Expert Insight: New Old Bugs In The Linux Kernel

The research report that recently came out from GRIMM “New Old Bugs in the Linux Kernel,” with details on three exploitable vulnerabilities they’ve found in Linux, industry expert provides insight below.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Michael Mitama
Michael Mitama , CEO
InfoSec Expert
March 16, 2021 12:36 pm

<p>The findings by GRIMM are the reason why classic vulnerability scanning and testing are not enough. This requires consistent threat emulation and threat modeling with not only pentesters but also bug bounty hunters and threat hunters on the team specializing in Linux-based systems to assist in identifying these flaws. This pushes a CIRT to become more mature in its processes of people, and technological understanding of what\’s under the hood of their systems. The main concern is if the vulnerability is remotely accessible, and in this case it is not. It seems that the coercion to get it installed is a social engineering vector which seems low probability and main contributing factor to the exploit. The novelty is in this finding which has existed for over a decade. The finding is commendable nonetheless and displays the dynamic skill sets required in mixed environments.</p>

Last edited 1 year ago by Michael Mitama
1
0
Would love your thoughts, please comment.x
()
x