This week, Linux maintainers and vendors disclosed a heap overflow vulnerability in the Linux Kernel. The vulnerability has been issued a Common Vulnerability and Exposures ID of CVE-2022-0185 and is rated as a High (7.8) severity. The flaw occurs in the Filesystem Context system when handling legacy parameters. An attacker can leverage this flaw to cause a DDoS, escape container environments, and elevate privileges.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24.

In the wake of the takedown of the REvil/Sodinokibi ransomware gang by the Russian Federal Security Service (FSB) on January 14, Eastern-European cybercriminals are feeling the ground shake. In the days following the FSB action, Trustwave SpiderLabs researchers have analyzed a slew of Dark Web chatter and have found that this potential new world is breeding fear in that community.

Observability has gained a lot of momentum in the past year, be it full stack observability or data observability. Modern complex IT systems using clouds, microservices and serverless are easy to develop and deploy but extremely difficult to observe. These systems generate tremendous amounts of data and need an automated way of handling the volume. The next era of delivering customer experience is underpinned by the full stack observability capability.

In September 2021, the Indian Markets Regulator, Security, and Exchanges Board of India (SEBI) banned an employee of an Indian MNC headquartered in Bangalore and his counterpart, an employee of a leading Global information technology company from trading in stock exchanges till further orders. An impounding of illegal proceeds of 2.62 crore rupees were generated through insider trading activities. This is just an example of insider trading.

Privilege abuse is the top misuse-related reason for data breaches according to the 2021 Data Breach Investigations Report by Verizon. To mitigate the risk of data leaks and other incidents, it’s crucial to enhance the protection of critical assets and keep a close eye on the activity of privileged users. Yet it can become a real ordeal for an IT security manager not only to secure access to their organization’s servers but also to track and manage all privileged sessions.

MSPs are playing an increasingly important role in organizations' cybersecurity. This is the key finding from our Pulse "Outsourcing Security" survey of more than 100 organizations worldwide: 88% of respondents are outsourcing their cybersecurity processes or tools, and the most common type of outsourcing agreements selected is through MSPs (55%).

This weekend I spent some time with Okta’s Identity Engine product, learning about various ways to integrate it with Splunk and other external systems. When I got to Okta’s Event Hooks feature, I exclaimed “Aw, HECk!” (actually I said something a little stronger) and banged my head against my old copy of "Log4J 4 Me and U - A Complete Guide" for a few hours trying to get Event Hooks sending data properly into Splunk’s HTTP Event Collector, or HEC.

This blog was written by an independent guest blogger. Non-fungible tokens (NFTs) are the new player in the financial investment market. They’ve seen tremendous interest from a wide range of parties, whether that be institutional investors or retail hobbyists looking to find an angle. As with anything involving money, malicious actors are already starting to take hold; Insider magazine recently highlighted the 265 Ethereum (roughly $1.1 million) theft due to a fraudulent NFT scheme.