The internet has made breaking up a lot harder. The Modern Love Digital Breakup Checklist can help you separate locations, accounts, and more.

Breaking up is hard to do. The internet has made it harder.

With couples today regularly sharing access to one another’s email accounts, streaming services, social media platforms, online photo albums, and more, the risk of a bad breakup isn’t just heartache. Equipped with unfettered access into sensitive, shared online accounts, a vindictive ex could track someone who is actively using services like DoorDash, Uber, or Airbnb, spy on someone through a Ring doorbell, raise the temperature on a Nest thermostat, or shout obscenities through a baby monitor.

As every relationship is different, there’s no one-size-fits-all solution to safely disentangling your digital life from your ex, but there are a few rules that can make the process easier.

And, because this can be a lot of work, here are a few things that can help you along the way:

*   A password manager that will help you create and store unique passwords for each online account.
*   The use of multifactor/two-factor authentication on every sensitive account that allows it.
*   A friend who can go through these exercises side-by-side with you.

Further down is a more comprehensive checklist of many considerations you can take in separating your digital life from your ex, but, here’s a quick, handy guide:

It’s important to remember that this work won’t be completed in a day. That’s entirely okay. Instead of trying to accomplish everything in one weekend, prioritize the most sensitive work—cutting off access to email accounts, online banking, shared photo albums, social media, and any services or apps that can reveal your location.

As Malwarebytes recently discovered in research conducted this year, 56% of people in committed relationships in the United States agreed that they “would like to see more guidance on how to handle shared logins, accounts, and apps in a relationship or during a breakup,” and 45% agreed that they “would have a hard time knowing where to begin if I no longer wanted to share location-based apps or services with my partner or in the event of a breakup.”

We hope this digital breakup checklist, which is not comprehensive, can provide some of that guidance.

Here is the Modern Love Digital Breakup Checklist.

*   Log out of personal accounts on shared devices, including laptops, tablets, e-readers, smartphones, smart TVs, and Internet of Things devices. This includes:
    
    *   Email, social media, and online banking accounts on shared tablets, computers, and smartphones.
    
    *   Email, social media, and online banking accounts on the shared devices of children/the entire family.
    *   Entertainment accounts (Hulu, Netflix, Disney+, Spotify, etc.) on smart TVs and streaming devices such as Roku, Google Chromecast, Apple TV, etc.
*   Remove your ex’s accounts from any device you share that you will maintain ownership of after the breakup. Here’s are guides on how to remove someone from:
    
    *   Windows device
    
    *   Mac device
    *   Android devices

*   For shared accounts where you and your ex had one set of login credentials, log out of those shared accounts on your own device.
*   If you want to continue using those services, create a new personal account with a unique password.

**3\. **Review personal accounts****

*   Before resetting passwords, check the recovery settings on your personal account to ensure that any attempts to reset your password will be sent to your personal email account and not to an email account owned by your ex.
*   Before resetting passwords, consider using a password manager to help create, store, and remember unique passwords for each account.
*   Reset and create unique passwords for sensitive accounts, including:
    
    *   Email accounts
    
    *   Online banking and financial accounts (Chase, Wells Fargo, Venmo, PayPal, Zelle, Cash App, etc.)
    *   Online shopping accounts (Amazon, Etsy, Shein, Temu, etc.)
    *   Social media accounts (TikTok, Instagram, Facebook, etc.)
    *   Shared cloud accounts for photos (Google Photos, iCloud)
    *   Shared cloud accounts for file storage (Dropbox, Box, etc.)
    *   Streaming entertainment accounts (Netflix, Disney+, Hulu, Spotify, Apple Music, etc.)
    *   Parental monitoring apps (Life360, Bark, Qustodio)
    *   Online forums and chat services (Reddit, Discord, etc.)
*   Reset and create unique passwords for accounts that can expose your location to users who are logged into the same account, including:
    
    *   Food and grocery delivery apps (Uber Eats, DoorDash, Postmates, etc.)
    
    *   Ride-sharing apps (Uber, Lyft, etc.)Vacation rental apps (Airbnb, Vrbo, etc.)
    *   Health and fitness tracking apps (FitBit, Strava, etc.)
    *   Connected apps for modern cars with anti-theft location tracking
*   Enable multifactor authentication on sensitive accounts and accounts that can expose your location, when provided as an option.

**4\. **Review/remove your signed-in devices****

*   Check your security settings in your online accounts to review what devices are currently logged into the same account. If you see a device that does not belong to you, force that device to be logged out.
    
    *   If you take this step after successfully resetting your password, those devices will be required to use the new password (which only you should know).
    
    *   These settings can often be found in “security” or “privacy and security” tabs in most apps.

**5\. **Review the location settings of your device****

*   Your device provides a way to comprehensively turn off **all** location services that apps rely on to function. With this feature turned off, location-based apps (such as Uber, Uber Eats, Airbnb, Yelp, Maps, etc.) will still function, but you will need to input your address and location manually each time you use the service.
    
    *   You can review location sharing settings on iPhone here.
    
    *   You can review location sharing settings on Android here.

**6\. **Review “Find My/Find My Device” settings****

*   Modern devices come pre-installed with anti-theft services called “Find My” on iPhones and “Find My Device” on Android phones. These are the same services that many couples use to track one another’s location, and turning these services off will shut off access that other people (including exes, friends, and family) have to your location.
    
    *   Alternatively, you can turn off location sharing with one person only rather than turning off location sharing all together. You can review location sharing settings on iPhone here.
    
    *   You can review location sharing settings on Android here.

**7\. **Review the location settings of individual apps****

*   If you want to keep location sharing on for convenience, you can review individual apps on your device and select how you would like your location to be accessed by those apps.
    
    *   iPhones allow you to choose one of several options for how frequently apps will access and use your location: Never, Ask Next Time Or When I Share, While Using the App, or Always. You can review location sharing settings on iPhone here.
    
    *   Android phones allow you to choose one of several options for how frequently apps will access and use your location: Allowed all the time, Allowed only while in use, and Not allowed.
    *   You can review location sharing settings on Android here.

**8\. **Maintain your ongoing security and privacy****

*   If you find it safe and necessary, block your ex on certain social media platforms, messaging apps, etc.
*   Review the privacy settings of social media apps to ensure that your posts are not inadvertently shared with an ex.
    *   Consider whether your ex could see your posts because you have mutual friends who may reveal your posts to your ex.
*   Review automatic cloud backups for photos you take with your smartphone.
    *   If your ex compromises your iCloud or Google Photos account—and your photos are automatically backed up to those accounts—they could retrieve sensitive photos that you want to keep private.
*   When entering a new relationship, have a conversation about consensually and safely sharing your location (or choosing not to).

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Relationship broken up? Here&#8217;s how to separate your online accounts 

A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other countries in the Asia-Pacific (APAC) region, by exploiting a recently patched critical security flaw impacting OSGeo GeoServer GeoTools.
The intrusion activity, which was detected by Trend Micro in July 2024, has been attributed to a threat actor dubbed Earth Baxia

Cyber Espionage / Malware

A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other countries in the Asia-Pacific (APAC) region, by exploiting a recently patched critical security flaw impacting OSGeo GeoServer GeoTools.

The intrusion activity, which was detected by Trend Micro in July 2024, has been attributed to a threat actor dubbed **Earth Baxia**.

"Based on the collected phishing emails, decoy documents, and observations from incidents, it appears that the targets are primarily government agencies, telecommunication businesses, and the energy industry in the Philippines, South Korea, Vietnam, Taiwan, and Thailand," researchers Ted Lee, Cyris Tseng, Pierre Lee, Sunny Lu, and Philip Chen said.

The discovery of lure documents in Simplified Chinese points to China being one of the affected countries as well, although the cybersecurity company said it does not have enough information to determine what sectors within the country have been singled out.

The multi-stage infection chain process leverages two different techniques, using spear-phishing emails and the exploitation of the GeoServer flaw (CVE-2024-36401, CVSS score: 9.8), to ultimately deliver Cobalt Strike and a previously unknown backdoor codenamed EAGLEDOOR, which allows for information gathering and payload delivery.

"The threat actor employs GrimResource and AppDomainManager injection to deploy additional payloads, aiming to lower the victim's guard," the researchers noted, adding the former method is used to download next-stage malware via a decoy MSC file dubbed RIPCOY embedded within a ZIP archive attachment.

It's worth mentioning here that Japanese cybersecurity company NTT Security Holdings recently detailed an activity cluster with links to APT41 that it said used the same two techniques to target Taiwan, the Philippines military, and Vietnamese energy organizations.

It's likely that these two intrusion sets are related, given the overlapping use of Cobalt Strike command-and-control (C2) domains that mimic Amazon Web Services, Microsoft Azure (e.g., "s3cloud-azure," "s2cloud-amazon," "s3bucket-azure," and "s3cloud-azure"), and Trend Micro itself ("trendmicrotech").

The end goal of the attacks is to deploy a custom variant of Cobalt Strike, which acts as a launchpad for the EAGLEDOOR backdoor ("Eagle.dll") via DLL side-loading.

The malware supports four methods to communicate with the C2 server over DNS, HTTP, TCP, and Telegram. While the first three protocols are used to transmit the victim status, the core functionality is realized through the Telegram Bot API to upload and download files, and execute additional payloads. The harvested data is exfiltrated via curl.exe.

"Earth Baxia, likely based in China, conducted a sophisticated campaign targeting government and energy sectors in multiple APAC countries," the researchers pointed out.

"They used advanced techniques like GeoServer exploitation, spear-phishing, and customized malware (Cobalt Strike and EAGLEDOOR) to infiltrate and exfiltrate data. The use of public cloud services for hosting malicious files and the multi-protocol support of EAGLEDOOR highlight the complexity and adaptability of their operations."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware

The FTC published a report about the ways social media and video streaming services collect and use our data

The US Federal Trade Commission (FTC) released a report that examines the data collection and use practices of major social media and video streaming services, finding that—and this will not come as a surprise to our regular readers—the companies engaged in vast surveillance of consumers in order to monetize their personal information while failing to adequately protect users online, especially children and teens.

The report, called A Look Behind the Scenes: Examining the Data Practices of Social Media and Video Streaming Services, is based on responses from nine companies to questions about how the companies collect, track, and use personal and demographic information, how they determine which ads and other content are shown to consumers, whether and how they apply algorithms or data analytics to personal and demographic information, and how their practices impact children and teens.

The companies that were ordered to respond own some of the household social media and streaming service names. They are Amazon (Twitch), Meta (Facebook and Instagram), YouTube, X (Twitter), Snap (Snapchat), ByteDance (TikTok), Discord, Reddit, and WhatsApp.

Some of the specific information that the FTC was looking for included:

*   How social media and video streaming services collect, use, track, estimate, or derive personal and demographic information.
*   How they determine which ads and other content are shown to consumers.
*   Whether they apply algorithms or data analytics to personal information.
*   How they measure, promote, and research user engagement.
*   How their practices affect children and teens.

The conclusions seemed to upset the FTC, but we weren’t even mildly surprised:

> “The amount of data collected by large tech companies is simply staggering. They track what we read, what websites we visit, whether we are married and have children, our educational level and income bracket, our location, our purchasing habits, our personal interests, and in some cases even our health conditions and religious faith. They track what we do on and off their platforms, often combining their own information with enormous data sets purchased through the largely unregulated consumer data market.”

The FTC also mentions that some of these companies increasingly rely on hidden pixels and other means of tracking visitors, not only on their own, but also on other websites, to track our behavior down to every click.

Some of the responders were even unable to identify all the data points they collected or all of the third parties they shared that data with.

The report comes to the conclusion that self-regulation is not the answer to these problems. We can see all around the news that with the rise of the artificial platforms that many of these companies are developing, the incentive to use our data for their own purposes is only growing.

> “Predicting, shaping, and monetizing human behavior through commercial surveillance is extremely profitable.”
> 
> US Federal Trade Commission, “A Look Behind the Screens: Examining the Data Practices of Social Media and Video Streaming Services”

This has created a number of companies that have a huge influence on our economy, our democracy, and our society as a whole. Companies that, it appears, believe they can dodge the obligation to provide the Commission with complete answers while hiding their collection practices with limited, incomplete, or unhelpful responses that appear to have been carefully crafted to be self-serving, and to avoid revealing key pieces of information.

While their services provide us with the option to connect with the world from the palm of your hand, many of them have been at the forefront of building the infrastructure for mass commercial surveillance. They have access to information about every aspect of our lives and our behavior.

This comes not only with costs to our privacy, it harms our competitive landscape and affects the way we communicate and our well-being, especially the well-being of children and teens.

Some of the key findings of the report are:

*   Many of the companies collected and could indefinitely retain troves of data from and about users and non-users, and they did so in ways consumers might not expect.
*   Many of the responding companies relied on selling advertising services to other businesses based largely on using the personal information of their users. The technology powering this ecosystem took place behind the scenes and out of view to consumers, posing significant privacy risks.
*   Algorithms, data analytics, and/or AI were applied to users’ and non-users’ personal information. These technologies controlled everything from content recommendation to search, advertising, and inferring personal details about users, while the users lacked any meaningful control over how personal information was used for AI-fueled systems.
*   The trend among the responding companies was that they failed to adequately protect children, but especially teens, who are not covered by the Children’s Online Privacy Protection Rule (COPPA).

The recommendations of the FTC focus on legislation about the transparency of the data-usage, disclosure of sensitive personal data for advertising purposes, and the need to protect young users from the information-absorbing tech giants.

For more details and specific answers from each of the companies, you can check the 129 page report.

I want to close this off with a quote from the report that we whole-heartedly agree with:

> “Our privacy cannot be the price we pay to accomplish ordinary basic daily activities”

**We don’t just report on threats – we help protect your social media**

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Cyrus, powered by Malwarebytes.

 &#8220;Simply staggering&#8221; surveillance conducted by social media and streaming services, FTC finds 

PRESS RELEASE

AUSTIN, Texas and Fal.Con 2024, Las Vegas – September 16, 2024 — CrowdStrike (NASDAQ: CRWD) today announced the launch of its second annual Cybersecurity Startup Accelerator with Amazon Web Services (AWS). NVIDIA also joins in supporting the Accelerator program, powering the next generation of artificial intelligence (AI) and cloud security startups. Targeting cybersecurity’s next market-defining disruptors across the U.S. and EMEA, AWS and CrowdStrike with NVIDIA through its Inception program, will provide mentorship, technical expertise, funding and go-to-market opportunities.  
Applications for the AWS and CrowdStrike Cybersecurity Startup Accelerator with NVIDIA are open from September 16, 2024 to January 10, 2025. Selected startups will be enrolled in a free eight-week program developed by AWS, CrowdStrike and NVIDIA that offers mentorship and guidance from industry experts and executives. Startups will also have access to top-tier global cybersecurity investors, enablement sessions, and up to $25,000 in AWS Activate credits, among other exclusive benefits.

At the end of the program, participants can present their innovations at an in-person Demo Day at the AWS Startup Loft in San Francisco, which will take place during the RSA Conference in April 2025. Winning presentations may be eligible to receive funding from the CrowdStrike Falcon® Fund. 

“CrowdStrike and AWS created the Cybersecurity Startup Accelerator as a formative, value creation experience for innovative startups to learn, create and grow. Since participating in the Accelerator, last year’s cohort participants raised over $150 million from leading global VCs,” said Daniel Bernard, chief business officer, CrowdStrike. “We’re proud to welcome NVIDIA as a supporter of the Accelerator program – bringing together market-leading cybersecurity, cloud and AI expertise to cultivate tomorrow’s great innovators.”

“For startups seeking to tackle the most pressing security challenges, the Cybersecurity Startup Accelerator provides the AI technologies, accelerated computing resources and technical expertise they need,” said Bartley Richardson, director of cybersecurity engineering at NVIDIA.

To apply, visit this website. Startups are encouraged to review the terms and conditions here.

You May Also Like

CrowdStrike Expands Cybersecurity Startup Accelerator With AWS and NVIDIA

A new phishing campaign uses fake CAPTCHA verification pages to trick Windows users into running malicious PowerShell commands,…

A new phishing campaign uses fake CAPTCHA verification pages to trick Windows users into running malicious PowerShell commands, installing the Lumma Stealer malware and stealing sensitive information. Stay informed and protected.

Cybersecurity researchers at CloudSec have discovered a new phishing campaign that is tricking users into running malicious commands through fake human verification pages. The campaign, which primarily targets Windows users, aims to install the **Lumma Stealer malware**, leading to the theft of sensitive information.

**How the Attack Works**

Threat actors are creating phishing sites hosted on various platforms, including Amazon S3 buckets and Content Delivery Networks (CDNs). These sites mimic legitimate verification pages, such as fake **Google CAPTCHA** pages. When users click the “Verify” button, they are presented with unusual instructions:

1.  **Open the Run dialog (Win+R)**
2.  **Press Ctrl+V**
3.  **Hit Enter**

Unknown to the user, these actions execute a hidden JavaScript function that copies a base64-encoded PowerShell command to the clipboard. When the user pastes and runs the command, it downloads the Lumma Stealer malware from a remote server.

CloudSec’s **report** shared with Hackread.com ahead of publishing on Thursday, revealed that the downloaded malware often downloads additional malicious components, making detection and removal more difficult. While currently used to spread Lumma Stealer, this technique could be easily adapted to deliver other types of malware.

Attack flow and fake verification process triggered when the user clicks on the fake Google CAPTCHA prompt (Screenshot: CloudSec)

For your information, the Lumma Stealer is designed to steal sensitive data from the infected device. While the specific data targeted can vary, it often includes login credentials, financial information, and personal files. This latest campaign came just days after the malware was caught disguising itself as an **OnlyFans hacker tool**, infecting the devices of other hackers.

**In January 2024**, Lumma was discovered to be spreading through cracked software distributed via compromised YouTube channels. Earlier, **in November 2023**, researchers had identified a new version of LummaC2, called LummaC2 v4.0, which was stealing user data using trigonometric techniques to detect human users.

> I hereby confirm. https://t.co/1q4cARQLDM pic.twitter.com/GEBzqJeaSs
> 
> — Waqas (@WAK4S) December 31, 2023

****What Now?****

Now that the new Lumma stealer infection spree has been reported, businesses and unsuspecting users need to stay alert and avoid falling for the latest fake verification scam. Here are some common-sense rules and simple yet essential tips for protection against Lumma and other similar stealers:

*   **Educate yourself and others:** Share this information with friends, family, and colleagues to raise awareness about this new threat.
*   **Be wary of unusual verification requests:** Legitimate websites rarely ask users to execute commands through the “Run” dialogue box. Be suspicious of any site that makes such requests.
*   **Don’t copy and paste unknown commands:** Avoid copying and pasting anything from untrusted sources, especially commands meant to be run in a terminal or command prompt.
*   **Keep your software updated:** Ensure your operating system and antivirus software are up-to-date to patch known vulnerabilities.
*   **Most Important:** Follow Hackread.com for the latest cybersecurity news.

1.  **Fake Antivirus Sites Spread Malware**
2.  **Analysis of Top Infostealers: Redline, Vidar, Formbook**
3.  **Hackers using CAPTCHA to evade phishing, malware detection**
4.  **Unicode QR Code Phishing Scam Bypasses Traditional Security**
5.  **Android banking malware distributed with fake Google reCAPTCHA**

Fake CAPTCHA Verification Pages Spreading Lumma Stealer Malware

Ubuntu Security Notice 7021-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7021-1September 18, 2024linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15,linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15,linux-kvm, linux-nvidia, linux-oracle, linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-intel-iotg: Linux kernel for Intel IoT platforms- linux-kvm: Linux kernel for cloud environments- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-intel-iotg-5.15: Linux kernel for Intel IoT platformsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - BTRFS file system;  - F2FS file system;  - GFS2 file system;  - BPF subsystem;  - Netfilter;  - RxRPC session sockets;  - Integrity Measurement Architecture(IMA) framework;(CVE-2024-39496, CVE-2024-41009, CVE-2024-26677, CVE-2024-42160,CVE-2024-27012, CVE-2024-42228, CVE-2024-39494, CVE-2024-38570)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-5.15.0-1053-gkeop   5.15.0-1053.60  linux-image-5.15.0-1063-ibm     5.15.0-1063.66  linux-image-5.15.0-1063-raspi   5.15.0-1063.66  linux-image-5.15.0-1065-intel-iotg  5.15.0-1065.71  linux-image-5.15.0-1065-nvidia  5.15.0-1065.66  linux-image-5.15.0-1065-nvidia-lowlatency  5.15.0-1065.66  linux-image-5.15.0-1067-gke     5.15.0-1067.73  linux-image-5.15.0-1067-kvm     5.15.0-1067.72  linux-image-5.15.0-1068-oracle  5.15.0-1068.74  linux-image-5.15.0-1069-gcp     5.15.0-1069.77  linux-image-5.15.0-1070-aws     5.15.0-1070.76  linux-image-5.15.0-1073-azure   5.15.0-1073.82  linux-image-5.15.0-122-generic  5.15.0-122.132  linux-image-5.15.0-122-generic-64k  5.15.0-122.132  linux-image-5.15.0-122-generic-lpae  5.15.0-122.132  linux-image-aws-lts-22.04       5.15.0.1070.70  linux-image-azure-lts-22.04     5.15.0.1073.71  linux-image-gcp-lts-22.04       5.15.0.1069.65  linux-image-generic             5.15.0.122.122  linux-image-generic-64k         5.15.0.122.122  linux-image-generic-lpae        5.15.0.122.122  linux-image-gke                 5.15.0.1067.66  linux-image-gke-5.15            5.15.0.1067.66  linux-image-gkeop               5.15.0.1053.52  linux-image-gkeop-5.15          5.15.0.1053.52  linux-image-ibm                 5.15.0.1063.59  linux-image-intel-iotg          5.15.0.1065.65  linux-image-kvm                 5.15.0.1067.63  linux-image-nvidia              5.15.0.1065.65  linux-image-nvidia-lowlatency   5.15.0.1065.65  linux-image-oracle-lts-22.04    5.15.0.1068.64  linux-image-raspi               5.15.0.1063.61  linux-image-raspi-nolpae        5.15.0.1063.61  linux-image-virtual             5.15.0.122.122Ubuntu 20.04 LTS  linux-image-5.15.0-1053-gkeop   5.15.0-1053.60~20.04.1  linux-image-5.15.0-1065-intel-iotg  5.15.0-1065.71~20.04.1  linux-image-5.15.0-1069-gcp     5.15.0-1069.77~20.04.1  linux-image-5.15.0-1070-aws     5.15.0-1070.76~20.04.1  linux-image-5.15.0-1073-azure   5.15.0-1073.82~20.04.1  linux-image-5.15.0-122-generic  5.15.0-122.132~20.04.1  linux-image-5.15.0-122-generic-64k  5.15.0-122.132~20.04.1  linux-image-5.15.0-122-generic-lpae  5.15.0-122.132~20.04.1  linux-image-aws                 5.15.0.1070.76~20.04.1  linux-image-azure               5.15.0.1073.82~20.04.1  linux-image-azure-cvm           5.15.0.1073.82~20.04.1  linux-image-gcp                 5.15.0.1069.77~20.04.1  linux-image-generic-64k-hwe-20.04  5.15.0.122.132~20.04.1  linux-image-generic-hwe-20.04   5.15.0.122.132~20.04.1  linux-image-generic-lpae-hwe-20.04  5.15.0.122.132~20.04.1  linux-image-gkeop-5.15          5.15.0.1053.60~20.04.1  linux-image-intel               5.15.0.1065.71~20.04.1  linux-image-intel-iotg          5.15.0.1065.71~20.04.1  linux-image-oem-20.04           5.15.0.122.132~20.04.1  linux-image-oem-20.04b          5.15.0.122.132~20.04.1  linux-image-oem-20.04c          5.15.0.122.132~20.04.1  linux-image-oem-20.04d          5.15.0.122.132~20.04.1  linux-image-virtual-hwe-20.04   5.15.0.122.132~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7021-1  CVE-2024-26677, CVE-2024-27012, CVE-2024-38570, CVE-2024-39494,  CVE-2024-39496, CVE-2024-41009, CVE-2024-42160, CVE-2024-42228Package Information:  https://launchpad.net/ubuntu/+source/linux/5.15.0-122.132  https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1070.76  https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1073.82  https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1069.77  https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1067.73  https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1053.60  https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1063.66  https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1065.71  https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1067.72  https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1065.66  https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1068.74  https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1063.66  https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1070.76~20.04.1  https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1073.82~20.04.1  https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1069.77~20.04.1  https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1053.60~20.04.1  https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-122.132~20.04.1  https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1065.71~20.04.1

Ubuntu Security Notice USN-7021-1

Ubuntu Security Notice 7020-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7020-1September 18, 2024linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-lowlatency,linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8,linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-lowlatency: Linux low latency kernel- linux-nvidia: Linux kernel for NVIDIA systems- linux-nvidia-lowlatency: Linux low latency kernel for NVIDIA systems- linux-oem-6.8: Linux kernel for OEM systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-lowlatency-hwe-6.8: Linux low latency kernel- linux-nvidia-6.8: Linux kernel for NVIDIA systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - Network drivers;  - SCSI drivers;  - F2FS file system;  - BPF subsystem;  - IPv4 networking;(CVE-2024-42160, CVE-2024-42159, CVE-2024-42154, CVE-2024-41009,CVE-2024-42228, CVE-2024-42224)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1011-gke      6.8.0-1011.14  linux-image-6.8.0-1013-ibm      6.8.0-1013.13  linux-image-6.8.0-1013-oem      6.8.0-1013.13  linux-image-6.8.0-1013-oracle   6.8.0-1013.13  linux-image-6.8.0-1013-oracle-64k  6.8.0-1013.13  linux-image-6.8.0-1014-nvidia   6.8.0-1014.15  linux-image-6.8.0-1014-nvidia-64k  6.8.0-1014.15  linux-image-6.8.0-1014-nvidia-lowlatency  6.8.0-1014.15.1  linux-image-6.8.0-1014-nvidia-lowlatency-64k  6.8.0-1014.15.1  linux-image-6.8.0-1015-gcp      6.8.0-1015.17  linux-image-6.8.0-1016-aws      6.8.0-1016.17  linux-image-6.8.0-45-generic    6.8.0-45.45  linux-image-6.8.0-45-generic-64k  6.8.0-45.45  linux-image-6.8.0-45-lowlatency  6.8.0-45.45.1  linux-image-6.8.0-45-lowlatency-64k  6.8.0-45.45.1  linux-image-aws                 6.8.0-1016.17  linux-image-gcp                 6.8.0-1015.17  linux-image-generic             6.8.0-45.45  linux-image-generic-64k         6.8.0-45.45  linux-image-generic-64k-hwe-24.04  6.8.0-45.45  linux-image-generic-hwe-24.04   6.8.0-45.45  linux-image-generic-lpae        6.8.0-45.45  linux-image-gke                 6.8.0-1011.14  linux-image-ibm                 6.8.0-1013.13  linux-image-ibm-classic         6.8.0-1013.13  linux-image-ibm-lts-24.04       6.8.0-1013.13  linux-image-kvm                 6.8.0-45.45  linux-image-lowlatency          6.8.0-45.45.1  linux-image-lowlatency-64k      6.8.0-45.45.1  linux-image-nvidia              6.8.0-1014.15  linux-image-nvidia-64k          6.8.0-1014.15  linux-image-nvidia-lowlatency   6.8.0-1014.15.1  linux-image-nvidia-lowlatency-64k  6.8.0-1014.15.1  linux-image-oem-24.04           6.8.0-1013.13  linux-image-oem-24.04a          6.8.0-1013.13  linux-image-oracle              6.8.0-1013.13  linux-image-oracle-64k          6.8.0-1013.13  linux-image-virtual             6.8.0-45.45  linux-image-virtual-hwe-24.04   6.8.0-45.45Ubuntu 22.04 LTS  linux-image-6.8.0-1014-nvidia   6.8.0-1014.15~22.04.1  linux-image-6.8.0-1014-nvidia-64k  6.8.0-1014.15~22.04.1  linux-image-6.8.0-45-lowlatency  6.8.0-45.45.1~22.04.1  linux-image-6.8.0-45-lowlatency-64k  6.8.0-45.45.1~22.04.1  linux-image-lowlatency-64k-hwe-22.04  6.8.0-45.45.1~22.04.1  linux-image-lowlatency-hwe-22.04  6.8.0-45.45.1~22.04.1  linux-image-nvidia-6.8          6.8.0-1014.15~22.04.1  linux-image-nvidia-64k-6.8      6.8.0-1014.15~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7020-1  CVE-2024-41009, CVE-2024-42154, CVE-2024-42159, CVE-2024-42160,  CVE-2024-42224, CVE-2024-42228Package Information:  https://launchpad.net/ubuntu/+source/linux/6.8.0-45.45  https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1016.17  https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1015.17  https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1011.14  https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1013.13  https://launchpad.net/ubuntu/+source/linux-lowlatency/6.8.0-45.45.1  https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1014.15  https://launchpad.net/ubuntu/+source/linux-nvidia-lowlatency/6.8.0-1014.15.1  https://launchpad.net/ubuntu/+source/linux-oem-6.8/6.8.0-1013.13  https://launchpad.net/ubuntu/+source/linux-oracle/6.8.0-1013.13  https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.8/6.8.0-45.45.1~22.04.1  https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1014.15~22.04.1

Ubuntu Security Notice USN-7020-1

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Are the robots really taking over? Come up with a clever cybersecurity-related caption for the cartoon above, and our favorite will win a $25 Amazon gift card.

Here are four convenient ways to submit your ideas before the Oct. 16, 2024, deadline:

*   Via social media: X, Facebook, and LinkedIn. (If you win, we'll respond to you on the same platform, requesting your email address.)
    

**Last Month's Winner**

A round of congratulations goes to Vanilla Cyber's Renen Wasserman, whose caption for August's "Security Games" contest nailed first place:

Thanks to all who participated. Some noteworthy contenders included "This new threat detection method is 10% better than our old one," "Blindfolded and Breached: The Modern Cybersecurity Nightmare," and "This 5th level of multi-authentication may be taking things too far."

**About the Author**

John Klossner has been drawing technology cartoons for more than 15 years. His work regularly appears in Computerworld and Federal Computer Week. His illustrations and cartoons have also been published in The New Yorker, Barron's, and The Wall Street Journal.

Name That Toon: Tug of War

Ubuntu Security Notice 7007-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-7007-1September 13, 2024linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke,linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm,linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia,linux-oracle, linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-intel-iotg: Linux kernel for Intel IoT platforms- linux-kvm: Linux kernel for cloud environments- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-intel-iotg-5.15: Linux kernel for Intel IoT platformsDetails:Chenyuan Yang discovered that the CEC driver driver in the Linux kernelcontained a use-after-free vulnerability. A local attacker could use thisto cause a denial of service (system crash) or possibly execute arbitrarycode. (CVE-2024-23848)Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kerneldid not properly check for the device to be enabled before writing. A localattacker could possibly use this to cause a denial of service.(CVE-2024-25741)It was discovered that the JFS file system contained an out-of-bounds readvulnerability when printing xattr debug information. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2024-40902)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM64 architecture;  - M68K architecture;  - MIPS architecture;  - PowerPC architecture;  - RISC-V architecture;  - x86 architecture;  - Block layer subsystem;  - Cryptographic API;  - Accessibility subsystem;  - ACPI drivers;  - Serial ATA and Parallel ATA drivers;  - Drivers core;  - Bluetooth drivers;  - Character device driver;  - CPU frequency scaling framework;  - Hardware crypto device drivers;  - Buffer Sharing and Synchronization framework;  - DMA engine subsystem;  - FPGA Framework;  - GPIO subsystem;  - GPU drivers;  - Greybus drivers;  - HID subsystem;  - HW tracing;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - Input Device (Mouse) drivers;  - Macintosh device drivers;  - Multiple devices driver;  - Media drivers;  - VMware VMCI Driver;  - Network drivers;  - Near Field Communication (NFC) drivers;  - NVME drivers;  - Pin controllers subsystem;  - PTP clock framework;  - S/390 drivers;  - SCSI drivers;  - SoundWire subsystem;  - Greybus lights staging drivers;  - Media staging drivers;  - Thermal drivers;  - TTY drivers;  - USB subsystem;  - DesignWare USB3 driver;  - Framebuffer layer;  - ACRN Hypervisor Service Module driver;  - eCrypt file system;  - File systems infrastructure;  - Ext4 file system;  - F2FS file system;  - JFFS2 file system;  - JFS file system;  - NILFS2 file system;  - NTFS3 file system;  - SMB network file system;  - IOMMU subsystem;  - Memory management;  - Netfilter;  - BPF subsystem;  - Kernel debugger infrastructure;  - DMA mapping infrastructure;  - IRQ subsystem;  - Tracing infrastructure;  - 9P file system network protocol;  - B.A.T.M.A.N. meshing protocol;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - Multipath TCP;  - NET/ROM layer;  - NFC subsystem;  - Open vSwitch;  - Network traffic control;  - TIPC protocol;  - TLS protocol;  - Unix domain sockets;  - Wireless networking;  - XFRM subsystem;  - ALSA framework;  - SoC Audio for Freescale CPUs drivers;  - Kirkwood ASoC drivers;(CVE-2024-40961, CVE-2024-38597, CVE-2024-39468, CVE-2024-36978,CVE-2024-42161, CVE-2024-38573, CVE-2024-40905, CVE-2024-42094,CVE-2024-36894, CVE-2024-40914, CVE-2024-40956, CVE-2024-42106,CVE-2024-38610, CVE-2024-39506, CVE-2024-42098, CVE-2024-42232,CVE-2024-38590, CVE-2024-39488, CVE-2024-42127, CVE-2024-41006,CVE-2024-42131, CVE-2024-41005, CVE-2024-40963, CVE-2024-38559,CVE-2024-42130, CVE-2024-37078, CVE-2024-42082, CVE-2024-40984,CVE-2024-38560, CVE-2024-42090, CVE-2024-33621, CVE-2024-40974,CVE-2024-42115, CVE-2024-40971, CVE-2024-40943, CVE-2024-38627,CVE-2024-38548, CVE-2024-40934, CVE-2024-38579, CVE-2024-38558,CVE-2024-39495, CVE-2023-52884, CVE-2024-42225, CVE-2024-38659,CVE-2024-40927, CVE-2024-40967, CVE-2024-38624, CVE-2024-38583,CVE-2024-41047, CVE-2024-38623, CVE-2024-39509, CVE-2024-36971,CVE-2024-42120, CVE-2024-38589, CVE-2024-36270, CVE-2024-42105,CVE-2024-36032, CVE-2024-42101, CVE-2024-40908, CVE-2024-42089,CVE-2024-39482, CVE-2024-38662, CVE-2024-41007, CVE-2024-38635,CVE-2023-52887, CVE-2024-40912, CVE-2024-41027, CVE-2024-38598,CVE-2024-38381, CVE-2024-39503, CVE-2024-39301, CVE-2024-40988,CVE-2024-41000, CVE-2024-39507, CVE-2024-35247, CVE-2024-39277,CVE-2024-42229, CVE-2024-42085, CVE-2024-35927, CVE-2024-42224,CVE-2024-38567, CVE-2024-42097, CVE-2024-41049, CVE-2024-39466,CVE-2024-40957, CVE-2024-40978, CVE-2024-42093, CVE-2024-40937,CVE-2024-41034, CVE-2024-41048, CVE-2024-39471, CVE-2024-39502,CVE-2024-38555, CVE-2024-40970, CVE-2024-36972, CVE-2024-40995,CVE-2024-42154, CVE-2024-40916, CVE-2024-39505, CVE-2024-39475,CVE-2024-38599, CVE-2024-38596, CVE-2024-39493, CVE-2024-42124,CVE-2024-38549, CVE-2024-42084, CVE-2024-40942, CVE-2024-42077,CVE-2024-42152, CVE-2024-40904, CVE-2024-31076, CVE-2024-40960,CVE-2024-41035, CVE-2024-40945, CVE-2024-38605, CVE-2024-42140,CVE-2024-41041, CVE-2024-36014, CVE-2024-38612, CVE-2024-41092,CVE-2024-38546, CVE-2024-40902, CVE-2024-42068, CVE-2024-42121,CVE-2024-42236, CVE-2024-34777, CVE-2024-39467, CVE-2024-42087,CVE-2024-39501, CVE-2024-40980, CVE-2024-38550, CVE-2024-42223,CVE-2024-38607, CVE-2024-42247, CVE-2024-41046, CVE-2024-42080,CVE-2024-40901, CVE-2024-38571, CVE-2024-39480, CVE-2024-42070,CVE-2024-41093, CVE-2024-42148, CVE-2024-38601, CVE-2024-39500,CVE-2024-41097, CVE-2024-38565, CVE-2024-38661, CVE-2024-38615,CVE-2024-41040, CVE-2024-34027, CVE-2024-37356, CVE-2024-42157,CVE-2024-40941, CVE-2024-38634, CVE-2024-41004, CVE-2024-38780,CVE-2024-38552, CVE-2024-39276, CVE-2024-38618, CVE-2024-38588,CVE-2024-42086, CVE-2024-41087, CVE-2024-38582, CVE-2024-40932,CVE-2024-39489, CVE-2024-40968, CVE-2024-42119, CVE-2024-42137,CVE-2024-40929, CVE-2024-38591, CVE-2024-36489, CVE-2022-48772,CVE-2024-42153, CVE-2024-40959, CVE-2024-40987, CVE-2024-36015,CVE-2024-41044, CVE-2024-41002, CVE-2024-42109, CVE-2024-38587,CVE-2024-36286, CVE-2024-41055, CVE-2024-39469, CVE-2024-39487,CVE-2024-38580, CVE-2024-38619, CVE-2024-38613, CVE-2024-42145,CVE-2024-41095, CVE-2024-40958, CVE-2024-40911, CVE-2024-42102,CVE-2024-33847, CVE-2024-36974, CVE-2024-40994, CVE-2024-38633,CVE-2024-40981, CVE-2024-40983, CVE-2024-42096, CVE-2024-42104,CVE-2024-42092, CVE-2024-40954, CVE-2024-38637, CVE-2024-42240,CVE-2024-38621, CVE-2024-38578, CVE-2024-38547, CVE-2024-39490,CVE-2024-42076, CVE-2024-42244, CVE-2024-39499, CVE-2024-38586,CVE-2024-41089, CVE-2024-40976, CVE-2024-42095, CVE-2024-40931,CVE-2024-40990)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-5.15.0-1052-gkeop   5.15.0-1052.59  linux-image-5.15.0-1062-ibm     5.15.0-1062.65  linux-image-5.15.0-1062-raspi   5.15.0-1062.65  linux-image-5.15.0-1064-intel-iotg  5.15.0-1064.70  linux-image-5.15.0-1064-nvidia  5.15.0-1064.65  linux-image-5.15.0-1064-nvidia-lowlatency  5.15.0-1064.65  linux-image-5.15.0-1066-gke     5.15.0-1066.72  linux-image-5.15.0-1066-kvm     5.15.0-1066.71  linux-image-5.15.0-1067-oracle  5.15.0-1067.73  linux-image-5.15.0-1068-gcp     5.15.0-1068.76  linux-image-5.15.0-1069-aws     5.15.0-1069.75  linux-image-5.15.0-121-generic  5.15.0-121.131  linux-image-5.15.0-121-generic-64k  5.15.0-121.131  linux-image-5.15.0-121-generic-lpae  5.15.0-121.131  linux-image-aws-lts-22.04       5.15.0.1069.69  linux-image-gcp-lts-22.04       5.15.0.1068.64  linux-image-generic             5.15.0.121.121  linux-image-generic-64k         5.15.0.121.121  linux-image-generic-lpae        5.15.0.121.121  linux-image-gke                 5.15.0.1066.65  linux-image-gke-5.15            5.15.0.1066.65  linux-image-gkeop               5.15.0.1052.51  linux-image-gkeop-5.15          5.15.0.1052.51  linux-image-ibm                 5.15.0.1062.58  linux-image-intel-iotg          5.15.0.1064.64  linux-image-kvm                 5.15.0.1066.62  linux-image-nvidia              5.15.0.1064.64  linux-image-nvidia-lowlatency   5.15.0.1064.64  linux-image-oracle-lts-22.04    5.15.0.1067.63  linux-image-raspi               5.15.0.1062.60  linux-image-raspi-nolpae        5.15.0.1062.60  linux-image-virtual             5.15.0.121.121Ubuntu 20.04 LTS  linux-image-5.15.0-1052-gkeop   5.15.0-1052.59~20.04.1  linux-image-5.15.0-1064-intel-iotg  5.15.0-1064.70~20.04.1+1  linux-image-5.15.0-1068-gcp     5.15.0-1068.76~20.04.1  linux-image-5.15.0-1069-aws     5.15.0-1069.75~20.04.1  linux-image-5.15.0-121-generic  5.15.0-121.131~20.04.1  linux-image-5.15.0-121-generic-64k  5.15.0-121.131~20.04.1  linux-image-5.15.0-121-generic-lpae  5.15.0-121.131~20.04.1  linux-image-aws                 5.15.0.1069.75~20.04.1  linux-image-gcp                 5.15.0.1068.76~20.04.1  linux-image-generic-64k-hwe-20.04  5.15.0.121.131~20.04.1  linux-image-generic-hwe-20.04   5.15.0.121.131~20.04.1  linux-image-generic-lpae-hwe-20.04  5.15.0.121.131~20.04.1  linux-image-gkeop-5.15          5.15.0.1052.59~20.04.1  linux-image-intel               5.15.0.1064.70~20.04.1  linux-image-intel-iotg          5.15.0.1064.70~20.04.1  linux-image-oem-20.04           5.15.0.121.131~20.04.1  linux-image-oem-20.04b          5.15.0.121.131~20.04.1  linux-image-oem-20.04c          5.15.0.121.131~20.04.1  linux-image-oem-20.04d          5.15.0.121.131~20.04.1  linux-image-virtual-hwe-20.04   5.15.0.121.131~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7007-1  CVE-2022-48772, CVE-2023-52884, CVE-2023-52887, CVE-2024-23848,  CVE-2024-25741, CVE-2024-31076, CVE-2024-33621, CVE-2024-33847,  CVE-2024-34027, CVE-2024-34777, CVE-2024-35247, CVE-2024-35927,  CVE-2024-36014, CVE-2024-36015, CVE-2024-36032, CVE-2024-36270,  CVE-2024-36286, CVE-2024-36489, CVE-2024-36894, CVE-2024-36971,  CVE-2024-36972, CVE-2024-36974, CVE-2024-36978, CVE-2024-37078,  CVE-2024-37356, CVE-2024-38381, CVE-2024-38546, CVE-2024-38547,  CVE-2024-38548, CVE-2024-38549, CVE-2024-38550, CVE-2024-38552,  CVE-2024-38555, CVE-2024-38558, CVE-2024-38559, CVE-2024-38560,  CVE-2024-38565, CVE-2024-38567, CVE-2024-38571, CVE-2024-38573,  CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38582,  CVE-2024-38583, CVE-2024-38586, CVE-2024-38587, CVE-2024-38588,  CVE-2024-38589, CVE-2024-38590, CVE-2024-38591, CVE-2024-38596,  CVE-2024-38597, CVE-2024-38598, CVE-2024-38599, CVE-2024-38601,  CVE-2024-38605, CVE-2024-38607, CVE-2024-38610, CVE-2024-38612,  CVE-2024-38613, CVE-2024-38615, CVE-2024-38618, CVE-2024-38619,  CVE-2024-38621, CVE-2024-38623, CVE-2024-38624, CVE-2024-38627,  CVE-2024-38633, CVE-2024-38634, CVE-2024-38635, CVE-2024-38637,  CVE-2024-38659, CVE-2024-38661, CVE-2024-38662, CVE-2024-38780,  CVE-2024-39276, CVE-2024-39277, CVE-2024-39301, CVE-2024-39466,  CVE-2024-39467, CVE-2024-39468, CVE-2024-39469, CVE-2024-39471,  CVE-2024-39475, CVE-2024-39480, CVE-2024-39482, CVE-2024-39487,  CVE-2024-39488, CVE-2024-39489, CVE-2024-39490, CVE-2024-39493,  CVE-2024-39495, CVE-2024-39499, CVE-2024-39500, CVE-2024-39501,  CVE-2024-39502, CVE-2024-39503, CVE-2024-39505, CVE-2024-39506,  CVE-2024-39507, CVE-2024-39509, CVE-2024-40901, CVE-2024-40902,  CVE-2024-40904, CVE-2024-40905, CVE-2024-40908, CVE-2024-40911,  CVE-2024-40912, CVE-2024-40914, CVE-2024-40916, CVE-2024-40927,  CVE-2024-40929, CVE-2024-40931, CVE-2024-40932, CVE-2024-40934,  CVE-2024-40937, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943,  CVE-2024-40945, CVE-2024-40954, CVE-2024-40956, CVE-2024-40957,  CVE-2024-40958, CVE-2024-40959, CVE-2024-40960, CVE-2024-40961,  CVE-2024-40963, CVE-2024-40967, CVE-2024-40968, CVE-2024-40970,  CVE-2024-40971, CVE-2024-40974, CVE-2024-40976, CVE-2024-40978,  CVE-2024-40980, CVE-2024-40981, CVE-2024-40983, CVE-2024-40984,  CVE-2024-40987, CVE-2024-40988, CVE-2024-40990, CVE-2024-40994,  CVE-2024-40995, CVE-2024-41000, CVE-2024-41002, CVE-2024-41004,  CVE-2024-41005, CVE-2024-41006, CVE-2024-41007, CVE-2024-41027,  CVE-2024-41034, CVE-2024-41035, CVE-2024-41040, CVE-2024-41041,  CVE-2024-41044, CVE-2024-41046, CVE-2024-41047, CVE-2024-41048,  CVE-2024-41049, CVE-2024-41055, CVE-2024-41087, CVE-2024-41089,  CVE-2024-41092, CVE-2024-41093, CVE-2024-41095, CVE-2024-41097,  CVE-2024-42068, CVE-2024-42070, CVE-2024-42076, CVE-2024-42077,  CVE-2024-42080, CVE-2024-42082, CVE-2024-42084, CVE-2024-42085,  CVE-2024-42086, CVE-2024-42087, CVE-2024-42089, CVE-2024-42090,  CVE-2024-42092, CVE-2024-42093, CVE-2024-42094, CVE-2024-42095,  CVE-2024-42096, CVE-2024-42097, CVE-2024-42098, CVE-2024-42101,  CVE-2024-42102, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,  CVE-2024-42109, CVE-2024-42115, CVE-2024-42119, CVE-2024-42120,  CVE-2024-42121, CVE-2024-42124, CVE-2024-42127, CVE-2024-42130,  CVE-2024-42131, CVE-2024-42137, CVE-2024-42140, CVE-2024-42145,  CVE-2024-42148, CVE-2024-42152, CVE-2024-42153, CVE-2024-42154,  CVE-2024-42157, CVE-2024-42161, CVE-2024-42223, CVE-2024-42224,  CVE-2024-42225, CVE-2024-42229, CVE-2024-42232, CVE-2024-42236,  CVE-2024-42240, CVE-2024-42244, CVE-2024-42247Package Information:  https://launchpad.net/ubuntu/+source/linux/5.15.0-121.131  https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1069.75  https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1068.76  https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1066.72  https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1052.59  https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1062.65  https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1064.70  https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1066.71  https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1064.65  https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1067.73  https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1062.65  https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1069.75~20.04.1  https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1068.76~20.04.1  https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1052.59~20.04.1  https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-121.131~20.04.1  https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1064.70~20.04.1

Ubuntu Security Notice USN-7007-1

A hacker claims to have stolen 440 GB of data from cybersecurity firm Fortinet, exploiting an Azure SharePoint…

A hacker claims to have stolen 440 GB of data from cybersecurity firm Fortinet, exploiting an Azure SharePoint vulnerability. The breach, dubbed “Fortileak,” was revealed on a forum with access credentials shared online.

A hacker using the alias “Fortibitch” has claimed responsibility for leaking 440 GB of data belonging to Fortinet, a prominent cybersecurity firm based in Sunnyvale, California. The hacker stated that the stolen data is now accessible for download via an Amazon S3 bucket, with details of the breach and access credentials shared on the popular underground forum, Breach Forum.

**The Breach: Fortileak**

Dubbed _Fortileak_ by the hacker, the breach allegedly originates from an exposure in Fortinet’s Azure SharePoint instance. In the forum post, the hacker pointed out recent acquisitions by Fortinet, including the Data Loss Prevention (DLP) firm Next DLP and the cloud security company Lacework. They then claimed that Fortinet’s Azure SharePoint had been compromised, allowing for the extraction of the substantial data cache.

The full scope of the compromised data remains unclear, though the hacker emphasized that the breach involves Fortinet’s cloud infrastructure. The hacker provided the following credentials for accessing the alleged stolen data:

Screenshot: Hackread.com

**Ransom Demands and Negotiation Breakdown**

In a further twist, the hacker claimed that Fortinet’s CEO, Ken Xie, walked away from ransom negotiations. In the forum post, the hacker ridiculed Xie, alleging that the CEO refused to engage, stating that he “would rather eat some p\*\*p than pay ransom.” The hacker also questioned why Fortinet had not filed an SEC 8-K form (PDF)—a document required by public companies to disclose major incidents.

The post also contained a mix of taunts and shout-outs to other individuals or groups, which seemed to further underline the hacker’s brash attitude toward the attack and its aftermath.

**Fortinet’s Response**

Hackread.com reached out to Fortinet for an official comment on the breach. A spokesperson for the company confirmed that an unauthorized individual had gained access to a limited number of files stored on a third-party cloud-based shared file drive. These files included data related to a “small” subset of Fortinet customers.

In their statement to Hackread.com, Fortinet reassured stakeholders that there has been no indication of any malicious activity affecting its customers. They emphasized that the company’s operations, products, and services have not been impacted by the breach. Fortinet stated that they have already communicated directly with the affected customers and are continuing to monitor the situation closely.

> _“An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers, and we have communicated directly with customers as appropriate. To-date there is no indication that this incident has resulted in malicious activity affecting any customers. Fortinet’s operations, products, and services have not been impacted.”_
> 
> Fortinet Spokesperson

This is not the first time Fortinet has faced a cybersecurity incident. Last year, Chinese hackers were reported to be exploiting a zero-day vulnerability in the company’s products. In another instance, hackers were found exploiting a vulnerability in FortiOS, the operating system for Fortinet’s security appliances, to compromise organizations and customers.

Nevertheless, for now, the full extent of the breach remains under investigation, and it is unclear whether the alleged stolen data will be used maliciously or if the ransom negotiations will have any further developments. As more information emerges, both customers and cybersecurity professionals will be watching closely to assess the impact of this incident.

1.  **World’s Leading Cybersecurity Firm Kaspersky Hacked**
2.  **CISA and Fortinet Warns of New FortiOS Zero-Day Flaws**
3.  **X Account of Google Cybersecurity Firm Mandiant Hacked**
4.  **Cybersecurity Firm Hacks Itself, Finds AWS Credentials Leak**
5.  **Hackers dump plain-text login credentials of Fortinet VPN users**

Tag

#amazon