Ongoing Ransomware Attacks Exploit Linux Vulnerability, CISA Warns

ByDavey Winder,

Senior Contributor.

Admit it: the first thing you think of when ransomware is mentioned is likely Microsoft Windows as an attack surface. The second might be that ransomware is in decline and no longer a significant threat. The thought that Linux could be caught somewhere in all this probably doesn’t enter your head, but it should. The Cybersecurity and Infrastructure Security Agency has issued a timely reminder that Linux can be exploited, as it warns federal agencies to update within days, following confirmation of a Linux vulnerability being used in active ransomware attacks. Here’s what you need to know.

The CVE-2024-1086 Linux Kernel use-after-free vulnerability “allows a normal user to become an administrator (root), allowing them to change files, disable security, or install malware,” Immersive Security said, adding that “the flaw occurs when the system mishandles memory, allowing attackers to gain complete system control. But that was, checks date, almost two years ago. Indeed, the thing was fixed in January 2024. So, what’s the fuss all of a sudden? Self-described America’s Cyber Defense Agency, CISA, has issued a binding directive and warning that ransomware threat actors are actively exploiting CVE-2024-1086, giving federal agencies until November 20 to apply the necessary fix or “discontinue use of the product.”

Ongoing Ransomware Attacks Exploit Linux Vulnerability, CISA Warns

Related reading

Warning Issued As Hackers Give Microsoft Windows The Finger: Report

'CopyFail' attackers start cashing in on Linux flaw

New Warning As Microsoft Windows Attacks Confirmed — No Fix Available

Linux Patch Blind Spot Exposes Critical Cybersecurity Risks

Critical cPanel exploited: 'Millions' of sites could be hit

All Microsoft Windows Users Warned As New Bot Attacks Confirmed