Cyber Risk’s Sensational Return to Work

Joao Correia

October 13, 2023 - Technical Evangelist

Ah, the sweet residue of summer vacations! It’s that time when IT professionals, having (hopefully) soaked up enough sun, reluctantly drag themselves back to their desks, half-expecting a somewhat calm transition back into the daily grind. But, alas, September and the early whispers of October have decided to throw curveballs instead of a welcome-back party.

A Not-So-Welcome Back Gift from September

For those who had even a smidgeon of hope for a serene re-entry into the cybersecurity realm, September scoffed, presenting a plate full of high-risk, high-impact vulnerabilities. The month was more prolific in unearthing digital dangers than most of us would have liked. And if you thought October might show some mercy, think again! The cybersecurity rollercoaster hasn’t hit the brakes just yet.

“Looney Tunables”: A Merry Melody of Mayhem

While you were perhaps still relishing the last sips of your piña colada, the diligent folks at Qualys were diving deep into the workings of glibc. Their explorations culminated in the identification of a particularly pesky local privilege elevation exploit, cheekily dubbed “Looney Tunables” (or CVE-2023-4911 for the more formally inclined). It’s a nasty little bug that’s made itself at home in a vast array of Linux distributions – from Debian to RHEL and everything in between. Lucky for us, it’s not remotely exploitable. A small consolation, perhaps, but we’ll take what we can get!

The Webp Woes: A Zero-Click Catastrophe

If remote exploits tend to catch your attention, CVE-2023-4863 is a genuine feast (or famine) for your cybersecurity appetite. It’s a zero-click remote exploit that impacts anything capable of loading, processing, or displaying WebP content. A flaw within libwebp’s processing can permit a remote attacker to execute a payload with devious ease. Whether it’s through uploading a malicious image, sharing a seemingly innocent vacation snapshot, or placing a specially crafted ad, unsuspecting victims become vulnerable to exploitation.

Initially perceived to be a flaw exclusive to Chrome (or the chromium engine), it was later revealed to be an even more pervasive issue. Given libwebp’s ubiquitous presence in everything from ffmpeg to Android to Thunderbird, the list of software needing urgent upgrades continues to burgeon.

The proverbial cherry on top? It’s being exploited in the wild and the code is trivially accessible on the Internet.

Exim: Delivering a Package of Predicaments

And as if the cybersecurity community needed another jolt, Exim decided to join the vulnerability party, unveiling 6 new vulnerabilities, some of which are remotely exploitable under specific conditions. Considering Exim’s standing as one of the most robust MTAs, deployed on an estimated 600,000 systems, these “certain conditions” are bound to materialize in numerous locations. And the official remediation until patches landed? Disable remote access to the Exim system. Not particularly conducive for an email system, but hey, at least it’s not hacked, right?

Buckle Up for the Cybersecurity Rollercoaster Ride!

Now that IT teams, sysadmins, and cybersecurity professionals are well and truly back in the saddle, it’s time to buckle up and brace ourselves for what promises to be a thrill ride until the year’s end. Fingers crossed for a change in the cybersecurity winds, but until then, let’s navigate the storm with our usual resilience and expertise.

Let’s not forget to appreciate the tireless researchers and IT professionals who, while many basked in the summer sun, were busy uncovering and patching these vulnerabilities, ensuring the digital world remains as secure as possible.

Summary