Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA).
Despite economic instability and major job cuts in 2023, organizations drastically increased investment in

Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA).

Despite economic instability and major job cuts in 2023, organizations drastically increased investment in SaaS security. In fact, the survey found, enterprises added headcount to SaaS security in 2023, increasing SaaS security staff by 56%, as well as increasing budgets by 39%.

Figure 1: How investment in SaaS security has shifted from 2022 to 2023

The fourth annual SaaS security survey_, "2025 CISO Plans and Priorities,"_ was conducted by the CSA and commissioned by SaaS security leader Adaptive Shield. A total of 478 global security professionals participated in the survey, across all verticals. The survey shares their perspective on SaaS security successes and challenges as CISOs prepare to set priorities for 2025.

_Download the full SaaS security survey report_

**Key findings:******SaaS Security is More Important Than Ever****

The survey shows the growing importance of SaaS security to organizations, who use SaaS applications to manage operations and store critical data.

"For years, SaaS security has been an afterthought. However, the landscape depicted in this year's survey paints a dramatically different picture, one where SaaS security has surged to the forefront of corporate agendas," the CSA said in the report.

The survey found that 80% of organizations are prioritizing SaaS security with 41% making it a high priority and 39% a moderate priority.

Figure 2: Security professionals rate the priority level of SaaS security in their organization

****70% of Organizations Have Established Dedicated SaaS Security Teams****

The emergence of SaaS-specific security roles was identified for the first time in the annual survey, with more than 70% confirming they have dedicated teams: 57% percent reported having a SaaS security team of at least two full-time staffers, while another 13% said they had one person dedicated to securing SaaS applications.

"Dedicated SaaS security teams make sense in an enterprise context. The role of SaaS security is cross-functional, overlaying multiple areas that are rarely touched by just a single team. Due to the nature of SaaS, these teams are involved in identity security, risk management, endpoint security, and threat detection," the CSA said in the report.

****SaaS Security Capabilities Are Improving****

Organizations have also significantly improved key SaaS security capabilities compared to the previous year, the survey found. In fact, 62% of organizations now consider their SaaS security posture to be moderately to highly mature.

Figure 3: How organizations perceive their SaaS security maturity

Thanks to acquiring SaaS security capabilities, visibility into the SaaS stack is increasing. Today, 70% of organizations have moderate (47%) to full visibility (23%) into their SaaS applications, with those achieving full visibility having more than doubled over the past year, the report said.

This enhanced oversight is pivotal for effective configuration and user management. It also plays a crucial role in identifying mistakenly or unwanted publicly shared data resources, such as documents and repositories.

Detection capabilities surrounding multi-factor authentication (MFA) attacks have also improved from to 62% from 47% a year ago. In threat detection, 62% percent of respondents state their ability to detect abnormal user behavior, compared with 44% a year ago.

****Organizations are Still Facing Challenges in SaaS Security Efforts****

While organizations have improved SaaS security oversight, 73 percent surveyed pointed to achieving visibility into business-critical apps as their biggest challenge.

According to respondents, the top 10 most difficult apps to secure include business-critical apps such as Microsoft 365, GitHub, Microsoft Teams, Jira, Salesforce, and Google Workspace.

Figure 4: Top 10 most challenging applications to manage from a security perspective

Additional challenges include tracking and monitoring security risks from third-party connected apps (65%); locating and fixing SaaS misconfigurations (65%); ensuring data governance and privacy (63%); and aligning SaaS application settings with compliance standards (61%).

Figure 5: Security professionals rate the biggest challenges in SaaS security

****Despite challenges, SaaS security investment is paying off****

The investment the survey uncovered clearly demonstrates that organizations are taking SaaS security seriously. In fact, the survey identified a positive trend: 25% of respondents experienced a SaaS security incident in the past two years, compared with 53% last year.

The most common security incidents reported were data breaches (52%) and data leakage (50%), followed by unauthorized access (44%) and malicious applications (38%).

Figure 6: Thanks to investment in SaaS security, the number of breaches declined over the past year

****SSPM Users Able to Better Handle SaaS Security Challenges****

Companies that have adopted SaaS Security Posture Management (SSPM) are faring better than those using other tools, such as CASB and manual audits, to secure the SaaS stack.

Those using SSPM are more than twice as likely to have full visibility into their SaaS stack — 62% of these organizations are able to oversee over 75% of their SaaS environment compared to those who utilize other tools and manual processes in their strategy (31%).

SSPM users were also more likely to find key SaaS Security tasks to be easy, while non-SSPM users found them to be very hard.

The survey demonstrates a positive momentum in SaaS security strategy. From establishing teams to implementation of new SaaS security processes and tools, organizations across the board are prioritizing efforts in SaaS security. The integration of SSPM emerges as a factor in enhancing an organization's SaaS security. The survey highlights the importance of revisiting and refining SaaS security strategies within organizations to include tools that specifically address SaaS security. This can help shore up the current difficulties and address security gaps they are currently facing, thus reducing the likelihood of a SaaS security incident in the future.

_Read the full SaaS security survey report now_

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

The Annual SaaS Security Report: 2025 CISO Plans and Priorities 

A ShinyHunters hacker tells WIRED that they gained access to Ticketmaster’s Snowflake cloud account—and others—by first breaching a third-party contractor.

Hackers who stole terabytes of data from Ticketmaster and other customers of the cloud storage firm Snowflake claim they obtained access to some of the Snowflake accounts by first breaching a Belarusian-founded contractor that works with those customers.

About 165 customer accounts were potentially affected in the recent hacking campaign targeting Snowflake’s customers, but only a few of these have been identified so far. In addition to Ticketmaster, the banking firm Santander has also acknowledged that their data was stolen but declined to identify the account from which it was stolen. Wired, however, has independently confirmed that it was a Snowflake account; the stolen data included bank account details for 30 million customers, including 6 million account numbers and balances, 28 million credit card numbers, and human resources information about staff, according to a post published by the hackers. Lending Tree and Advance Auto Parts have also said they might be victims as well.

Snowflake has not revealed details about how the hackers accessed the accounts, saying only that the intruders did not directly breach Snowflake’s network. This week, Google-owned security firm Mandiant, one of the companies engaged by Snowflake to investigate the breaches, revealed in a blog post that in some cases the hackers first obtained access through third-party contractors, without identifying the contractors or stating how this access aided the hackers in breaching the Snowflake accounts.

But according to one of the hackers who spoke with WIRED through a text chat, one of those firms was EPAM Systems, a publicly traded software engineering and digital services firm, founded by Belarus-born Arkadiy Dobkin, with current revenue of around $4.8 billion. The hacker says his group, which calls themselves ShinyHunters, used data found on an EPAM employee system to gain access to some of the Snowflake accounts.

EPAM told WIRED that it does not believe that it played a role in the breaches and suggested the hacker had fabricated the tale. ShinyHunters has been around since 2020 and has been responsible for numerous breaches since then that involve stealing large troves of data and leaking or selling it online.

Snowflake is a large data storage and analysis firm that provides tools for companies to derive intelligence and insight from customer data. EPAM develops software and provides various managed services for customers worldwide, primarily in North America, Europe, Asia, and Australia, according to its web site, with about 60 percent of its revenue coming from customers in North America. Among the services EPAM provides customers is assistance with using and managing their Snowflake accounts to store and analyze their data. EPAM claims it has some 300 workers who are experienced in using Snowflake’s data analytics tools and services, and announced in 2022 that it had attained “Elite Tier Partner” status with Snowflake to leverage the latter’s analytics platform for its customers.

EPAM’s founder emigrated from Belarus to the US in the ’90s before founding his company in 1993 from his New Jersey apartment. Nearly two-thirds of EPAM’s 55,000 employees resided in Ukraine, Belarus, and Russia until Russia invaded Ukraine, at which point the company says it closed its Russia operations and moved some of its Ukrainian workers to locations outside of that country.

The hacker who spoke with WIRED says that a computer belonging to one of EPAM’s employees in Ukraine was infected with info-stealer malware through a spear-phishing attack. It’s unclear if someone from ShinyHunters conducted this initial breach or just purchased access to the infected system from someone else who hacked the worker and installed the infostealer. The hacker says that once on the EPAM worker’s system, they installed a remote-access Trojan, giving them complete access to everything on the worker’s computer.

Using this access, they say, they found unencrypted usernames and passwords that the worker used to access and manage EPAM customers’ Snowflake accounts, including an account for Ticketmaster. The hacker says the credentials were stored on the worker’s machine in a project management tool called Jira. The hackers were able to use those credentials, they say, to access the Snowflake accounts because the Snowflake accounts didn’t require multifactor authentication (MFA) to access them. (MFA requires that users type in a one-time temporary code in addition to a username and password, making accounts that use MFA more secure.)

While EPAM denies it was involved in the breach, hackers did steal data from Snowflake accounts including Ticketmaster's, and have extorted the owners of the data by demanding hundreds of thousands, and in some cases more than a million, dollars to destroy the data or risk having the hackers sell it elsewhere.

The hacker who spoke with WIRED didn’t identify all of the victims breached through EPAM but did indicate that Ticketmaster was one of them. Ticketmaster did not respond to a request for comment from WIRED. But Ticketmaster’s parent company, Live Nation, has acknowledged that data was stolen from its Snowflake account in May without revealing how much data was stolen or how the hackers accessed the Snowflake account. In a post offering the data for sale, however, the hackers indicated that they had taken data on 560 million Ticketmaster consumers.

The hacker claims that in some cases they were able to directly access the Snowflake account of EPAM customers using the plaintext usernames and passwords they found on the EPAM worker’s computer. But in cases where Snowflake credentials weren’t stored on the worker’s system, the hacker claims they sifted through stockpiles of old credentials stolen in previous breaches by hackers using infostealer malware and found additional usernames and passwords for Snowflake accounts, including ones harvested from the machine of the same EPAM worker in Ukraine.

Credentials harvested by infostealers are often posted online or made available for sale on hacker forums. If victims don’t change their login credentials after a breach, or don’t know their data has been stolen, those credentials can remain active and available for years. It’s especially problematic if those credentials are used across multiple accounts; hackers can identify the user through the email address they use as a login credential, and if that person reuses the same password, hackers can simply try those credentials in multiple places.

The hackers in this case say they were able to use credentials stolen by an infostealer in 2020 to access Snowflake accounts.

WIRED wasn’t able to independently confirm that the hackers were inside the EPAM worker’s machine or used EPAM to gain access to Ticketmaster’s data and other Snowflake accounts, but the hacker provided WIRED with a file that appears to be a list of EPAM worker credentials lifted from the company’s Active Directory database after they gained access to the worker’s computer.

Furthermore, in the blog post written by Mandiant, which was published after the hacker told WIRED about his group’s use of data harvested by infostealers, the security firm revealed that the hackers who breached Snowflake accounts used old data siphoned by infostealers to access some of the accounts. Mandiant said that about 80 percent of the victims it identified in the Snowflake campaign were compromised using credentials that had previously been stolen and exposed by infostealers.

And an independent security researcher who has been helping to negotiate the ransom transactions between the ShinyHunter hackers and victims of the Snowflake campaign pointed WIRED to an online repository of data harvested by an infostealer that includes data siphoned from the computer of the EPAM worker in Ukraine that the hacker says was used to gain access to the Snowflake accounts. This stolen data includes the worker’s browser history, which reveals the worker’s complete name. It also includes an internal EPAM URL pointing to Ticketmaster’s Snowflake account, as well as a plaintext version of the username and password that the EPAM worker used to access the Ticketmaster Snowflake account.

“This means that \[an EPAM worker\] who had access to that Snowflake \[account\] had password-stealing malware on their computer, and their password was stolen and sold on the dark web,” says the researcher, who asked to be identified only as Reddington, an identity they use online to communicate with cybercriminals. “This means that anyone that knew the correct URL to \[Ticketmaster’s\] Snowflake could have simply looked up the password, logged in, and stolen the data.”

An EPAM spokesperson did not seem to be aware when contacted by WIRED early this week that its company allegedly played a role in breaches of Snowflake accounts. “We do not comment on situations to which we are not a part,” she wrote in an email, suggesting the company did not believe it played any role in the campaign. When WIRED provided the spokeswoman with details about how the hackers say they obtained access to the system of an EPAM worker in Ukraine, she replied, “Hackers frequently spread false information to advance their agendas. We maintain a policy of not engaging with misinformation and consistently uphold robust security measures to protect our operations and customers. We are continuing our exhaustive investigation and, at this time, see no evidence to suggest that we have been affected or involved in this matter.”

WIRED followed up by providing the name of the Ukrainian worker whose machine the hackers allegedly compromised, as well as the username and password the worker used for accessing Ticketmaster’s Snowflake account, but the spokesperson did not respond to any additional questions.

It’s possible the ShinyHunter hackers did not directly hack the EPAM worker, and simply gained access to the Snowflake accounts using usernames and passwords they obtained from old repositories of credentials stolen by info stealers. But, as Reddington points out, this means that anyone else can sift through those repositories for these and other credentials stolen from EPAM accounts. Reddington says they found data online that was used by nine different infostealers to harvest data from the machines of EPAM workers. This raises potential concerns about the security of data belonging to other EPAM customers.

EPAM has customers across various critical industries, including banks and other financial services, health care, broadcast networks, pharmaceutical, energy and other utilities, insurance, and software and hi-tech—the latter customers include Microsoft, Google, Adobe, and Amazon Web Services. It’s not clear, however, if any of these companies have Snowflake accounts to which EPAM workers have access. WIRED also wasn’t able to confirm whether Ticketmaster, Santander, Lending Tree, or Advance AutoParts are EPAM customers.

The Snowflake campaign also highlights the growing security risks from third-party companies in general and from infostealers. In its blog post this week, Mandiant suggested that multiple contractors were breached to gain access to Snowflake accounts, noting that contractors—often known as business process outsourcing (BPO) companies—are a potential gold mine for hackers, because compromising the machine of a contractor that has access to the accounts of multiple customers can give them direct access to many customer accounts.

“Contractors that customers engage to assist with their use of Snowflake may utilize personal and/or non-monitored laptops that exacerbate this initial entry vector,” wrote Mandiant in its blog post. “These devices, often used to access the systems of multiple organizations, present a significant risk. If compromised by infostealer malware, a single contractor's laptop can facilitate threat actor access across multiple organizations, often with IT and administrator-level privileges.”

The company also highlighted the growing risk from infostealers, noting that the majority of the credentials the hackers used in the Snowflake campaign came from repositories of data previously stolen by various infostealer campaigns, some of which dated as far back as 2020. “Mandiant identified hundreds of customer Snowflake credentials exposed via infostealers since 2020,” the company noted.

This, accompanied by the fact that the targeted Snowflake accounts didn’t use MFA to further protect them, made the breaches in this campaign possible, Mandiant notes.

Snowflake’s CISO, Brad Jones, acknowledged last week that the lack of multifactor authentication enabled the breaches. In a phone call this week, Jones told WIRED that Snowflake is working on giving its customers the ability to mandate that users of their accounts employ multifactor authentication going forward, “and then we’ll be looking in the future to \[make the\] default MFA,” he says.

_Update 6/17/2024, 5:45 pm EDT: The article was updated to clarify the details that Santander has publicly revealed about the hack._

Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake

Red Hat Security Advisory 2024-3854-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include double free and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3854.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel-rt security and bug fix update  
Advisory ID:        RHSA-2024:3854-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3854  
Issue date:         2024-06-12  
Revision:           03  
CVE Names:          CVE-2023-5090  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090)

* kernel: bluetooth: bt_sock_ioctl race condition leads to use-after-free in bt_sock_recvmsg (CVE-2023-51779)

* kernel: kvm: Avoid potential UAF in LPI translation cache (CVE-2024-26598)

* kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)

Bug Fix:

* kernel-rt: update RT source tree to the latest RHEL-9.2 ad hoc schedule build (JIRA:RHEL-38545)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5090

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2248122  
https://bugzilla.redhat.com/show_bug.cgi?id=2256822  
https://bugzilla.redhat.com/show_bug.cgi?id=2265801  
https://bugzilla.redhat.com/show_bug.cgi?id=2281350

Red Hat Security Advisory 2024-3854-03

PRESS RELEASE

TEL AVIV, Israel, June 06, 2024 (GLOBE NEWSWIRE) -- Backslash Security, today unveiled expansive new platform capabilities. With a broad roster of new on-premises integrations, security team workflow integrations and automation features, CI/CD integrations, and bolstered language support, Backslash now serves the full software development lifecycle and further supports the application security needs of large enterprises.

“There are two core elements that make AppSec teams successful – one is cutting through the noise to prioritize truly reachable and exploitable vulnerabilities; the other is building confidence with our developers to trust that the risks we flag are real, and worth their effort to investigate and fix,” said Shane Garoutte, Head of Security & Compliance at Capital Rx. “Backslash’s focus on reachability analysis enables us to achieve both, and with the platform’s expanded capabilities, we can also work seamlessly with DevOps to integrate security throughout the software development lifecycle.”

Backslash combines SCA, SAST, SBOM, VEX, and secrets detection to replace outdated legacy SAST and SCA tools with a single, enterprise-ready platform that uncovers the most critical risks through reachability analysis. Newly released enhancements to the Backslash platform include:

Extended support for large enterprise use cases: 

*   Integrations with Github Enterprise On-Premise, Github Enterprise Server, Gitlab On-Premise and Bitbucket On-Premise enable seamless connection to enterprise on-premises codebases.
    
*   Extended language support adds C, C++, Ruby, Rust and Scala to Backslash’s existing language portfolio to serve diverse technology stacks and secure the entire codebase, including third party libraries and dependencies.
    
*   Role-based access controls enable enterprises to easily manage access to the Backslash platform for large and varied user bases across the organization.
    

Security team workflow enhancements: New automation policies and actions features enable Backslash users to specify security workflows and automatically create tickets and notifications with the following collaboration platforms: Jira, Monday.com, ServiceNow, Slack and Microsoft Teams.

CI/CD integrations for DevSecOps support: Integrations with Gitlab Pipelines, Github Actions and Azure Pipelines enable DevOps teams to implement DevSecOps processes and prevent new issues from being introduced in the pull request and CI/CD stages.

Reachability analysis enhancements:

*   Phantom packages are packages not defined or controlled by the app developer but introduced by a transitive one, escaping the developer's control and potentially introducing vulnerable versions into the application. Backslash detects these phantom packages in OSS code, even if they are not declared in manifest files.
    
*   Backslash Security’s reachability analysis identifies vulnerable transitive packages, helping developers understand which vulnerabilities are actually in use and therefore exploitable within their codebase, allowing them to prioritize what to fix.
    
*   New UI features bolster reachability evidence by showing code references for each reachable path.
    

"Backslash enables enterprises to prioritize truly critical code risks and facilitate trust among the many teams and stakeholders within the software development lifecycle," said Yossi Pik, co-founder and CTO of Backslash Security. "These latest enhancements automate key AppSec tasks, ensure issues are handled according to the correct priorities, and integrate smoothly into organizational workflows, all while strengthening our reachability analysis to provide enterprise security teams with incomparable results."

Start a free trial with full access to the Backslash platform via a pre-configured demo environment that includes SAST, SCA, phantom packages, VEX, SBOM, secrets, and more, now available at backslash.security/trial.

About Backslash  
Backslash's fusion of SAST and SCA empowers enterprise AppSec teams to focus on fixing only the reachable, exploitable code vulnerabilities. By identifying authentic attack paths pointed at reachable code, Backslash empowers security teams to focus on rectifying only the code and open-source software (OSS) components that are actively in use and accessible to potential attackers. Thanks to this precision, Backslash enables teams to fix only the vulnerable code and OSS that indeed needs addressing – the reachable, exploitable components.

Backed by StageOne Ventures, First Rays Venture Partners, D. E. Shaw & Co., and a roster of security veterans as angel investors, Backslash has been deployed across leading technology organizations and Fortune 100 companies. Learn more at https://www.backslash.security/.

Backslash Unveils Enterprise-Grade Capabilities to its Reachability-Based AppSec Platform

Data breach at Australian fast food giant Patties Foods exposes critical customer data! Learn what information may be…

Data breach at Australian fast food giant Patties Foods exposes critical customer data! Learn what information may be exposed, the potential risks, and what you can do to protect yourself if you’re a customer.

Leading Australian food service provider and fast-food giant Patties Foods, is facing a data breach controversy after Website Planet reported exposure of sensitive customer information due to an unprotected database.

Reportedly, cybersecurity researcher Jeremiah Fowler discovered two non-password-protected databases containing 524k documents belonging to Patties Foods Limited, a renowned producer of edible products such as meat pies, sausage rolls, frozen fruits, etc. 

The first database exposed a logging server with 496,296 records, including system errors, warnings, indexing operations, search queries, and cluster health status. The second exposed a separate cloud storage database with 25,800 invoices and distribution records in.pdf and.xls formats. Exposed internal logging records also contained project management software Jira’s support tickets, with information on issues and support requests’ status.

Further probing revealed that the IP address was managed by Provenio.ai, which facilitates AI-powered productivity for Australian companies’ supply chain back-office. Fowler sent a responsible disclosure to Provenio, and the company restricted access to both databases within two hours, thanked him and confirmed they were taking this incident “very seriously.”

The exposed databases contained a vast amount of information, including vendor, contact, email, invoices amounting to a “significant sum,” and banking details like account numbers, invoice amount, supplier number and name, invoice number and amount, approval code, communication between Patties and Provenio, and employee names, which could be valuable information for cybercriminals. 

Screenshot from the leaked data provided to Hackread.com by WebsitePlanet.

The duration of the exposure and potential access to these records remain unknown. However, if unauthorized access occurs, the information can put consumers at risk of scams like invoice fraud, which involves the manipulation of invoices to deceive businesses. Furthermore, criminals can exploit data breaches to launch fraudulent schemes by using non-public internal information, such as billing details and contact information.

By exploiting a company’s trust in its vendors, criminals can deceive businesses into making unwarranted payments. The presence of spreadsheets and invoices containing fleet and transportation information could provide criminals with additional inside information to enable fraudulent activities.

This incident occurred at a time when the Australian Cyber Security Centre (ACCC) warned about the risk of invoice scams targeting citizens by sending victims altered payment requests. In 2023, Australians reported losing $16.2 million to payment redirection scams.

Patties Foods customers should monitor their bank statements for suspicious activity, especially credit card transactions, change passwords for accounts used at the store, and be cautious of phishing attempts through unsolicited emails.

****RELATED ARTICLES****

1.  Aussie Travel Agency Data Leak Puts Tourists at Risk
2.  Hackers Demand Ransom from Hacked Aussie Food Company
3.  User data exposed in Australia’s 2nd-largest telecom firm breach
4.  Aussie govt emergency service hacked to send fake warning alerts
5.  Aussie Defence Force Communications Service Hit by Ransomware Attack

Database Mess Up: Aussie Food Giant Patties Foods Leaks Trove of Data

Red Hat Security Advisory 2024-3530-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3530.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kernel-rt security and bug fix updateAdvisory ID:        RHSA-2024:3530-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3530Issue date:         2024-05-31Revision:           03CVE Names:          CVE-2023-52578====================================================================Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.Security Fix(es):* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)* kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)Bug Fix(es):* kernel-rt: update RT source tree to the latest RHEL-8.4.z Batch 25 (JIRA:RHEL-36724)* [RHEL-8.4] kernel-rt-debug: BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:968 (JIRA:RHEL-8758)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-52578References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2262126https://bugzilla.redhat.com/show_bug.cgi?id=2267758

Red Hat Security Advisory 2024-3530-03

Red Hat Security Advisory 2024-3462-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3462.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security and bug fix update  
Advisory ID:        RHSA-2024:3462-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3462  
Issue date:         2024-05-29  
Revision:           03  
CVE Names:          CVE-2021-47013  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* RHEL: Add Spectre-BHB mitigation for AmpereOne (CVE-2023-3006)

* kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013)

* kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)

Bug Fix(es):

* XFS: thaw operation hungs if caches are dropped while FS is frozen  (JIRA:RHEL-34522)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47013

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2141026  
https://bugzilla.redhat.com/show_bug.cgi?id=2266841  
https://bugzilla.redhat.com/show_bug.cgi?id=2267758

Red Hat Security Advisory 2024-3462-03

Red Hat Security Advisory 2024-3461-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3461.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security and bug fix update  
Advisory ID:        RHSA-2024:3461-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3461  
Issue date:         2024-05-29  
Revision:           03  
CVE Names:          CVE-2024-26642  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643)

* kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)

* kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (CVE-2024-26673)

* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)

* kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

* kernel: cifs: fix underflow in parse_server_interfaces() (CVE-2024-26828)

* kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)

Bug Fix(es):

* lan78xx changes for 9.2.z, to fix link speed change exception and other bug fixes (JIRA:RHEL-34926)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-26642

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2270879  
https://bugzilla.redhat.com/show_bug.cgi?id=2270881  
https://bugzilla.redhat.com/show_bug.cgi?id=2272816  
https://bugzilla.redhat.com/show_bug.cgi?id=2273278  
https://bugzilla.redhat.com/show_bug.cgi?id=2273423  
https://bugzilla.redhat.com/show_bug.cgi?id=2275600  
https://bugzilla.redhat.com/show_bug.cgi?id=2278314

Red Hat Security Advisory 2024-3461-03

Red Hat Security Advisory 2024-3460-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3460.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel-rt security and bug fix update  
Advisory ID:        RHSA-2024:3460-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3460  
Issue date:         2024-05-29  
Revision:           03  
CVE Names:          CVE-2024-26642  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643)

* kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)

* kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (CVE-2024-26673)

* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)

* kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

* kernel: cifs: fix underflow in parse_server_interfaces() (CVE-2024-26828)

* kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)

Bug Fix:

* kernel-rt: update RT source tree to the latest RHEL-9.2 ad hoc schedule build (JIRA:RHEL-36221)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-26642

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2270879  
https://bugzilla.redhat.com/show_bug.cgi?id=2270881  
https://bugzilla.redhat.com/show_bug.cgi?id=2272816  
https://bugzilla.redhat.com/show_bug.cgi?id=2273278  
https://bugzilla.redhat.com/show_bug.cgi?id=2273423  
https://bugzilla.redhat.com/show_bug.cgi?id=2275600  
https://bugzilla.redhat.com/show_bug.cgi?id=2278314

Red Hat Security Advisory 2024-3460-03

Red Hat Security Advisory 2024-3421-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3421.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security and bug fix update  
Advisory ID:        RHSA-2024:3421-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3421  
Issue date:         2024-05-28  
Revision:           03  
CVE Names:          CVE-2023-4244  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240)

* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

* kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)

* CVE-2024-25743 hw: amd: Instruction raise #VC exception at exit (AMD-SN-3008,CVE-2024-25742,CVE-2024-25743)

* kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (CVE-2023-52628)

* kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction (CVE-2023-4244)

* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

Bug Fix(es):

* kdump 2nd kernel panic in call trace tick_handle_periodic (JIRA:RHEL-32889)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-4244

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2235306  
https://bugzilla.redhat.com/show_bug.cgi?id=2250843  
https://bugzilla.redhat.com/show_bug.cgi?id=2255139  
https://bugzilla.redhat.com/show_bug.cgi?id=2262126  
https://bugzilla.redhat.com/show_bug.cgi?id=2265645  
https://bugzilla.redhat.com/show_bug.cgi?id=2270836  
https://bugzilla.redhat.com/show_bug.cgi?id=2272041

Tag

#jira