Security News > 2023 > November > CISA orders federal agencies to patch Looney Tunables Linux bug
Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions.
CISA also added the actively exploited Linux flaw to its Known Exploited Vulnerabilities Catalog today, including it in its list of "Frequent attack vectors for malicious cyber actors" and posing "Significant risks to the federal enterprise."
Following its inclusion in CISA's KEV list, U.S. Federal Civilian Executive Branch Agencies must patch Linux devices on their networks by December 12, as mandated by a binding operational directive issued one year ago.
Although the BOD 22-01 primarily targets U.S. federal agencies, CISA also advised all organizations to prioritize patching the Looney Tunables security flaw immediately.
While CISA didn't attribute the ongoing Looney Tunables exploitation, security researchers with cloud security company Aqua Nautilus revealed two weeks ago that Kinsing malware operators are using the flaw in attacks targeting cloud environments.
Hackers exploit Looney Tunables Linux bug, steal cloud creds.