Piotr Bania of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered two memory corruption vulnerabilities in shader functionality of an NVIDIA driver.
NVIDIA Graphics drivers are software for NVIDIA Graphics GPU installed on the PC. They are used to communicate between the operating system and the GPU device. This

Tuesday, December 6, 2022 11:12

_Piotr Bania of Cisco Talos discovered these vulnerabilities._

Cisco Talos recently discovered two memory corruption vulnerabilities in shader functionality of an NVIDIA driver.

NVIDIA Graphics drivers are software for NVIDIA Graphics GPU installed on the PC. They are used to communicate between the operating system and the GPU device. This software is required in most cases for the hardware device to function properly.

Two exploitable memory corruption vulnerabilities exist in the NVIDIA graphics driver: TALOS-2022-1603 (CVE-2022-34671) and TALOS-2022-1604 (CVE-2022-34671). An attacker can use arbitrary code execution to trigger these vulnerabilities. These vulnerabilities could also potentially be triggered from guest machines running virtualization environments (ie. VMware, qemu, VirtualBox, etc.) in order to perform guest-to-host escape.

Cisco Talos worked with NVIDIA to ensure that these issues were resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update this affected product as soon as possible: NVIDIA D3D10 Driver, Version 516.94 , 31.0.15.1694. Talos tested and confirmed this version of the NVIDIA could be exploited by these vulnerabilities.

The following Snort rules will detect exploitation attempts against these vulnerabilities: 60606-60607 and 60611-60612. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Vulnerability Spotlight: NVIDIA driver memory corruption vulnerabilities discovered

A persistent intrusion campaign has set its eyes on telecommunications and business process outsourcing (BPO) companies at lease since June 2022.
"The end objective of this campaign appears to be to gain access to mobile carrier networks and, as evidenced in two investigations, perform SIM swapping activity," CrowdStrike researcher Tim Parisi said in an analysis published last week.
The

SIM Swapping / Network Intrusion

A persistent intrusion campaign has set its eyes on telecommunications and business process outsourcing (BPO) companies at lease since June 2022.

"The end objective of this campaign appears to be to gain access to mobile carrier networks and, as evidenced in two investigations, perform SIM swapping activity," CrowdStrike researcher Tim Parisi said in an analysis published last week.

The financially motivated attacks have been attributed by the cybersecurity company to an actor tracked as Scattered Spider.

Initial access to the target environment is said to be undertaken through a variety of methods ranging from social engineering using phone calls and messages sent via Telegram to impersonate IT personnel.

This technique is leveraged to direct victims to a credential harvesting site or trick them into installing commercial remote monitoring and management (RMM) tools like Zoho Assist and Getscreen.me.

Should the target accounts be secured by two-factor authentication (2FA), the threat actor either convinced the victim into sharing the one-time password or employed a technique called prompt bombing, which was put to use in the recent breaches of Cisco and Uber.

In an alternative infection chain observed by CrowdStrike, a user's stolen credentials previously obtained through unknown means were used by the adversary to authenticate to the organization's Azure tenant.

Another instance involved the exploitation of a critical remote code execution bug in ForgeRock OpenAM access management solution (CVE-2021-35464) that came under active exploitation last year.

Many of the attacks also involved Scattered Spider gaining access to the compromised entity's multi-factor authentication (MFA) console to enroll their own devices for persistent remote access through legitimate remote access tools to avoid raising red flags.

Initial access and persistence steps are followed by reconnaissance of Windows, Linux, Google Workspace, Azure Active Directory, Microsoft 365, and AWS environments as well as conducting lateral movement, while also downloading additional tools to exfiltrate VPN and MFA enrollment data in select cases.

"These campaigns are extremely persistent and brazen," Parisi noted. "Once the adversary is contained or operations are disrupted, they immediately move to target other organizations within the telecom and BPO sectors."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Telcom and BPO Companies Under Attack by SIM Swapping Hackers

Cisco Talos Incident Response (Talos IR) is sharing a white paper on the steps organizations should follow to secure any major event. These ten focus areas should help guide any organizing committee or participating businesses in preparation for securing such events..

Friday, December 2, 2022 10:12

The cyber security of major events, whether they are related to sports, professional conferences, expos or other events can be a time-consuming, complex undertaking. It necessitates a multifaceted approach and the involvement of multiple entities, including but not limited to the vendors, hospitality teams and service providers to facilitate a uniform approach to cybersecurity across the event ecosystem.

Cisco Talos Incident Response (Talos IR) is sharing a white paper on the steps organizations should follow to secure any major event. These ten focus areas should help guide any organizing committee or participating businesses in preparation for securing such events, including the key questions that need to be asked and associated answers.

Protecting major events: an incident response blueprint

Amazon Security Lake will allow organizations to create a purpose-built, standards-based data lake to aggregate and store security data.

Amazon Web Services unveiled the Amazon Security Lake, a standards-based data lake for security data, at this week's AWS re:Invent 2022 conference. The new cybersecurity service will allow organizations to aggregate logs and event data from multiple sources and analyze them to quickly detect and respond to threats.

Security data is usually scattered across an organization's environment, as applications, firewalls, and identity providers maintain their own logs and event data. They are also often in disparate data formats, making it difficult for security teams to aggregate them. Creating processes to normalize data across multiple sources can be costly and time-consuming to build, and managing the data lifecycle is complex.

Many organizations are turning to security data lakes to manage security data from multiple data sources and to integrate with other security tools. These data lakes help centralize and store unlimited amounts of data to power investigations, analytics, threat detection, and compliance initiatives. It also makes it possible to combine the organization's own data with enriched data from other sources for deeper context.

With Amazon Security Lake, organizations will be able to store, analyze, and understand the data collected from both cloud and on-premises infrastructure, the company said. Because Amazon Security Lake supports the Open Cybersecurity Schema Framework (OCSF), an open specification for security telemetry data, it can ingest data from a number of third-party providers. Having the data available in OCSF format means security teams can use the analytics tool of their choice to uncover malicious activity.

“After customers choose their data sources, Amazon Security Lake automatically aggregates and normalizes data from AWS, combines it with third-party sources that support OCSF (an open standard), and optimizes it into a format that is easy to store and query,” AWS said in a statement.   

Amazon Security Lake aggregates data from AWS services, such as CloudTrail, Lambda, AWS Security Hub, GuardDuty, and AWS Firewall Manager, as well as from firewalls and endpoint security products from other companies. Several dozen companies have announced integrations with Amazon Security Lake, including Cisco, CrowdStrike, Palo Alto Networks, Barracuda, Lacework, Trend Micro, and Laminar. Security teams can analyze the data using Amazon's own security services such as Amazon Athena, Amazon OpenSearch, and Amazon SageMaker, as well as third-party providers such as IBM, Splunk, Sumo Logic, Securonix, and SentinelOne.

The data lakes are built using Amazon Simple Storage Service (S3) and AWS Lake Formation, the company said.

AWS Unveils Amazon Security Lake at re:Invent 2022

Marcin ‘Icewall’ Noga of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper.
Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management, compliance and

Thursday, December 1, 2022 10:12

_Marcin ‘Icewall’ Noga of Cisco Talos discovered these vulnerabilities._

Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper.

Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management, compliance and audit purposes.

Talos has identified two directory traversal vulnerabilities that can lead to arbitrary file upload: TALOS-2022-1528 (CVE-2022-32573) and TALOS-2022-1529 (CVE-2022-29517). Two other vulnerabilities exist where directory traversal can lead to arbitrary file read: TALOS-2022-1530 (CVE-2022-29511) and TALOS-2022-1531 (CVE-2022-27498). An attacker can send an HTTP request to trigger these vulnerabilities.

Both TALOS-2022-1532 (CVE-2022-28703) and TALOS-2022-1541 (CVE-2022-32763) are cross-site scripting sanitation bypass vulnerabilities which can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities as well.

Cisco Talos worked with Lansweeper to ensure that these issues were resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update this affected product as soon as possible: Lansweeper 10.1.1.0. Talos tested and confirmed this version of Lansweeper could be exploited by these vulnerabilities.

The following Snort rules will detect exploitation attempts against these vulnerabilities: 59990-59992, 59999-60000, 60001-60002, 60054-60056, 60142-60144 and 60219. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities

Ratings ranged from AAA to CC, with security effectiveness scores from 27% to 100%.

**AUSTIN, Texas, Dec. 1, 2022 /PRNewswire/ —** CyberRatings.org, the non-profit entity dedicated to providing transparency on cybersecurity product efficacy, has completed an independent test of eight market leading security vendors in its first-ever Cloud Network Firewall comparative evaluation. Forcepoint, Fortinet and Juniper's test reports were published earlier in the year, all with 'AAA' ratings. In this latest release of test reports, Check Point and Versa Networks received a 'AAA' rating. Palo Alto Networks received an 'AA,' Sophos an 'A,' and Cisco 'CC.'

The test covered capabilities considered essential in a firewall including basic routing, access control, SSL / TLS decryption, threat prevention (exploits), evasion, performance, stability and reliability, and management. Amazon Web Services (AWS) was the public cloud service chosen to run the test. Ratings were calculated using a scale from 0 to 800.

Key findings include:  

*   Cloud services assume a shared security model, where cloud providers are responsible for the infrastructure and customers are responsible for securing the applications running on the infrastructure.
*   Roughly 80% of web traffic is encrypted and firewall decryption is not on by default: Firewalls will not see/block attacks delivered via (encrypted) HTTPS unless configured to do so.
*   Security vendors are used to controlling the platform on which their products are installed. In the cloud, they do not have that control; vendors are learning how to operate under these new conditions and there will be challenges.
*   Supply Chain attacks are on the rise. Using the cloud means relying on third parties to maintain software supply chain integrity. APIs, code reuse, open-source libraries, not maintained code, and other shared resources introduce unknown risks.

Security effectiveness scores ranged from 27% to 100%. The security effectiveness tests verified how effectively the firewall protected control network access, applications, and users while preventing threats (exploits and evasions), blocking malicious traffic while under extended load, and remaining resistant to false positives. Exploit block rates ranged from 88.3% to 100%. All products achieved 100% for resistance to evasion techniques.

"Security is your problem, not Amazon's," said Vikram Phatak, CEO of CyberRatings.org. "If you are migrating your data center to the cloud, create a plan for securing it." Phatak added. "And if you needed a firewall for your data center, you probably need one for your cloud deployment."

There are different ways consumers can purchase security products for the cloud. The individual test reports reflect the bring-your-own-license model while the comparative report illustrates the pay-as-you-go pricing. Both pricing models provide consumers with options to compare pricing on items important to their own organizations.

The following products were evaluated:

**Check Point Cloud Network Firewall CloudGuard IaaS R81.20-581**

**AAA**

Cisco Firepower Threat Defense for AWS Version 7.2.0

CC

Forcepoint Cloud Network Firewall v6.11

AAA

Fortinet Cloud Network Firewall v7.0.5 Build 0304(GA)

AAA

Juniper Cloud Network Firewall 22.1R1.1

AAA

Palo Alto Networks Cloud Network Firewall PA-VM-AWS-10.2.2

AA

Sophos Cloud Network Firewall SFOS 19.0.0 GA-Build317

A

Versa Networks Cloud Network Firewall Versa-FlexVNF-21.2.3

AAA

To read the CyberRatings reports go to CyberRatings.org.

Cloud Network Firewall test tools were provided by Keysight (CyPerf and Breaking Point), and TeraPackets Threat Replayer.

**About CyberRatings.org**

CyberRatings.org is a non-profit 501(c)6 entity dedicated to quantifying cyber risk and providing transparency on cybersecurity product efficacy through testing and ratings programs. To become a member, visit www.cyberratings.org.

CyberRatings.org Announces Results from First-of-its-Kind Comparative Test on Cloud Network Firewall

Plus: Major patches dropped this month for Chrome, Firefox, VMware, Cisco, Citrix, and SAP.

November saw the release of patches from the likes of Apple’s iOS, Google Chrome, Firefox, and Microsoft Windows to fix multiple security vulnerabilities. Some of these issues are pretty severe, and several have already been exploited by attackers. 

Here’s what you need to know about all the important updates released in the past month.

Apple iOS and iPadOS 16.1.1

Apple has released iOS and iPadOS 16.1.1, which the iPhone maker recommends all users apply. The patch fixes two security vulnerabilities—and given the speed of the release, you can assume they are pretty serious. 

Tracked as CVE-2022-40303 and CVE-2022-40304, the two flaws in the libxml2 software library could allow an attacker to execute code remotely, according to Apple’s support page. The issues were both reported by security researchers working for Google’s Project Zero. 

For Mac users, the flaws were addressed by macOS Ventura 13.0.1.

The good news is, it’s believed neither vulnerability has been exploited by attackers, but it’s still a good idea to apply the update as soon as possible. 

Microsoft Windows

Microsoft’s November Patch Tuesday was another big release, seeing the Windows maker fix 68 vulnerabilities, four of which were zero days. 

Tracked as CVE-2022-41073, the first is a Windows print spooler elevation of privilege vulnerability that could allow a cybercriminal to gain system privileges. Meanwhile, CVE-2022-41125 is a Windows Cryptographic Next Generation key isolation issue that could allow an adversary to escalate privileges and gain control of the system. CVE-2022-41128 is a Windows scripting language vulnerability that could result in remote code execution. Lastly, CVE-2022-41091 is a vulnerability in Microsoft’s Mark of the Web security feature.

Google Android

More big updates for users of Google’s Android devices have arrived in November, with Google issuing patches for multiple vulnerabilities, some of which are serious. At the top of the list is a high-severity vulnerability in the Framework component that could lead to local escalation of privilege, Google said in a security advisory.

The patches in November include two Google Play system updates for issues impacting the Media Framework components (CVE-2022-2209) and WiFi (CVE-2022-20463). Google also fixed five issues affecting its Pixel devices.

The Android updates have started to roll out to Samsung devices, including third- and fourth-generation Galaxy foldables. You can check for the update in your Settings. 

Google Chrome 

The world’s most popular browser continues to be a major target for attackers, with Google this month fixing its eighth zero-day vulnerability this year. 

The vulnerability, tracked as CVE-2022-4135, is a heap buffer overflow in GPU reported by Clement Lecigne, a researcher in Google's own threat analysis group. Google said it “is aware that an exploit for CVE-2022-4135 exists in the wild.”

Earlier in the month, Google issued an update to fix 10 Chrome vulnerabilities, six of which are rated as high-severity. These include four use-after-free bugs: CVE-2022-3885, CVE-2022-3886, CVE-2022-3887, and CVE-2022-3888. Meanwhile, CVE-2022-3889 is a “type confusion” issue in V8, and CVE-2022-3890 is a heap buffer overflow in Crashpad. 

Mozilla Firefox

November was also a big month for Google Chrome competitor Firefox. Mozilla has issued Firefox 107, fixing 19 security vulnerabilities, eight of which are marked as having a high impact. 

One of the most important patches is for CVE-2022-45404, a full-screen notification bypass that could allow an attacker to cause a window to go full-screen without the user seeing the notification prompt. This could result in spoofing attacks. Meanwhile, several use-after-free bugs could lead to an exploitable crash, and one flaw could be exploited to run arbitrary code.

VMWare

Software maker VMWare has released security fixes for multiple security vulnerabilities in its VMware Workspace ONE Assist, three of which have a CVSSv3 base score of 9.8. The first, CVE-2022-31685, is an authentication bypass vulnerability. “A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application,” VMWare warned in an advisory.

A broken authentication method vulnerability tracked as CVE-2022-31686 could enable a malicious actor with network access to obtain admin access without the need to authenticate.

Drop What You're Doing and Update iOS, Android, and Windows

A lack of federal regulatory legislation leaves US privacy concerns to battle for attention with other business priorities.

Over the past 15 years, several events have reshaped how we think about data — what it means from a business perspective and what rights individuals have regarding how their personal information is used. Data security governance undoubtedly will play a large role in the future; however, conversations are still in relatively early stages. 

In 2016, when European regulators created the General Data Protection Regulation (GDPR) as a legislative framework that clearly mandates rules and fines, a fundamental shift occurred that elevated privacy to a board-level discussion. This resulted in CEOs taking part in the conversation while empowering the C-suite to make more decisions. 

Next, the data culture quickly evolved from one of implicit trust (where organizations freely used data without much restriction) to limiting risk (controlling data access based on regulations and customer feedback). While the data protection industry in Europe has made great strides since GDPR came into existence, we still have a long way to go because, for decades, technology solutions were built without privacy in mind. 

In the United States, the picture is quite different, as the lack of federal regulatory legislation leaves privacy concerns to battle for attention with other business priorities. Let's dig deeper into what the future of data privacy looks like across the pond. 

**Beyond Cookies: Delving Beneath the Data Veneer**

Marketplaces built around selling data need to pivot, because the future is about protecting individual data rights and that change goes far beyond a website pop-up asking to approve the use of cookies. Historically, data brokers have cashed in on users' data, which precipitated state laws in Vermont and California that aim to protect consumers by identifying the brokers and determining how they use the information. 

Tech giants like Apple and Google have also increased privacy protections with app-tracking transparency and plans to phase out third-party cookies. These titans of industry are pioneering an important movement that other companies need to follow. There's hope that legislation may spark further change, especially with privacy receiving bipartisan support.

If the American Data Privacy and Protection Act (ADPPA) takes effect in the United States, the biggest win would be a common standard for how to handle data. States like California have already established stricter standards for data privacy through the California Consumer Privacy Act (CCPA). Compliance requirements and hefty fines would be important accelerators in protecting consumer data. 

**Privacy Needs Security **

A comprehensive data security strategy is essential and a prerequisite to an overall privacy-centric posture for data-driven organizations. It's imperative to implement scalable, fine-grained access controls so policies can keep the data safe in the first place.

As the pendulum shifts toward implementing broader and complete data security strategies, companies need to adjust. The work of chief information security officers (CISOs), chief data officers (CDOs), and chief information officers (CIOs) alongside their actions is more critical than ever, because they are responsible for implementing tools and processes that help align companies toward their privacy-related goals. The increased focus on a complete data security strategy applies to data-driven organizations of any size. 

A Cisco study cites that 92% of organizations claim privacy to be integral to their culture, but it comes with a technical challenge. Oftentimes, CISOs and CIOs are confronted with data spread across their organization and they need to gain visibility into all their siloed, heterogeneous data to understand who controls, maintains, processes, and accesses which parts of the data. 

This challenge is exacerbated by the need to modernize with cloud-native technologies so companies have a better understanding of how data is used and that it is used in accordance with privacy guidelines, principles, and any governing legislation. 

**A Look into the Future**

None of this happened by accident. Consumers didn't like data collection practices and they spoke up. Legislators heard from their constituents and started creating regulations like the ADPPA. Companies started serving consumers differently and taking data privacy seriously.

Consumer awareness of how data is collected and used is becoming mainstream. According to HubSpot's "2022 State of U.S. Consumer Trends Report," 80% of consumers consider data privacy a human right and believe individuals should have complete control over how companies use their data. As a result of these growing trends, more businesses should leverage privacy as a differentiator. 

There is still a gap between companies' intent to satisfy data privacy concerns and the action that protects that information. As consumers become better educated about how their data is used, and legislation inches closer to reality, it becomes even more critical. Making the right investments in data security provides visibility, access control, and insights into your data while ensuring compliance, and can help make all the difference.

Why the Culture Shift on Privacy and Security Means Today's Data Looks Different

Talos’ lead of data strategy and insights has a lot of weight on her shoulders currently, but it’s nothing she’s not used to

Tuesday, November 29, 2022 08:11

**Talos’ lead of data strategy and insights has a lot of weight on her shoulders currently, but it’s nothing she’s not used to**

Most people who first meet Ashlee Benge do a double take when they hear about her past experience.

The average security practitioner at a networking event may share that they went to school and got a computer science degree, then started poking at code for a few years before making it into the “big leagues.”

Benge’s path is far different as a former astrophysics student, Olympic power lifter and muscle car enthusiast. Yet somehow, she’s ended up as a crucial cog in Talos’ work to help secure Ukraine during Russia’s invasion.

She even jokes that it was an “accident” that she ended up working at Talos in the first place.

Benge wanted to take a few years between receiving her bachelor’s degree in astrophysics and going back for a doctorate, so she started job searching. She eventually applied for a job as an analyst on the Talos detection team, and a recruiter reached out to her asking if it was a mistake. After all, she had no formal cybersecurity experience, though her degree did give her a strong background in coding, database management and data analysis.

After taking an interview, Benge was eventually hired, beginning her cybersecurity journey. She pivoted over time to the Talos Outreach team, writing blog posts and growing as a public speaker, appearing at security conferences to talk about some of her favorite topics, including diversity in hiring in security and making the security field more accessible to women.

Then, she spent some time working with Cisco’s threat hunting team, and eventually made her way back to Talos as the leader of data strategy and insights, using her Talos team members as resources to grow her cybersecurity knowledge.

Today, she’s still pulling in her education from astrophysics and years of experience in security to pull apart massive data sets that turn that into actionable intelligence and information for Talos researchers.

“If all the data that we have at Talos is water, I try to build pipelines and filters to make sure that data is as clean and usable as possible and flows to teams in the best way possible,” Benge said. “A lot of astronomy and astrophysics is mathematical modeling, writing code, working with large datasets — those sorts of analytical skills and problem-solving — these are skills I still use all the time.”

That’s just what’s in her job description, though. Since March, she’s also been part of Talos and Cisco’s massive effort to support Ukraine during Russia’s invasion. Benge used to work for the Cisco Secure Endpoint product team — a service that is currently being offered to any Ukrainian organizations for free. And she’s also currently going back to college to receive her Masters of Business Administration.

Those skills and experience combined set her up to help contribute to the larger team assisting Ukrainian organizations and companies along with J.J. Cummings’ team.

“It puts me in a unique position to be on the operations side of the house. I am facilitating communications around our findings in Ukraine and building out pipelines to our partners, while streamlining all the processes we use to track our work there — all so J.J.’s team can focus on doing their best work,” she said.

Outside of Ukraine, Benge said she hopes that once she finishes her MBA, it will set her up to work  more closely with sales- and marketing-related teams to better discuss what it is that Talos does, exactly, and the benefits of building out a strong security program.

“People wonder why on earth I would do this,” she said. “But my academic background is so concentrated in pure science and math that I didn’t have any experience with business or finance. Everyone thinks the work Talos does is cool, of course, but I could tell those stakeholders couldn’t really understand how it affected them as, say, a CISO or someone looking to spend money on security products.”

Given all of that, Benge has a full plate at work, so at home she makes sure to distance herself from her phone and laptop for a bit each day, either by going to her weightlifting gym to work toward her next personal record or competition, or just taking her dog for a walk. She said her current role with Talos offers her the flexibility to work different hours and take time for herself so she can come back to work more effective and focused.

Benge hopes that she can start delivering more public talks and presentations (she’s no stranger to Talos’ livestreams) to share her story and unique background to encourage others to dive right into cybersecurity, regardless of what experience they have.

It’s important to build a diverse team based on demographics, but security teams need to also consider their diversity of backgrounds and experience levels.

“I meet folks who have unique points of view, and they’re interested in security but they’re also really nervous because their background isn’t what would be considered ‘typical,’” she said. “Which is a shame because when you bring these people together from different backgrounds, the work product is more creative, more dynamic and more interesting.”

Researcher Spotlight: How working for Talos started out as an ‘accident’ for Ashlee Benge before coming a second career

This update resolves a multi-factor authentication bypass attack

This release includes the following software fixes:

Component

Description

Administration Portal

The data and graphs displayed on the Dashboard are not up to date. The data and graph are displayed until the date when the settings are last saved. However, the data gets updated when the administrator manually updates the .

Administration Portal

Specifying color in the RGB format or keeping the following fields empty in the policy results in an error message:

Therefore, you must set the colors in the Hexadecimal format.

Administration Portal

The column is removed from the widget of Dashboard, as it does not provide clear details about the expiry status of a specific license and causes confusion.

Administration Portal

The full synchronization process marks several active users for deletion. Due to this issue, active users cannot log in. This issue occurs after upgrading to Advanced Authentication 6.3 Service Pack 4 Patch 1 release.

Administration Portal

Use of special characters in the ClientID and Secret of OAuth events causes the Web Authentication parsing error.

Administration Portal

The customized brand settings break after upgrading to Advanced Authentication 6.4. This issue occurs due to the missing custom branding JAR file.

Administration Portal

Implementing the Per Tenant Hostname (PTH) feature breaks the Web Authentication method.

Administration Portal

The administrator is unable to remove the LDAP repository when the LDAP server is unavailable. The following error message is displayed:

Cannot connect to the LDAP server

Administration Portal

The existing OAuth integrations fail after the upgrade to Advanced Authentication 6.4.

Administration Portal

When the name and number of a particular Server Metric tile are too long, then the content that is extending outside the tile is wrapped that misaligns the tile position.

Administration Portal

On the Linux PAM Client, the is not formatted properly.

Appliance

Deleting the reports from the Administration Portal does not delete the exported reports (CSV and JSON) in the /var/lib/docker/volumes/aaf\_aucore-data/\_data/reports path even after rebooting the appliance.

Appliance

The upgrade of Web Servers to Advanced Authentication 6.4 fail in the cluster environment.

CAF Portal

The upgrade to Advanced Authentication 6.4 fails if the connection is via proxy.

CAF Portal

In Advanced Authentication 6.4, exporting of the Digital Certificate results in an error.

Enrollment Portal

After integrating Advanced Authentication with Access Manager using the SAML event, the redirection from Access Manager to the Enrollment Portal fails and results in a 404 error. This happens due to the missing text webauth/ in the Callback URL.

Enrollment Portal

The enrollment of the Web Authentication Method fails even when the administrator has configured the method with valid details.

Linux PAM Client

When a user selects an authentication chain with the Fingerprint method on the Linux PAM client, an error message Invalid access: cannot convert empty value is displayed.

Now, if the Fingerprint reader is not connected to the Linux machine and user attempts to log in, the authentication chain with the Fingerprint method is not displayed.

OAuth and SAML Events

The SAML Service Provider method with improper configuration bypasses authentication and grants access without any validation to the associated OAuth and SAML events.

Old Enrollment Portal

On the old Enrollment Portal, enrollment of the U2F method fails when using the Chrome browser.

SAML Event

When Advanced Authentication and Cisco AnyConnect are integrated using the SAML event, the login page is not displayed appropriately.

Web Authentication

With one Web Authentication event active for a user and the user tries to log in to another Web Authentication event, an error message stating to log out from the previous event is displayed.

Web Authentication

An authentication attempt to the Web Authentication event fails if the is set with RGB values in the policy. This occurs due to the use of transparent colors. Therefore, administrators must set the colors in the Hexadecimal format.

Windows Client

When users try to authenticate to Windows Client using the FIDO2 method with NFC capability, an invalid error message Please connect a FIDO2 token is displayed though the reader is connected to the system.

Windows Client

An invalid error message is displayed when a user removes the NFC-supported card from the card reader while authenticating to Windows Client using the Card method.

Now, the following message is displayed when the user removes NFC supported card from the reader during authentication:

Tap your security key again on the reader

Tag

#cisco