Ubuntu Security Notice 7120-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7120-2November 20, 2024linux-aws-6.8, linux-azure, linux-azure-6.8, linux-oracle-6.8,vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-aws-6.8: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-6.8: Linux kernel for Microsoft Azure cloud systems- linux-oracle-6.8: Linux kernel for Oracle Cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - File systems infrastructure;  - Network traffic control;(CVE-2024-46800, CVE-2024-43882)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1018-azure    6.8.0-1018.21  linux-image-6.8.0-1018-azure-fde  6.8.0-1018.21  linux-image-azure               6.8.0-1018.21  linux-image-azure-fde           6.8.0-1018.21Ubuntu 22.04 LTS  linux-image-6.8.0-1016-oracle   6.8.0-1016.17~22.04.1  linux-image-6.8.0-1016-oracle-64k  6.8.0-1016.17~22.04.1  linux-image-6.8.0-1018-azure    6.8.0-1018.21~22.04.1  linux-image-6.8.0-1018-azure-fde  6.8.0-1018.21~22.04.1  linux-image-6.8.0-1019-aws      6.8.0-1019.21~22.04.1  linux-image-aws                 6.8.0-1019.21~22.04.1  linux-image-azure               6.8.0-1018.21~22.04.1  linux-image-azure-fde           6.8.0-1018.21~22.04.1  linux-image-oracle              6.8.0-1016.17~22.04.1  linux-image-oracle-64k          6.8.0-1016.17~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7120-2  https://ubuntu.com/security/notices/USN-7120-1  CVE-2024-43882, CVE-2024-46800Package Information:  https://launchpad.net/ubuntu/+source/linux-azure/6.8.0-1018.21  https://launchpad.net/ubuntu/+source/linux-aws-6.8/6.8.0-1019.21~22.04.1  https://launchpad.net/ubuntu/+source/linux-azure-6.8/6.8.0-1018.21~22.04.1  https://launchpad.net/ubuntu/+source/linux-oracle-6.8/6.8.0-1016.17~22.04.1

Ubuntu Security Notice USN-7120-2

Ubuntu Security Notice 7122-1 - A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7122-1November 19, 2024linux vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 14.04 LTSSummary:The system could be made to crash under certain conditions.Software Description:- linux: Linux kernelDetails:A security issue was discovered in the Linux kernel.An attacker could possibly use this to compromise the system.This update corrects flaws in the following subsystems:  - x86 architecture;Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 14.04 LTS  linux-image-3.13.0-200-generic  3.13.0-200.251                                  Available with Ubuntu Pro  linux-image-3.13.0-200-lowlatency  3.13.0-200.251                                  Available with Ubuntu Pro  linux-image-generic             3.13.0.200.210                                  Available with Ubuntu Pro  linux-image-generic-lts-trusty  3.13.0.200.210                                  Available with Ubuntu Pro  linux-image-lowlatency          3.13.0.200.210                                  Available with Ubuntu Pro  linux-image-server              3.13.0.200.210                                  Available with Ubuntu Pro  linux-image-virtual             3.13.0.200.210                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7122-1  CVE-2022-48943

Ubuntu Security Notice USN-7122-1

Ubuntu Security Notice 7121-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7121-1November 19, 2024linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-kvm: Linux kernel for cloud environments- linux-oracle: Linux kernel for Oracle Cloud systems- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe: Linux hardware enablement (HWE) kernelDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM64 architecture;  - S390 architecture;  - x86 architecture;  - Block layer subsystem;  - Cryptographic API;  - ATM drivers;  - Device frequency scaling framework;  - GPU drivers;  - Hardware monitoring drivers;  - VMware VMCI Driver;  - Network drivers;  - Device tree and open firmware driver;  - SCSI drivers;  - Greybus lights staging drivers;  - BTRFS file system;  - File systems infrastructure;  - F2FS file system;  - JFS file system;  - NILFS2 file system;  - Netfilter;  - Memory management;  - Ethernet bridge;  - IPv6 networking;  - IUCV driver;  - Logical Link layer;  - MAC80211 subsystem;  - NFC subsystem;  - Network traffic control;  - Unix domain sockets;(CVE-2023-52614, CVE-2024-26633, CVE-2024-46758, CVE-2024-46723,CVE-2023-52502, CVE-2024-41059, CVE-2024-44987, CVE-2024-36020,CVE-2023-52599, CVE-2023-52639, CVE-2024-26668, CVE-2024-42094,CVE-2022-48938, CVE-2022-48733, CVE-2024-27397, CVE-2023-52578,CVE-2024-38560, CVE-2024-38538, CVE-2024-42310, CVE-2024-46722,CVE-2024-46800, CVE-2024-41095, CVE-2024-42104, CVE-2024-35877,CVE-2022-48943, CVE-2024-46743, CVE-2023-52531, CVE-2024-46757,CVE-2024-36953, CVE-2024-46756, CVE-2024-38596, CVE-2023-52612,CVE-2024-38637, CVE-2024-41071, CVE-2024-46759, CVE-2024-43882,CVE-2024-26675, CVE-2024-43854, CVE-2024-44942, CVE-2024-44998,CVE-2024-42240, CVE-2024-41089, CVE-2024-26636, CVE-2024-46738,CVE-2024-42309)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  linux-image-4.15.0-1137-oracle  4.15.0-1137.148                                  Available with Ubuntu Pro  linux-image-4.15.0-1158-kvm     4.15.0-1158.163                                  Available with Ubuntu Pro  linux-image-4.15.0-1168-gcp     4.15.0-1168.185                                  Available with Ubuntu Pro  linux-image-4.15.0-1175-aws     4.15.0-1175.188                                  Available with Ubuntu Pro  linux-image-4.15.0-1183-azure   4.15.0-1183.198                                  Available with Ubuntu Pro  linux-image-4.15.0-231-generic  4.15.0-231.243                                  Available with Ubuntu Pro  linux-image-4.15.0-231-lowlatency  4.15.0-231.243                                  Available with Ubuntu Pro  linux-image-aws-lts-18.04       4.15.0.1175.173                                  Available with Ubuntu Pro  linux-image-azure-lts-18.04     4.15.0.1183.151                                  Available with Ubuntu Pro  linux-image-gcp-lts-18.04       4.15.0.1168.181                                  Available with Ubuntu Pro  linux-image-generic             4.15.0.231.215                                  Available with Ubuntu Pro  linux-image-kvm                 4.15.0.1158.149                                  Available with Ubuntu Pro  linux-image-lowlatency          4.15.0.231.215                                  Available with Ubuntu Pro  linux-image-oracle-lts-18.04    4.15.0.1137.142                                  Available with Ubuntu Pro  linux-image-virtual             4.15.0.231.215                                  Available with Ubuntu ProUbuntu 16.04 LTS  linux-image-4.15.0-1168-gcp     4.15.0-1168.185~16.04.1                                  Available with Ubuntu Pro  linux-image-4.15.0-1175-aws     4.15.0-1175.188~16.04.1                                  Available with Ubuntu Pro  linux-image-4.15.0-1183-azure   4.15.0-1183.198~16.04.1                                  Available with Ubuntu Pro  linux-image-4.15.0-231-generic  4.15.0-231.243~16.04.1                                  Available with Ubuntu Pro  linux-image-4.15.0-231-lowlatency  4.15.0-231.243~16.04.1                                  Available with Ubuntu Pro  linux-image-aws-hwe             4.15.0.1175.188~16.04.1                                  Available with Ubuntu Pro  linux-image-azure               4.15.0.1183.198~16.04.1                                  Available with Ubuntu Pro  linux-image-gcp                 4.15.0.1168.185~16.04.1                                  Available with Ubuntu Pro  linux-image-generic-hwe-16.04   4.15.0.231.243~16.04.1                                  Available with Ubuntu Pro  linux-image-gke                 4.15.0.1168.185~16.04.1                                  Available with Ubuntu Pro  linux-image-lowlatency-hwe-16.04  4.15.0.231.243~16.04.1                                  Available with Ubuntu Pro  linux-image-oem                 4.15.0.231.243~16.04.1                                  Available with Ubuntu Pro  linux-image-virtual-hwe-16.04   4.15.0.231.243~16.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7121-1  CVE-2022-48733, CVE-2022-48938, CVE-2022-48943, CVE-2023-52502,  CVE-2023-52531, CVE-2023-52578, CVE-2023-52599, CVE-2023-52612,  CVE-2023-52614, CVE-2023-52639, CVE-2024-26633, CVE-2024-26636,  CVE-2024-26668, CVE-2024-26675, CVE-2024-27397, CVE-2024-35877,  CVE-2024-36020, CVE-2024-36953, CVE-2024-38538, CVE-2024-38560,  CVE-2024-38596, CVE-2024-38637, CVE-2024-41059, CVE-2024-41071,  CVE-2024-41089, CVE-2024-41095, CVE-2024-42094, CVE-2024-42104,  CVE-2024-42240, CVE-2024-42309, CVE-2024-42310, CVE-2024-43854,  CVE-2024-43882, CVE-2024-44942, CVE-2024-44987, CVE-2024-44998,  CVE-2024-46722, CVE-2024-46723, CVE-2024-46738, CVE-2024-46743,  CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759,  CVE-2024-46800

Ubuntu Security Notice USN-7121-1

Ubuntu Security Notice 7120-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7120-1November 19, 2024linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-hwe-6.8,linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency,linux-oem-6.8, linux-oracle, linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-nvidia: Linux kernel for NVIDIA systems- linux-nvidia-lowlatency: Linux low latency kernel for NVIDIA systems- linux-oem-6.8: Linux kernel for OEM systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-gcp-6.8: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-6.8: Linux hardware enablement (HWE) kernel- linux-nvidia-6.8: Linux kernel for NVIDIA systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - File systems infrastructure;  - Network traffic control;(CVE-2024-46800, CVE-2024-43882)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1014-gke      6.8.0-1014.18  linux-image-6.8.0-1015-raspi    6.8.0-1015.17  linux-image-6.8.0-1016-ibm      6.8.0-1016.16  linux-image-6.8.0-1016-oracle   6.8.0-1016.17  linux-image-6.8.0-1016-oracle-64k  6.8.0-1016.17  linux-image-6.8.0-1017-oem      6.8.0-1017.17  linux-image-6.8.0-1018-gcp      6.8.0-1018.20  linux-image-6.8.0-1018-nvidia   6.8.0-1018.20  linux-image-6.8.0-1018-nvidia-64k  6.8.0-1018.20  linux-image-6.8.0-1018-nvidia-lowlatency  6.8.0-1018.20.1  linux-image-6.8.0-1018-nvidia-lowlatency-64k  6.8.0-1018.20.1  linux-image-6.8.0-1019-aws      6.8.0-1019.21  linux-image-6.8.0-49-generic    6.8.0-49.49  linux-image-6.8.0-49-generic-64k  6.8.0-49.49  linux-image-aws                 6.8.0-1019.21  linux-image-gcp                 6.8.0-1018.20  linux-image-generic             6.8.0-49.49  linux-image-generic-64k         6.8.0-49.49  linux-image-generic-64k-hwe-24.04  6.8.0-49.49  linux-image-generic-hwe-24.04   6.8.0-49.49  linux-image-generic-lpae        6.8.0-49.49  linux-image-gke                 6.8.0-1014.18  linux-image-ibm                 6.8.0-1016.16  linux-image-ibm-classic         6.8.0-1016.16  linux-image-ibm-lts-24.04       6.8.0-1016.16  linux-image-kvm                 6.8.0-49.49  linux-image-nvidia              6.8.0-1018.20  linux-image-nvidia-64k          6.8.0-1018.20  linux-image-nvidia-lowlatency   6.8.0-1018.20.1  linux-image-nvidia-lowlatency-64k  6.8.0-1018.20.1  linux-image-oem-24.04           6.8.0-1017.17  linux-image-oem-24.04a          6.8.0-1017.17  linux-image-oracle              6.8.0-1016.17  linux-image-oracle-64k          6.8.0-1016.17  linux-image-raspi               6.8.0-1015.17  linux-image-virtual             6.8.0-49.49  linux-image-virtual-hwe-24.04   6.8.0-49.49Ubuntu 22.04 LTS  linux-image-6.8.0-1018-gcp      6.8.0-1018.20~22.04.1  linux-image-6.8.0-1018-nvidia   6.8.0-1018.20~22.04.1  linux-image-6.8.0-1018-nvidia-64k  6.8.0-1018.20~22.04.1  linux-image-6.8.0-49-generic    6.8.0-49.49~22.04.1  linux-image-6.8.0-49-generic-64k  6.8.0-49.49~22.04.1  linux-image-gcp                 6.8.0-1018.20~22.04.1  linux-image-generic-64k-hwe-22.04  6.8.0-49.49~22.04.1  linux-image-generic-hwe-22.04   6.8.0-49.49~22.04.1  linux-image-nvidia-6.8          6.8.0-1018.20~22.04.1  linux-image-nvidia-64k-6.8      6.8.0-1018.20~22.04.1  linux-image-nvidia-64k-hwe-22.04  6.8.0-1018.20~22.04.1  linux-image-nvidia-hwe-22.04    6.8.0-1018.20~22.04.1  linux-image-oem-22.04           6.8.0-49.49~22.04.1  linux-image-oem-22.04a          6.8.0-49.49~22.04.1  linux-image-oem-22.04b          6.8.0-49.49~22.04.1  linux-image-oem-22.04c          6.8.0-49.49~22.04.1  linux-image-oem-22.04d          6.8.0-49.49~22.04.1  linux-image-virtual-hwe-22.04   6.8.0-49.49~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7120-1  CVE-2024-43882, CVE-2024-46800Package Information:  https://launchpad.net/ubuntu/+source/linux/6.8.0-49.49  https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1019.21  https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1018.20  https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1014.18  https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1016.16  https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1018.20  https://launchpad.net/ubuntu/+source/linux-nvidia-lowlatency/6.8.0-1018.20.1  https://launchpad.net/ubuntu/+source/linux-oem-6.8/6.8.0-1017.17  https://launchpad.net/ubuntu/+source/linux-oracle/6.8.0-1016.17  https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1015.17  https://launchpad.net/ubuntu/+source/linux-gcp-6.8/6.8.0-1018.20~22.04.1  https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-49.49~22.04.1  https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1018.20~22.04.1

Ubuntu Security Notice USN-7120-1

Ubuntu Security Notice 7119-1 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7119-1November 19, 2024linux-iot vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-iot: Linux kernel for IoT platformsDetails:Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linuxkernel contained an integer overflow vulnerability. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2022-36402)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM64 architecture;  - PowerPC architecture;  - User-Mode Linux (UML);  - x86 architecture;  - Block layer subsystem;  - Cryptographic API;  - Android drivers;  - Serial ATA and Parallel ATA drivers;  - ATM drivers;  - Drivers core;  - CPU frequency scaling framework;  - Device frequency scaling framework;  - GPU drivers;  - HID subsystem;  - Hardware monitoring drivers;  - InfiniBand drivers;  - Input Device core drivers;  - Input Device (Miscellaneous) drivers;  - IOMMU subsystem;  - IRQ chip drivers;  - ISDN/mISDN subsystem;  - Modular ISDN driver;  - LED subsystem;  - Multiple devices driver;  - Media drivers;  - EEPROM drivers;  - VMware VMCI Driver;  - MMC subsystem;  - Network drivers;  - Near Field Communication (NFC) drivers;  - NVME drivers;  - Device tree and open firmware driver;  - Parport drivers;  - PCI subsystem;  - Pin controllers subsystem;  - Remote Processor subsystem;  - S/390 drivers;  - SCSI drivers;  - QCOM SoC drivers;  - Direct Digital Synthesis drivers;  - TTY drivers;  - Userspace I/O drivers;  - DesignWare USB3 driver;  - USB Gadget drivers;  - USB Host Controller drivers;  - USB Serial drivers;  - USB Type-C Connector System Software Interface driver;  - USB over IP driver;  - Watchdog drivers;  - BTRFS file system;  - File systems infrastructure;  - Ext4 file system;  - F2FS file system;  - GFS2 file system;  - JFS file system;  - NILFS2 file system;  - Netfilter;  - BPF subsystem;  - Core kernel;  - DMA mapping infrastructure;  - Tracing infrastructure;  - Radix Tree data structure library;  - Kernel userspace event delivery library;  - Objagg library;  - Memory management;  - Amateur Radio drivers;  - Bluetooth subsystem;  - CAN network layer;  - Networking core;  - Ethtool driver;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - KCM (Kernel Connection Multiplexor) sockets driver;  - MAC80211 subsystem;  - RxRPC session sockets;  - Network traffic control;  - SCTP protocol;  - Sun RPC protocol;  - TIPC protocol;  - TLS protocol;  - Wireless networking;  - AppArmor security module;  - Integrity Measurement Architecture(IMA) framework;  - Simplified Mandatory Access Control Kernel framework;  - SoC audio core drivers;  - USB sound devices;(CVE-2024-46750, CVE-2024-43853, CVE-2024-46722, CVE-2024-42311,CVE-2024-46679, CVE-2023-52918, CVE-2024-42309, CVE-2024-42160,CVE-2024-26668, CVE-2024-42271, CVE-2024-40929, CVE-2024-46747,CVE-2024-41064, CVE-2024-43839, CVE-2024-46757, CVE-2024-41059,CVE-2024-42301, CVE-2024-46737, CVE-2024-42297, CVE-2024-41015,CVE-2024-43854, CVE-2024-42289, CVE-2024-41017, CVE-2024-26787,CVE-2024-47667, CVE-2024-46675, CVE-2024-42246, CVE-2024-46723,CVE-2024-46817, CVE-2024-43841, CVE-2024-26800, CVE-2024-41098,CVE-2022-48863, CVE-2023-52531, CVE-2024-42265, CVE-2024-46828,CVE-2024-41020, CVE-2024-42305, CVE-2024-46755, CVE-2024-46744,CVE-2024-43871, CVE-2024-43884, CVE-2024-41042, CVE-2024-43914,CVE-2024-43856, CVE-2024-27397, CVE-2024-26607, CVE-2024-42228,CVE-2024-41091, CVE-2024-26677, CVE-2024-38611, CVE-2024-43867,CVE-2024-46829, CVE-2021-47188, CVE-2024-46756, CVE-2024-45025,CVE-2024-42313, CVE-2024-44947, CVE-2024-26669, CVE-2024-47668,CVE-2024-44987, CVE-2024-42295, CVE-2024-42281, CVE-2024-43880,CVE-2024-46777, CVE-2024-46780, CVE-2024-42285, CVE-2024-26891,CVE-2024-46714, CVE-2024-44999, CVE-2024-41068, CVE-2024-44944,CVE-2024-43882, CVE-2024-27051, CVE-2024-41072, CVE-2024-46783,CVE-2024-46781, CVE-2024-26885, CVE-2024-46844, CVE-2024-47669,CVE-2024-45008, CVE-2024-46758, CVE-2024-44954, CVE-2024-45021,CVE-2024-42304, CVE-2024-41081, CVE-2024-46798, CVE-2024-43890,CVE-2024-46840, CVE-2024-44960, CVE-2024-41012, CVE-2022-48791,CVE-2024-43908, CVE-2024-46721, CVE-2024-43829, CVE-2024-41073,CVE-2024-42306, CVE-2024-46745, CVE-2024-43858, CVE-2024-47663,CVE-2024-46782, CVE-2024-42244, CVE-2024-41090, CVE-2024-38602,CVE-2024-45003, CVE-2024-35848, CVE-2024-43883, CVE-2024-46677,CVE-2024-42280, CVE-2024-43846, CVE-2024-47659, CVE-2024-44965,CVE-2024-43893, CVE-2024-26960, CVE-2024-46676, CVE-2024-45016,CVE-2024-46689, CVE-2024-44998, CVE-2024-44995, CVE-2024-41022,CVE-2024-45026, CVE-2024-46739, CVE-2024-43830, CVE-2024-42286,CVE-2024-26640, CVE-2024-27012, CVE-2024-45006, CVE-2024-42276,CVE-2024-46818, CVE-2024-39494, CVE-2024-43860, CVE-2024-41070,CVE-2023-52614, CVE-2024-42283, CVE-2024-44969, CVE-2024-42229,CVE-2024-46740, CVE-2024-44948, CVE-2024-46822, CVE-2024-46738,CVE-2024-36484, CVE-2024-41065, CVE-2024-46685, CVE-2024-44935,CVE-2024-46759, CVE-2024-42292, CVE-2024-43879, CVE-2024-42287,CVE-2024-42288, CVE-2024-41063, CVE-2024-41011, CVE-2024-44946,CVE-2024-42290, CVE-2024-38570, CVE-2024-42310, CVE-2024-46743,CVE-2024-43861, CVE-2024-42131, CVE-2021-47212, CVE-2024-46719,CVE-2024-46815, CVE-2024-26641, CVE-2024-43894, CVE-2024-44988,CVE-2024-42259, CVE-2024-46771, CVE-2024-46673, CVE-2024-45028,CVE-2024-46761, CVE-2024-41071, CVE-2024-38630, CVE-2024-43835,CVE-2024-46800, CVE-2024-42284)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.4.0-1044-iot      5.4.0-1044.45After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7119-1  CVE-2021-47188, CVE-2021-47212, CVE-2022-36402, CVE-2022-48791,  CVE-2022-48863, CVE-2023-52531, CVE-2023-52614, CVE-2023-52918,  CVE-2024-26607, CVE-2024-26640, CVE-2024-26641, CVE-2024-26668,  CVE-2024-26669, CVE-2024-26677, CVE-2024-26787, CVE-2024-26800,  CVE-2024-26885, CVE-2024-26891, CVE-2024-26960, CVE-2024-27012,  CVE-2024-27051, CVE-2024-27397, CVE-2024-35848, CVE-2024-36484,  CVE-2024-38570, CVE-2024-38602, CVE-2024-38611, CVE-2024-38630,  CVE-2024-39494, CVE-2024-40929, CVE-2024-41011, CVE-2024-41012,  CVE-2024-41015, CVE-2024-41017, CVE-2024-41020, CVE-2024-41022,  CVE-2024-41042, CVE-2024-41059, CVE-2024-41063, CVE-2024-41064,  CVE-2024-41065, CVE-2024-41068, CVE-2024-41070, CVE-2024-41071,  CVE-2024-41072, CVE-2024-41073, CVE-2024-41081, CVE-2024-41090,  CVE-2024-41091, CVE-2024-41098, CVE-2024-42131, CVE-2024-42160,  CVE-2024-42228, CVE-2024-42229, CVE-2024-42244, CVE-2024-42246,  CVE-2024-42259, CVE-2024-42265, CVE-2024-42271, CVE-2024-42276,  CVE-2024-42280, CVE-2024-42281, CVE-2024-42283, CVE-2024-42284,  CVE-2024-42285, CVE-2024-42286, CVE-2024-42287, CVE-2024-42288,  CVE-2024-42289, CVE-2024-42290, CVE-2024-42292, CVE-2024-42295,  CVE-2024-42297, CVE-2024-42301, CVE-2024-42304, CVE-2024-42305,  CVE-2024-42306, CVE-2024-42309, CVE-2024-42310, CVE-2024-42311,  CVE-2024-42313, CVE-2024-43829, CVE-2024-43830, CVE-2024-43835,  CVE-2024-43839, CVE-2024-43841, CVE-2024-43846, CVE-2024-43853,  CVE-2024-43854, CVE-2024-43856, CVE-2024-43858, CVE-2024-43860,  CVE-2024-43861, CVE-2024-43867, CVE-2024-43871, CVE-2024-43879,  CVE-2024-43880, CVE-2024-43882, CVE-2024-43883, CVE-2024-43884,  CVE-2024-43890, CVE-2024-43893, CVE-2024-43894, CVE-2024-43908,  CVE-2024-43914, CVE-2024-44935, CVE-2024-44944, CVE-2024-44946,  CVE-2024-44947, CVE-2024-44948, CVE-2024-44954, CVE-2024-44960,  CVE-2024-44965, CVE-2024-44969, CVE-2024-44987, CVE-2024-44988,  CVE-2024-44995, CVE-2024-44998, CVE-2024-44999, CVE-2024-45003,  CVE-2024-45006, CVE-2024-45008, CVE-2024-45016, CVE-2024-45021,  CVE-2024-45025, CVE-2024-45026, CVE-2024-45028, CVE-2024-46673,  CVE-2024-46675, CVE-2024-46676, CVE-2024-46677, CVE-2024-46679,  CVE-2024-46685, CVE-2024-46689, CVE-2024-46714, CVE-2024-46719,  CVE-2024-46721, CVE-2024-46722, CVE-2024-46723, CVE-2024-46737,  CVE-2024-46738, CVE-2024-46739, CVE-2024-46740, CVE-2024-46743,  CVE-2024-46744, CVE-2024-46745, CVE-2024-46747, CVE-2024-46750,  CVE-2024-46755, CVE-2024-46756, CVE-2024-46757, CVE-2024-46758,  CVE-2024-46759, CVE-2024-46761, CVE-2024-46771, CVE-2024-46777,  CVE-2024-46780, CVE-2024-46781, CVE-2024-46782, CVE-2024-46783,  CVE-2024-46798, CVE-2024-46800, CVE-2024-46815, CVE-2024-46817,  CVE-2024-46818, CVE-2024-46822, CVE-2024-46828, CVE-2024-46829,  CVE-2024-46840, CVE-2024-46844, CVE-2024-47659, CVE-2024-47663,  CVE-2024-47667, CVE-2024-47668, CVE-2024-47669Package Information:  https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1044.45

Ubuntu Security Notice USN-7119-1

Ubuntu Security Notice 7089-7 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7089-7November 19, 2024linux-lowlatency, linux-lowlatency-hwe-6.8 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-lowlatency: Linux low latency kernel- linux-lowlatency-hwe-6.8: Linux low latency kernelDetails:Chenyuan Yang discovered that the USB Gadget subsystem in the Linuxkernel did not properly check for the device to be enabled beforewriting. A local attacker could possibly use this to cause a denial ofservice. (CVE-2024-25741)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM32 architecture;  - MIPS architecture;  - PA-RISC architecture;  - PowerPC architecture;  - RISC-V architecture;  - S390 architecture;  - x86 architecture;  - Cryptographic API;  - Serial ATA and Parallel ATA drivers;  - Null block device driver;  - Bluetooth drivers;  - Cdrom driver;  - Clock framework and drivers;  - Hardware crypto device drivers;  - CXL (Compute Express Link) drivers;  - Cirrus firmware drivers;  - GPIO subsystem;  - GPU drivers;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - ISDN/mISDN subsystem;  - LED subsystem;  - Multiple devices driver;  - Media drivers;  - Fastrpc Driver;  - Network drivers;  - Microsoft Azure Network Adapter (MANA) driver;  - Near Field Communication (NFC) drivers;  - NVME drivers;  - NVMEM (Non Volatile Memory) drivers;  - PCI subsystem;  - Pin controllers subsystem;  - x86 platform drivers;  - S/390 drivers;  - SCSI drivers;  - Thermal drivers;  - TTY drivers;  - UFS subsystem;  - USB DSL drivers;  - USB core drivers;  - DesignWare USB3 driver;  - USB Gadget drivers;  - USB Serial drivers;  - VFIO drivers;  - VHOST drivers;  - File systems infrastructure;  - BTRFS file system;  - GFS2 file system;  - JFFS2 file system;  - JFS file system;  - Network file systems library;  - Network file system client;  - NILFS2 file system;  - NTFS3 file system;  - SMB network file system;  - Memory management;  - Netfilter;  - Tracing infrastructure;  - io_uring subsystem;  - BPF subsystem;  - Core kernel;  - Bluetooth subsystem;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - Network traffic control;  - Sun RPC protocol;  - Wireless networking;  - AMD SoC Alsa drivers;  - SoC Audio for Freescale CPUs drivers;  - MediaTek ASoC drivers;  - SoC audio core drivers;  - SOF drivers;  - Sound sequencer drivers;(CVE-2024-42104, CVE-2024-42084, CVE-2024-42252, CVE-2024-41096,CVE-2024-42237, CVE-2024-42140, CVE-2024-42150, CVE-2024-41031,CVE-2024-41059, CVE-2024-41062, CVE-2024-41051, CVE-2024-41028,CVE-2024-41090, CVE-2024-41092, CVE-2024-43855, CVE-2024-41021,CVE-2024-42229, CVE-2024-41056, CVE-2024-41048, CVE-2024-41036,CVE-2024-42094, CVE-2024-41089, CVE-2024-41068, CVE-2024-41039,CVE-2024-41095, CVE-2024-41069, CVE-2024-42234, CVE-2024-42136,CVE-2024-41025, CVE-2024-42157, CVE-2024-42248, CVE-2024-42087,CVE-2024-41041, CVE-2024-42230, CVE-2024-42151, CVE-2024-42130,CVE-2024-42244, CVE-2024-41079, CVE-2024-42253, CVE-2024-42092,CVE-2024-41022, CVE-2024-42137, CVE-2024-42132, CVE-2024-42108,CVE-2024-42155, CVE-2024-42127, CVE-2024-41060, CVE-2024-42074,CVE-2024-41081, CVE-2024-42066, CVE-2024-42098, CVE-2024-42082,CVE-2024-42093, CVE-2024-42245, CVE-2024-41072, CVE-2024-41052,CVE-2024-42161, CVE-2024-42096, CVE-2024-42115, CVE-2024-41074,CVE-2024-42120, CVE-2024-41046, CVE-2024-42239, CVE-2024-41063,CVE-2024-42090, CVE-2024-41023, CVE-2024-42069, CVE-2024-41087,CVE-2024-42158, CVE-2024-41067, CVE-2024-41084, CVE-2024-41077,CVE-2024-42240, CVE-2024-42145, CVE-2024-42102, CVE-2024-41020,CVE-2024-42231, CVE-2024-41053, CVE-2024-42131, CVE-2024-42089,CVE-2024-41083, CVE-2024-42247, CVE-2024-42105, CVE-2024-41044,CVE-2024-42128, CVE-2024-42271, CVE-2024-41037, CVE-2024-42114,CVE-2024-42106, CVE-2024-41076, CVE-2024-42088, CVE-2024-41057,CVE-2024-41091, CVE-2024-42152, CVE-2024-41070, CVE-2024-41035,CVE-2024-41050, CVE-2024-39487, CVE-2024-42113, CVE-2024-42250,CVE-2024-41047, CVE-2024-42149, CVE-2024-42079, CVE-2024-42091,CVE-2024-42227, CVE-2024-42095, CVE-2024-42109, CVE-2024-41033,CVE-2023-52888, CVE-2024-41061, CVE-2024-42223, CVE-2024-42235,CVE-2024-41086, CVE-2024-42133, CVE-2024-41082, CVE-2024-41071,CVE-2024-41007, CVE-2023-52887, CVE-2024-39486, CVE-2024-41075,CVE-2024-42101, CVE-2024-42077, CVE-2024-41042, CVE-2024-42225,CVE-2024-42126, CVE-2024-41094, CVE-2024-41085, CVE-2024-41019,CVE-2024-41058, CVE-2024-41066, CVE-2024-42156, CVE-2024-42119,CVE-2024-41032, CVE-2024-41088, CVE-2024-42100, CVE-2024-42142,CVE-2024-41054, CVE-2024-42103, CVE-2024-42124, CVE-2024-41034,CVE-2024-42251, CVE-2024-42153, CVE-2024-41045, CVE-2024-42086,CVE-2024-42243, CVE-2024-41055, CVE-2024-41078, CVE-2024-42117,CVE-2024-41030, CVE-2024-42068, CVE-2024-42110, CVE-2024-42147,CVE-2024-42121, CVE-2024-41080, CVE-2024-41027, CVE-2024-43858,CVE-2024-42085, CVE-2024-42111, CVE-2024-42238, CVE-2024-41018,CVE-2024-42138, CVE-2024-41038, CVE-2024-42070, CVE-2024-42141,CVE-2024-41098, CVE-2024-42118, CVE-2024-41073, CVE-2024-42144,CVE-2024-42280, CVE-2024-41049, CVE-2024-42076, CVE-2024-41065,CVE-2024-42063, CVE-2024-41064, CVE-2024-41017, CVE-2024-42112,CVE-2024-42064, CVE-2024-42135, CVE-2024-42146, CVE-2024-41010,CVE-2024-41097, CVE-2024-41012, CVE-2024-42097, CVE-2024-42067,CVE-2024-42236, CVE-2024-42080, CVE-2024-42241, CVE-2024-42065,CVE-2024-42232, CVE-2024-42246, CVE-2024-41093, CVE-2024-41015,CVE-2024-42129, CVE-2024-42073, CVE-2024-41029)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-48-lowlatency  6.8.0-48.48.3  linux-image-6.8.0-48-lowlatency-64k  6.8.0-48.48.3  linux-image-lowlatency          6.8.0-48.48.3  linux-image-lowlatency-64k      6.8.0-48.48.3  linux-image-lowlatency-64k-hwe-24.04  6.8.0-48.48.3  linux-image-lowlatency-hwe-24.04  6.8.0-48.48.3Ubuntu 22.04 LTS  linux-image-6.8.0-48-lowlatency  6.8.0-48.48.3~22.04.1  linux-image-6.8.0-48-lowlatency-64k  6.8.0-48.48.3~22.04.1  linux-image-lowlatency-64k-hwe-22.04  6.8.0-48.48.3~22.04.1  linux-image-lowlatency-hwe-22.04  6.8.0-48.48.3~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7089-7  https://ubuntu.com/security/notices/USN-7089-6  https://ubuntu.com/security/notices/USN-7089-5  https://ubuntu.com/security/notices/USN-7089-4  https://ubuntu.com/security/notices/USN-7089-3  https://ubuntu.com/security/notices/USN-7089-2  https://ubuntu.com/security/notices/USN-7089-1  CVE-2023-52887, CVE-2023-52888, CVE-2024-25741, CVE-2024-39486,  CVE-2024-39487, CVE-2024-41007, CVE-2024-41010, CVE-2024-41012,  CVE-2024-41015, CVE-2024-41017, CVE-2024-41018, CVE-2024-41019,  CVE-2024-41020, CVE-2024-41021, CVE-2024-41022, CVE-2024-41023,  CVE-2024-41025, CVE-2024-41027, CVE-2024-41028, CVE-2024-41029,  CVE-2024-41030, CVE-2024-41031, CVE-2024-41032, CVE-2024-41033,  CVE-2024-41034, CVE-2024-41035, CVE-2024-41036, CVE-2024-41037,  CVE-2024-41038, CVE-2024-41039, CVE-2024-41041, CVE-2024-41042,  CVE-2024-41044, CVE-2024-41045, CVE-2024-41046, CVE-2024-41047,  CVE-2024-41048, CVE-2024-41049, CVE-2024-41050, CVE-2024-41051,  CVE-2024-41052, CVE-2024-41053, CVE-2024-41054, CVE-2024-41055,  CVE-2024-41056, CVE-2024-41057, CVE-2024-41058, CVE-2024-41059,  CVE-2024-41060, CVE-2024-41061, CVE-2024-41062, CVE-2024-41063,  CVE-2024-41064, CVE-2024-41065, CVE-2024-41066, CVE-2024-41067,  CVE-2024-41068, CVE-2024-41069, CVE-2024-41070, CVE-2024-41071,  CVE-2024-41072, CVE-2024-41073, CVE-2024-41074, CVE-2024-41075,  CVE-2024-41076, CVE-2024-41077, CVE-2024-41078, CVE-2024-41079,  CVE-2024-41080, CVE-2024-41081, CVE-2024-41082, CVE-2024-41083,  CVE-2024-41084, CVE-2024-41085, CVE-2024-41086, CVE-2024-41087,  CVE-2024-41088, CVE-2024-41089, CVE-2024-41090, CVE-2024-41091,  CVE-2024-41092, CVE-2024-41093, CVE-2024-41094, CVE-2024-41095,  CVE-2024-41096, CVE-2024-41097, CVE-2024-41098, CVE-2024-42063,  CVE-2024-42064, CVE-2024-42065, CVE-2024-42066, CVE-2024-42067,  CVE-2024-42068, CVE-2024-42069, CVE-2024-42070, CVE-2024-42073,  CVE-2024-42074, CVE-2024-42076, CVE-2024-42077, CVE-2024-42079,  CVE-2024-42080, CVE-2024-42082, CVE-2024-42084, CVE-2024-42085,  CVE-2024-42086, CVE-2024-42087, CVE-2024-42088, CVE-2024-42089,  CVE-2024-42090, CVE-2024-42091, CVE-2024-42092, CVE-2024-42093,  CVE-2024-42094, CVE-2024-42095, CVE-2024-42096, CVE-2024-42097,  CVE-2024-42098, CVE-2024-42100, CVE-2024-42101, CVE-2024-42102,  CVE-2024-42103, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,  CVE-2024-42108, CVE-2024-42109, CVE-2024-42110, CVE-2024-42111,  CVE-2024-42112, CVE-2024-42113, CVE-2024-42114, CVE-2024-42115,  CVE-2024-42117, CVE-2024-42118, CVE-2024-42119, CVE-2024-42120,  CVE-2024-42121, CVE-2024-42124, CVE-2024-42126, CVE-2024-42127,  CVE-2024-42128, CVE-2024-42129, CVE-2024-42130, CVE-2024-42131,  CVE-2024-42132, CVE-2024-42133, CVE-2024-42135, CVE-2024-42136,  CVE-2024-42137, CVE-2024-42138, CVE-2024-42140, CVE-2024-42141,  CVE-2024-42142, CVE-2024-42144, CVE-2024-42145, CVE-2024-42146,  CVE-2024-42147, CVE-2024-42149, CVE-2024-42150, CVE-2024-42151,  CVE-2024-42152, CVE-2024-42153, CVE-2024-42155, CVE-2024-42156,  CVE-2024-42157, CVE-2024-42158, CVE-2024-42161, CVE-2024-42223,  CVE-2024-42225, CVE-2024-42227, CVE-2024-42229, CVE-2024-42230,  CVE-2024-42231, CVE-2024-42232, CVE-2024-42234, CVE-2024-42235,  CVE-2024-42236, CVE-2024-42237, CVE-2024-42238, CVE-2024-42239,  CVE-2024-42240, CVE-2024-42241, CVE-2024-42243, CVE-2024-42244,  CVE-2024-42245, CVE-2024-42246, CVE-2024-42247, CVE-2024-42248,  CVE-2024-42250, CVE-2024-42251, CVE-2024-42252, CVE-2024-42253,  CVE-2024-42271, CVE-2024-42280, CVE-2024-43855, CVE-2024-43858Package Information:  https://launchpad.net/ubuntu/+source/linux-lowlatency/6.8.0-48.48.3 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.8/6.8.0-48.48.3~22.04.1

Ubuntu Security Notice USN-7089-7

Dubai, United Arab Emirates, 20th November 2024, CyberNewsWire

**Dubai, United Arab Emirates, November 20th, 2024, CyberNewsWire**

ANY.RUN announced the launch of Smart Content Analysis, an advanced mechanism within its Automated Interactivity feature that enables the service to automatically detonate complex malware and phishing attacks, helping users speed up their investigations and gain in-depth insights into malicious behavior. 

**About Smart Content Analysis** 

Smart Content Analysis is a mechanism that allows the ANY.RUN sandbox to execute multi-stage cyber attacks without any user involvement. It does this by following three main steps: 

*   Scanning uploaded files to locate critical components, such as URLs and email attachments. 
*   Identifying the key components detonation of which moves the attack forward, including URLs embedded within QR codes or rewritten by security filters. 
*   Engaging with the malicious content in a controlled environment, for instance, by opening URLs in a browser or running payloads found in email archive attachments to observe their behavior. 

Automated Interactivity toggle inside ANY.RUN sandbox 

**Detonating a Multi-Stage Attack with Automated Interactivity** 

With this new upgrade, ANY.RUN’s sandbox can automatically execute the following types of content found at different stages of complex cyber attacks: 

*   URLs inside QR codes 
*   Modified links 
*   Multi-stage redirects 
*   Email attachments 
*   Payloads with archives 

**Users interested can get a 14-day free trial of ANY.RUN to explore Automated Interactivity and other PRO features**  

Consider the following multi-stage phishing attack analyzed with Automated Interactivity.  

The phishing email analyzed with Automated Interactivity 

The system automatically opens the .eml file submitted by the user via Outlook, detects a PDF attachment, and scans its contents. 

The static analysis module in ANY.RUN sandbox reveals the link hidden in the QR 

Inside the PDF, it identifies a QR code, instantly extracts the embedded URL, and opens it in a browser.   

ANY.RUN sandbox automatically solving CAPTCHA challenges 

When faced with a CAPTCHA challenge, commonly used to evade detection, the feature successfully solves it and moves on to the next stage of the attack. 

The final phishing page designed to steal victims’ credentials 

Eventually, it successfully reaches the final phishing page, not only ensuring complete detection of the attack, but also providing additional context on the threat at hand. 

**Adaptive to New Threats** 

ANY.RUN’s Smart Content Analysis is built to adapt to the changing threat landscape. With regular attack scenario updates from the ANY.RUN threat research team, the system remains aligned with emerging attack methods, allowing it to handle even the latest and most evasive threats. 

**Exploring Smart Content Analysis** 

Automated Interactivity helps security professionals streamline and improve their threat investigations: 

*   **Less manual effort**: No more wasted clicks. Let the sandbox handle repetitive actions so you can focus on the bigger picture.  
*   **Faster, deeper insights**: Go beyond surface detections with simulations that bring hidden threat layers to light.  
*   **Speedy analysis**: Accelerate your analysis with automation that moves as fast as you do, from simple phishing links to layered attack chains. 

Users can request a 14-day free trial of ANY.RUN’s Interactive Sandbox to try Automated Interactivity for free.

𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍

ANY.RUN serves over 500,000 cybersecurity professionals globally, offering an interactive platform for malware analysis targeting Windows and Linux environments. With advanced threat intelligence tools such as TI Lookup, YARA Search, and Feeds, ANY.RUN enhances incident response and provides analysts with essential data to counter cyber threats effectively.

Users can connect through social media: X, LinkedIn

**Contact**

**ANYRUN FZCO**  
**\[email protected\]**  
**+1 657-366-5050**

ANY.RUN Sandbox Now Automates Interactive Analysis of Complex Cyber Attack Chains

An elusive, sophisticated cybercriminal group has used known and zero-day vulnerabilities to compromise more than 20,000 SOHO routers and other IoT devices so far, and then puts them up for sale on a residential proxy marketplace for state-sponsored cyber-espionage actors and others to use.

Source: Jiraroj Praditcharoenkul via Alamy Stock Photo

A cybercriminal group is exploiting vulnerabilities in Internet of Things (IoT) devices and then turning a tidy profit by putting them up for sale on a residential proxy marketplace, where they can be turned into proxy botnets by state-sponsored advance persistent threats (APTs) and other malicious actors.

The gang, tracked as "Water Barghest," has already compromised more than 20,000 IoT devices, including small office and home office (SOHO) routers used by businesses, by using automated scripts to identify and compromise vulnerable devices, according to new research from Trend Micro. The threat actor, which has operated for more than five years (largely under the radar due to a sophisticated automation strategy) discovers vulnerable IoT devices from public Internet-scanning databases such as Shodan, the researchers noted.

Once Water Barghest compromises devices, it deploys proprietary malware called Ngioweb to register the device as a proxy — i.e., a network that puts an intermediary between a client and a server. Water Barghest then lists the device for sale on a residential proxy marketplace for other threat actors to purchase.

The entire cybercriminal process to enslave a target takes as little as 10 minutes, "indicating a highly efficient and automated operation," Trend Micro researchers Feike Hacquebord and Fernando Mercês wrote in the post.

**Selling Proxy Devices as a Cybercrime Business Model**

There is indeed a significant incentive for both espionage-motivated and financially motivated actors to set up proxy botnets to help hide where their malicious activities originate; Russia's Sandworm, for example, recently used the VPNFilter botnet and Cyclops Blink in activities against Ukraine that were elusive for a time before being ultimately disrupted by the FBI, according to Trend Micro.

"These \[botnets\] can serve as an anonymization layer, which can provide plausibly geolocated IP addresses to scrape contents of websites, access stolen or compromised online assets, and launch cyberattacks," the researchers wrote.

Threat actors can find any IoT device that accepts incoming connections on the open Internet using public scanning services, making it easy for them to compromise ones with known vulnerabilities, or even zero-days, for future use in malicious activities, they wrote. This makes it easy for threat actors like Water Barghest to exploit them for financial gain and further abuse, they added.

**Uncovering the Elusive Botnet-for-Sale Cyber Operation**

Trend Micro discovered Water Barghest's operation during an investigation of the Department of Justice's disruption of a Russian military intelligence botnet that Russian state-sponsored threat group Fancy Bear (aka APT28) used for global cyber espionage.

The researchers examined EdgeRouter devices that had been used by Sandworm, and eventually uncovered Water Barghest's Ngioweb malware and botnet. The group's infrastructure had been up and running for more than five years but had been able to evade detection by security researchers and law enforcement "because of their careful operational security and high degree of automation," the researchers wrote.

"They quietly erased log files from their servers and made forensic analysis more difficult," they wrote. "They removed human error from their operations by automating almost everything. They also removed financial traceability by using cryptocurrency for anonymous payments."

Water Barghest automates each step of the 10-minute process, from initially finding vulnerable IoT devices to ultimately putting them for sale on a residential proxy marketplace. The group first acquires known exploits for flaws in devices, then uses search queries on one of the publicly available Internet-scanning databases to find vulnerable devices and their IP addresses. It then uses a set of data center IP addresses to try the exploits against potentially vulnerable IoT devices.

When one works, the compromised IoT devices download a script that iterates through Ngioweb malware samples compiled for different Linux architectures. When one of the samples runs successfully, Ngioweb will run in memory on the victim’s IoT device, registering it with a command-and-control (C2) server, and then eventually sending it to be listed on a Dark Web marketplace.

Water Barghest has about 17 identities on virtual private servers that continuously scan routers and IoT devices for known vulnerabilities and also upload Ngioweb malware to freshly compromised IoT devices. In this way, Water Barghest has been running a profitable business "for years, with the worker IP addresses changing slowly over time," according to the Trend Micro analysis.

**Protecting SOHO Routers: Limit Exposure to Public Internet**

Trend Micro expects that both the commercial market for residential proxy services and the underground market of proxies will grow in the coming years due to high demand from both APTs and financial cybercriminal groups alike. This growth will pose "a challenge for many enterprises and government organizations around the world" to protect against the anonymization layers behind which these groups hide, the researchers wrote.

While law enforcement has been effective in disrupting proxy botnets, it's better to go directly to the source to combat the problem, and that can be done by addressing the security of IoT devices. Indeed, these devices are notoriously hackable, posing a problem for organizations that must manage increasingly larger networks of them.

"It is important \[for organizations\] … to put mitigations in place to avoid their infrastructure being part of the problem itself," the researchers wrote. They can do this, they added, by limiting the exposure of these devices to incoming connections from the open Internet whenever it is not business-essential.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

'Water Barghest' Sells Hijacked IoT Devices for Proxy Botnet Misuse

Cybersecurity firm Sekoia has discovered a new variant of Helldown ransomware. The article details their tactics and how…

Cybersecurity firm Sekoia has discovered a new variant of Helldown ransomware. The article details their tactics and how they exploit vulnerabilities in network devices, steal sensitive data, and encrypt critical systems.

Sekoia’s cybersecurity researchers have discovered a Linux variant of the new ransomware strain, Helldown, first **found** by Halcyon and deploys Windows ransomware derived from the LockBit 3.0 code. 

Helldown is a relatively new ransomware group that has been actively targeting organizations since August 2024, affecting over 30 firms in three months. This threat actor primarily exploits vulnerabilities in network devices, particularly **Zyxel firewalls**.

Once they gain access, they employ a double extortion strategy, encrypting critical data and threatening to leak sensitive information if a ransom is not paid. Researchers suspect that the group is expanding its attacks to target virtualized infrastructures via VMware, “given the recent development of ransomware targeting ESX.” 

Helldown’s Linux variant specifically targets VMware ESX servers. This variant was first spotted by cybersecurity researcher Alex Turing (**@TuringAlex**) on 31 October 2024. 

According to Sekoia’s blog post shared with Hackread.com, the ransomware’s code focuses on a sample of VMware ESX servers and is straightforward, lacking obfuscation and anti-debugging mechanisms. The main function executes a simple workflow, including configuration loading, file search, encryption, and ransom note creation.

The code also includes a function called kill\_vms, which lists and kills VMs sequentially. Terminating VMs before encryption grants ransomware write access to image files, but static and dynamic analysis shows this functionality is not invoked, indicating that the ransomware is still under development or not that advanced.

On its dark web data leak site, the group has disclosed a large amount of data, ranging from 22GB to 431GB, and averaging 70GB excluding outliers. The stolen files are mostly PDFs or scanned documents, likely obtained from servers like NAS systems or electronic document management portals. The large volume suggests the attacker targets data sources storing administrative files, which typically contain sensitive information.

Helldown ransomware’s ransom note and dark web leak site.

Researchers suspect a connection between Helldown vs. Hellcat and Darkrace/Donex groups, due to the timing of a company (Schneider Electric) compromise and social media activity by alleged Hellcat operators. However, no technical similarities have been found between these groups so far. 

> _“Two accounts on the X social media, @grepcn and @ReyBreached, claiming to be Hellcat operators, posted to distinguish themselves from Helldown, each displaying Hellcat’s DLS link in their profiles.”_
> 
> Sekoia’s Threat Detection & Research (TDR) team

For your information, @grepcn has been quite active on Breach Forums. They are also the hacker behind recent data breaches involving Dell (**1, 2, 3**) and **Twilio**.

It is also worth noting, though, that Helldown shares behavioural similarities with Darkrace, as both likely originated from leaked LockBit 3 code, and is suspected to be a rebrand of Darkrace.

Nevertheless, to protect against the Helldown attack, organizations should patch their network devices, particularly Zyxel firewalls, with the latest security updates. Adopting crucial security measures like network segmentation, access controls, and regular backups, and educating employees on cybersecurity best practices, including phishing awareness and secure password usage is essential to address evolving ransomware threats proactively.

**Jason Soroko**, Senior Fellow at Sectigo, a Scottsdale, Arizona-based provider of comprehensive certificate lifecycle management (CLM) weighed on in the latest development stating that Helldown ransomware represents a sophisticated evolution of modern malware.

_“_Helldown is a prime example of how cybercriminals are piecing together all of the elements of modern malware to create a formidable threat. All of the elements of this malware variant have been seen before, but we are increasingly seeing malware that is strengthening on all fronts,_“_ Jason explained.

He added that security teams must design protection assuming adversaries will use advanced, well-crafted techniques, rather than relying on flaws or oversights by attackers to mitigate threats.

_“_From fileless execution to strong custom encryption, this malware variant teaches us that we can’t rely on our adversaries to make mistakes that give us an easy way to mitigate their attacks. Security architects who are building defensive systems against attacks such as this should assume that adversaries are bringing a sophisticated set of tools with few weak spots._“_

1.  **Telegram-Controlled TgRat Trojan Targets Linux Servers**
2.  **Hackers Deploy Linux FASTCash Malware for ATM Cashouts**
3.  **Play Ransomware Variant Targeting Linux ESXi Environments**
4.  **AcidRain Linux Malware Variant “AcidPour” Targeting Ukraine**
5.  **Linux Malware ‘Perfctl’ Hits Millions by Mimicking System Files**

Linux Variant of Helldown Ransomware Targets VMware ESX Servers

Since surfacing in August, the likely LockBit variant has claimed more than two dozen victims and appears poised to strike many more.

Source: Nicolas Bentancor via Shutterstock

The purveyor of a rapidly emerging ransomware family being tracked as "Helldown" introduced a new Linux variant, targeting organizations across multiple sectors using VMware ESXi servers.

Several of the victims had Zyxel firewalls deployed as IPSec VPN access points at the time of breach, suggesting the attackers exploited a vulnerability or vulnerabilities in the technology to gain initial access, security researchers at Sekoia reported this week. Since surfacing in August, the group behind Helldown has quickly notched 31 victims, many of them US-based.

**Undocumented Zyxel Vulnerabilities?**

Available telemetry suggests the Zyxel flaw that the attackers are exploiting is undocumented, Seokia said. But Zyxel has issued fixes for multiple vulnerabilities in its firewalls after Helldown actors breached the company's network, also in August, and then leaked some 250GB worth of data. As of mid-November, no exploit code for any of these vulnerabilities appears to be publicly available, Sekoia said, while leaving open the possibility that the Helldown attackers could be exploiting any one of the vulnerabilities.

"Helldown is a notably active new intrusion set, as shown by its large number of victims," Sekoia researcher Jeremy Scion wrote this week. "Available data indicates that the group mainly targets Zyxel firewalls by exploiting undocumented vulnerabilities." Though the ransomware itself is standard fare, what makes the group dangerous is its apparent access to and effective use of undocumented vulnerability code, Scion noted.

Zyxel firewalls, like many other network and edge technologies, are a popular attacker target. Threat actors have been quick to exploit flaws in the company's products in various campaigns in the past, including one dubbed IZ1H9 that targeted Internet-of-Things (IoT) networks; another involving a Mirai variant; and another that hit Danish critical infrastructure.  

**A Troubling Shift**

Patrick Tiquet, vice president security and architecture at Keeper Security, viewed Helldown as a troubling shift in ransomware actor tactics. "While ransomware targeting Linux isn't unprecedented, Helldown's focus on VMware systems shows its operators are evolving to disrupt the virtualized infrastructures many businesses rely on," he said via email. "The message to security teams is clear: patch known vulnerabilities, monitor for unusual activity, and treat virtualized environments with the same vigilance as traditional ones."

Multiple security vendors have reported attacks involving Helldown since early August. Most of its victims have been small and medium sized businesses across different sectors, including transportation, manufacturing, healthcare, telecommunications, and IT services. Halycon, one of the first to spot Helldown, described the group as "highly aggressive" and capable of causing substantial disruption and financial losses to victims. According to Halycon, Helldown actors have a penchant for stealing large volumes of data from victims and threatening to leak the data unless it receives a ransom.

In a report earlier this month, Truesec perceived the threat actor as being more sophisticated in its initial compromise techniques compared to better known ransomware operators, such as the one behind Akira. In the attacks that Truesec analyzed, Helldown threat actors leveraged legitimate tools and other living-off-the-land techniques to execute their mission on a compromised network.

**Dangerous Adversary**

"Recent incidents showed that the group will thoroughly remove tools utilized during a compromise, as well as override the free disk space on the hard drive of different machines, in attempts to hinder the recovery process and reduce the effectiveness of file carving," Trusec observed. Helldown actors likely accessed victim environments directly from their Internet-facing Zyxel firewall, the security vendor posited. Once on a victim network, the threat actor used either TeamViewer or the default Windows RDP client for lateral movement, PowerShell for remote code execution, and Mimikatz to search for and retrieve credentials.

According to Sekoia, reports from multiple Helldown victims indicate that the attacker compromised Zyxel firewalls running firmware version 5.38. "Specifically, a file named zzz1.conf was uploaded, and a user account called OKSDW82A was created" on compromised systems, Scion noted. The attacker then used the temporary account to create an SSL VPN tunnel for accessing and pivoting further into the victim network.  

The attack chain included attempts by the threat actor to disable endpoint detection mechanisms using a tool called HRSword; leverage the domain controller's LDAP credentials to burrow deeper into the network; use certutil to download Advanced Port Scanner; use RDP or TeamViewer for remote access and lateral movement; and use PSExec for remote code execution.

Scion said Sekoia's analysis of the files that Helldown actors have published on their data leak site showed many of them to be unusually large and averaging around 70GB. The biggest file, in fact, weighed in at a hefty 431GB, which is noteworthy because ransomware actors typically tend to be more selective in the files they steal and use for extortion. The contents of the stolen files also tended to be more variable and random than usual for a ransomware operation. "The large volume and variety of data suggest that the attacker does not selectively choose which documents to steal," Scion said. "Instead, they appear to target data sources that store administrative files, such as PDFs and document scans, which typically contain sensitive information (personal, financial, etc.), thereby intensifying the pressure on victims."

Helldown's behavior itself is similar to that of Darkrace, a LockBit variant that first surfaced in August 2023 and may have been rebranded as Donex in February of this year. Though the links between the ransomware strains are not conclusive, there is a possibility that Helldown is a rebrand of Donex, Sekoia said.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Tag

#linux