The security world has been abuzz this week about a new Linux exploit called “Dirty Pipe,” which also affects Android 12 devices like Galaxy S22 and Pixel 6. Here’s everything you need to know about “Dirty Pipe,” which devices it affects, and how best to avoid it. Recently disclosed by Max Kellermann as vulnerability CVE-2022-0847, “Dirty Pipe” is a security exploit in select recent versions of the Linux kernel. (The kernel is the core of an operating system, often acting as the go-between from applications to your actual hardware.) In short, any application that can read files on your phone/computer — permission many Android apps ask for — can potentially mess with your files or run malicious code. On desktop/laptop versions of Linux, this has already been shown to be easily able to get admin privileges. Broadly speaking, “Dirty Pipe” affects Linux-powered devices — which includes everything from Android phones and Chromebooks to Google Home devices like the Chromecasts, speakers, and displays. More specifically, the bug was introduced with Linux kernel version 5.8, released in 2020, and remained present in future releases. On the Android side of things, as noted by Ars Technica‘s Ron Amadeo, the damage potential of “Dirty Pipe” is far more limited. Most Android devices actually use an older version of the Linux kernel, unaffected by the exploit. Only devices that started their lives on Android 12 have a chance of being affected. Unfortunately, that means Android phones like the Google Pixel 6 series and Samsung Galaxy S22 series are both potentially at risk from “Dirty Pipe.” In fact, the developer who originally discovered the exploit was able to reproduce it on a Pixel 6 and reported it to Google. The easiest way to check whether your device is affected is to view your Linux kernel version. To do so, open the Settings app, open “About phone,” tap “Android version,” then look for “Kernel version.” If you see a version higher than 5.8 — and if Google hasn’t yet released a security patch — then your device is potentially at risk from the “Dirty Pipe” exploit. As of now, there are no known instances of the “Dirty Pipe” exploit being abused to gain control over a phone or computer. That said, quite a few developers have shown proof of concept examples of how easily “Dirty Pipe” can be used. It’s surely only a matter of time before “Dirty Pipe”-based exploits begin appearing in the wild. In addition to originally uncovering the “Dirty Pipe” exploit, Kellermann was also able to identify how to fix it and submitted a fix to the Linux kernel project shortly after disclosing it privately. Two days later, newer builds of supported versions of the Linux kernel were released to include the fix. As previously mentioned, the “Dirty Pipe” exploit was also reported to Google’s Android Security Team in late February. Within days, Kellermann’s fix was added to Android source code, ensuring that future builds would be secure. The Chrome OS team followed suit in picking up the fix on March 7, with the fix seemingly poised to roll out potentially as a mid-cycle update to Chrome OS 99. The full article is posted on OUR FORUM.

The National Security Agency (NSA) has released a new report that gives all organizations the most current advice on how to protect their IT network infrastructures from cyberattacks. NSA's report 'Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance' is available freely for all network admins and CIOs to bolster their networks from state-sponsored and criminal cyberattacks. The report covers network design, device passwords and password management, remote logging and administration, security updates, key exchange algorithms, and important protocols such as Network Time Protocol, SSH, HTTP, and Simple Network Management Protocol (SNMP). The US Cybersecurity and Infrastructure Security Agency (CISA) is encouraging tech leaders to view the NSA document as part of its new push for all organizations in the US and elsewhere to raise defenses after the recent disk wiper malware targeting Ukrainian organizations. The document, from NSA's cybersecurity directorate, encourages the adoption of 'zero trust' networks. Zero trust assumes malicious insiders and threats existing inside and outside classical network boundaries. The NSA says it "fully supports the Zero Trust model" and offers recommendations for creating it, from installing routers and using multiple vendors to creating firewalls that reduce the potential of an exploit impacting one vendor's product. However, the agency also notes that its guidance focuses on mitigating common vulnerabilities and weaknesses on existing networks. The Biden administration has given federal agencies until 2024[/color] to implement zero trust architectures, so the NSA's guidance joins recommendations from the National Institute of Standards and Technology's (NIST) work to explain what zero trust is with key vendors such as Microsoft and Google. The UK is also pushing organizations to adopt zero trust. Among other things, the document focuses closely on Cisco and its widely used IOS networking software for routers and switches, including configuring its one to 15 levels of privileged access to network devices and how to store passwords with algorithms that Cisco IOS devices use. The NSA knows a lot about Cisco gear, as Edward Snowden's 2013 leaks revealed. NSA recommends that similar systems within a network should be grouped together to protect against an attacker's lateral movement after a compromise. Attackers will target systems like printers that are more easily exploitable, for example. It also recommends removing backdoor connections between devices in the network, using strict perimeter access control lists, and implementing network access control (NAC) that authenticates unique devices connected to the network. Regarding VPNs, it says to "disable all unneeded features and implement strict traffic filtering rules". It also specifies the algorithms that should be used for key exchanges in IPSec VPN configurations. NSA says local administrator accounts should be protected with a unique and complex password. It recommends enforcing a new password policy and warns that "most devices have default administrative credentials which are advertised to the public". Admins should remove all default configurations and then reconfigure them with a unique secure account for each admin. "Do not introduce any new devices into the network without first changing the default administrative settings and accounts," NSA says. The new report follows NSA's guidance to help people and organizations choose virtual private networks (VPN). VPN hardware for securing connections between remote workers to corporate networks became a prime target during the pandemic. Follow this thread on OUR FORUM.