Security News > 2023 > November > Hackers exploit Looney Tunables Linux bug, steal cloud creds
The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified as CVE-2023-4911 that allows a local attacker to gain root privileges on the system.
In a report from cloud security company Aqua Nautilus, researchers describe a Kinsing malware attack where the threat actor exploited CVE-2023-4911 to elevate permissions on a compromised machine.
"Utilizing a rudimentary yet typical PHPUnit vulnerability exploit attack, a component of Kinsing's ongoing campaign, we have uncovered the threat actor's manual efforts to manipulate the Looney Tunables vulnerability," reads the Aqua Nautilus report.
The exploit for Looney Tunables is fetched directly from the repository of the researcher who released a PoC, likely to hide their tracks.
The researchers believe that this campaign was an experiment since the threat actor relied on a different tactics and expanded the scope of the attack to collecting Cloud Service Providers credentials.
New 'Looney Tunables' Linux bug gives root on major distros.
News URL
Related news
- Hackers exploit Aiohttp bug to find vulnerable networks (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching (source)
- Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites (source)
- Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel (source)
- Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign (source)
- Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-03 | CVE-2023-4911 | Out-of-bounds Write vulnerability in multiple products A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. | 7.8 |