An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user.

CVE-2021-27406

Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19.
The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called DEEPSoft to sign malicious artifacts deployed during the infection chain to evade detection.
"Almost all

Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed **WIP19**.

The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called **DEEPSoft** to sign malicious artifacts deployed during the infection chain to evade detection.

"Almost all operations performed by the threat actor were completed in a 'hands-on keyboard' fashion, during an interactive session with compromised machines," SentinelOne researchers Joey Chen and Amitai Ben Shushan Ehrlich said in a report this week.

"This meant the attacker gave up on a stable \[command-and-control\] channel in exchange for stealth."

WIP, short for work-in-progress, is the moniker assigned by SentinelOne to emerging or hitherto unattributed activity clusters, similar to the UNC####, DEV-####, and TAG-## designations given by Mandiant, Microsoft, and Recorded Future.

The cybersecurity firm also noted that select portions of the malicious components employed by WIP19 were authored by a Chinese-speaking malware author dubbed WinEggDrop, who has been active since 2014.

WIP19 is said to share links to another group codenamed Operation Shadow Force owing to overlaps in the use of WinEggDrop-authored malware, stolen certificates, and tactical overlaps.

That said, SentinelOne noted, "it is unclear whether this is a new iteration of operation 'Shadow Force' or simply a different actor utilizing similar TTPs."

Intrusions mounted by the adversarial collective rely on a bespoke toolset that includes a combination of a credential dumper, network scanner, browser stealer, keystroke logger and screen recorder (ScreenCap), and an implant known as SQLMaggie.

SQLMaggie was also the subject of an in-depth analysis by German cybersecurity company DCSO CyTec earlier this month, calling out its ability to break into Microsoft SQL servers and leverage the access to run arbitrary commands via SQL queries.

An analysis of telemetry data further revealed the presence of SQLMaggie in 285 servers spread across 42 countries, chiefly South Korea, India, Vietnam, China, Taiwan, Russia, Thailand, Germany, Iran, and the U.S.

The fact that the attacks are precision targeted and low in volume, not to mention have singled out the telecom sector, indicates that the primary motive behind the campaign may be to gather intelligence.

The findings are yet another indication of how China-aligned hacking groups are at once sprawling and fluid owing to the reuse of the malware among several threat actors.

"WIP19 is an example of the greater breadth of Chinese espionage activity experienced in critical infrastructure industries," SentineOne researchers said.

"The existence of reliable quartermasters and common developers enables a landscape of hard-to-identify threat groups that are using similar tooling, making threat clusters difficult to distinguish from the defenders point of view."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.

'1204059?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-42720: Invalid Bug ID

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.

CVE-2022-42721

In the Linux kernel 5.8 through 5.19.14, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.

'1204125?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-42722: Invalid Bug ID

An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.

AgeCommit message (Expand)AuthorFilesLines 2022-09-04Merge tag 'wireless-next-2022-09-03' of git://git.kernel.org/pub/scm/linux/ke...David S. Miller1\-1/+1 2022-09-03wifi: mac80211: fix double SW scan stopJohannes Berg1\-1/+1 2022-08-25wifi: mac80211: Fix UAF in ieee80211\_scan\_rx()Siddh Raman Pant1\-4/+7 2022-07-15wifi: mac80211: fix multi-BSSID element parsingJohannes Berg1\-4/+8 2022-06-20wifi: mac80211: move interface config to new structJohannes Berg1\-1/+1 2022-05-04mac80211: upgrade passive scan to active scan on DFS channels after beacon rxFelix Fietkau1\-0/+20 2021-09-23mac80211: always allocate struct ieee802\_11\_elemsJohannes Berg1\-6/+10 2021-05-31mac80211: fix skb length check in ieee80211\_scan\_rx()Du Cheng1\-5/+16 2020-09-28mac80211: convert S1G beacon to scan resultsThomas Pedersen1\-4/+13 2020-09-28mac80211: s1g: choose scanning width based on frequencyThomas Pedersen1\-0/+17 2020-09-28nl80211/cfg80211: support 6 GHz scanningTova Mussai1\-2/+7 2020-07-31mac80211: remove unused flags argument in transmit functionsMathy Vanhoef1\-1/+1 2020-07-31mac80211: use same flag everywhere to avoid sequence number overwriteMathy Vanhoef1\-4/+3 2020-07-31nl80211: S1G band and channel definitionsThomas Pedersen1\-0/+1 2020-05-31mac80211: Add HE 6GHz capabilities element to probe requestIlan Peer1\-8/+9 2020-05-31mac80211: avoid using ext NSS high BW if not supportedJohannes Berg1\-0/+6 2020-04-24mac80211: add freq\_offset to RX statusThomas Pedersen1\-1/+2 2020-04-24mac80211: handle channel frequency offsetThomas Pedersen1\-0/+1 2020-02-21cfg80211: remove support for adjacent channel compensationEmmanuel Grumbach1\-2/+1 2019-10-07mac80211: fix scan when operating on DFS channels in ETSI domainsAaron Komisar1\-2/+28 2019-06-19treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500Thomas Gleixner1\-4/+1 2019-02-08mac80211: support multi-bssidSara Sharon1\-2/+9 2019-02-08mac80211: move the bss update from elements to an helperSara Sharon1\-70/+80 2019-02-08mac80211: pass bssids to elements parsing functionSara Sharon1\-35/+40 2018-11-09mac80211: allow hardware scan to fall back to softwareJohannes Berg1\-4/+18 2018-06-30Merge tag 'mac80211-next-for-davem-2018-06-29' of git://git.kernel.org/pub/sc...David S. Miller1\-6/+50 2018-06-15mac80211: support scan features for improved scan privacyJohannes Berg1\-5/+30 2018-06-15mac80211: split ieee80211\_send\_probe\_req()Johannes Berg1\-2/+20 2018-06-15mac80211: add probe request building flagsJohannes Berg1\-3/+4 2018-06-12treewide: kzalloc() -> kcalloc()Kees Cook1\-1/+1 2018-03-21mac80211: inform wireless layer when frame RSSI is invalidTosoni1\-1/+3 2017-09-21mac80211: oce: enable receiving of bcast probe respRoee Zamir1\-9/+28 2017-04-28cfg80211: add request id to cfg80211\_sched\_scan\_\*() apiArend Van Spriel1\-2/+2 2017-04-28mac80211: separate encoding/bandwidth from flagsJohannes Berg1\-4/+4 2017-04-28mac80211: clean up rate encoding bits in RX statusJohannes Berg1\-4/+4 2016-12-13mac80211: Remove unused 'len' variableKirtika Ruchandani1\-5/+3 2016-09-15mac80211: fix scan completed tracingJohannes Berg1\-1/+1 2016-07-06mac80211: report failure to start (partial) scan as scan abortJohannes Berg1\-2/+3 2016-07-06mac80211: Add support for beacon report radio measurementAvraham Stern1\-8/+34 2016-07-06nl80211: support beacon report scanningAvraham Stern1\-2/+7 2016-04-12cfg80211: remove enum ieee80211\_bandJohannes Berg1\-6/+6 2016-04-05mac80211: Support a scan request for a specific BSSIDJouni Malinen1\-1/+3 2016-04-05mac80211: allow drivers to report CLOCK\_BOOTTIME for scan resultsJohannes Berg1\-1/+3 2016-01-26mac80211: Requeue work after scan complete for all VIF types.Sachin Kulkarni1\-1/+11 2016-01-14mac80211: handle sched\_scan\_stopped vs. hw restart raceEliad Peller1\-0/+8 2015-12-02mac80211: do not actively scan DFS channelsAntonio Quartulli1\-4/+5 2015-11-03mac80211: don't reconfigure sched scan in case of wowlanEliad Peller1\-5/+7 2015-10-14mac80211: remove PM-QoS listenerJohannes Berg1\-1/+0 2015-10-13mac80211: use new cfg80211\_inform\_bss\_frame\_data() APIJohannes Berg1\-10/+9 2015-06-10mac80211: convert HW flags to unsigned long bitmapJohannes Berg1\-5/+5 2015-06-09mac80211: ignore invalid scan RSSI valuesSara Sharon1\-1/+7 2015-06-02mac80211: rename single hw-scan flag to follow naming conventionJohannes Berg1\-3/+3 2015-03-30mac80211: IBSS fix scan requestJanusz.Dziedzic@tieto.com1\-9/+16 2015-01-23mac80211: complete scan work immediately if quiesced or suspendedLuciano Coelho1\-0/+5 2015-01-14mac80211: don't defer scans in case of radar detectionEliad Peller1\-1/+1 2015-01-14mac80211: remove local->radar\_detect\_enabledEliad Peller1\-1/+1 2015-01-14mac80211: let flush() drop packets when possibleEmmanuel Grumbach1\-2/+2 2014-11-19mac80211: allow drivers to support NL80211\_SCAN\_FLAG\_RANDOM\_ADDRJohannes Berg1\-10/+38 2014-11-19mac80211: rcu-ify scan and scheduled scan request pointersJohannes Berg1\-30/+49 2014-11-19mac80211: remove redundant checkEliad Peller1\-1/+1 2014-09-05mac80211: add Intel Mobile Communications copyrightJohannes Berg1\-0/+1 2014-08-26mac80211: scan: Replace rcu\_assign\_pointer() with RCU\_INIT\_POINTER()Andreea-Cristina Bernat1\-1/+1 2014-06-25mac80211: split sched scan IEsDavid Spinadel1\-23/+24 2014-06-25mac80211: support more than one band in scan requestDavid Spinadel1\-25/+60 2014-05-09mac80211: handle failed restart/resume betterJohannes Berg1\-5/+10 2014-04-09mac80211: use RCU\_INIT\_POINTERMonam Agarwal1\-5/+5 2014-03-19mac80211: release sched\_scan\_sdata when stopping sched scanAlexander Bondar1\-2/+4 2014-02-20mac80211: allow driver to return error from sched\_scan\_stopJohannes Berg1\-1/+1 2014-02-11mac80211: fix IE buffer lenDavid Spinadel1\-5/+2 2013-12-16mac80211: reschedule sched scan after HW restartDavid Spinadel1\-14/+39 2013-12-16Merge remote-tracking branch 'wireless-next/master' into mac80211-nextJohannes Berg1\-1/+1 2013-12-06Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linvil...John W. Linville1\-1/+1 2013-12-05mac80211: start\_next\_roc only if scan was actually runningEliad Peller1\-1/+3 2013-12-05mac80211: determine completed scan type by defined opsEliad Peller1\-8/+7 2013-12-03mac80211: remove duplicate codeEliad Peller1\-8/+0 2013-11-25cfg80211: consolidate passive-scan and no-ibss flagsLuis R. Rodriguez1\-5/+5 2013-11-25mac80211: fix scheduled scan rtnl deadlockJohannes Berg1\-1/+1 2013-11-04Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linvil...John W. Linville1\-0/+19 2013-10-23Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1\-0/+19 2013-10-09mac80211: correctly close cancelled scansEmmanuel Grumbach1\-0/+19 2013-09-26mac80211: change beacon/connection pollingStanislaw Gruszka1\-2/+1 2013-07-16mac80211: allow scanning for 5/10 MHz channels in IBSSSimon Wunderlich1\-6/+39 2013-07-16mac80211: select and adjust bitrates according to channel modeSimon Wunderlich1\-2/+25 2013-06-13mac80211: track AP's beacon rate and give it to the driverAlexander Bondar1\-0/+9 2013-04-16mac80211: parse VHT channel switch IEsJohannes Berg1\-1/+1 2013-04-08mac80211: check ERP info IE length in parserJohannes Berg1\-3/+2 2013-03-25mac80211: Use a cfg80211\_chan\_def in ieee80211\_hw\_conf\_chanKarl Beldan1\-3/+3 2013-03-18mac80211: pass queue bitmap to flush operationJohannes Berg1\-2/+2 2013-03-11mac80211: remove a few set but unused variablesJohannes Berg1\-3/+0 2013-02-15mac80211: add radar detection command/eventSimon Wunderlich1\-0/+3 2013-02-11mac80211: Add flushes before going off-channelSeth Forshee1\-0/+3 2013-02-11mac80211: Fix tx queue handling during scansSeth Forshee1\-3/+6 2013-02-11mac80211: introduce beacon-only timing dataJohannes Berg1\-1/+4 2013-02-11cfg80211: pass wiphy to cfg80211\_ref\_bss/put\_bssJohannes Berg1\-1/+2 2013-01-31mac80211: improve latency and throughput while software scanningStanislaw Gruszka1\-27/+5 2013-01-31mac80211: start auth/assoc timeout on frame statusJohannes Berg1\-1/+2 2013-01-31mac80211: remove unused mesh data from bssJohannes Berg1\-9/+0 2013-01-31mac80211: remove last\_probe\_resp from bssJohannes Berg1\-3/+0 2013-01-28Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linvil...John W. Linville1\-10/+5 2013-01-16mac80211: synchronize scan off/on-channel and PS statesStanislaw Gruszka1\-10/+5 2013-01-03mac82011: use frame control to differentiate probe resp/beaconEmmanuel Grumbach1\-5/+4 2013-01-03mac80211: fix dtim\_period in hidden SSID AP associationJohannes Berg1\-12/+0 2013-01-03mac80211: fix ibss scanningStanislaw Gruszka1\-10/+24 2012-12-11Merge branch 'for-john' of git://git.sipsolutions.net/mac80211-nextJohn W. Linville1\-1/+1 2012-12-10mac80211: a few whitespace fixesJohannes Berg1\-1/+1 2012-12-06Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jber...John W. Linville1\-9/+12 2012-11-30mac80211: make ieee80211\_build\_preq\_ies saferJohannes Berg1\-9/+12 2012-11-26Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jber...John W. Linville1\-8/+1 2012-11-23cfg80211: use DS or HT operation IEs to determine BSS channelJohannes Berg1\-8/+1 2012-11-21Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linvil...John W. Linville1\-1/+1 2012-10-31mac80211: init sched\_scan\_iesDavid Spinadel1\-1/+1 2012-10-18mac80211: add support for tx to abort low priority scan requestsSam Leffler1\-4/+17 2012-10-17mac80211: use channel contextsJohannes Berg1\-2/+2 2012-10-16mac80211: track whether to use channel contextsJohannes Berg1\-0/+4 2012-09-07net/mac80211/scan.c: removes unnecessary semicolonPeter Senna Tschudin1\-1/+1 2012-09-06mac80211: don't hang on to sched\_scan\_iesJohannes Berg1\-25/+14 2012-09-06Merge remote-tracking branch 'mac80211/master' into mac80211-nextJohannes Berg1\-2/+1 2012-08-20mac80211: pass channel to ieee80211\_send\_probe\_reqJohannes Berg1\-1/+2 2012-08-20mac80211: check operating channel in scanJohannes Berg1\-5/+4 2012-07-30mac80211: don't clear sched\_scan\_sdata on sched scan stop requestEliad Peller1\-1/+0 2012-07-30Merge remote-tracking branch 'wireless/master' into mac80211Johannes Berg1\-58/+65 2012-07-24mac80211: fix scan\_sdata assignmentJohannes Berg1\-1/+1 2012-07-20Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linvil...John W. Linville1\-54/+62 2012-07-12mac80211: add time synchronisation with BSS for assocJohannes Berg1\-1/+2 2012-07-12mac80211: redesign scan RXJohannes Berg1\-34/+23 2012-07-12mac80211: track scheduled scan virtual interfaceJohannes Berg1\-10/+10 2012-07-12mac80211: make scan\_sdata pointer usable with RCUJohannes Berg1\-9/+24 2012-07-12mac80211: fix invalid band deref building preq IEsArik Nemtsov1\-0/+3 2012-06-12Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linvil...John W. Linville1\-2/+2 2012-06-06mac80211: unify SW/offload remain-on-channelJohannes Berg1\-2/+2 2012-06-04net: Remove casts to same typeJoe Perches1\-2/+1 2012-05-09mac80211: Convert compare\_ether\_addr to ether\_addr\_equalJoe Perches1\-1/+1 2012-04-23mac80211: Support on-channel scan option.Ben Greear1\-26/+69 2012-04-13mac80211: remove ieee80211\_rx\_bss\_getMohammed Shafi Shajakhan1\-14/+0 2012-04-13mac80211: do not scan and monitor connection in parallelStanislaw Gruszka1\-1/+28 2012-03-28mac80211: fix oper channel timestamp updationRajkumar Manoharan1\-1/+1 2012-03-07mac80211: Filter duplicate IE idsPaul Stewart1\-20/+51 2012-03-05mac80211: use compare\_ether\_addr on MAC addresses instead of memcmpFelix Fietkau1\-1/+2 2012-01-05Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linvil...John W. Linville1\-1/+1 2012-01-04mac80211: fix scan state machineMohammed Shafi Shajakhan1\-1/+1 2011-12-19net: fix assignment of 0/1 to bool variables.Rusty Russell1\-1/+1 2011-11-30mac80211: revert on-channel work optimisationsJohannes Berg1\-2/+2 2011-11-22Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torval...John W. Linville1\-0/+1 2011-11-11mac80211: simplify scan state machineJohannes Berg1\-122/+77 2011-10-31net: Add export.h for EXPORT\_SYMBOL/THIS\_MODULE to non-modulesPaul Gortmaker1\-0/+1 2011-10-25Merge branch 'pm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1\-1/+1 2011-10-11mac80211: pass no-CCK flag through to HW scanJohannes Berg1\-0/+1 2011-09-27mac80211: Send the management frame at requested rateRajkumar Manoharan1\-1/+2 2011-08-25PM QoS: Move and rename the implementation filesJean Pihet1\-1/+1 2011-07-19mac80211: implement scan supported ratesJohannes Berg1\-3/+3 2011-07-11Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linvil...John W. Linville1\-1/+2 2011-07-07mac80211: fix ie memory allocation for scheduled scansLuciano Coelho1\-1/+2 2011-06-27mac80211: Drop DS Channel PARAM in directed probePaul Stewart1\-1/+2 2011-06-27mac80211: restrict advertised HW scan ratesJohannes Berg1\-2/+3 2011-06-17mac80211: add cancel\_hw\_scan() callbackEliad Peller1\-16/+21 2011-05-27mac80211: Remove duplicate linux/slab.h include from net/mac80211/scan.cJesper Juhl1\-1/+0 2011-05-16mac80211: abort scan\_work immediately when the device goes downRajkumar Manoharan1\-0/+5 2011-05-12cfg80211/mac80211: avoid bounce back mac->cfg->mac on sched\_scan\_stoppedLuciano Coelho1\-6/+27 2011-05-11mac80211: add support for HW scheduled scanLuciano Coelho1\-0/+99 2011-05-10mac80211: don't drop frames where skb->len < 24 in ieee80211\_scan\_rx()Luciano Coelho1\-1/+1 2011-03-07mac80211: fix scan race, simplify codeJohannes Berg1\-40/+24 2011-02-09mac80211: Ensure power-level set properly for scanning.Ben Greear1\-1/+8 2011-02-09mac80211: Allow scanning on existing channel-type.Ben Greear1\-4/+2 2011-02-04mac80211: Optimize scans on current operating channel.Ben Greear1\-25/+63 2011-01-21cfg80211: Extend channel to frequency mapping for 802.11jBruno Randolf1\-1/+2 2010-10-07mac80211: fix sw scan lockingJohannes Berg1\-2/+1 2010-10-06mac80211: avoid uninitialized var warning in ieee80211\_scan\_cancelJohn W. Linville1\-3/+4 2010-10-06mac80211: compete scan to cfg80211 if deferred scan fail to startStanislaw Gruszka1\-0/+2 2010-10-06mac80211: do not requeue scan work when not neededStanislaw Gruszka1\-12/+3 2010-10-06mac80211: assure we also cancel deferred scan requestStanislaw Gruszka1\-10/+25 2010-10-06mac80211: keep lock when calling \_\_ieee80211\_scan\_completed()Stanislaw Gruszka1\-36/+39 2010-10-06mac80211: reduce number of \_\_ieee80211\_scan\_completed callsStanislaw Gruszka1\-22/+29 2010-09-24mac80211: Add DS Parameter Set into Probe Request on 2.4 GHzJouni Malinen1\-1/+2 2010-09-24mac80211: Filter ProbeReq SuppRates based on TX rate maskJouni Malinen1\-1/+1 2010-08-27mac80211: allow scan to complete from any contextJohannes Berg1\-8/+26 2010-08-16mac80211: per interface idle notificationJohannes Berg1\-0/+2 2010-08-16mac80211: unify scan and work mutexesJohannes Berg1\-15/+15 2010-08-04mac80211: fix scan locking wrt. hw scanJohannes Berg1\-14/+0 2010-07-29mac80211: allow drivers to request DTIM periodJohannes Berg1\-0/+4 2010-07-28Revert "mac80211: fix sw scan bracketing"Luis R. Rodriguez1\-2/+2 2010-06-21mac80211: Fix compile warning in scan.c.Gertjan van Wingerde1\-1/+1 2010-06-18mac80211: fix sw scan bracketingJohannes Berg1\-2/+2 2010-05-20Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6Linus Torvalds1\-19/+107 2010-05-05Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linvil...John W. Linville1\-13/+40 2010-05-03mac80211: improve IBSS scanningJohannes Berg1\-1/+27 2010-04-28mac80211: do not wip out old supported ratesStanislaw Gruszka1\-10/+11 2010-04-27mac80211: give virtual interface to hw\_scanJohannes Berg1\-2/+2 2010-04-15Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linvil...John W. Linville1\-0/+2 2010-04-11Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/ne...David S. Miller1\-0/+1 2010-04-08mac80211: enhance tracingJohannes Berg1\-0/+2 2010-03-30include cleanup: Update gfp.h and slab.h includes to prepare for breaking imp...Tejun Heo1\-0/+1 2010-03-09mac80211: Improve software scan timingHelmut Schaa1\-6/+65 2010-02-08Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linvil...John W. Linville1\-8/+19 2010-02-08mac80211: fix deferred hardware scan requestsJohannes Berg1\-8/+10 2010-01-26mac80211: wait for beacon before enabling powersaveJohannes Berg1\-4/+0 2010-01-12mac80211: add U-APSD client supportKalle Valo1\-0/+18 2010-01-12mac80211: fix a few work bugsJohannes Berg1\-0/+1 2010-01-06Revert "mac80211: replace netif\_tx\_{start,stop,wake}\_all\_queues"John W. Linville1\-5/+5 2010-01-05mac80211: No need to include WEXT headers hereJouni Malinen1\-1/+0 2009-12-28mac80211: Generalize off-channel operation helpers from scan codeJouni Malinen1\-150/+6

CVE-2022-41674: git/torvalds/linux.git - Linux kernel source tree

At Next '22, Google Cloud announces updates to its trusted cloud ecosystem with new Sovereign Solutions initiative and partnerships spanning critical areas of cybersecurity.

SUNNYVALE, Calif., Oct. 11, 2022 /PRNewswire/ -- Google Cloud today announced a significant expansion of its trusted cloud ecosystem, highlighting new integrations and offerings with more than twenty partners focused on enabling greater data sovereignty controls, supporting Zero Trust models, unifying identity management, and improving endpoint security for global businesses.

Global businesses face growing challenges in cybersecurity and data protection, as cyber threats become increasingly sophisticated, hybrid work becomes the norm, and governments adopt new requirements for data sovereignty and control. Google Cloud provides businesses with industry-leading, end-to-end security capabilities to support customers across their cloud and on-premises environments—and today it is announcing a series of partnerships that extend its leadership as an open and trusted cloud.

By embracing its ecosystem of partners, Google Cloud is ensuring that global businesses have choice and flexibility to work with leading cybersecurity vendors and to deliver diverse sets of applications on infrastructure compliant with growing data protection requirements.

"Providing businesses with extensible cybersecurity solutions in the cloud, and a collaborative ecosystem of partners, is the only practical approach to addressing enterprises' greatest cybersecurity challenges," said Sunil Potti, VP, Cloud Security at Google Cloud. "Our partners play a critical role in keeping customers secure and compliant, whether enabling secure hybrid work, safeguarding critical infrastructure, or meeting stringent data residency requirements."

"Success with today's digital business platforms requires a connected and trusted ecosystem of partners to help ensure better security outcomes for customers," said Prem Iyer, VP, GSI and CSP Ecosystems at Palo Alto Networks. "We remain committed to continuing our momentum with Google Cloud, delivering best-in-class solutions that simplify cloud security for our joint customers while improving their security posture."

"The Symantec Enterprise Division and Google Cloud are committed to addressing critical requirements of governments and highly regulated industries to establish sovereignty over data at rest, in use, and in transit," said Rob Greer, VP and GM at Symantec Enterprise Division, Broadcom. "The Google Cloud Ready–Sovereign Solutions program provides Symantec customers with a transparent and flexible approach to meet local data security and privacy laws, across our cybersecurity solutions."

**Bringing partner applications to European sovereign clouds**  
Google Cloud is announcing a new Google Cloud Ready–Sovereign Solutions program to help customers identify partner applications validated to be compatible with Google Cloud's portfolio of Sovereign Solutions, including partner offerings from T-Systems in Germany and S3NS in France. This program will give customers the confidence to continue using applications that are critical to their business while meeting their digital sovereignty objectives.

Today, a diverse group of software partners are committing to validate their platforms for this program, including Aiven, Broadcom (Symantec), Cloud Software Group (Citrix), Climate Engine, Commvault, Confluent, Datadog, DataIKU, Dell Technologies, Elastic, Fortinet, Gitlab, Iron Mountain, LumApps, MongoDB, NetApp, OpenText, Palo Alto Networks, Pega Systems, Siemens, SUSE, Thales, Thought Machine, Veeam, and VMware.

**Expanding Zero Trust architecture with partners**  
Businesses around the world utilize Google Cloud's BeyondCorp Enterprise Zero Trust solution to enable secure access to applications and resources and to safeguard data. In 2020, Google Cloud announced the BeyondCorp Alliance, creating an ecosystem of partners to help enable customers to integrate products and utilize information from leading security vendors including CrowdStrike, Palo Alto Networks, VMware, and more.

Today, Google Cloud is taking a significant step forward in the extensibility of its Zero Trust offerings by partnering with Palo Alto Networks to ensure customers can embrace a ZTNA 2.0 strategy, protecting all users and applications on devices connected across any network.

**Simplifying identity management across platforms**  
Unified identity management is another critical component to secure hybrid work, because it safely eliminates the need to maintain separate user identities across multiple platforms. Alongside its own Identity and Access Management products, Google Cloud is announcing new integrations with ForgeRock, JumpCloud, Okta, and Ping Identity that will automatically extend identity management capabilities and policies to joint customers, adding significant value to investments customers have already made, and helping further secure commonly-used applications.

**Improving endpoint security and operations**  
These partnerships build on Google Cloud's existing ecosystem of endpoint and security operations partners. Strong endpoint protection helps businesses maintain data security while giving their workforces the flexibility to access key applications and information seamlessly across devices, including mobile phones, desktops, laptops, and more. Through its Chronicle Security Operations platform, Google Cloud offers a modern, cloud-first suite that better enables cybersecurity teams to detect, investigate, and respond to threats.

Google Cloud's ecosystem of partners like CrowdStrike, Cybereason, and Fortinet integrate their platforms with Chronicle, ensuring customers have the flexibility and choice to modernize their endpoint security operations.

With the addition of Mandiant to Google Cloud, endpoint partners will also have opportunities to deepen their integrations with Google Cloud's end-to-end security operations suite, with even greater capabilities to support customers across their cloud and on-premises environments.

**Delivering implementation and managed services through systems integrators**  
Google Cloud's top systems integrators including Deloitte will provide implementation customization and managed services for customers, bringing together Google Cloud's capabilities in security analytics, threat intelligence, automation, and SecOps with those of its ecosystem to help customers more quickly prevent and respond to cyber threats.

Learn more about Google Cloud's ecosystem of security partners here.

**About Google Cloud**  
Google Cloud accelerates every organization's ability to digitally transform its business. We deliver enterprise-grade solutions that leverage Google's cutting-edge technology – all on the cleanest cloud in the industry. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.

SOURCE Google Cloud

Google Cloud Advances Partnerships with 20-Plus Software Companies Focused on Digital Sovereignty and Cybersecurity

Silent Eight announced an extension to its existing partnership with HSBC to tackle financial crime.

LONDON, Oct. 11, 2022 /PRNewswire/ -- The new service will cover the deployment of Negative News Screening that leverages machine learning to identify individuals who pose a greater risk for money laundering, fraud or terrorist financing. As financial crime continues to present a challenge, banks need to pivot to an increased use of Machine Learning within compliance, and move away from manual processes or alert scoring.

Silent Eights' solution provides a more effective approach to address true matches and resolve the issue of false identifications. With this expansion, Silent Eight will be solving name screening matches across every risk type within HSBC.

"HSBC is dedicated to drive AI innovation in the financial services field, and with Silent Eight's capabilities, we continue our focus on tackling financial crime more effectively and make the industry safer. We are excited to see the value that they will create by integrating Negative News screening into our platforms," said Mark Turkington, Group Head of Financial Crime Detection.

Silent Eight CRO, Matt Leaney, said, "Working with a technology leader like HSBC who is embracing machine learning within compliance is a pleasure for us. It is a true partnership of shared goals and interests, we look forward to deepening our relationship and supporting their goals for many years to come."

**About Silent Eight:**

Silent Eight makes crime bad business and with its banking, insurance and payment partners is responsible for stopping bad actors accessing the financial system Silent Eight leads the world in Artificial Intelligence solutions for the compliance challenges of today and tomorrow. Spanning customers and transactions, covering Sanctions, Adverse News, PePs and monitoring Silent Eight ensures all potential risks are investigated and decided quickly, accurately and consistently.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

HSBC and Silent Eight Expand Machine Learning Partnership

Resistant AI and ComplyAdvantage launch AI transaction monitoring solution to combat fraud and money laundering.

LONDON, Oct. 11, 2022 /PRNewswire-PRWeb/ -- Holvi, the digital banking service for small businesses, is among the initial group of customers to implement the AI-driven solution to manage their financial crime risk.

Resistant AI, the AI and machine learning financial crime prevention specialists, and ComplyAdvantage, the financial industry's leading source of AI-driven financial crime risk data and detection technology, today announced the general availability of their solution for fighting financial crime across  
the U.S. and Europe.

Financial crime is a multi-trillion-dollar problem. According to the \[United Nations, the estimated amount of money laundered globally in one year is 2 - 5% of global GDP, or 800 billion - 2 trillion US dollars. While the cost of fraud and money laundering to financial organizations and other businesses is significant, the cost and damage to economies and society as a whole is immeasurable.

Adding Resistant AI's capabilities to ComplyAdvantage's transaction risk monitoring platform extends anti-money laundering (AML) and anti-fraud protections offered to financial institutions and other businesses by:

\-- Enabling them to detect previously unknown patterns of behavior and identify new risks faster.  
\-- Delivering alert prioritization so organizations can focus on the highest-risk areas and make the best use of their investigative resources.

With these capabilities, organizations can transition to a more dynamic approach to financial crime that uncovers novel behavior as it happens.

"Effectiveness and efficacy are key to scaling," comments Valentina Butera, Head of AML and AFC Operations at Holvi. "Integrating an AI-driven transaction monitoring solution means we can grow our customer base without growing our headcount at the same rate. With Resistant AI and ComplyAdvantage, we can manage our known risks more efficiently while also identifying and adapting to previously unknown risks."

Martin Rehak, founder, and CEO at Resistant AI, commented, "We are delighted that our joint solution is now available to drive game-changing efficiency gains. Alert prioritization, the ability to make systems more effective and identify previously unknown risks enables the most effective use of investigative resources and ensures a true risk-based approach."

"In a complex, rapidly shifting world, criminals continue to find new ways to exploit financial services to launder the proceeds of their crimes. At ComplyAdvantage, we are passionate about giving our clients the best tools to protect themselves - and their customers - from these bad actors and fight back.

The addition of Resistant AI's capabilities will allow our clients to do just that," said Charles Delingpole, founder, and CEO at ComplyAdvantage.

Today's announcement coincides with the launch of a new thesis paper on AI in transaction monitoring. Co-authored by ComplyAdvantage and Resistant AI, it explores how customers like Holvi can increase the speed and accuracy with which they monitor transactions for fraud and other financial crime risks.

**About Resistant AI**

Founded in 2019, Resistant AI uses AI and machine learning to provide identity forensic solutions that protect automated financial services from fraud and manipulation, including customer onboarding, AML and existing fraud detection systems. The Resistant AI founding team has a deep background in machine learning, artificial intelligence and computer security with more than 15 years of experience applying AI in the computer security domain. Backed by GV (formerly Google Ventures), Index Ventures, Credo Ventures, Seedcamp, and several angel investors specializing in financial technology and security, Resistant AI is headquartered in Prague with offices in London and New York.

Visit resistant.ai to learn more.

**About ComplyAdvantage**

ComplyAdvantage is the financial industry's leading source of AI-driven financial crime risk data and detection technology. ComplyAdvantage's mission is to neutralize the risk of money laundering, terrorist financing, corruption, and other financial crime. More than 500 enterprises in 75 countries rely on ComplyAdvantage to understand the risk of who they're doing business with through the world's only global, real-time database of people and companies. The company identifies thousands of risk events daily from millions of structured and unstructured data points.

ComplyAdvantage has four global hubs in New York, London, Singapore, and Cluj-Napoca and is backed by Goldman Sachs, Ontario Teachers', Index Ventures, and Balderton Capital. Learn more at https://complyadvantage.com/.

Resistant AI and ComplyAdvantage Launch AI Transaction Monitoring Solution To Combat Fraud and Money Laundering

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

Tag

#mac