Security lapses, an almost a decade-old vulnerability are among the topics that we're going to review this week. From all the articles that we'll review, one thing is common: humans are not perfect and sometimes we need constant reminders to let us know what to do and when to do it.
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
I would like to know the cause behind the surge of Linux vulnerabilities in the past few months. We have had CopyFail, Dirty Frag, Fragnesia, and now this? Does it have anything related to Anthropic's Mythos? Anything? Let me know in the comments section.
Now, speaking of the article. The title is a good summary of the vulnerability, and the following excerpt tells you more:
The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major distributions like Debian, Fedora, and Ubuntu.
Scammers are abusing an internal Microsoft account to send spam links
This type of incident reminds me of the following: always verify everything you read in your email even if it appears to come from a "trusted" source. Imagine seeing an email that appears to be from MSFT and it's from scammers!
From the article:
This is the latest in a rash of incidents in which hackers or scammers have abused company systems to trick unsuspecting customers in recent months. Earlier this year, hackers broke into a platform used by fintech firm Betterment to send out fraudulent notifications that purported to triple the value of any crypto users send in — a widely known scam used to steal people’s cryptocurrency.
How to Protect Identities and Sessions from Infostealers
Infostealers. I don't know what to say. This blog from CrowdStrike details the danger they pose to your system, your life, and how to protect yourself.
From the article:
An infostealer is a type of malware specifically designed to do what its name suggests: steal sensitive information. Often deployed through phishing emails, malicious downloads, compromised websites, or exploited vulnerabilities
The impact of an infostealer attack can be devastating. Because infostealers quietly extract sensitive data, organizations often remain unaware until significant damage has been done.
CISA Admin Leaked AWS GovCloud Keys on Github
When I saw the article's title, I read it all. I kept wondering: how did it happen? I mean, you work for CISA and you put stuff like this in a public GitHub repo and ironically you name it "Private CISA". This is beyond me.
From the article:
One of the exposed files, titled “importantAWStokens,” included the administrative credentials to three Amazon AWS GovCloud servers. Another file exposed in their public GitHub repository — “AWS-Workspace-Firefox-Passwords.csv” — listed plaintext usernames and passwords for dozens of internal CISA systems.
I honestly believed that it was all fake before analyzing the content deeper. This is indeed the worst leak that I’ve witnessed in my career.
Why geopolitical turmoil is a gift for scammers, and how to stay safe
When something is happening in the world and it's everywhere like in the news, the papers, e.t.c., you name it. Scammers tend to use such situations to compromise unsuspecting users. That's why you need to control or should I say keep your emotions "in check" when global events happen. Whether you like what's going on or not, do not be quick to react when you're online or offline.
From the article:
A good rule of thumb is never to click on links or open attachments in unsolicited messages, even if they look convincing and appear as if sent from a trusted source.
If you really want to know if it’s a genuine message or not, check independently with the sender; i.e., don’t reply directly or use contact details in the message itself. Or if it’s a news story, go direct to your favored news outlet.
Be cautious of social media accounts, especially those that appear to be customer service accounts for airlines and the like. These are easier than you’d think to set up and platform providers are always a step behind in taking them down.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)