frequently deliver apps to customers by introducing automation into the stages of app development. The main concepts attributed to CI/CD are continuous integration, continuous delivery, and continuous deployment. These connected practices are often referred to as a “CI/CD pipeline.”
The CI/CD threat matrix created by the Mercari security team aims to share knowledge on securing CI/CD pipelines with the cyber security community. Mercari’s threat matrix is similar to the Mitre ATT&CK Framework, which provides adversary techniques and mitigation methods based on real-world observations. The mitigation methods listed under every step of these CI/CD exploitation techniques are very useful in identifying and closing the security gaps in your pipeline.
According to the Cyber Attack Trends report by Check Point, throughout the first half of 2020, 80% of the observed attacks utilized vulnerabilities reported and registered in 2017 and earlier. More than 20% of the attacks used vulnerabilities that are at least seven years old. This data suggests that vulnerabilities known for years continue to be among the most prevalent threats. inTheWild aims to share information on known vulnerabilities which are currently getting exploited around the world.
It is important to patch any vulnerable system as soon as possible. In an environment where multiple vulnerabilities are present, how do you know which to address first? inTheWild can help you prioritize the vulnerabilities that need attention the most. By using their API and RSS feed, you can gain visibility into the threats facing your organization. You can also share information with the community by tweeting about the vulnerability @inthewildio or using the #exploitedinthewild hashtag. Sharing this information helps inTheWild provide richer security intel for everyone.
Using and contributing to open-source tools while sharing the knowledge within the community helps us all in securing our systems. We will be sharing more about the tools we use to secure our infrastructure in upcoming security digests. In the meantime, we would love to hear about your favorite open-source security tools. Feel free to comment down below.