Apple Security Advisory 2023-02-13-3 - Safari 16.3.1 addresses a code execution vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-02-13-3 Safari 16.3.1Safari 16.3.1 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213638.WebKitAvailable for: macOS Big Sur and macOS MontereyImpact: Processing maliciously crafted web content may lead toarbitrary code execution. Apple is aware of a report that this issuemay have been actively exploited.Description: A type confusion issue was addressed with improvedchecks.WebKit Bugzilla: 251944CVE-2023-23529: an anonymous researcherAll information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPq5PMACgkQ4RjMIDkeNxmFTBAA05jcHEZOdXuE0BQKft0qoWItZ2Dg0p/ONxiqS9ihNDqBt+6q+yOORvr4Vr2iVpCpo4F5nQv/qBApGCS84SVN9rRIM1VteOYIObgpo37CceODrbywjSTHcD6GbR47ra8reQK10sDSIoQtX1XKGUltUC/RfKnVDtk/coNu7TJj/VVg2YNPOlQFc5ETie0d/NOcK+8Ds1NvK4HQ0Gfq+KHmE507T7nAMfcK4YVlZCtkz4YHEa9w9AcIgmQ4nzlOSEs5mHu2egr70Xy8+CL7i82Oh2FBzVetLkDhhrZppjykX7zK4Lc0cbABpiaIu/6ObPGhoW4sFfPCJa8NSflRLKe+aNHdyuzjuqx8rSeqFdP4+rhdI/X2Z/9VKsB/1Tch55nuBhEGZTejmdwtorGf1+otfW5XpWOGXwnE9sR0qjVvwPwfuK5noLUoLvBRfiK6xaKUG6IXEYCt0rVncJJ9QtJJKYvqhbf3OwNodrA/V9AAm2MTtIo514BkfZHtv01xOm7tv35a+5QFcoW/iJBvdTxGVCwzb+2AshMCqO9MQxt8cWknC41K0l6Fl6Yl/P0qzUJr4NoG72LwW0PqaHimWDVAqJcAHsESe/1qnLO3rZItQJByxURc4wUpHAojsFBEBtLiS7FNHOvw4bM1ylQIXXoiFD7sE9NpvksUDzNoRdyAEOM==b0uc-----END PGP SIGNATURE-----

Apple Security Advisory 2023-02-13-3

Apple Security Advisory 2023-02-13-2 - macOS Ventura 13.2.1 addresses code execution and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-02-13-2 macOS Ventura 13.2.1

macOS Ventura 13.2.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213633.

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of Google  
Project Zero

Shortcuts  
Available for: macOS Ventura  
Impact: An app may be able to observe unprotected user data  
Description: A privacy issue was addressed with improved handling of  
temporary files.  
CVE-2023-23522: Wenchao Li and Xiaolong Bai of Alibaba Group

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution. Apple is aware of a report that this issue  
may have been actively exploited.  
Description: A type confusion issue was addressed with improved  
checks.  
WebKit Bugzilla: 251944  
CVE-2023-23529: an anonymous researcher

macOS Ventura 13.2.1 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPq5PIACgkQ4RjMIDke  
NxkM2hAApRo7JQlaNxVVpw1y96PG2oAVygFVw+N1cpEO72L4gDjvAb7+tOBqUTkz  
Az+IizQfC2gapw9g/csghk+s+/gt16Q0iX4jDDEDypZ5So/LoaucFVTbGCy9Hns0  
T0PTS4a0KIFBHbRQ3ktrhkUp49ykqDWwWdnvM1QgtUe3HfAZQWHVnYpdsj26CTaz  
5ihA0chuzAGnx2lUZbyz8nl6f9kdqx1x8uSF0P7AkIp6L7IcZOLLO8tXnKApeC7S  
HSbafe7JKxVNPtzaI/ZuxQe9/9Kr8VUiezVCK+WvJ9akRsy4CQ022yirIOlFIEhF  
32mFq+BaQ77YTULP2us7BG8oMJ3tPxfmlykhqD4P0p4JRW6ZFoQmVKyUEPdsaALG  
NYilSR3CRSpaCbh+dunGMJshNSHRJO6NluLq1mPVB7xFSiypgJADjS95zBSINtC9  
JrKusbpICiAm8VqVC4GNltG+djft0NjbSiJXPo409X7j01Bt1ZJpk2UWTUfZbHMU  
hW90JFySoHLRcVt3Af1mbBkyaHv0GSKG+Fjul/XyBlG3U8eJVXJhWCrhMjm17GK0  
6j4HEUsAYzAg0j+Ss7QQKhwxlW3BPd+3D2kGwbPzBx/rcyVjbc456fyCLSYP58cf  
EIYmmOwF9QcH939TCxoIglHOsdAuuIilGApd2on9QWOj8QSaUFw=  
=2kFu  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-02-13-2

Red Hat Security Advisory 2023-0759-01 - PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Virtualization security and bug fix update  
Advisory ID:       RHSA-2023:0759-01  
Product:           Red Hat Virtualization  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0759  
Issue date:        2023-02-14  
CVE Names:         CVE-2022-41946   
=====================================================================

1. Summary:

An update for ovirt-ansible-collection, ovirt-engine, and postgresql-jdbc  
is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise  
Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, and Red  
Hat Virtualization Engine 4.4.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch  
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch  
Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8 - noarch

3. Description:

PostgreSQL is an advanced object-relational database management system. The  
postgresql-jdbc package includes the .jar files needed for Java programs to  
access a PostgreSQL database.

Security Fix(es):

* postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create  
a temporary file if the InputStream is larger than 2k (CVE-2022-41946)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* With this release, the upgrade function of the ovirt_host module waits  
long enough for the upgraded host to reach the desired state after upgrade.  
(BZ#2161703)

* Previously,the ovirt-enghine ansible-runner artifacts were only cleaned  
once, and the machine could run out of free disk space on the /var  
partition. In this release, the artifacts are cleaned periodically  
according to values defined in the  
AnsibleRunnerArtifactsCleanupCheckTimeInHours and  
AnsibleRunnerArtifactsLifetimeInDays engine-config options. (BZ#2151549)

* Code change for BZ2089299 introduced a regression, which didn't allow to  
set options in the engine-config which restricted the allowable values  
using the validValues field (for example ClientModeVncDefault or  
UserSessionTimeOutInterval).  
In this release, setting values for those fields works the same way as in  
RHV versions earlier than RHV 4.4 SP1 batch 3 (ovirt-engine-4.5.3).  
(BZ#2159768)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/2974891

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2151549 - Artifacts of ansible-runner (executed from ovirt-engine) did not clean up as expected  
2153399 - CVE-2022-41946 postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k  
2159768 - Regression in ClientModeVncDefault  
2161703 - [RHEVM] Two nodes cluster upgrade failed, tries to put a node into maintenance while the updated is rebooting

6. Package List:

Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8:

Source:  
ovirt-ansible-collection-2.4.2-1.el8ev.src.rpm

noarch:  
ovirt-ansible-collection-2.4.2-1.el8ev.noarch.rpm

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:

Source:  
ovirt-ansible-collection-2.4.2-1.el8ev.src.rpm

noarch:  
ovirt-ansible-collection-2.4.2-1.el8ev.noarch.rpm

RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:

Source:  
ovirt-ansible-collection-2.4.2-1.el8ev.src.rpm  
ovirt-engine-4.5.3.7-1.el8ev.src.rpm  
postgresql-jdbc-42.2.14-2.el8ev.src.rpm

noarch:  
ovirt-ansible-collection-2.4.2-1.el8ev.noarch.rpm  
ovirt-engine-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-backend-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-dbscripts-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-health-check-bundler-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-restapi-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-setup-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-setup-base-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-cinderlib-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-imageio-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-ovirt-engine-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-ovirt-engine-common-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-websocket-proxy-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-tools-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-tools-backup-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-vmconsole-proxy-helper-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-webadmin-portal-4.5.3.7-1.el8ev.noarch.rpm  
ovirt-engine-websocket-proxy-4.5.3.7-1.el8ev.noarch.rpm  
postgresql-jdbc-42.2.14-2.el8ev.noarch.rpm  
postgresql-jdbc-javadoc-42.2.14-2.el8ev.noarch.rpm  
python3-ovirt-engine-lib-4.5.3.7-1.el8ev.noarch.rpm  
rhvm-4.5.3.7-1.el8ev.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41946  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+vS49zjgjWX9erEAQhjjhAApzZIpZYF+1xWecL2Ui75tOcKQIzGw6ld  
F3izXJ3z275BSIxG4/cVHurn41iRBv8HtdEUsOJUop3mBCGudAKBWHK+fiL18RDK  
kPR+rpzMLuoh+qrEbDj0tY9BT7kHroPxLffZHwTBtjPUw0gxvkQ95kEOcA04KFbT  
xFNZ2JcvTmGS+sKx++ca1+ZmjcWBvpNGYum+KbaU8OnbOMy/tOArJa+yf43nZeCP  
SSqIpDOD8ssPUBrqt1i3CjHL/uG8PVTyzP3q7NgXpK3GLnBQSR2OPoi0X2yum3Cj  
reyQSyvjqTg7Cz5B84GUCyyIsxrMp3CxnNXR2sKKvtDFFYNyJhOeDe+BkynSiIw7  
JQtPlO6wIl6rkTo5Q7OSA+bBtBkCkGq/8N/CiaDRb23b+02kerbQ/oiMB0CcyNPw  
RFWLgD6BBEjCGXAY4Rb42S+Jnmz6WYiux4DHChIaqxfCOlYNL5pCjIXxI7xyMB6m  
I7e2i5JUdJRobByvcEZ7piWFvqhx4FV17zFRfE8CEg0+HrXO32xg3hyh1kyRxarv  
7s8Ll3eMpb/IxwVaSyA0CrA3f6Us4C5zdRYAFfUDGqgW8fXKtXR5iu/W4MYzvADm  
XiHW0rOsBj3RQuit4bYrF4k3rQjQlD4MT5cKP4CmZ2wB04j5hVdmQVsqbb9Ayr87  
2D/UH7xkQuw=  
=BAYA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0759-01

By Deeba Ahmed
If you are using an Apple product, it is time to update it right now and make sure the automatic updates are enabled.
This is a post from HackRead.com Read the original post: Update Now: iOS Devices Receive Vital Security Updates from Apple

Apple has released an emergency security patch to fix a critical vulnerability that has been targeting all iOS devices, including iPhones, Macbooks, and Tablets.

Apple has released urgent security patches for a newly detected zero-day vulnerability that can be exploited to hack vulnerable iOS devices, including Macs, iPhones, and iPads.

The vulnerability (tracked as CVE-2023-23529) was found in the WebKit framework of the browser. So, if maliciously designed web content is processed, it would allow arbitrary code execution after an unsuspecting user visits a compromised URL.

“Apple is aware of a report that this issue may have been actively exploited,” the company noted. This explains why the iPhone maker released patches urgently for its flagship devices.

Still, the impact is extensive, as from the iPhone 8 to all subsequent iPhone models will be impacted, as well as every model of iPad Pro, the iPad Air 3rd generation and above, iPad 5th generation and above, and iPad mini 5th generation.

**Which Devices are Impacted?**

An unidentified researcher discovered the flaw, which has been patched with the latest edition of security updates. Apple didn’t specify how this vulnerability could be exploited.

In fact, it is the first time a zero-day has been defined as a newly discovered security flaw. It is a WebKit confusion issue. Moreover, all Macs running Ventura will be impacted. Fixes for all these versions were released in the security update.

**Security Update Details**

The small point update released by Apple on Monday contains WebKit security patches for iOS 16.3.1, iPadOS 16.3.1, and macOS 11.2.1 to fix a zero-day bug. The updates are available for iOS 16, iPadOS 16, macOS Ventura, and the latest edition of Apple Safari, as well as the preceding versions of Big Sur and macOS Monterey.

In addition, Apple released patches for tvOS 16.3.2 and watchOS 9.3.1. The company has yet to release the CVE entries, though. It is also unclear if a fix will be released for iOS 15 devices. If you haven’t updated your device, please do so immediately to stay safe.

1.  Microsoft fixes 6 Active 0-Day Windows Flaws
2.  Israeli Spyware Vendor Exploiting Chrome 0day
3.  Apple Debuts Lockdown Mode to Prevent Spying
4.  Apple Bug bounty: Hack Apple and earn big bucks

Update Now: iOS Devices Receive Vital Security Updates from Apple

**MUNICH, February 15, 2023 –** IGEL, provider of the managed endpoint operating system for secure access to any digital workspace, today announced IGEL COSMOS. Unveiled at DISRUPT23 – The Ultimate Global EUC event in Munich, COSMOS is a unified, agile platform to securely manage and automate the delivery of digital workspaces, from any cloud. Offering a modular architecture, granular endpoint control and end-user freedom, COSMOS is designed to enable organizations to garner the full power of current-day and future clouds with extensive control, while powering great user experiences for today’s hybrid work.

The most significant new advancement with IGEL COSMOS is that, for the first time, IGEL is completely separating the base IGEL OS from its validated and integrated applications and interfaces, while adding an additional separate component in the form of value-added cloud services. Together, these three vital components comprise IGEL COSMOS. This modular architecture of “separate but equal” elements of endpoint operating system, management and control, and cloud services enables maximum IT flexibility in introducing or enhancing apps, desktops, services, and any other form of cloud-delivered digital workspaces as the cloud continues to evolve.

Featuring extensive management and control powered by the new IGEL UMS 12, the next generation of the IGEL Universal Management Suite (UMS), COSMOS enables the parallel use, management and control of endpoints running both IGEL OS 11 and the new IGEL OS 12 operating system. New cloud services, which are de-coupled from the OS, include the IGEL App Portal for use-case specific software applications offered from IGEL software partners and available for seamless download and implementation. Additional cloud services include the IGEL Onboarding Service, IGEL Insight Service, and other services and portals all designed to enhance effectiveness and user experiences for both IT professionals and end users. 

“Today’s workspaces are hybrid. Hybrid work, hybrid clouds and hybrid applications. While VDI and DaaS continue to provide organizations the safest way to deliver secure access to windows client server applications, a transition to SaaS and web-based applications has already started.  IT organizations need to make sure they can evolve at their optimal pace and at the same time, enable employees seamless, yet secure access to their cloud workspaces,” said Matthias Haas, Chief Technology Officer, IGEL. “The COSMOS platform has been designed for this new era of hybrid work. With a new modularized version of IGEL OS, a new version of our UMS management platform coupled with new cloud services that extend capabilities and enhance user experiences, COSMOS enables unmatched speed and flexibility to our customers across traditional and modern application delivery models, while still retaining security, management, and control across the entire endpoint estate.” 

“Having deployed IGEL OS to our remote workforce, we have been excited to pilot the latest innovation from IGEL including UMS 12 and IGEL OS 12,” said Simon Barlow, Group Chief Technology Officer, Operations, AXA UK & Ireland. “Our remote workforce, the agile application landscape and more frequent update cycles of unified comms require us to onboard, manage and update our endpoints faster and more efficiently than ever before. Based on our initial testing of OS 12, we are already confident that we can remotely configure, update, and patch our remote machines faster and more efficiently. With small updates and the ability to only update the Azure Virtual Desktop client, IGEL COSMOS allows us to be more agile without compromising security or change control. We are excited about the new cloud services which complement IGEL OS and UMS 12 and are proud to be included in the COSMOS platform launch.”

“Having utilized the secure IGEL OS for our VMware VDI environment, we were excited to work with IGEL on the IGEL OS 12 pilot,” said Billy Cruz, Technology Services Manager, Desktop Engineering, COCC. “The ability to update the VMware Horizon client independently from IGEL OS in the new offering allows us to deploy the latest innovation from VMware faster and more efficiently than before. The additional ability to now also update the Zoom and Webex offloading clients, independently from the VMware Horizon app, also provides additional flexibility and reduces the amount of time needed to perform management updates to increase employee experience. With a smaller attack surface and faster updates, we are excited about rolling out IGEL OS 12 in the future.”

**The Powerful, Unified Components of COSMOS**

At the core of the IGEL COSMOS platform is the new IGEL UMS 12, which offers a unified view across a heterogeneous mix of endpoints running either IGEL OS 11 or the new IGEL OS 12. This powerful, yet simple to use, management and control console enables environments already benefitting from IGEL OS to easily migrate and leverage immediate value of COSMOS without requiring an OS upgrade on all their existing devices. 

Released with COSMOS is the new IGEL OS 12 which is more lightweight and adaptable than ever. Offering increased flexibility, speed, and agile integrations, IGEL OS 12 has been architected to support any form of cloud-delivered digital experiences. It also supports a faster, more efficient delivery of features and applications tuned to specific use cases via the IGEL App Portal.  Other key services tuned to IGEL OS 12 include fast user onboarding and deep insights into endpoint usage, security, status, and compliance of IGEL UMS-managed endpoints. 

One of the most significant new cloud services adding additional value to COSMOS is the IGEL App Portal. The App Portal delivers a full range of validated applications from IGEL’s vast IGEL Ready technology partner community designed for use on IGEL OS-powered devices. Since the App Portal operates separately and independently from the IGEL OS endpoint operating system, it sharply streamlines the process of application integration, introduction, and qualification for IT teams since there is no longer any dependence on the classic, highly integrated software release process. Available for download at no extra cost, these apps can be rapidly qualified and delivered as a feature-rich experience for users, while reducing the app qualification, implementation and update processes for IT. Applications include the Microsoft Azure Virtual Desktop client, VMware Horizon client, Citrix Workspace app, Chromium Browser, Zoom Media Plugins for VDI and many more. IGEL also offers an IGEL OS API (application programming interface) for software providers that want to validate their solution for availability using COSMOS and the IGEL App Portal. 

**Availability**

COSMOS, IGEL UMS 12, and IGEL OS 12 will be available April 1. Existing users of IGEL OS 11 will be able to engage IGEL UMS 12 via an easy migration to access COSMOS advancements for existing and new devices running IGEL OS 12 in the future. For more information visit igel.com/cosmos. To schedule a discovery meeting and get early access to GA code, visit igel.com/yes.

**DISRUPT23**

COSMOS was announcement from DISRUPT23 – The Ultimate Global EUC in Munich, held February 15 and 16 at the INFINITY Hotel & Conference Resort. DISRUPT23 will hold its North American installment at the Gaylord Opryland Resort & Convention Center in Nashville, Tennessee, on April 3-5. Registration is $399 per person. To register, visit: www.disruptEUC.com.

**About IGEL**

Today, the world of work is hybrid. Multiple clouds can deliver applications sourced from anywhere to a widely distributed workforce using all types of devices. Right at the moment when the world of work needs it most, IGEL has the solution for fully managed, secure endpoint access to any digital workspace that gives IT teams strong control and end-users the freedom to work as they wish in a hybrid world. Enabling choice of any cloud, from any device, anywhere, IGEL unlocks a collaborative and productive end user computing experience while solving the common security and management challenges required to compete and win in today’s world of hybrid work.  With a growing ecosystem of more than 100 IGEL Ready technology partners, IGEL has offices in Europe and the United States and is represented by partners in over 50 countries. For more information on IGEL, visit www.igel.com.

IGEL Unveils COSMOS, the Unified End User Computing Platform for Secure, Managed Access to Any Cloud Workspace

**COMMERCE, Mich.****,** **Feb. 15, 2023** **/PRNewswire/ --** Nuspire, a leading managed security services provider (MSSP), today announced the release of its Q4 and Year in Review 2022 Threat Report. The quarterly report provides a comprehensive analysis of the threat landscape, parsing malware, botnet and exploit data as well as breaking down the tactics, techniques and procedures (TTPs) favored by cybercriminals.

Nuspire's latest report validates the presumption that 2022 yielded the most threat activity in history. While Q4 saw dips across all three sectors Nuspire monitors, including malware, botnets and exploits, the net sum for the year shows a marked increase, especially in the case of exploits, which nearly doubled.

"We saw some normal ebbs in threat activity over the year, but the surges were stunning, delivering a volume of attacks we've never seen before," said J.R. Cunningham, Chief Security Officer at Nuspire. "While many of the methods focused on securing quick wins, like phishing and exploiting unpatched vulnerabilities, we also saw a rise in more coordinated threat group attacks on large organizations and critical infrastructure. Expect 2023 to have more of this activity, as well as adversaries' increased attention toward attacking consumer IoT devices."

Notable findings from Nuspire's quarterly report include:

*   Exploit activity grew by 105% in Q4 2022, with total 2022 exploits nearly doubling over 2021. Brute forcing was the most popular tactic, increasing by nearly 400% over Q3 2022.
*   Malware jumped nearly 35% in Q4, with its year-over-year increase reaching 6.85%. Nuspire attributes this relatively smaller increase to the positive effects of Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files. 
*   Botnets jumped by 30% in 2022, with banking trojan Torpig Mebroot comprising more than 40% of all botnet activity throughout the year.   

"If 2022 showed us anything, it's that threat actors are not only increasingly adept at finding ways to circumnavigate established cybersecurity defenses, but also, they bring a level of agility that lets them quickly course correct when a vector loses viability," said Craig Robinson, Research VP for Security Services at IDC. "We've seen the emergence of new security technologies aimed at thwarting a more creative and sophisticated adversary population, but no specific technology can replace the value of targeted threat intelligence to understand what's out there, how they're doing it and what you can do to protect yourself."

Access Nuspire's Q4 and Year in Review 2022 Threat Report to view the data and learn key mitigation strategies for protecting your organization's environment.

**About Nuspire** 

_Nuspire is a managed security services provider (MSSP), offering managed security services (MSS), managed detection and response (MDR), endpoint detection and response (EDR) that supports best in breed EDR solutions, and cybersecurity consulting services (CSC) that includes incident readiness and response, threat modeling, digital forensics, technology optimization, posture assessments and more. Our self-service, technology-agnostic platform, myNuspire, allows greater visibility into your entire security program. Powered by the self-healing always on Nuspire Cyber X Platform (CXP), myNuspire will help CISOs alleviate the pain associated with tech sprawl, provide intelligence driven recommendations, solve for alert fatigue and help their clients become more secure over time. Our deep bench of cybersecurity experts, award-winning threat intelligence and three 24×7 security operations centers (SOCs) detect, respond, and remediate advanced cyber threats. Our client base spans thousands of enterprises from midsized to large enterprises that span across multiple industries and geographic footprints. For more information, visit_ www.nuspire.com _and follow us at on LinkedIn @Nuspire._

SOURCE Nuspire

Report Reveals Record-Breaking Year for Cyber Threats

The National Institute of Standards and Technology has settled on a standard for encrypting Internet of Things (IoT) communications, but many devices remain vulnerable and unpatched.

A new encryption standard for Internet of Things (IoT) should help advance security for these connected devices in businesses, manufacturers, critical infrastructure, and other sectors running this equipment.

But many of these devices continue to lag behind in cybersecurity functions and practices.

On Feb. 7, the National Institute of Standards and Technology (NIST) announced it had selected a group of cryptographic algorithms, known as Ascon, to be the formal encryption standard for "lightweight" electronic devices and their communications. The standard should help devices makers and their customers better secure the data and devices from attackers increasingly targeting operational technology even though such devices have limited processing power and storage.

The algorithms allow encryption protections for even the smallest devices, NIST computer scientist Kerry McKay said in the announcement of the standard.

"The world is moving toward using small devices for lots of tasks ranging from sensing to identification to machine control, and because these small devices have limited resources, they need security that has a compact implementation," she said. "These algorithms should cover most devices that have these sorts of resource constraints."

**Why IoT Is Exploding**

Connected devices in business and industrial settings are a rapidly growing application driven by two major forces over the past three years. Initially, the pandemic spurred the need to support remote operations, while the current concerns of a recession are pushing companies to automate operations using connected devices.

For example, the Industrial Internet of Things (IIoT) — an umbrella term for connected devices that monitor and control physical systems and industrial processes — is predicted to grow dramatically. The number of industrial IoT connections — a measure of the number of devices deployed — is expected to more than double to 36.8 billion in 2025, up from 17.7 billion in 2020, according to Juniper Research.

    

Self-assessed maturity of industrial firms. Source: Fortinet

However, the massive growth also brings a massive attack surface area. Vulnerabilities in the so-called Extended Internet of Things (XIoT), which includes both devices and the systems that manage those devices, jumped 57% in the first half of 2022 continuing a dramatic rise from the prior year. On the enterprise side, security researchers demonstrated 63 exploitable vulnerabilities in a variety of connected devices at this year's Pwn2Own, such as printers and network-attached storage.

Meanwhile, enterprise and industrial IoT devices and systems are often used for decades without regular updates, unlike conventional IT environments, which are replaced every three to five years and updated regularly in between, says Bill Malik, vice president of infrastructure strategies at cybersecurity firm Trend Micro.

"Right now, tens of thousands of industrial IoT environments are open to the Internet, either through carelessness or a lack of awareness of the risks," he says. "Many of these systems ship with default passwords, which are rarely changed by the use, and those systems are often incapable of being updated."

**Lightweight — but Not Light — Security**

The NIST standard aims to give even low-power devices a base level of cybersecurity by encrypting stored data and communications. The process took several years, starting with 57 candidates in March 2019, which were whittled down to 10 finalists in 2021. 

"The ability to provide security was paramount, but we also had to consider factors such as a candidate algorithm's performance and flexibility in terms of speed, size, and energy use," NIST's McKay stated in the Feb. 7 announcement. "In the end, we made a selection that was a good all-around choice."

Implementing the NIST standard will take time, as many IoT vendors are still catching up to cybersecurity best practices, with devices often lacking strong authentication capabilities, no easy way to distribute and install patches, and poor visibility into activity, including weak or nonexistent logging, Trend Micro's Malik says.

The level of maturity for the industrial sector in North America, for example, continues to lag behind other some other countries. Compared to the worldwide average of 57%, only half the companies (50%) in the region have adopted technologies that look for anomalous behavior or use automation and orchestration to manage and secure devices, considered the top two tiers of security maturity for operational technology, according to Fortinet's "2022 State of Operational Technology and Cybersecurity Report."

The risks to connected enterprise and industrial devices is growing, especially against the manufacturing sector, which accounted for 68% of observed attacks against industrial systems in the third quarter of 2022, according to Dragos, a cybersecurity services firm. Russia's invasion of Ukraine has created an online battlefield with threat actors on both sides targeting a variety of systems and devices, aiming at causing physical damage and disruption through cyberattacks.

As enterprises and industries continue to move toward ubiquitous monitoring and control, enabling smart factories, smart cities, and smart infrastructure, cyberattacks will become more impactful, Deloitte stated in its "Industry 4.0 and Cybersecurity" report.

**Detection Alone Is "Not Enough"**

Focusing on detection, however, is not enough, says Keao Caindec, a principal analyst with Farallon Technology Group and chair of the Security Working Group at the Industry IoT Consortium (IIC).

"A lot of the security controls that we use today, focus more on detection and remediation, a lot of monitoring and then prioritizing events and alerts," he says. "The problem is that leaves you always just one step behind the attacker, so companies need to really focus on addressing initial access, preventing compromised access, preventing unauthorized discovery and reconnaissance and preventing lateral attacks."

Yet the ability to protect enterprise and industrial IoT remains with companies, which should seek to gain as much visibility as possible into what devices are connected to their environments, Caindec says. He points to an already-pursued defensive framework, zero-trust architectures, as perhaps the best current approach to securing enterprise and industrial IoT devices and systems.

In addition, companies need to have the top decision makers on their side. Cybersecurity efforts are a significant investment, especially if they include replacing devices, so you need executive support, says Wendy Frank, cyber IoT leader with consultancy Deloitte.

"I think a lot of this comes down to really talking to your boards, making sure they're aware of the specific problems around devices, because they don't do this for a living," she says.

NIST's New Crypto Standard a Step Forward in IoT Security

By Waqas
Sophisticated hackers can now breach vulnerable networks and devices at the controller level of critical infrastructure, causing physical damage to crucial assets.
This is a post from HackRead.com Read the original post: Controller-level flaws can let hackers physically damage moving bridges

By exploiting these flaws, hackers can access anything from sensors responsible for gauging temperature, pressure, liquid, air, and gas levels, as well as analyzers used to determine chemical compositions.

Forescout’s Vedere Labs has released a new research report that delves into the topic of deep lateral movement. According to researchers, this is the first comprehensive investigation of how hackers can laterally move between devices at the Purdue Level 1, or L1 (also known as the controller level) of **OT networks** (Operational Technology).

This means “sophisticated hackers” can now breach vulnerable networks and devices at the controller level of critical infrastructure, managing to cause **physical damage** to crucial assets, such as movable bridges.

Their research indicated the presence of a lot of network crawlspace, such as links running between security zones at deep system levels. Asset owners are generally unaware of this space. Hence, there’s a need to close this gap in L1 devices as the segments these are present in require a “corresponding perimeter security profile,” noted Vedere Labs.

**Proof-of-Concept**

The PoC for this research was developed using two vulnerabilities that weren’t previously disclosed. These vulnerabilities (**CVE-2022-45788** and **CVE-2022-45789**) allow authentication bypass and remote code execution on Schneider Electric Modicon PLCs (programmable logic controllers).

This was concerning because these are one of the world’s most famous PLCs and are widely used to construct critical infrastructures, including wastewater/water management, mining, energy, and manufacturing sectors.

Forescout discovered that around 1,000 PLCs had been exposed. Of these exposed PLCs, 33% were found in France, 17% in Spain, 15% in Italy, and 6% in the USA. Many of these devices were connected to solar parks, hydropower plants, and airports.

**How Deeply Can Lateral Movement Affect System Security?**

Through deep lateral movement, hackers can get deeper access to ICTs (industrial control systems) and cross all those security perimeters they previously couldn’t. So, they can carry out advanced granular and stealthy exploitations of the ICTs, while successfully overriding safety and functional restrictions.

Hackers can access anything from sensors responsible for gauging temperature, pressure, liquid, air, and gas levels, as well as analyzers used to determine chemical compositions.

They can even target actuators that are used to move machines. At the lowest level of deep lateral movement, adversaries can evade built-in safety functional limitations and cause service disruptions/damage or even threaten lives.

Forescout’s head of security research, Daniel Dos Santos, stated that “mitigating the risks of deep lateral movement requires a careful balance of network monitoring to detect adversaries as early as possible, gaining visibility into often overlooked security perimeters at the lower Purdue levels, and hardening the most interconnected and exposed devices accordingly.”

Forescout’s technical research is available **here** (PDF), while their blog post can be accessed **here**.

1.  **Encoding Physical DNA and Malware Infection**
2.  **IoT botnet of heaters can cause power outages**
3.  **The Most Commonly Hacked Smart Home Tech**
4.  **Using laser on Alexa, Google Home to unlock doors**
5.  **Unlocking doors with Industrial Control Systems flaw**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Controller-level flaws can let hackers physically damage moving bridges

Bad actors love to deliver threats in files. Persistent and persuasive messages convince unsuspecting victims to accept and open files from unknown sources, executing the first step in a cyber attack. 
This continues to happen whether the file is an EXE or a Microsoft Excel document. Far too often, end users have an illusion of security, masked by good faith efforts of other users and (

Bad actors love to deliver threats in files. Persistent and persuasive messages convince unsuspecting victims to accept and open files from unknown sources, executing the first step in a cyber attack.

This continues to happen whether the file is an EXE or a Microsoft Excel document. Far too often, end users have an illusion of security, masked by good faith efforts of other users and (ineffective) security controls. This creates a virality effect for ransomware, malware, spyware, and annoying grayware and adware to be spread easily from user to user and machine to machine. To stop users from saying, "I reject your reality and substitute my own!" – it's time to bust some myths about file-based attacks.

**Testing in three! Two! One!** **Register here** and join Zscaler's Vinay Polurouthu, Principal Product Manager, and Amy Heng, Product Marketing Manager, to:

*   Bust the 9 most common assumptions and myths about file-based threats
*   Uncover the latest evasion trends and detect stealthy delivery methods
*   Prevent patient zero infections and zero-day security events from unknown files

****The fundamental problems when it comes to stopping file-based threats****

Digital communication would not be possible without file sharing. Whether we are opening an exported Excel file with a Salesforce report or downloading a new note taking software, we are using files to share information and perform critical tasks.

Much like other habitual actions like driving, we develop assumptions and an over reliance on heuristics towards files and the security controls that protect us against viruses and malware. When our guardrails are down, we are susceptible to file-based attacks.

File-based attacks are attacks that use modified files that contain malicious code, script, or active content to deliver threats to users or devices. Threat actors use social engineering techniques to convince users to open and execute files and launch cyber attacks. Beyond preying on human behavior, threat actors program evasive techniques into their files like obfuscation information or file deletion, making it difficult for existing tools to detect threats.

****Preventing file-based attacks stops zero-day attacks & patient-zero infections****

No one wants to be the first documented victim of a cyber attack. However, file-based attacks continue to be successful because businesses still rely on signature-based detection.

The Zscaler ThreatLabz research team discovered the infostealer malware hiding in pirated software. The threat actors used fake shareware sites where visitors would download a file that masqueraded as cracked software. Instead of the intended software, the payload contained RedLine or RecordBreaker malware, which collects stored browser passwords, auto-complete data, and cryptocurrency files and wallets. This attack is difficult to detect because the threat actors would generate a new password-protected zip file with every download transaction. Listing MD5's would be ineffective.

Stopping zero-day attacks and patient-zero infections requires inline protection and intelligent, dynamic analysis.

****A webinar to figure out what's fact and what's fiction about file-based threats****

Leave your assumptions about file-based threats at the door. We gathered nine most common myths about files, ranging from how endpoint security may not be enough to block (or not to block) Macros in Microsoft documents.

Ready to bust some myths? **Register for the webinar here**.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Webinar — A MythBusting Special: 9 Myths about File-based Threats

A new financially motivated campaign that commenced in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed MortalKombat and a clipper malware known as Laplas.
Cisco Talos said it "observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) port 3389."
The attacks, per the cybersecurity company,

Cryptocurrency / Ransomware

A new financially motivated campaign that commenced in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed **MortalKombat** and a clipper malware known as Laplas.

Cisco Talos said it "observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) port 3389."

The attacks, per the cybersecurity company, primarily focuses on individuals, small businesses, and large organizations located in the U.S., and to a lesser extent in the U.K., Turkey, and the Philippines.

The starting point that kicks off the multi-stage attack chain is a phishing email bearing a malicious ZIP file that's used as a pathway to deliver either the clipper or the ransomware.

In addition to using cryptocurrency-themed email lures impersonating CoinPayments, the threat actor is also known to erase infection markers in an attempt to cover its tracks.

MortalKombat, first detected in January 2023, is capable of encrypting system, application, backup, and virtual machine files in the compromised system. It further corrupts Windows Explorer, disables the Run command window, and removes applications and folders from Windows startup.

A source code analysis of the ransomware reveals that it's part of the Xorist family of ransomware, Cisco Talos researcher Chetan Raghuprasad said.

The Laplas clipper is a Golang variant of malware that came to light in November 2022. It's designed to monitor the clipboard for any cryptocurrency wallet address and substitute it with an actor-controlled wallet to carry out fraudulent transactions.

"The clipper reads the victim machine's clipboard contents and executes a function to perform regular expression pattern matching to detect the cryptocurrency wallet address," Raghuprasad explained.

"When a cryptocurrency wallet address is identified, the clipper sends the wallet address back to the clipper bot. In response, the clipper receives an attacker-controlled wallet address similar to the victim's and overwrites the original cryptocurrency wallet address in the clipboard."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#mac