Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie.

**Check in at the office, anytime and anywhere. Flexible and customizable, always private and secure.**Get started

*   **Collaborate**
    
    Collaborate with your team from anywhere with Group-Office groupware. Co-edit documents, schedule meetings and connect using chat or video conferencing.
    
    Learn more
*   **CRM**
    
    Easy management of your contacts, email marketing campaigns and customer support.
    
    Learn more
*   **Finance**
    
    All the tools you need for frictionless sales and finance management.
    
    Learn more
*   **Project Management**
    
    Efficiently store all your projects assets in one place and keep track of worked hours, costs and progress.
    
    Learn more
*   **File Management**
    
    Safely store, search and share files with our file management modules. (Co-)edit files and upload document templates so everyone can work from one place.
    
    Learn more
*   **Studio**
    
    Create your own modules!
    
    Learn more

**Privacy & Security**

Your data is nobody's business. Store data on-premises or at our secure datacenter in The Netherlands. Built using the privacy by design approach, Group-Office is GDPR compliant and secure utilizing industry standard two-factor authentication and encryption.

**Complete Software**

Group-Office offers a complete range of office and business tools which all work together seamlessly and can adapt to any business. We regularly add and update features so Group-Office stays relevant for your business.

**Device Synchronization**

Group-Office syncs to native apps on IOS, MacOS, Android and Windows devices. Email, contacts, calendars, notes and tasks all integrate seamlessly with your preferred device OS. Group-Office uses open protocols like IMAP, Microsoft ActiveSync, CalDAV, CardDAV and WebDAV to accomplish this.

**Custom Tools**

Want to streamline your business processes even further? You can extend Group-Office with your own custom fields and filters, or we can extend Group-Office with custom build tools specific for your business. Get in touch for more info.

**Which version is for you?**

**Self hosted**

Take full control of your data and customization options by installing Group-Office on you own server.

Download

**Online**

Let us take care of the hosting (99.9% uptime), daily backups, security (SSL) and updates.

Try for free

CVE-2023-25292: Group-Office open source groupware and CRM

The advanced persistent threat (APT) group referred to as Evasive Panda has been observed targeting an international non-governmental organization (NGO) in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ.
The attack chains are designed to distribute a Windows installer for MgBot malware, ESET security researcher Facundo Muñoz said in a new

The advanced persistent threat (APT) group referred to as **Evasive Panda** has been observed targeting an international non-governmental organization (NGO) in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ.

The attack chains are designed to distribute a Windows installer for MgBot malware, ESET security researcher Facundo Muñoz said in a new report published today. The activity commenced in November 2020 and continued throughout 2021.

Evasive Panda, also known as Bronze Highland and Daggerfly, is a Chinese-speaking APT group that has been attributed to a series of cyber espionage attacks targeting various entities in China, Hong Kong, and other countries located in East and South Asia since at least late December 2012.

The group's hallmark is the use of the custom MgBot modular malware framework, which is capable of receiving additional components on the fly to expand on its intelligence-gathering capabilities.

Some of the prominent capabilities of the malware include stealing files, logging keystrokes, harvesting clipboard data, recording audio streams, and credential theft from web browsers.

ESET, which discovered the campaign in January 2022 after a legitimate Chinese application was used to deploy an installer for the MgBot backdoor, said the targeted users were located in the Gansu, Guangdong, and Jiangsu provinces and are members of an unnamed international NGO.

The trojanized application is the Tencent QQ Windows client software updater ("QQUrlMgr.exe") hosted on the domain "update.browser.qq\[.\]com." It's not immediately clear how the threat actor managed to deliver the implant through legitimate updates.

But it points to either of the two scenarios, a supply chain compromise of Tencent QQ's update servers or a case of an adversary-in-the-middle (AitM) attack, as detailed by Kaspersky in June 2022 involving a Chinese hacking crew dubbed LuoYu.

In recent years, many software supply chain attack has been orchestrated by nation-state groups from Russia, China, and North Korea. The ability to gain a large malicious footprint quickly has not been lost on these attackers, who are increasingly targeting the IT supply chain to breach enterprise environments.

UPCOMING WEBINAR

Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

"AitM styles of interception would be possible if the attackers – either LuoYu or Evasive Panda – were able to compromise vulnerable devices such as routers or gateways," Muñoz elaborated.

"With access to ISP backbone infrastructure – through legal or illegal means – Evasive Panda would be able to intercept and reply to the update requests performed via HTTP, or even modify packets."

This is significant as the findings come less than a week after Broadcom-owned Symantec detailed attacks mounted by the threat actor against telecom service providers in Africa using the MgBot malware framework.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands.  IBM X-Force ID:  248421.

CVE-2023-26286

**CAMBRIDGE, Mass.****,** **April 25, 2023** **/PRNewswire/ --** Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today announced the launch of its Prolexic Network Cloud Firewall. This new capability of Akamai Prolexic allows customers to define and manage their own access control lists (ACLs) while enabling greater flexibility to secure their own network edge.

Prolexic is Akamai's cloud-based DDoS protection platform that stops attacks before they reach applications, data centers and internet-facing infrastructure.

DDoS threats are on the rise again, a trend that is being accelerated by the growing number of businesses and organizations that rely on online services to operate. An increasing availability of DDoS tools and services on the dark web makes it easier for attackers to launch these types of attacks. The growing number of internet-connected devices and the rise of the Internet of Things (IoT) has created a larger attack surface for cybercriminals to exploit. DDoS attacks are now increasingly being used as one of multiple threat vectors in triple extortion attacks, typically in combination with ransomware and data exfiltration.

Increasingly, nation state threat actors, hacktivists, and similar highly organized collectives are currently using DDoS as part of their attack portfolio against a growing number of very diverse targets. In all of these scenarios, DDoS is often used as a distraction to divert attention away from other types of attacks, such as data exfiltration or network infiltration. Victims that have no sufficient DDoS protection in place will typically spend all their resources fencing off that one attack while not having the attention span or bandwidth to fight other threats that were launched in parallel.

Akamai Prolexic provides DDoS protection services to a wide range of organizations, including businesses, governments, and non-profit organizations. With a growing mitigation capacity of currently 20 Tbps, Prolexic can fight off even the largest, most complex threats, like recently record-breaking DDoS attacks in 

The Prolexic network cloud firewall allows more efficient and flexible defense against DDoS attacks and even expands Prolexic's protection capabilities beyond DDoS.

While Prolexic's overall service and mitigation stacks are not changing, the new offering allows customers to define and adjust their own access control rules and provides analytics of existing ones. Improvements include the ability to define proactive defenses to block malicious traffic instantly, alleviate local infrastructure by moving rules to the edge and to quickly adapt to network changes via a new user interface.

"The feature most requested by our Prolexic customers is the network cloud firewall," said Sean Lyons, Senior Vice President and General Manager of Infrastructure Security at Akamai. "We are expanding Prolexic's leading DDoS protection capabilities and empowering customers to define access control and firewall rules centrally and quickly, for their entire networks advertised through the Prolexic global footprint. This is a powerful tool in emergency situations, not just DDoS attacks, but also in scenarios like zero day vulnerabilities, where access can be shut down in an immediate, yet targeted way. As we enforce rules at the edge of our customers' networks, they don't have to worry about getting all internal firewalls configured – which might just take too long."

Akamai Prolexic stops attacks with a cloud-based DDoS scrubbing platform to protect applications wherever they are deployed, whether in a data center, the public cloud, or a colocation facility. It provides comprehensive protection against the broadest range of DDoS attack types and defends against high-bandwidth sustained attacks, as well as today's complex multi-vector attacks that jump from application to application. Prolexic includes proactive mitigation controls tailored to network traffic to stop attacks instantly, backed by active mitigation performed by Akamai's 24/7 global Security Operations Command Center (SOCC), and provides customers a unique 100% uptime Service Level Agreement (SLA).

**About Akamai**

Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. With the world's most distributed compute platform — from cloud to edge — we make it easy for customers to develop and run applications, while we keep experiences closer to users and threats farther away. Learn more about Akamai's security, compute, and delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on Twitter and LinkedIn.

Akamai Introduces Prolexic Network Cloud Firewall

Integration of AI can lead to reduction of up to 90% in meantime to resolve security incidents.

**TAMPA, Fla. – April 24, 2023 –** ReliaQuest, a force multiplier of security operations, today announced the introduction of powerful artificial intelligence (AI) capabilities to its GreyMatter Intelligent Analysis solution, delivering meaningful insights on emerging security incidents within seconds. With this feature, security teams can easily make sense of threats and take action, enhancing their efficiency.  

ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints. On average, GreyMatter customers see up to a 70% reduction in alert noise in the first year.  

GreyMatter Intelligent Analysis was introduced in July 2022 as part of the security operations platform. The new AI features enable security analysts to automate security operations and workflows. Updates to the solution include: 

*   Augment investigations – get answers faster: Pairs automation with generative AI capabilities to help analysts gain clarity quicker. Capabilities that augment investigations include dynamic and automated enrichment of alerts, deeper context from historical incident data and external sources such as threat and vulnerability feeds and recommend action prompts.  

*   Assist analysts – focus on investigations, not documentation: GreyMatter Intelligent Analysis takes the pain of low-brain, high-time tasks out of security operations. The solution assists with key tasks including automated ticket summaries, interactive AI assistants for quicker search and threat hunting hypothesis.  

*   Automate actions – smarter and faster response actions: With the continued training of the generative AI and Machine Learning models with real-world cyber security data and fine-tuning by analysts and customers, GreyMatter Intelligent Analysis can automate investigations, response actions and alert escalations.  

“Generative AI is a genuine game changer and important step to help ReliaQuest’s, mission to Make Security Possible. Since inception, ReliaQuest GreyMatter has been using AI/ML to automate tasks across the detection, investigation, and response workflow, helping customers realize better and faster security outcomes. With updates to GreyMatter Intelligent Analysis, our 700+ global customers will have automation capabilities with generative AI to further reduce response time by up to 90% in multiple scenarios and help security analysts get answers faster than ever before,” said Brian Murphy, Founder and CEO at ReliaQuest.   

“We work with ReliaQuest as our security partner because of their innovative and unique approach to solving challenges faced by security teams around the world. Generative AI has the potential to disrupt security operations and we’re thrilled to be working with ReliaQuest to bring AI to the SOC. Their practical approach, based on years of managing security operations, places them in a unique position and we’re glad to be partnering with them on this journey,” said Dannie Combs, Senior Vice President and Chief Information Security Officer at Donnelley Financial Solutions. 

ReliaQuest has over 15 years of curated security incident response data with trillions of signals from across some of the world’s leading organizations. Pairing this with its team of over 400 security professionals gives ReliaQuest the unique opportunity to train its AI/ML models with real-world data and fine-tune them with human expertise. GreyMatter is used by some of the leading Fortune 500 companies.  

Currently in early release with select customers, generative AI with GreyMatter Intelligent Analysis will reach general availability in the second half of 2023. For more information about ReliaQuest, please visit www.reliaquest.com  

**About ReliaQuest** 

ReliaQuest is the force multiplier of security operations. Our security operations platform, GreyMatter, automates detection, investigation and response across cloud, endpoint, and on-premises tools and applications. GreyMatter is cloud native, built on an open XDR architecture and delivered as a service any time of the day, anywhere in the world. With over 700 customers worldwide and 1,200 teammates working across six global operating centers, ReliaQuest is driving outcomes for the most trusted enterprise brands in the world. ReliaQuest is a private company headquartered in Tampa, Fla., with multiple global locations. For more information, visit www.reliaquest.com.

ReliaQuest Adds AI Capabilities to GreyMatter Intelligent Analysis

You can now sync sign-in codes across devices—but they aren’t end-to-end encrypted.

One of the most effective ways to stop your online accounts from being hacked is to turn on two-factor authentication. The security measure, often known as 2FA or multifactor authentication, requires you to enter a numerical code in addition to your username and password. So even if someone gets your password, they can’t break into your account without having your sign-in code too.

For years, security experts have recommended using authentication apps to generate these codes. All you have to do is scan a QR code for the service you want to turn 2FA on for, and the app will generate a new log-in code around every 30 seconds. This week, Google has given its 2FA app, Google Authenticator, a much-needed overhaul.

Google redesigned Authenticator, making it less clunky, and in the process added one potentially handy new tool: the ability to sync your sign-in codes to your Google account and to different phones and tablets. This essentially means your Instagram, Gmail, or Reddit 2FA codes—plus, all the other accounts you have it turned on for—will be backed up. The tweak makes it far less burdensome to switch devices if your phone with 2FA codes stored on it is lost or stolen—and it can even save you from being locked out of some accounts entirely.

“Since one-time codes in Authenticator were only stored on a single device, a loss of that device meant that users lost their ability to sign in to any service on which they’d set up 2FA using Authenticator,” Christiaan Brand, a group product manager at Google, wrote in a blog post announcing the change. Brand says the sync feature has been one of the most requested since the Authenticator app was released in 2010. “This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security.”

Syncing your Google Authenticator codes now happens through your Google account—the feature is available on the latest iOS and Android versions of Google’s app. Authenticator gives you the option to use the app with your Google login, and if you select this option, your Google profile will show in the top right corner of the app, next to a sync icon. When I downloaded Authenticator on my iPad after setting up sync on my phone, the codes appeared once I had logged in. There is also the option to keep using Google Authenticator without logging in to a Google account.

Jake Moore, global security advisor at security firm ESET, says he has previously been locked out of an authenticator app and knows the frustrations that come with trying to log back in to all your accounts when you don’t have access to your sign-in codes. “Upgrading a phone has been made easier over the years with cloud storage, but authenticating apps have been slow to the party and held back reservedly on security,” Moore says.

Google isn’t the only firm offering 2FA sign-in codes to provide backups. Since 2019, Microsoft has allowed people to use a “backup and restore” tool for its Microsoft Authenticator app. Other third-party apps, such as Authy, also sync across people’s devices. (Apple’s all-in-one password manager allows you to generate and store sign-in codes on iPhones and Macs but doesn’t have a stand-alone app.)

While Google’s Brand paints 2FA code backups as a win for users, Moore says there are always tradeoffs when balancing user security and convenience. Sure, backed-up codes might make it easier to gain access to your accounts if your phone is lost or stolen. But the more places your codes are stored, the greater the risk that a bad actor can access them.

For instance, if someone gains access to your Google account, they may also be able to access your 2FA codes for your other online accounts. Google spokesperson Kimberly Samra says “that risk is much smaller than that you lose your device, no longer have your OTPs, and then the service has to use a much weaker mechanism for allowing you to log in.”

Tommy Mysk, an app developer and security researcher who runs the software company Mysk, has tested multiple 2FA apps and found rogue apps available to download. Mysk says that there are security and privacy limitations to the major 2FA apps. For example, Microsoft’s sync doesn’t work between iOS and Android devices, making it harder to switch operating systems and take your 2FA codes with you.

In terms of data the apps collect, Mysk says Google’s Authenticator performs “very well” and doesn’t share details of QR codes with Google. “Most apps, including Microsoft Authenticator, send behavioral analytics—that is, how users use the apps and where they tap,” Mysk says. “Google Authenticator doesn’t send this sort of data.”

Despite adding more convenience, it doesn’t appear that either Google or Microsoft’s authentication apps back up people’s 2FA sign-in codes using end-to-end encryption when they are synced. The encryption method ensures the companies can’t see the contents of your sign-in codes. “Since 2FA apps deal with secrets, the only secure way to sync data across devices is by using end-to-end encryption,” Mysk says. “The app developer should not be able to read the content of the data.”

Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices

Red Hat Security Advisory 2023-1903-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: OpenJDK 8u372 Security Update for Portable Linux Builds  
Advisory ID:       RHSA-2023:1903-01  
Product:           OpenJDK  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1903  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938  
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967  
                   CVE-2023-21968  
====================================================================  
1. Summary:

An update is now available for OpenJDK.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and  
the OpenJDK 8 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 8 (8u372) for portable Linux  
serves as a replacement for Red Hat build of OpenJDK 8 (8u362) and includes  
security and bug fixes as well as enhancements. For further information,  
refer to the release notes linked to in the References section.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

5. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/QNzjgjWX9erEAQjhqQ//fn2oAyTO2vPd1JbEFzyCR2dXjqK1Acat  
r/QtWEYtHn77cZE83dOrDtu5PqNq4NT3j8hXU7nM5Z+uBzbx3Ywf5rmFr7XJSlm5  
Ia5yuGtArrnBDCg3MvXQL8ARIWX7ljrJFcWBBsPrqxVf28SHfU+wYttK1RDy3ww8  
nZE7R0VlWyA1Y+GqASvZ9O4jh2/J0kBEykX4TDYqRcCJVwh+mtGJ8H3YMQ0PO3aC  
VMmTv34dtgtSV9axLu2+v9Cb77oXdxwE22bT/8mhjWvCa6M6K+BLn2qsv7E4XyJm  
6/ExKZTq5tqkiV8gZafM8X+DJS0o+IZvPy+AP/hiN0MT4a20uQQ41w7uOMGqFrkc  
8cc+u0o4qutPqQVV/mboJAhFM/NHD3wvq8KaT9EJMqcibNP7dfJ9jPch+BuIoSC2  
CwCnoS6ZyDAMa+vpevzz9730K47XLLaMkXz+4gz+SyhNnIWeBRc0g33yfmTJBkI5  
UsXwBbGQzKxq9myNJ1m3iUEYb90hUi1u0MYKQYLW6VOqrMvl/b7zTXXRTB27f2mO  
IJoP7OdqEc9WridWuUYEiH/C6CfGIkR4UrnPHYgXbHYQGrj2cqXLLriFw9jpGqvT  
yFVEFVc90I4GtdUPlHGdcFMD8i8IseE6Lcznk2vjlRNiyuYVtU16w4ypUhQdRUKQ  
pEJ8agQnqqwÍLk  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1903-01

Red Hat Security Advisory 2023-1978-01 - The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: haproxy security update  
Advisory ID:       RHSA-2023:1978-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1978  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-0056 CVE-2023-25725  
====================================================================  
1. Summary:

An update for haproxy is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

The haproxy packages provide a reliable, high-performance network load  
balancer for TCP and HTTP-based applications.

Security Fix(es):

* haproxy: segfault DoS (CVE-2023-0056)

* haproxy: request smuggling attack in HTTP/1 header parsing  
(CVE-2023-25725)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2160808 - CVE-2023-0056 haproxy: segfault DoS  
2169089 - CVE-2023-25725 haproxy: request smuggling attack in HTTP/1 header parsing

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
haproxy-2.4.7-2.el9_0.2.src.rpm

aarch64:  
haproxy-2.4.7-2.el9_0.2.aarch64.rpm  
haproxy-debuginfo-2.4.7-2.el9_0.2.aarch64.rpm  
haproxy-debugsource-2.4.7-2.el9_0.2.aarch64.rpm

ppc64le:  
haproxy-2.4.7-2.el9_0.2.ppc64le.rpm  
haproxy-debuginfo-2.4.7-2.el9_0.2.ppc64le.rpm  
haproxy-debugsource-2.4.7-2.el9_0.2.ppc64le.rpm

s390x:  
haproxy-2.4.7-2.el9_0.2.s390x.rpm  
haproxy-debuginfo-2.4.7-2.el9_0.2.s390x.rpm  
haproxy-debugsource-2.4.7-2.el9_0.2.s390x.rpm

x86_64:  
haproxy-2.4.7-2.el9_0.2.x86_64.rpm  
haproxy-debuginfo-2.4.7-2.el9_0.2.x86_64.rpm  
haproxy-debugsource-2.4.7-2.el9_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0056  
https://access.redhat.com/security/cve/CVE-2023-25725  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/MdzjgjWX9erEAQifOw//Qhb7JBxHnqBrEeY88/Cs6dyXrd2Flhlf  
oh/W+10FQnxpUldkVovcXK2/hq2GkQ6LT0UN8fbDXaxfEpDSumpGWLRyrlARbfUA  
s7eBMr7QALnuHQ+UyXlSUrqgWkNIKUGH4UA8CvE3GLR+QOO/PSOf57viYWbsA5qT  
p9MBKB0C/8eoh6YIW6wOcptbIeAiv8E+RlktO16ECgmbZhELFZwMmezRba8uNH/P  
xDspWRWDzzjsRMttwRozVjqAxl/WVd0TDlhQ94DmjarH1+R8JzTTF0KIzONlIU1L  
M/HS7/T9yVmWjs4VAnRxNU8zWqYv9HaTWAcIQj4cwjiOSn7+hzlxp6mhK8Fkg1k7  
F2IuXFzOusylfknhadkDnX6F+Zh4lPRvVCVk2rmxNpI0Dm2M9YQV3lJ3NnNCWYfL  
ax7hCl3Dc0rVe8ntMfMSfAc8EGYG/G3U4IH9ZBZEoLkca37EZLX59SDp3Ur3jP82  
CLz24wLCT2z6fAbQI13s2bJ0DoHavwblpre2Cj7cfpNDOn689YRyTm+Moe0DlqUI  
P265iPiAxSabd82DWoOeNJYib2L/q/OKwxfejppq58t/f/GGHex5Xn2KjwUdV2CR  
LCI5irxUV2ASpa5ttf9fksOE2vlgS0NHBJXJ2OUb4Z9dqVUCjhraFzvuabt4Q5FK  
5JGOznhvAo0=0YyQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1978-01

Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud.
"This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security,"

Password Security / Authentication

Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud.

"This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security," Google's Christiaan Brand said.

The update, which also brings a new icon to the two-factor authenticator (2FA) app, finally brings it in line with Apple's iCloud Keychain and addresses a long-standing complaint that it's tied to the device on which it's installed, making it a hassle when switching between phones.

Even worse, as Google puts it, users who lose access to their devices completely "lost their ability to sign in to any service on which they'd set up 2FA using Authenticator."

The cloud sync feature is optional, meaning users can opt to use the Authenticator app without linking it to a Google account. That said, it's always worth keeping in mind the pitfalls associated with cloud backups, as a malicious actor with access to a Google account could leverage it to break into other online services.

The development comes days after Swiss privacy-focused company Proton, which surpassed 100 million active accounts last week, unveiled an end-to-end encrypted password manager solution called Proton Pass.

UPCOMING WEBINAR

Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

The open source and publicly auditable tool, which makes use of the bcrypt password hashing function and a hardened version of the Secure Remote Password (SRP) protocol for authentication, also comes with 2FA integration.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Google Authenticator App Gets Cloud Backup Feature for TOTP Codes

Integrated platform enables enterprises to seamlessly execute their mobile-first security strategy.

**SAN FRANCISCO, Calif., RSAC 2023 - April 24, 2023** \-- Zimperium, the leading mobile security solution for endpoints and apps, today announced the launch of the Zimperium Mobile-First Security Platform™. This single platform unifies Zimperium Mobile Threat Defense (MTD)\-_formerly known as zIPS_\- and Mobile Application Protection Suite (MAPS), unleashing powerful new features designed for teams who bear security responsibility across the entire mobile security spectrum. Through a ‘single pane of glass’, customers now have centralized access to and management of both Zimperium’s mobile application security and endpoint security solutions, providing them full mobile coverage to dynamically adapt to emerging threats.

“Today’s CISOs need to prioritize a mobile-first security strategy to stay ahead of attacks. There are a host of point solutions on the market for securing devices and applications, but none come together to provide an end-to-end platform to unlock the power of a mobile-powered business strategy,” said Shridhar Mittal, Chief Executive Officer at Zimperium. “The Zimperium Mobile-First Security Platform uniquely provides the most comprehensive mobile capabilities for risk reduction, global visibility, threat detection and response for both endpoints and apps.”

The launch of the platform comes at a time when attacks against mobile devices and apps are increasing exponentially. As an example, recent changes in the forthcoming iOS 17 will purportedly allow for the sideloading of third party apps, putting mobile devices at even greater risk. Our world is becoming increasingly mobile, and the Bring Your Own Device (BYOD) trend that exploded during the pandemic has become a staple of business operations. At the same time, mobile applications are being used for everything from banking to managing medical devices and have become a critical part of many enterprise's business models. Unfortunately, this has opened the door to new attack vectors across devices and apps and has created an expanded, distributed attack surface for enterprises to manage and secure. According to recent research, half of organizations suffered a mobile-related compromise in 2022. 

The Zimperium Mobile-First Security Platform uniquely combines capabilities across mobile threat defense (MTD) and mobile app security (MAPS) such as:

*   **Centralized management and access** to device and app security through a single interface on any cloud and on-premises.
*   **Protection for all devices** against critical mobile threats such as phishing, spyware, and rogue networks.
*   **Privacy-by-design** to protect employee privacy on both corporate and BYOD devices as they work from anywhere, anytime.
*   **Pervasive risk management for apps** to find risks in apps you develop and third-party apps used by employees. 
*   **Advanced in-app protection** to prevent reverse engineering, protect cryptographic keys, and create self-defending apps.
*   **An enhanced mobile ecosystem** with enterprise integrations including SIEMS, IAM**,**XDR**,**DevOps workflows, ticketing systems, GitHub action and, fraud systems.
*   **Deep forensics** and enhanced search capabilities to enable advanced threat hunting.

All of this is made possible by the unification of the platform and its key security solutions:

*   Zimperium Mobile Application Protection Suite (MAPS) helps enterprises build secure and compliant mobile applications. It's the only unified solution that offers comprehensive in-app protection and threat visibility across the entire lifecycle of an application.

*   Zimperium Mobile Threat Defense (MTD), with its unique, dynamically adapting, on- device protection is the only MTD solution that can protect users against known and unknown threats. Zimperium MTD offers zero-touch activation and privacy-first design, providing users with a trustworthy and seamless experience. In addition, MTD now offers new customizable branding for a company’s logo and color scheme, enabling trust and improved end-user adoption.

"The Zimperium Mobile-First Security Platform protects mobile applications and devices for today’s mobile-powered business. Its real-time threat visibility and response uniquely provides continuous protection against known and unknown threats," said Ayush Patidar, Analyst, Quadrant Knowledge Solutions. "With on-device protection and real-time app security including app scanning, app shielding, runtime protection, and protection of cryptographic keys, the platform provides protection against phishing, spyware, rogue networks, and malicious app attacks. Owing to these capabilities, Zimperium has scored strong overall ratings across the performance parameters of the technology excellence and the customer impact in SPARK MatrixTM for Mobile Threat Management (MTM) and In-App Protection market and has been placed as a technology leader in 2022."

To learn more about how the Zimperium Mobile-First Security Platform can solve your enterprise’s biggest mobile and application security challenges, click here. To access Zimperium MTD on the App Store, click here. To access Zimperium MTD on Google Play, click here.

Zimperium will also be onsite at the upcoming RSA Conference in San Francisco from April 24–27, please visit our booth #1727 South Hall.

**About Zimperium**

Zimperium provides the only mobile-first security platform purpose-built for enterprise environments. With machine learning-based protection and a single platform that secures everything from endpoints to applications, Zimperium provides on-device mobile threat defense and in-app protection to address today’s growing and evolving mobile security threats. environments. Zimperium is headquartered in Dallas, Texas and backed by Liberty Strategic Capital and SoftBank. For more information, follow Zimperium on Twitter (@Zimperium) and LinkedIn (https://www.linkedin.com/company/zimperium), or visit www.Zimperium.com.

Tag

#ios