Security News > 2023 > November > CISA orders federal agencies to patch Looney Tunables Linux bug

CISA orders federal agencies to patch Looney Tunables Linux bug
2023-11-21 17:56

Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions.

CISA also added the actively exploited Linux flaw to its Known Exploited Vulnerabilities Catalog today, including it in its list of "Frequent attack vectors for malicious cyber actors" and posing "Significant risks to the federal enterprise."

Following its inclusion in CISA's KEV list, U.S. Federal Civilian Executive Branch Agencies must patch Linux devices on their networks by December 12, as mandated by a binding operational directive issued one year ago.

Although the BOD 22-01 primarily targets U.S. federal agencies, CISA also advised all organizations to prioritize patching the Looney Tunables security flaw immediately.

While CISA didn't attribute the ongoing Looney Tunables exploitation, security researchers with cloud security company Aqua Nautilus revealed two weeks ago that Kinsing malware operators are using the flaw in attacks targeting cloud environments.

Hackers exploit Looney Tunables Linux bug, steal cloud creds.


News URL

https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-patch-looney-tunables-linux-bug/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2312 1489 67 3932