December 5, 2023

The U.S. CISA adds the Linux kernel vulnerability, tracked as CVE-2021-3493, to its Known Exploited Vulnerabilities Catalog.

The CVE-2021-3493 is a Linux Kernel privilege escalation vulnerability. The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, leads to a privilege escalation.

Advertisements

Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, called Shikitega, that targets endpoints and IoT devices. The Shikitega infection chain leverages two Linux vulnerabilities for privilege escalation, the CVE-2021-3493 and CVE-2021-4034 (aka PwnKit).

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to address vulnerabilities by November 10, 2022

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

DanaBot Trojan Deploying Cactus Ransomware

December 4, 2023

LogoFAIL Firmware Attack

December 3, 2023

Proliance Surgeons Discloses a Data Breach

December 3, 2023

23andMe Breach affected 14K Customers

December 3, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – November, 2023

December 2, 2023

Staples affected by a Cyber Attack

December 2, 2023
%d