Numerous Linux distributions for the past two years have been impacted by a high-severity buffer overflow vulnerability involving the GLIBC_TUNABLES environment variable dubbed "Looney Tunables," which could be exploited to enable malicious code execution with elevated privileges, reports SiliconAngle.
Such a vulnerability, which is apparent in Debian 12 and 13, Fedora 37 and 38, Ubuntu 22.04 and 23.04, could be leveraged by attackers to obtain full root privileges, and further exploits could allow data-only attacks, according to a report from Qualys Threat Research Unit researchers. "Exploiting this easily exploitable buffer overflow allows attackers to gain critical root privileges, resulting in substantial risks such as unauthorized data access, alterations, and potential data theft. This tangible threat to system and data security, coupled with the possible incorporation of the vulnerability into automated malicious tools or software such as exploit kits and bots, escalates the risk of widespread exploitation and service disruptions," said Qualys Manager of Vulnerability and Threat Research Saeed Abbasi.
New variants of the QBot malware, also known as Qakbot, have emerged since mid-December despite having been disrupted in August, suggesting continuous testing by the malware developer, BleepingComputer reports.
More than $10 billion in fraud-related losses were reported by U.S. consumers for the first time in 2023, representing a 14% growth over 2022, even though the number of individuals who reported being targeted by fraud held steady at over 2.6 million, BleepingComputer reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news