Cybersecurity Breaches & Solutions | 13.3.22
Lapsus$ steal tech giant’s source code; new Linux vulnerability
HUB Weekly Digest
Cyber attacks happen daily. We cover them weekly.
This digest brings major stories from the past week on cybersecurity stories from various news outlets. The stories are analyzed by HUB Security’s experts, who provide insights.
We have a simple method:
a) Describing how the breaches took place (according to what was published).
b) Explaining how it could have been avoided.
🩺 HUB Security heads for HIMSS 2022
Schedule a meeting with HUB’s experts on HIMSS next week. The team will present HUB’s Secure Compute platform:
On the agenda
🕵 Lapsus$ group strikes again — this time the victim is Samsung
😩 ‘Dirty Pipe’ strikes fear in the hearts of Linux users
🕵️ Is anyone safe from Lapsu$’s wrongdoings?
Following the recent attack on Nvidia, this group has now targeted another tech behemoth. This time, their victim is none other than Samsung, whose 190GB of data has been compromised.
The Korean tech conglomerate acknowledged the leak: “the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information”.
The alleged criminals obtained a cache containing information Trusted Applet in Samsung’s TrustZone environment, which manages critical tasks in this system such as hardware cryptography, binary encryption, and access control. (Source)
HUB’s perspective: Source code is critical IP data that needs protection and therefore requires the implementation of best practices such as isolation, zero-trust, multi-factor authentication, and fine-grained authorization. What must be understood is that code is data, and hence it needs protection. However, it is also an application that needs protection. That is, it actually has two states. Kind of like Schrodinger’s cat. Therefore it requires two sorts of defense methods.
😩 Meet the new Linux bug — ‘Dirty Pipe’ aka CVE-2022–0847
A new vulnerability was discovered in Linux, dubbed ‘Dirty Pipe’. The CVE website describes the new vulnerability as follows:
“A flaw was found in the way the “flags” member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read-only files and as such escalate their privileges on the system.”
Patches for this security flaw were quickly released for various Linux kernels, but servers running outdated kernels are now at risk of being seriously attacked by threat actors. The ‘Dirty Cow’ vulnerability from 2016 exemplifies the gravity of the situation. While this was a more difficult bug to exploit, it was still widely used to compromise organizations. (Sources: Cm4mall, Bleeping Computer)
HUB’s perspective: Vulnerability and patch management is critical for every organization. Nevertheless, in situations where updates cannot be deployed due to legacy dependencies, mitigation controls should be deployed.
HUB Security confidential computing can be one of these mitigating controls to filter out vulnerabilities such as ‘Dirty Pipe’. This allows for organizations to patch patiently and thoroughly while keeping their critical assets safe and secure, thus enabling much more effective security.
