Protection ranged from 0.38% to 50.57% for security effectiveness.

PRESS RELEASE

AUSTIN, Texas, Nov. 26, 2024 /PRNewswire/ -- CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed an independent "Mini-Test" of Cloud Service Provider (CSP) Native Firewalls from Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Security effectiveness protection ranged from 0.38% to 50.57%.

In today's cloud-centric environment, businesses often face a critical choice regarding the security of their cloud infrastructure. They can rely on firewalls offered directly by Cloud Service Providers (CSPs) or use independent security vendor firewall offerings typically available through the respective CSP's marketplace. Security effectiveness is a crucial factor in selecting the right firewall solution, as it directly impacts the organization's ability to protect against cyber threats.

The CSP firewalls were tested against 522 exploits using Keysight's CyPerf v5.0 software testing platform, offering an evidence-based look at how well these native solutions withstand real-world security threats. Only known Common Vulnerabilities and Exposures (CVEs) from the last ten years with a severity of medium or higher were used to assess security effectiveness, usability, and protection. The exploit (CVE) types targeted servers and are typically relevant to cloud workload deployments.

"This was designed to be an entry level test," said Vikram Phatak, CEO of CyberRatings.org. "The exploits were straightforward; we didn't apply any evasions which is normally how attackers bypass security products. The number of missed exploits is concerning. Until cloud native firewalls demonstrate they have a higher level of security effectiveness to protect against cyber threats, we strongly recommend that customers consider third-party providers with a proven track record."

This test is part one of a two-part test. Part two will include a higher number of exploits, along with evasions and malware. The second part of the test will also compare cloud service provider native solutions against market leading third-party cloud network firewall providers.

The native firewalls were tested using Keysight's CyPerf v5.0 software testing platform. Enterprises can easily replicate the results with a 2-week free trial from Keysight. Further details of the strike library can be found here: https://www.keysight.com/us/en/products/network-test/cloud-test/cyperf.html

The test report is available for free at cyberratings.org.

About CyberRatings.org 

CyberRatings.org is a 501(c)6 non-profit organization dedicated to providing confidence in cybersecurity products and services through our research and testing programs. We provide enterprises with independent, objective ratings of security product efficacy to make informed decisions. To become a member, visit www.cyberratings.org and follow us on LinkedIn.

SOURCE  CyberRatings.org

CyberRatings.org Announces Test Results for Cloud Service Provider Native Firewalls

### Summary
A server side request forgery vuln was found within geonode when testing on a bug bounty program. Server side request forgery allows a user to request information on the internal service/services.

### Details
The endpoint /proxy/?url= does not properly protect against SSRF. when using the following format you can request internal hosts and display data. /proxy/?url=http://169.254.169.254\@whitelistedIPhere. This will state wether the AWS internal IP is alive. If you get a 404, the host is alive. A non alive host will not display a response. To display metadata, use a hashfrag on the url /proxy/?url=http://169.254.169.254\@#whitelisteddomain.com or try   /proxy/?url=http://169.254.169.254\@%23whitelisteddomain.com

### Impact
Port scan internal hosts, and request information from internal hosts.


Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-rmxg-6qqf-x8mr: GeoNode Server Side Request forgery

PRESS RELEASE

New York City, NY. November 21, 2024 – Apono, the leader in privileged access for the cloud, today announced an update to the Apono Cloud Access Platform that enables users to automatically discover and revoke standing access to resources across their cloud environments. Users can then create guardrails for sensitive resources, allowing Apono to process and assess access requests, and quickly provide Just-in-Time, Just-Enough access to users when needed. Today’s update will be available across all three major cloud service providers, with AWS being the first to launch, followed by Azure and Google Cloud Platform. 

“Today’s update enriches the Apono Cloud Access Platform’s unique combination of automated discovery, assessment, management, and enforcement capabilities,” said Rom Carmel, CEO and Co-founder of Apono. “With deep visibility across the cloud, seamless permission revocation, and automated Just-in-time, Just-Enough Access, we eliminate one of the largest risks organizations face while ensuring development teams can innovate rapidly with seamless access within secure guardrails. This powerful combination is essential for modern businesses, unlocking a new level of security and productivity for our customers.” 

Standing access within the cloud has long been a prime target for cybercriminals, enabling them to swiftly escalate both horizontally and vertically during a breach. However, security teams have lacked complete visibility over existing standing access, leaving critical vulnerabilities across the user base. Additionally, security teams have been reluctant to revoke existing standing access due to the risk of impacting users' day-to-day needs, which can ultimately lead to significantly hampering business operations across the organization.  

Today’s update allows users to overcome this challenge by enabling security teams to: 

Gain complete visibility over user permissions, identifying 100% of standing user entitlements in the cloud and where high-risk, standing privileges exist. 

Confidently and seamlessly remove 95% of standing entitlements without impacting business operations.  

Use critical insights on high-risk permissions to inform remediation plans, guide administrators in establishing access flows, and automatically grant Just-in-Time, Just-Enough access to cloud resources for only the required duration before access is revoked again. 

“Over-privileged access is one of the most significant risks to identity security that organizations face today, and it's made even more challenging to manage by expanding cloud environments. At the same time, to keep pace, organizations need to grant permissions dynamically to support day-to-day work. This creates a complex obstacle: how can an organization grant the necessary access for productivity while also enhancing its identity security?” said Simon Moffatt, Founder and Analyst, The Cyber Hut, “With this in mind, delivering Just-in-Time and Just-Enough Access across cloud services should be the goal of modern identity management. An approach to solve this will help companies significantly reduce their attack surface while ensuring a seamless access experience for their workforce.” 

Apono will provide in-person demonstrations of today's update and the complete Apono Cloud Access Platform at AWS re:Invent from December 2-6. Click here to learn more.  

For more information, visit the Apono website here: www.apono.io. 

You May Also Like

Apono Enhances Platform Enabling Permission Revocation and Automated Access

Forces Penpals, a social network for US and UK military personnel, exposed the sensitive data of 1.1M users,…

Forces Penpals, a social network for US and UK military personnel, exposed the sensitive data of 1.1M users, including SSNs, personal details, and proof of service. Learn about the incident and its possible impact.

Forces Penpals, a dating service and social network for members of the US and UK armed forces and their supporters since 2002, was found leaking personal details of over 1.1 million registered users.

This issue was identified by Jeremiah Fowler, a prominent cybersecurity researcher recognized for uncovering and advising on securing **misconfigured cloud servers** and databases.

According to Fowler’s **report** for VPNmentor, shared with Hackread.com ahead of its publication on November 20, 2024, the data belonged to Conduitor Limited, which publicly trades as Forces Penpals.

****The Exposed Data****

The analysis revealed that the leaked information included both Personally Identifiable Information (PII) and sensitive images. Additionally, the exposed data contained Social Security Numbers (SSNs) of unsuspecting users. This echoes the August 6, 2024, breach at National Public Data, where a hacker leaked 3.6 billion records from users in the USA, Canada, and the UK, which also included billions of SSNs.

In the case of Forces Penpals, the server exposed the following data:

*   **Images**
*   **Locations**
*   **Full names**
*   **Mailing addresses**
*   **Social Security Numbers**
*   **National Insurance Numbers (Similar to SSN in the UK).**

Fowler noted that the server also contained additional data that should not have been exposed. This included documents such as proof of service, military ranks, the branch of service the individual belongs to, and other sensitive details.

> _“The publicly exposed database was not password-protected or encrypted. It contained a total of 1,187,296 documents. In a limited sampling, a majority of the documents I saw were user images, while others were photos of potentially sensitive proof of service documents.”_  
> 
> Jeremiah Fowler

Screenshot from the exposed data (Screenshot via VPNmentor)

****Current Status****

Forces Penpals has acknowledged the breach, attributing it to a coding error that misdirected documents and left a directory listing publicly accessible. The company has since taken steps to secure the database.

However, it is still unclear whether any malicious actors accessed the exposed information. Forces Penpals has yet to disclose the duration of the exposure or report any signs of suspicious activity.

It is also unclear whether the data was leaked through the website or the company’s iOS and Android apps. Nevertheless, this incident is a reminder for similar services to focus on data security and safeguard their users’ privacy from growing cyber threats.

1.  **Data Leak Exposes Indian Police, Military Biometric Data**
2.  **US military personnel defrauded into losing $822m in scams**
3.  **British Military’s Twitter and YouTube Hacked in Crypto Scam**
4.  **US Military Targeted by Smartwatches Linked to Data Breaches**
5.  **Misconfigured AWS Buckets Expose US Military Spying Campaign**

US and UK Military Social Network “Forces Penpals” Exposes SSN, PII Data

Ubuntu Security Notice 7120-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7120-2November 20, 2024linux-aws-6.8, linux-azure, linux-azure-6.8, linux-oracle-6.8,vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-aws-6.8: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-6.8: Linux kernel for Microsoft Azure cloud systems- linux-oracle-6.8: Linux kernel for Oracle Cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - File systems infrastructure;  - Network traffic control;(CVE-2024-46800, CVE-2024-43882)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1018-azure    6.8.0-1018.21  linux-image-6.8.0-1018-azure-fde  6.8.0-1018.21  linux-image-azure               6.8.0-1018.21  linux-image-azure-fde           6.8.0-1018.21Ubuntu 22.04 LTS  linux-image-6.8.0-1016-oracle   6.8.0-1016.17~22.04.1  linux-image-6.8.0-1016-oracle-64k  6.8.0-1016.17~22.04.1  linux-image-6.8.0-1018-azure    6.8.0-1018.21~22.04.1  linux-image-6.8.0-1018-azure-fde  6.8.0-1018.21~22.04.1  linux-image-6.8.0-1019-aws      6.8.0-1019.21~22.04.1  linux-image-aws                 6.8.0-1019.21~22.04.1  linux-image-azure               6.8.0-1018.21~22.04.1  linux-image-azure-fde           6.8.0-1018.21~22.04.1  linux-image-oracle              6.8.0-1016.17~22.04.1  linux-image-oracle-64k          6.8.0-1016.17~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7120-2  https://ubuntu.com/security/notices/USN-7120-1  CVE-2024-43882, CVE-2024-46800Package Information:  https://launchpad.net/ubuntu/+source/linux-azure/6.8.0-1018.21  https://launchpad.net/ubuntu/+source/linux-aws-6.8/6.8.0-1019.21~22.04.1  https://launchpad.net/ubuntu/+source/linux-azure-6.8/6.8.0-1018.21~22.04.1  https://launchpad.net/ubuntu/+source/linux-oracle-6.8/6.8.0-1016.17~22.04.1

Ubuntu Security Notice USN-7120-2

Ubuntu Security Notice 7121-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7121-1November 19, 2024linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-kvm: Linux kernel for cloud environments- linux-oracle: Linux kernel for Oracle Cloud systems- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe: Linux hardware enablement (HWE) kernelDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM64 architecture;  - S390 architecture;  - x86 architecture;  - Block layer subsystem;  - Cryptographic API;  - ATM drivers;  - Device frequency scaling framework;  - GPU drivers;  - Hardware monitoring drivers;  - VMware VMCI Driver;  - Network drivers;  - Device tree and open firmware driver;  - SCSI drivers;  - Greybus lights staging drivers;  - BTRFS file system;  - File systems infrastructure;  - F2FS file system;  - JFS file system;  - NILFS2 file system;  - Netfilter;  - Memory management;  - Ethernet bridge;  - IPv6 networking;  - IUCV driver;  - Logical Link layer;  - MAC80211 subsystem;  - NFC subsystem;  - Network traffic control;  - Unix domain sockets;(CVE-2023-52614, CVE-2024-26633, CVE-2024-46758, CVE-2024-46723,CVE-2023-52502, CVE-2024-41059, CVE-2024-44987, CVE-2024-36020,CVE-2023-52599, CVE-2023-52639, CVE-2024-26668, CVE-2024-42094,CVE-2022-48938, CVE-2022-48733, CVE-2024-27397, CVE-2023-52578,CVE-2024-38560, CVE-2024-38538, CVE-2024-42310, CVE-2024-46722,CVE-2024-46800, CVE-2024-41095, CVE-2024-42104, CVE-2024-35877,CVE-2022-48943, CVE-2024-46743, CVE-2023-52531, CVE-2024-46757,CVE-2024-36953, CVE-2024-46756, CVE-2024-38596, CVE-2023-52612,CVE-2024-38637, CVE-2024-41071, CVE-2024-46759, CVE-2024-43882,CVE-2024-26675, CVE-2024-43854, CVE-2024-44942, CVE-2024-44998,CVE-2024-42240, CVE-2024-41089, CVE-2024-26636, CVE-2024-46738,CVE-2024-42309)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  linux-image-4.15.0-1137-oracle  4.15.0-1137.148                                  Available with Ubuntu Pro  linux-image-4.15.0-1158-kvm     4.15.0-1158.163                                  Available with Ubuntu Pro  linux-image-4.15.0-1168-gcp     4.15.0-1168.185                                  Available with Ubuntu Pro  linux-image-4.15.0-1175-aws     4.15.0-1175.188                                  Available with Ubuntu Pro  linux-image-4.15.0-1183-azure   4.15.0-1183.198                                  Available with Ubuntu Pro  linux-image-4.15.0-231-generic  4.15.0-231.243                                  Available with Ubuntu Pro  linux-image-4.15.0-231-lowlatency  4.15.0-231.243                                  Available with Ubuntu Pro  linux-image-aws-lts-18.04       4.15.0.1175.173                                  Available with Ubuntu Pro  linux-image-azure-lts-18.04     4.15.0.1183.151                                  Available with Ubuntu Pro  linux-image-gcp-lts-18.04       4.15.0.1168.181                                  Available with Ubuntu Pro  linux-image-generic             4.15.0.231.215                                  Available with Ubuntu Pro  linux-image-kvm                 4.15.0.1158.149                                  Available with Ubuntu Pro  linux-image-lowlatency          4.15.0.231.215                                  Available with Ubuntu Pro  linux-image-oracle-lts-18.04    4.15.0.1137.142                                  Available with Ubuntu Pro  linux-image-virtual             4.15.0.231.215                                  Available with Ubuntu ProUbuntu 16.04 LTS  linux-image-4.15.0-1168-gcp     4.15.0-1168.185~16.04.1                                  Available with Ubuntu Pro  linux-image-4.15.0-1175-aws     4.15.0-1175.188~16.04.1                                  Available with Ubuntu Pro  linux-image-4.15.0-1183-azure   4.15.0-1183.198~16.04.1                                  Available with Ubuntu Pro  linux-image-4.15.0-231-generic  4.15.0-231.243~16.04.1                                  Available with Ubuntu Pro  linux-image-4.15.0-231-lowlatency  4.15.0-231.243~16.04.1                                  Available with Ubuntu Pro  linux-image-aws-hwe             4.15.0.1175.188~16.04.1                                  Available with Ubuntu Pro  linux-image-azure               4.15.0.1183.198~16.04.1                                  Available with Ubuntu Pro  linux-image-gcp                 4.15.0.1168.185~16.04.1                                  Available with Ubuntu Pro  linux-image-generic-hwe-16.04   4.15.0.231.243~16.04.1                                  Available with Ubuntu Pro  linux-image-gke                 4.15.0.1168.185~16.04.1                                  Available with Ubuntu Pro  linux-image-lowlatency-hwe-16.04  4.15.0.231.243~16.04.1                                  Available with Ubuntu Pro  linux-image-oem                 4.15.0.231.243~16.04.1                                  Available with Ubuntu Pro  linux-image-virtual-hwe-16.04   4.15.0.231.243~16.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7121-1  CVE-2022-48733, CVE-2022-48938, CVE-2022-48943, CVE-2023-52502,  CVE-2023-52531, CVE-2023-52578, CVE-2023-52599, CVE-2023-52612,  CVE-2023-52614, CVE-2023-52639, CVE-2024-26633, CVE-2024-26636,  CVE-2024-26668, CVE-2024-26675, CVE-2024-27397, CVE-2024-35877,  CVE-2024-36020, CVE-2024-36953, CVE-2024-38538, CVE-2024-38560,  CVE-2024-38596, CVE-2024-38637, CVE-2024-41059, CVE-2024-41071,  CVE-2024-41089, CVE-2024-41095, CVE-2024-42094, CVE-2024-42104,  CVE-2024-42240, CVE-2024-42309, CVE-2024-42310, CVE-2024-43854,  CVE-2024-43882, CVE-2024-44942, CVE-2024-44987, CVE-2024-44998,  CVE-2024-46722, CVE-2024-46723, CVE-2024-46738, CVE-2024-46743,  CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759,  CVE-2024-46800

Ubuntu Security Notice USN-7121-1

Ubuntu Security Notice 7120-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7120-1November 19, 2024linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-hwe-6.8,linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency,linux-oem-6.8, linux-oracle, linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-nvidia: Linux kernel for NVIDIA systems- linux-nvidia-lowlatency: Linux low latency kernel for NVIDIA systems- linux-oem-6.8: Linux kernel for OEM systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-gcp-6.8: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-6.8: Linux hardware enablement (HWE) kernel- linux-nvidia-6.8: Linux kernel for NVIDIA systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - File systems infrastructure;  - Network traffic control;(CVE-2024-46800, CVE-2024-43882)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1014-gke      6.8.0-1014.18  linux-image-6.8.0-1015-raspi    6.8.0-1015.17  linux-image-6.8.0-1016-ibm      6.8.0-1016.16  linux-image-6.8.0-1016-oracle   6.8.0-1016.17  linux-image-6.8.0-1016-oracle-64k  6.8.0-1016.17  linux-image-6.8.0-1017-oem      6.8.0-1017.17  linux-image-6.8.0-1018-gcp      6.8.0-1018.20  linux-image-6.8.0-1018-nvidia   6.8.0-1018.20  linux-image-6.8.0-1018-nvidia-64k  6.8.0-1018.20  linux-image-6.8.0-1018-nvidia-lowlatency  6.8.0-1018.20.1  linux-image-6.8.0-1018-nvidia-lowlatency-64k  6.8.0-1018.20.1  linux-image-6.8.0-1019-aws      6.8.0-1019.21  linux-image-6.8.0-49-generic    6.8.0-49.49  linux-image-6.8.0-49-generic-64k  6.8.0-49.49  linux-image-aws                 6.8.0-1019.21  linux-image-gcp                 6.8.0-1018.20  linux-image-generic             6.8.0-49.49  linux-image-generic-64k         6.8.0-49.49  linux-image-generic-64k-hwe-24.04  6.8.0-49.49  linux-image-generic-hwe-24.04   6.8.0-49.49  linux-image-generic-lpae        6.8.0-49.49  linux-image-gke                 6.8.0-1014.18  linux-image-ibm                 6.8.0-1016.16  linux-image-ibm-classic         6.8.0-1016.16  linux-image-ibm-lts-24.04       6.8.0-1016.16  linux-image-kvm                 6.8.0-49.49  linux-image-nvidia              6.8.0-1018.20  linux-image-nvidia-64k          6.8.0-1018.20  linux-image-nvidia-lowlatency   6.8.0-1018.20.1  linux-image-nvidia-lowlatency-64k  6.8.0-1018.20.1  linux-image-oem-24.04           6.8.0-1017.17  linux-image-oem-24.04a          6.8.0-1017.17  linux-image-oracle              6.8.0-1016.17  linux-image-oracle-64k          6.8.0-1016.17  linux-image-raspi               6.8.0-1015.17  linux-image-virtual             6.8.0-49.49  linux-image-virtual-hwe-24.04   6.8.0-49.49Ubuntu 22.04 LTS  linux-image-6.8.0-1018-gcp      6.8.0-1018.20~22.04.1  linux-image-6.8.0-1018-nvidia   6.8.0-1018.20~22.04.1  linux-image-6.8.0-1018-nvidia-64k  6.8.0-1018.20~22.04.1  linux-image-6.8.0-49-generic    6.8.0-49.49~22.04.1  linux-image-6.8.0-49-generic-64k  6.8.0-49.49~22.04.1  linux-image-gcp                 6.8.0-1018.20~22.04.1  linux-image-generic-64k-hwe-22.04  6.8.0-49.49~22.04.1  linux-image-generic-hwe-22.04   6.8.0-49.49~22.04.1  linux-image-nvidia-6.8          6.8.0-1018.20~22.04.1  linux-image-nvidia-64k-6.8      6.8.0-1018.20~22.04.1  linux-image-nvidia-64k-hwe-22.04  6.8.0-1018.20~22.04.1  linux-image-nvidia-hwe-22.04    6.8.0-1018.20~22.04.1  linux-image-oem-22.04           6.8.0-49.49~22.04.1  linux-image-oem-22.04a          6.8.0-49.49~22.04.1  linux-image-oem-22.04b          6.8.0-49.49~22.04.1  linux-image-oem-22.04c          6.8.0-49.49~22.04.1  linux-image-oem-22.04d          6.8.0-49.49~22.04.1  linux-image-virtual-hwe-22.04   6.8.0-49.49~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7120-1  CVE-2024-43882, CVE-2024-46800Package Information:  https://launchpad.net/ubuntu/+source/linux/6.8.0-49.49  https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1019.21  https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1018.20  https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1014.18  https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1016.16  https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1018.20  https://launchpad.net/ubuntu/+source/linux-nvidia-lowlatency/6.8.0-1018.20.1  https://launchpad.net/ubuntu/+source/linux-oem-6.8/6.8.0-1017.17  https://launchpad.net/ubuntu/+source/linux-oracle/6.8.0-1016.17  https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1015.17  https://launchpad.net/ubuntu/+source/linux-gcp-6.8/6.8.0-1018.20~22.04.1  https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-49.49~22.04.1  https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1018.20~22.04.1

Ubuntu Security Notice USN-7120-1

Qualys released QScanner – a console vulnerability scanner for container images. Feed it an image and get a list of vulnerabilities (a la Trivy). It supports: “Local Runtimes: Scan images from Docker, Containerd, or Podman.Local Archives: Analyze Docker images or OCI layouts from local files.Remote Registries: Connect to AWS ECR, Azure Container Registry, JFrog, GHCR, […]

**Qualys** **released** **QScanner – a console vulnerability scanner for container images.** Feed it an image and get a list of vulnerabilities (a la Trivy).

It supports:

_“Local Runtimes: Scan images from Docker, Containerd, or Podman.  
Local Archives: Analyze Docker images or OCI layouts from local files.  
Remote Registries: Connect to AWS ECR, Azure Container Registry, JFrog, GHCR, and more.”_

Capabilities:

🔹 Detects OS package vulnerabilities  
🔹 Software Composition Analysis (SCA) for Ruby, Rust, PHP, Java, Go, Python, .NET and Node.js applications.  
🔹 Detects secrets (passwords, API keys and tokens)

**But it’s not free.** 🤷‍♂️💸🙂 All cases, except SBOM generation, require ACCESS\_TOKEN and Platform POD. QScanner is the interface of Qualys Container Security module.

It can be used for:

🔸 scanning local images on developers’ desktops  
🔸 integration into CI/CD pipelines  
🔸 integration with registries

The concept is interesting. 👍

На русском

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

Qualys released QScanner – a console vulnerability scanner for container images

Ubuntu Security Notice 7110-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7110-1November 14, 2024linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 LTS- Ubuntu 14.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-kvm: Linux kernel for cloud environments- linux-lts-xenial: Linux hardware enablement kernel from Xenial for TrustyDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - Cryptographic API;  - HW tracing;  - ISDN/mISDN subsystem;  - Media drivers;  - Network drivers;  - SCSI drivers;  - USB DSL drivers;  - VFIO drivers;  - Watchdog drivers;  - JFS file system;  - Amateur Radio drivers;  - IPv4 networking;  - IUCV driver;  - TIPC protocol;  - Integrity Measurement Architecture(IMA) framework;  - SoC Audio for Freescale CPUs drivers;  - USB sound devices;(CVE-2024-42229, CVE-2024-27436, CVE-2024-42271, CVE-2024-46673,CVE-2024-42284, CVE-2024-26810, CVE-2024-38602, CVE-2024-42280,CVE-2024-43858, CVE-2024-42089, CVE-2024-44940, CVE-2024-42223,CVE-2024-39487, CVE-2024-41097, CVE-2024-26812, CVE-2024-38627,CVE-2024-38630, CVE-2023-52528, CVE-2024-39494, CVE-2024-38621)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 LTS  linux-image-4.4.0-1138-kvm      4.4.0-1138.148                                  Available with Ubuntu Pro  linux-image-4.4.0-1175-aws      4.4.0-1175.190                                  Available with Ubuntu Pro  linux-image-4.4.0-260-generic   4.4.0-260.294                                  Available with Ubuntu Pro  linux-image-4.4.0-260-lowlatency  4.4.0-260.294                                  Available with Ubuntu Pro  linux-image-aws                 4.4.0.1175.179                                  Available with Ubuntu Pro  linux-image-generic             4.4.0.260.266                                  Available with Ubuntu Pro  linux-image-generic-lts-xenial  4.4.0.260.266                                  Available with Ubuntu Pro  linux-image-kvm                 4.4.0.1138.135                                  Available with Ubuntu Pro  linux-image-lowlatency          4.4.0.260.266                                  Available with Ubuntu Pro  linux-image-lowlatency-lts-xenial  4.4.0.260.266                                  Available with Ubuntu Pro  linux-image-virtual             4.4.0.260.266                                  Available with Ubuntu Pro  linux-image-virtual-lts-xenial  4.4.0.260.266                                  Available with Ubuntu ProUbuntu 14.04 LTS  linux-image-4.4.0-1137-aws      4.4.0-1137.143                                  Available with Ubuntu Pro  linux-image-4.4.0-260-generic   4.4.0-260.294~14.04.1                                  Available with Ubuntu Pro  linux-image-4.4.0-260-lowlatency  4.4.0-260.294~14.04.1                                  Available with Ubuntu Pro  linux-image-aws                 4.4.0.1137.134                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7110-1  CVE-2023-52528, CVE-2024-26810, CVE-2024-26812, CVE-2024-27436,  CVE-2024-38602, CVE-2024-38621, CVE-2024-38627, CVE-2024-38630,  CVE-2024-39487, CVE-2024-39494, CVE-2024-41097, CVE-2024-42089,  CVE-2024-42223, CVE-2024-42229, CVE-2024-42271, CVE-2024-42280,  CVE-2024-42284, CVE-2024-43858, CVE-2024-44940, CVE-2024-46673

Ubuntu Security Notice USN-7110-1

Cloud service providers are getting better at protecting data, pushing adversaries to develop new cloud ransomware scripts to target PHP applications, a new report says.

Instead of solely leaning on leaky buckets and cloud service provider (CSP) vulnerabilities to exfiltrate sensitive data, a fresh crop of cloud-targeting ransomware is aimed instead at exploiting unprotected Web applications to drop encryptors and lock up victims' data.

The pivot to focusing on PHP applications demonstrates the success that CSPs have had in shoring up their environments with policies like AWS's Key Management Service, according to a new report from SentinelOne on the state of cloud ransomware landscape in 2024. CSPs can now ensure that almost no data is really lost, thanks to policies that require a waiting period and confirmation before data can be deleted. There are some fairly exotic malicious workarounds for some of these protections, but attacks can easily be blocked by implementing service control policies, the report said.

**Cloud Ransomware's New Look at Web Applications**

Cloud ransomware operators have started to mine Web applications for opportunities in increasing volumes, according to SentinelOne.

"Web applications are often run via cloud services," SentinelOne's report explained. "Their more minimal nature makes cloud environments a natural hosting point where the applications are easier to manage and require less configuration and upkeep than running on a full operating system. However, Web applications themselves are vulnerable to extortion attacks."

Related:5 Ways to Save Your Organization From Cloud Security Threats

Analysis uncovered new ransomware scripts specifically developed to attack PHP applications — such as a Python script named "Pandora," and another attributed to Indonesian-based threat actor IndoSec group.

"The Pandora script uses AES encryption to target several types of systems, including PHP servers, Android, and Linux," the report added. "The PHP ransom functions encrypt files using AES via the OpenSSL library. The Pandora Python script runs on the Web server, writing the PHP code output to the path pandora/Ransomware with a file name provided as an argument at runtime and appended with the php extension."

The ransom script targeting PHP applications developed by IndoSec uses a PHP backdoor to manage and delete files, according to the report. It searches through directories, reads, and then encodes the file contents using a Web service's API.

"This is an interesting approach because the encryption is provided through a remote service, rather than using native functionality like many other tools," the report noted.

**Using Legitimate Cloud-Native Functions to Steal Data**

Aside from trying to breach them, adversaries have also figured out how to use these cloud services themselves to exfiltrate stolen data, the report explained. SentinelOne offers the example of September Rhysdia and BianLian cloud ransomware attacks that abandoned their historical exfiltration tools like MEGAsync and rclone, and instead used Azure Storage Explorer to download the data. The following month, the LockBit ransomware group was discovered using Amazon's S3 storage to exfiltrate data from Windows and macOS systems, SentinelOne added.

Related:Google AI Platform Bugs Leak Proprietary Enterprise LLMs

In keeping with the trend, the SentinelOne research identified a new Python script on VirusTotal it named "RansomES." This code is designed to infiltrate a Windows system, look for files with extensions that indicate the file contains data, including .doc, .xls, .jpg, .png, or .txt. Once those files have been identified, the RansomES code allows the ransomware attacker to exfiltrate those files to an S3 storage bucket or an FTP site, and encrypt the local versions.

"RansomES is a simple script, and we do not believe it has been used in the wild," the report noted. "The author included an Internet connectivity check to the WannaCry killswitch domain, which may suggest the script was developed by a researcher or someone with an interest in threat intelligence."

Related:2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit

The key to protecting data against Web application cloud ransomware attacks is to assess the overall cloud environment to protect against misconfigurations and overly permissive storage buckets, the report concluded.

"Additionally, always enforce good identity management practices such as requiring MFA on all admin accounts, and deploy runtime protection against all cloud workloads and resources," according to SentinelOne.

Tag

#aws