Sign up to save your podcasts
Or
Share Episode 183
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 183
Overview
This week we look at a recent report from Elastic Security Labs on the global
Linux threat landscape, plus we look at a few of the security vulnerabilities
patched by the team in the past 7 days.
This week in Ubuntu Security Updates
81 unique CVEs addressed
[USN-5638-3] Expat vulnerability
[USN-5739-1] MariaDB vulnerabilities
[USN-5740-1] X.Org X Server vulnerabilities
[USN-5736-1] ImageMagick vulnerabilities
[USN-5741-1] Exim vulnerability
[USN-5742-1] JBIG-KIT vulnerability
[USN-5743-1] LibTIFF vulnerability
[USN-5744-1] libICE vulnerability
[USN-5745-1, USN-5745-2] shadow vulnerability & regression
newer glibc - broke on older Ubuntu releases so that update has been reverted
for now on those releases - still is in place on Ubuntu 22.04 LTS / 22.10
[USN-5689-2] Perl vulnerability
[USN-5746-1] HarfBuzz vulnerability
[USN-5747-1] Bind vulnerabilities
[USN-5748-1] Sysstat vulnerability
[USN-5728-3] Linux kernel (GCP) vulnerabilities
possible code execution within the kernel and hence escalate privileges
[USN-5749-1] libsamplerate vulnerability
[USN-5750-1] GnuTLS vulnerability
[USN-5718-2] pixman vulnerability
Goings on in Ubuntu Security Community
A look at Elastic Security Labs Global Threat Report
their various products like Endgame, Endpoint and Security solution.
Neshta, Getshell
wider intrusion effort
lots of CobaltStrike, Metasploit and MimiKatz which are all ostensibly
red-team tools - also see lots of keyloggers as well as credential stealers
(crypto wallets)
execution, 10% credential access, 8% persistence, 7% C², 6% privesc and 4%
initial access
proxy execution (using existing system binaries to perform malicious
actions) accounts for 72% of defense evasion techniques
scripting interpreters - think PowerShell, Windows Script Host etc) and
abusing Windows Management Instrumentation (WMI) - but won’t go too much into
this here as this is the Ubuntu Security Podcast, not Windows ;)
whilst GCP and Azure each had ~22% - why does AWS have so much more? AWS has
at least ⅓ of the global cloud market share whilst Azure has 20% and GCP only
11%
Defense Evasion, Initial Access
account access to then attempt to retrieve other access tokens or do
phishing, whilst for Google service account abuse was the top
purpose, whilst Azure is AD and managed services, and Google is service
workers
has forecasts and recommendations based on those
for backend DevOps in cloud environments will be an increased target
expect this threat given the nature of modern CI/CD pipelines and the
follow-up threat to code integrity / supply chain security etc (ie if an
attacker can compromise these machines can then tamper with source code /
build artefacts etc)
good security hygiene - configure for least privilege, audit what you have,
deploy defense-in-depth solutions, monitoring and logging so can help detect
and have good incident response etc
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
This week we look at a recent report from Elastic Security Labs on the global
Linux threat landscape, plus we look at a few of the security vulnerabilities
patched by the team in the past 7 days.
This week in Ubuntu Security Updates
81 unique CVEs addressed
[USN-5638-3] Expat vulnerability
[USN-5739-1] MariaDB vulnerabilities
[USN-5740-1] X.Org X Server vulnerabilities
[USN-5736-1] ImageMagick vulnerabilities
[USN-5741-1] Exim vulnerability
[USN-5742-1] JBIG-KIT vulnerability
[USN-5743-1] LibTIFF vulnerability
[USN-5744-1] libICE vulnerability
[USN-5745-1, USN-5745-2] shadow vulnerability & regression
newer glibc - broke on older Ubuntu releases so that update has been reverted
for now on those releases - still is in place on Ubuntu 22.04 LTS / 22.10
[USN-5689-2] Perl vulnerability
[USN-5746-1] HarfBuzz vulnerability
[USN-5747-1] Bind vulnerabilities
[USN-5748-1] Sysstat vulnerability
[USN-5728-3] Linux kernel (GCP) vulnerabilities
possible code execution within the kernel and hence escalate privileges
[USN-5749-1] libsamplerate vulnerability
[USN-5750-1] GnuTLS vulnerability
[USN-5718-2] pixman vulnerability
Goings on in Ubuntu Security Community
A look at Elastic Security Labs Global Threat Report
their various products like Endgame, Endpoint and Security solution.
Neshta, Getshell
wider intrusion effort
lots of CobaltStrike, Metasploit and MimiKatz which are all ostensibly
red-team tools - also see lots of keyloggers as well as credential stealers
(crypto wallets)
execution, 10% credential access, 8% persistence, 7% C², 6% privesc and 4%
initial access
proxy execution (using existing system binaries to perform malicious
actions) accounts for 72% of defense evasion techniques
scripting interpreters - think PowerShell, Windows Script Host etc) and
abusing Windows Management Instrumentation (WMI) - but won’t go too much into
this here as this is the Ubuntu Security Podcast, not Windows ;)
whilst GCP and Azure each had ~22% - why does AWS have so much more? AWS has
at least ⅓ of the global cloud market share whilst Azure has 20% and GCP only
11%
Defense Evasion, Initial Access
account access to then attempt to retrieve other access tokens or do
phishing, whilst for Google service account abuse was the top
purpose, whilst Azure is AD and managed services, and Google is service
workers
has forecasts and recommendations based on those
for backend DevOps in cloud environments will be an increased target
expect this threat given the nature of modern CI/CD pipelines and the
follow-up threat to code integrity / supply chain security etc (ie if an
attacker can compromise these machines can then tamper with source code /
build artefacts etc)
good security hygiene - configure for least privilege, audit what you have,
deploy defense-in-depth solutions, monitoring and logging so can help detect
and have good incident response etc
Get in contact