A new vulnerability has been discovered in the Linux kernel, posing a threat to Linux and UNIX systems. The Federal Office for Information Security (BSI) issued a security advisory, stating that the software contains multiple vulnerabilities that can be exploited by a local attacker. The risk level of the vulnerability is assessed as 'medium' with a base score of 6.6 according to the Common Vulnerability Scoring System (CVSS). The affected systems include Linux, UNIX, and the open-source Linux Kernel product. Users are advised to keep their applications up to date and install security updates promptly. The initial version of the security notice was released on May 9, 2024. [9cc92b7e]
In addition to this new vulnerability, a failed Linux backdoor attempt was recently discovered in XZ Utils, a data-compression toolkit used in many Linux operating systems. The backdoor could have enabled a major cyberattack on corporate servers. The identity of the culprit, known as 'Jia Tan,' remains unknown. Open-source leaders have warned that this incident is likely not a one-off and have called on maintainers of open-source projects to be alert for social engineering takeover attempts. There have been recent attempts to persuade the OpenJS Foundation to grant administrative access to a popular JavaScript project, similar to the tactics used by Jia Tan. Experts believe that many more attempts to infiltrate open-source projects are already underway. The vulnerability of open-source projects, which are often underfunded and run by a small group of maintainers, makes them susceptible to social engineering attacks. Open-source leaders advise maintainers to be cautious and pay attention to interactions that create self-doubt or feelings of inadequacy, as these may be signs of a social engineering attack.
Furthermore, a security researcher has discovered an AI trading bot project on GitHub that steals users' private cryptocurrency wallet keys. The bot's code contains a hidden encrypted script that sends the keys to its creator. The installed software also contains backdoor code for secret key acquisition. Despite reports that the backdoor has been removed, experts remain skeptical and warn against downloading the compromised bot. It is advised to avoid projects with a questionable past and to ensure clarity and legibility of code in open-source crypto projects. [1589f957]
Intel has also recently disclosed two vulnerabilities in its artificial intelligence model compression software. The first vulnerability, tracked as CVE-2024-22476, is a maximum-severity bug that can allow hackers to execute arbitrary code on systems running affected versions of the software. The flaw has a CVSS score of 10 and can be remotely exploited without needing any special privileges or user interaction. It has a high impact on data confidentiality, integrity, and availability. Intel has released a fix for this vulnerability, and users are advised to update to version 2.5.0 or later to mitigate the risk. The second vulnerability, tracked as CVE-2024-21792, is a time-of-check, time-of-use flaw that could give hackers access to unauthorized information. However, exploiting this vulnerability requires local, authenticated access to a vulnerable system. Intel has not disclosed the number of companies or users affected by these vulnerabilities. [e187c66d]
Cybersecurity researchers have compiled a detailed report on a now-fixed security vulnerability affecting the open-source AI platform Ollama. The vulnerability, tracked as CVE-2024-37032 and named Probllama, allowed for remote code execution. The issue was fixed in version 0.1.34, released on May 7, 2024. The vulnerability was caused by insufficient input validation, resulting in a path traversal vulnerability that could be exploited to overwrite arbitrary files on the server and achieve remote code execution. The vulnerability required sending specially crafted HTTP requests to the Ollama API server. The issue was severe in Docker installations, as the server ran with root privileges and was publicly exposed. Ollama lacked authentication, allowing attackers to steal or tamper with AI models and compromise self-hosted AI inference servers. Over 1,000 exposed Ollama instances hosting numerous AI models were identified without any protection. The development comes as AI Protect AI warned of over 60 security flaws affecting open-source AI/ML tools. The most severe vulnerability, CVE-2024-22476, was a SQL injection vulnerability in Intel Neural Compressor software. All issues related to Ollama have been resolved in version 2.5.0. [02e5b439]
Security researchers have discovered a vulnerability in AMD chips called Sinkclose that affects virtually all AMD chips dating back to 2006. The flaw allows hackers to run their own code in the System Management Mode, a privileged mode of an AMD processor. Exploiting the bug would require hackers to have deep access to an AMD-based PC or server, but once exploited, the malware could infect the computer with a bootkit that evades antivirus tools and is potentially invisible to the operating system. The malware would be nearly undetectable and unpatchable, requiring physical access to the computer's memory chips to remove it. AMD has acknowledged the findings and released mitigation options for some of its products. [c0162c9b]