Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
Follow Us on Social
Last year, CISA created a list of vulnerabilities being actively exploited and a list of applications directly affected by those vulnerabilities. Over time, the list has been updated to reflect new and emerging threats.
Very recently, a new malware was discovered and CISA added two new vulnerabilities to that list, as they are being actively exploited by the malware to spread into new target systems.
The malware in question is called “Shikitega”, identified by AT&T’s Alien Labs in September. It targets systems running Linux, including IoT devices, and gains full system access by leveraging known exploits on the Linux kernel. So far, it has been used to deploy cryptocurrency miners to affected systems, but this type of malware is usually flexible enough to deploy different payloads to different targets (for example, ransomware instead of a cryptominer).
The two vulnerabilities are CVE-2021-4034 and CVE-2021-3493. Both were identified, as the identifier implies, in 2021, and both have patches available. The fact that there are still systems vulnerable to them speaks to how slow proper patching processes are in many organizations.
CVE-2021-4034, better known by the name PwnKit, made the rounds across a number of news sites, facilitated by the fact that its exploit was both reliable and relatively easy to trigger and how widely spread it was – as pkexec, its target, is present in most (all?) Linux systems. A more detailed description can be found in the TuxCare blog here.
The other vulnerability, CVE-2021-3493, is a bug in the overlayFS implementation, and was used in conjunction with PwnKit to obtain elevated privileges in the target systems.
By adding those vulnerabilities to the Known Exploited Vulnerabilities Catalog, CISA has provided a strict deadline to federal agencies by which they must fix those flaws in the systems they manage.
If you are still running systems not patched against these, and many other, Linux kernel vulnerabilities, you should consider a different approach to your patch management operations and consider a disruption-free alternative to traditional patching by using KernelCare’s Live Patching service. Vulnerabilities are patched quickly by KernelCare, providing the protection necessary to guard against Shikitega and other threats that could exploit them.
TALK TO A CYBERSECURITY EXPERT
Stay updated with the latest news and announcements from TuxCare.com
We continue to look at the code issues that cause...
It’s common to hear about new vulnerabilities and exploits, some...
ESET researchers have uncovered the malicious activities of Lazarus, a...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added...
While many were away enjoying some well-deserved R&R, security researchers,...
According to researchers from Lumen-based Black Lotus Lab, a new...