In a vengeful move against the happiest place on Earth, the former employee allegedly used his old credentials to make potentially deadly changes.

Source: Shannon Crighton via Alamy Stock Photo

A former Disney employee was arrested and charged after allegedly hacking into the company's systems and altering its restaurant menus.

Michael Scheuer, an ex-menu production manager at Disney, was charged with violating the Computer Fraud and Abuse Act (CFAA) on three different occasions.

He was fired from this position in June, after unspecified misconduct; his dismissal was described as "contentious" and "not considered to be amicable," according to court documents.

Scheuer allegedly used his work credentials, which were still functioning after his termination, to log into the Disney menu creation system contracted by a third-party company and change the fonts in the system to Wingdings symbols.

When the menu creator was launched, it would reach for these altered font files, believing them to be correct. 

"As a result of this change, all of the menus within the database were unusable because the font changes propagated throughout the database," read the complaint.

Scheuer also allegedly deleted allergen information from the menus, suggesting some foods were safe when they weren't, leading to potentially deadly consequences. The menus were identified and isolated by Disney before they could be shipped.

The menu changes caused the system to go offline for a couple of weeks and required backup to restore.

Scheuer has also been accused of being the root cause of several distributed denial-of-service attacks against several Disney employees, their information found in a folder on one of Scheuer's virtual machines, labeled "dox." According to the FBI, the evidence found in the investigation pointed to Scheuer as the perpetrator. He has been charged on two violations of the CFAA and remains in jail pending a bond hearing. If found guilty, he faces up to 15 years in prison.

Ex-Disney Employee Charged With Hacking Menu Database

PRESS RELEASE

TEL AVIV-YAFO, Israel – Oct. 29, 2024 – Zenity, the leader in securing agentic AI, today announced they have received $38 million in Series B funding co-led by Third Point Ventures and DTCP, pushing the total capital raised to over $55 million. It follows the recent strategic investment by Microsoft’s venture arm M12, with strong support from existing investors Intel Capital and Vertex Ventures. The funds will be used to grow the team across product, engineering, sales, and marketing, as well as launching a partner program to expand the ecosystem of supporting enterprises globally as they adopt agentic workflows including agentic AI, enterprise copilots, and applications built on low-code platforms. With Forbes estimating more than 51% of companies are actively adopting AI for process automation, and Microsoft stating the number of people who use Copilot daily at work has nearly doubled quarter-over-quarter, many enterprises have already taken a bold leap into the world of AI. However, per Salesforce, only 11% of CIOs say they’ve fully implemented AI, with the number one reason for holding full implementation back being around security and data infrastructure concerns. This round of funding serves to further accelerate and expand Zenity’s ability to enable the use of AI apps and agents among Fortune 500 enterprises, including current Zenity customers that exist across financial services, technology, manufacturing, energy and pharmaceutical industries.

Ben Kliger, Zenity’s CEO and co-founder, said: “The future of work is now. For the first time, large enterprises are on the cutting edge by placing the power of AI and low-code at all users’ fingertips, meaning anyone can now use and build AI agents and business applications to get more done. As such, security teams need robust and purpose-built solutions to properly manage the risks that come when utilizing the most powerful tools we have ever seen. We are proud to partner with Third Point Ventures and DTCP to continue our mission in supporting the world’s largest and most consequential organizations to enable innovation securely.” Recently, Zenity researchers found that the average large enterprise has nearly 80,000 AI agents, apps, and automations that are built using low-code development platforms, with over 62% containing some type of security vulnerability. Additionally, Zenity CTO and co-founder Michael Bargury presented research at Black Hat 2024 revealing how easy it is for bad actors to take control over enterprise copilots, such as Microsoft 365 Copilot, all without requiring a compromised account. What these themes have in common, is that business users of all technical backgrounds are at the forefront for business productivity. It also means that IT organizations are lacking visibility, as AI agents and applications are being built and used across the enterprise. These applications exist with an implicitly shared responsibility model, similar to the cloud, and security teams do not have visibility into what risks exist. Zenity provides visibility, risk assessment, and governance that security teams need in order to fully harness AI agents. Having gotten their start as the pioneers in the low-code/no-code application security space, Zenity is uniquely positioned with this latest round of funding to support enterprises as they continue placing more power at the hands of business users via Agentic AI workflows. As a community-oriented organization, having led and co-sponsored initiatives like the OWASP Top 10 for Low-Code/No-Code Security and the newly minted GenAI Attacks Matrix, Zenity is at the forefront of both security research and product development to be able to continue as a force enabler to the world’s enterprises. 

Sapir Harosh, Partner, Third Point Ventures, said: “In the rapidly evolving realms of AI and low-code development, Zenity stands out as a first mover dedicated to securing enterprises from emerging threats. We are proud to invest in Zenity and work closely with the team as they enable enterprises to harness powerful tools safely and drive transformative change. At Third Point Ventures, we are on the lookout for visionary companies like Zenity—those with deep connections to technology and a bold mission to serve large enterprises. We look forward to supporting their next wave of growth as they continue to innovate with advancements in AI and low-code technologies.” 

Dean Shahar, Head of Israel, DTCP, said: “We are incredibly impressed with Zenity’s achievements and are thrilled to partner with them in their next phase of growth. It’s no secret that the race to secure AI is on, but Zenity is way ahead of the competition, driven by a strong customer base and over 3x YoY growth. Their research-driven and community-focused approach, combined with their expertise in securing and understanding low-code environments, gives them a distinctive advantage in securing how business users operate today – one that’s already delivering real value to their customers. We’re excited about the opportunity to work with Ben, Michael and their incredible team and look forward to a fruitful collaboration that drives innovation and success.” 

About Zenity  Zenity, the world’s first agent-less application security platform for enterprise Copilots and Low-Code development, protects organizations from security threats, helps meet compliance, and enables business continuity. Established in 2021, many of the world’s leading organizations trust Zenity to help configure security guardrails, generate prioritized lists of vulnerabilities, and accurately pinpoint and remediate vulnerabilities by continuously scanning business-led development platforms and providing centralized visibility, risk assessment, and governance. Visit us at https://www.zenity.io for more.

Zenity Raises $38M Series B Funding Round to Secure Agentic AI

PRESS RELEASE

RALEIGH, N.C., Oct. 28, 2024 /PRNewswire-PRWeb/ -- ALL THINGS OPEN 2024 -- After a year-long, global, community design process, the Open Source Definition (OSAID) v.1.0 is available for public use.

The release of version 1.0 was announced today at All Things Open 2024, an industry conference focused on common issues of interest to the worldwide Open Source community. The OSAID offers a standard by which community-led, open and public evaluations will be conducted to validate whether or not an AI system can be deemed Open Source AI. This first stable version of the OSAID is the result of multiple years of research and collaboration, an international roadshow of workshops, and a year-long co-design process led by the Open Source Initiative (OSI), globally recognized by individuals, companies and public institutions as the authority that defines Open Source.

"The co-design process that led to version 1.0 of the Open Source AI Definition was well-developed, thorough, inclusive and fair," said Carlo Piana, OSI board chair. "It adhered to the principles laid out by the board, and the OSI leadership and staff followed our directives faithfully. The board is confident that the process has resulted in a definition that meets the standards of Open Source as defined in the Open Source Definition and the Four Essential Freedoms, and we're energized about how this definition positions OSI to facilitate meaningful and practical Open Source guidance for the entire industry."

"The new definition requires Open Source models to provide enough information about their training data so that a 'skilled person can recreate a substantially equivalent system using the same or similar data,' which goes further than what many proprietary or ostensibly Open Source models do today," said Ayah Bdeir, who leads AI strategy at Mozilla. "This is the starting point to addressing the complexities of how AI training data should be treated, acknowledging the challenges of sharing full datasets while working to make open datasets a more commonplace part of the AI ecosystem. This view of AI training data in Open Source AI may not be a perfect place to be, but insisting on an ideologically pristine kind of gold standard that will not actually be met by any model builder could end up backfiring."

"We welcome OSI's stewardship of the complex process of defining Open Source AI," said Liv Marte Nordhaug, CEO of the Digital Public Goods Alliance (DPGA) secretariat. "The Digital Public Goods Alliance secretariat will build on this foundational work as we update the DPG Standard as it relates to AI as a category of DPGs."

"Transparency is at the core of EleutherAI's non-profit mission. The Open Source AI Definition is a necessary step towards promoting the benefits of Open Source principles in the field of AI," said Stella Biderman, executive director at the EleutherAI Institute. "We believe that this definition supports the needs of independent machine learning researchers and promotes greater transparency among the largest AI developers."

"Arriving at today's OSAID version 1.0 was a difficult journey, filled with new challenges for the OSI community," said OSI Executive Director, Stefano Maffulli. "Despite this delicate process, filled with differing opinions and uncharted technical frontiers—and the occasional heated exchange—the results are aligned with the expectations set out at the start of this two-year process. This is a starting point for a continued effort to engage with the communities to improve the definition over time as we develop with the broader Open Source community the knowledge to read and apply OSAID v.1.0."

The text of the OSAID v.1.0 as well as a partial list of the many global stakeholders who endorse the definition can be found here:

https://opensource.org/ai

About the Open Source Initiative   
Founded in 1998, the Open Source Initiative (OSI) is a non-profit corporation with global scope formed to educate about and advocate for the benefits of Open Source and to build bridges among different constituencies in the Open Source community. It is the steward of the Open Source Definition and the Open Source AI Definition, setting the foundation for the global Open Source ecosystem. Join and support the OSI mission today at https://opensource.org/join.

The Open Source Initiative Announces Open Source AI Definition

PRESS RELEASE

LONDON, Oct. 28, 2024 /PRNewswire/ -- VIPRE Security Group, a global leader and award-winning cybersecurity, privacy, and data protection company, has released its Q3 2024 Email Threat Trends Report, shedding light on the evolving cybersecurity landscape. This comprehensive analysis of real-world data reveals the sophisticated strategies and techniques employed by cybercriminals, with a particular persistent focus on the highly lucrative tactic of business email compromise (BEC). VIPRE processed 1.8 billion emails globally, of which 208 million were malicious.

BEC impersonation weaponisation  

In this third quarter of 2024, cybercriminals intensified their efforts to exploit organisational vulnerabilities through employee deception. BEC scams surged, accounting for 58% of phishing attempts. Notably, 89% of these BEC attacks involved impersonation of authority figures, including CEOs, senior executives, and IT staff, underscoring the sophisticated tactics employed by malicious actors.

BEC aims for the manufacturing sector 

The manufacturing sector saw a significant rise in BEC attacks, potentially driven by financial fraud. These incidents increased from just 2% in Q1 to 10% in Q3 this year. This rise may be attributed to the industry's widespread use of mobile sign-ins at various worksites. Employees accessing systems "on the go", often under pressure to meet production deadlines, are more susceptible to phishing attempts.

Subtler tactics are a larger threat

Email threats in Q3 were dominated by scams (34%), commercial spam (30%), and phishing (20%). These email threats overshadowed ransomware and malware combined, which comprised less than 20% of all email attacks. Interestingly, despite their lower prevalence, ransomware and malware continue to receive disproportionate attention from the cybersecurity industry.

Sneakier attachments 

To counter advancing email security solutions, criminals are deploying increasingly more intricate methods to bypass defenses. Attackers are employing sneakier techniques such as disguising malicious attachments as voicemail recordings or critical security updates to lure unsuspecting users into downloading them.

Additionally, Microsoft PDFs and .DOCX files remain the most common forms of malicious attachments. In Q3 2024, 2.18 million emails were detected containing harmful attachments, marking a 30% increase from the previous quarter's 21% attachment-based attacks.

Phishing links and compromised websites

Cybercriminals continue to favour the URL redirection technique, a tactic that typically proves effective at evading security controls. This deceptive ploy utilises a "clean" URL within the body of the email, which then redirects unsuspecting users to a malicious one once inside. In Q3 2024, URL redirection accounted for 52% of such attacks, leading victims to meticulously crafted fraudulent websites designed to appear authentic, and gain trust.

Malspam pendulum swing from malicious links to attachments

When it comes to malspam, there is a pendulum swing from a preference for malicious links to attachments. During Q3, malspam efforts were centered on malicious attachments (64%), while only 36% employed a link. The attachment formats used were predominantly LNK, ZIP, and DOCX. Only a quarter ago, links were the tool of choice by a factor of nearly nine-to-one (86% links to 14%).

The 'Malware Family of the Quarter' goes to Redline

Redline is the top malspam family of Q3 2024, a spot it has maintained since the corresponding quarter in 2023. RedLine is designed to steal sensitive information from web browsers, such as credentials and payment data. Typically distributed via phishing emails or malicious websites, it sends stolen data to a command-and-control server controlled by the attacker. It can completely take over a compromised machine and uses multiple infiltration methods.

"The findings of this report yet again illustrate the sophistication of criminal tactics. BEC email and phishing attacks are becoming more targeted and convincing," Usman Choudhary, CPTO, VIPRE Security Group, says. "Additionally, malware distribution through malicious spam campaigns continues to pose a serious threat to organisations. These findings stress the critical need for robust cybersecurity measures and ongoing employee education to combat these evolving threats, especially as bad actors gear up for the upcoming holiday season – Black Friday, Thanksgiving, Christmas, and New Year."

To read the full report, click here: VIPRE's Email Threat Trends Report: Q3 2024. 

VIPRE leverages its vast understanding of email security to equip businesses with the information they need to protect themselves. This report is based on proprietary intelligence gleaned from round-the-clock vigilance of the cybersecurity landscape.

About VIPRE Security Group

VIPRE Security Group, part of Ziff Davis, Inc., is a leading provider of internet security solutions purpose-built to protect businesses, solution providers, and home users from costly and malicious cyber threats. With over 25 years of industry expertise, VIPRE is one of the world's largest threat intelligence clouds, delivering exceptional protection against today's most aggressive online threats. Our award-winning software portfolio includes next-generation antivirus endpoint cloud solutions, advanced email security products, along with threat intelligence for real-time malware analysis, and security awareness training for compliance and risk management. VIPRE solutions deliver easy-to-use, comprehensive layered defense through cloud-based and server security, with mobile interfaces that enable instant threat response. VIPRE is a proud Advanced Technology Partner of Amazon Web Services operating globally across North America and Europe.

Business Email Compromise (BEC) Impersonation: The Weapon of Choice of Cybercriminals

From bulletproof glass, drones, and snipers to boulders blocking election offices, the US democratic system is bracing for violent attacks in 2024.

Drones, snipers, razor wire, sniffer dogs, body armor, bulletproof glass, and 24-hour armed security.

This is not a list of protections in place for a visit by the president of the United States nor the contents of a shipment to frontline troops fighting in Ukraine. This is a list of the security measures election officials in counties across the US have had to implement ahead of Tuesday’s vote as a result of the unprecedented threats they have faced in recent years.

Officials are putting in place the typical final measures to ensure the smooth operation of an election, but beyond checking that they have enough ballots and that machines are working properly, officials are now faced with having to monitor for threats and make sure they have done everything they can to protect themselves and their staff.

“Given the current political environment, the possibility that an event may occur has increased, and our election professionals have responded in kind,” says Tammy Patrick, a former election official in Arizona’s Maricopa County who is now a senior adviser at the nonprofit Bolstering Elections Initiative. “Efforts focusing on the physical security of the voters, election workers, and staff by putting in bulletproof glass, panic buttons, razor wire, and fencing are fairly common, as is the installation of surveillance cameras and systems, cyber protections, and training on de-escalation techniques and response drills.”

Nowhere in the US is the militarization of the election process more evident than in Maricopa County.

The fourth largest county in the nation, Maricopa became ground zero for election denial conspiracists in recent years, after GOP lawmakers sanctioned a bogus recount in 2021, run by the Florida company Cyber Ninjas.

As a result, the county has for years been putting increased security measures in place. “We're a fortress now,” Stephen Richer, the Maricopa County Recorder, told WIRED back in February, outlining how he had to navigate security fencing, metal detectors, and security checks in order to get into his office.

As the 2024 election approaches, the measures Maricopa officials are putting in place have been ratcheted up significantly.

Officials have added a second layer of security fencing to protect election offices, as well as concrete k-rails, which means election workers will be bused in from offsite locations due to reduced parking spaces. At the country’s tabulation center, every door will be fitted with metal detectors, floodlights will be installed, and on election day the center will be protected by a ring of snipers deployed on roofs around the building, election officials told NBC.

‘We’re a Fortress Now’: The Militarization of US Elections Is Here

Red Hat Security Advisory 2024-8617-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8617.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security update  
Advisory ID:        RHSA-2024:8617-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8617  
Issue date:         2024-10-30  
Revision:           03  
CVE Names:          CVE-2021-47383  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201)

* kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640)

* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)

* kernel: af_unix: Fix garbage collector racing against connect() (CVE-2024-26923)

* kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961)

* kernel: scsi: core: Fix unremoved procfs host directory regression (CVE-2024-26935)

* kernel: tty: Fix out-of-bound vmalloc access in imageblit (CVE-2021-47383)

* kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244)

* kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup (CVE-2024-39472)

* kernel: netfilter: nft_inner: validate mandatory meta and payload (CVE-2024-39504)

* kernel: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CVE-2024-40904)

* kernel: mptcp: ensure snd_una is properly initialized on connect (CVE-2024-40931)

* kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960)

* kernel: ext4: do not create EA inode under buffer lock (CVE-2024-40972)

* kernel: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (CVE-2024-40977)

* kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (CVE-2024-40995)

* kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (CVE-2024-40998)

* kernel: netpoll: Fix race condition in netpoll_owner_active (CVE-2024-41005)

* kernel: xfs: don't walk off the end of a directory data block (CVE-2024-41013)

* kernel: xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014)

* kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)

* kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47383

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2268118  
https://bugzilla.redhat.com/show_bug.cgi?id=2270100  
https://bugzilla.redhat.com/show_bug.cgi?id=2275604  
https://bugzilla.redhat.com/show_bug.cgi?id=2277171  
https://bugzilla.redhat.com/show_bug.cgi?id=2278176  
https://bugzilla.redhat.com/show_bug.cgi?id=2278235  
https://bugzilla.redhat.com/show_bug.cgi?id=2282357  
https://bugzilla.redhat.com/show_bug.cgi?id=2293654  
https://bugzilla.redhat.com/show_bug.cgi?id=2296067  
https://bugzilla.redhat.com/show_bug.cgi?id=2297476  
https://bugzilla.redhat.com/show_bug.cgi?id=2297488  
https://bugzilla.redhat.com/show_bug.cgi?id=2297515  
https://bugzilla.redhat.com/show_bug.cgi?id=2297544  
https://bugzilla.redhat.com/show_bug.cgi?id=2297556  
https://bugzilla.redhat.com/show_bug.cgi?id=2297561  
https://bugzilla.redhat.com/show_bug.cgi?id=2297579  
https://bugzilla.redhat.com/show_bug.cgi?id=2297582  
https://bugzilla.redhat.com/show_bug.cgi?id=2297589  
https://bugzilla.redhat.com/show_bug.cgi?id=2300296  
https://bugzilla.redhat.com/show_bug.cgi?id=2300297  
https://bugzilla.redhat.com/show_bug.cgi?id=2311715

Red Hat Security Advisory 2024-8617-03

Red Hat Security Advisory 2024-8614-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8614.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel-rt security update  
Advisory ID:        RHSA-2024:8614-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8614  
Issue date:         2024-10-30  
Revision:           03  
CVE Names:          CVE-2021-47384  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)

* hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201)

* kernel: mm/sparsemem: fix race in accessing memory_section->usage (CVE-2023-52489)

* kernel: blk-mq: fix IO hang from sbitmap wakeup race (CVE-2024-26671)

* kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats (CVE-2024-26686)

* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)

* kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961)

* kernel: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47384)

* kernel: mptcp: ensure snd_nxt is properly initialized on connect (CVE-2024-36889)

* kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960)

* kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (CVE-2024-40998)

* kernel: filelock: fix potential use-after-free in posix_lock_inode (CVE-2024-41049)

* kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055)

* kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment (CVE-2024-42152)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47384

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2176140  
https://bugzilla.redhat.com/show_bug.cgi?id=2268118  
https://bugzilla.redhat.com/show_bug.cgi?id=2269189  
https://bugzilla.redhat.com/show_bug.cgi?id=2272811  
https://bugzilla.redhat.com/show_bug.cgi?id=2273109  
https://bugzilla.redhat.com/show_bug.cgi?id=2275604  
https://bugzilla.redhat.com/show_bug.cgi?id=2278176  
https://bugzilla.redhat.com/show_bug.cgi?id=2282356  
https://bugzilla.redhat.com/show_bug.cgi?id=2284571  
https://bugzilla.redhat.com/show_bug.cgi?id=2297544  
https://bugzilla.redhat.com/show_bug.cgi?id=2297582  
https://bugzilla.redhat.com/show_bug.cgi?id=2300422  
https://bugzilla.redhat.com/show_bug.cgi?id=2300429  
https://bugzilla.redhat.com/show_bug.cgi?id=2301519

Red Hat Security Advisory 2024-8614-03

Red Hat Security Advisory 2024-8613-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8613.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security update  
Advisory ID:        RHSA-2024:8613-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8613  
Issue date:         2024-10-30  
Revision:           03  
CVE Names:          CVE-2021-47384  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)

* hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201)

* kernel: mm/sparsemem: fix race in accessing memory_section->usage (CVE-2023-52489)

* kernel: blk-mq: fix IO hang from sbitmap wakeup race (CVE-2024-26671)

* kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats (CVE-2024-26686)

* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)

* kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961)

* kernel: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47384)

* kernel: mptcp: ensure snd_nxt is properly initialized on connect (CVE-2024-36889)

* kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960)

* kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (CVE-2024-40998)

* kernel: filelock: fix potential use-after-free in posix_lock_inode (CVE-2024-41049)

* kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055)

* kernel: powerpc/eeh: avoid possible crash when edev->pdev changes (CVE-2024-41064)

* kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment (CVE-2024-42152)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47384

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2176140  
https://bugzilla.redhat.com/show_bug.cgi?id=2268118  
https://bugzilla.redhat.com/show_bug.cgi?id=2269189  
https://bugzilla.redhat.com/show_bug.cgi?id=2272811  
https://bugzilla.redhat.com/show_bug.cgi?id=2273109  
https://bugzilla.redhat.com/show_bug.cgi?id=2275604  
https://bugzilla.redhat.com/show_bug.cgi?id=2278176  
https://bugzilla.redhat.com/show_bug.cgi?id=2282356  
https://bugzilla.redhat.com/show_bug.cgi?id=2284571  
https://bugzilla.redhat.com/show_bug.cgi?id=2297544  
https://bugzilla.redhat.com/show_bug.cgi?id=2297582  
https://bugzilla.redhat.com/show_bug.cgi?id=2300422  
https://bugzilla.redhat.com/show_bug.cgi?id=2300429  
https://bugzilla.redhat.com/show_bug.cgi?id=2300439  
https://bugzilla.redhat.com/show_bug.cgi?id=2301519

Red Hat Security Advisory 2024-8613-03

Chrome issued a security update that patches two critical vulnerabilities. One of which was reported by Apple

Google has released an update for its Chrome browser which includes patches for two critical vulnerabilities.

The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux.

The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.

To manually get the update, click **Settings > About Chrome**. If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is restart the browser in order for the update to complete, and for you to be safe from those vulnerabilities.

Chrome is up to date

This update is crucial as it addresses two major security vulnerabilities. Previous Chrome vulnerabilities reported by Apple turned out to be exploited by a commercial spyware vendor.

**Technical details**

One of the vulnerabilities was reported to Google by Apple Security Engineering and Architecture (SEAR), which reported the issue on October 23, 2024. This vulnerability, tracked as CVE-2024-10487, can be used by cybercriminals as a drive-by download. That means that a victim’s device could be compromised just by visiting a malicious website or advertisement.

The vulnerability was found in Dawn, an open source and cross-platform implementation of the WebGPU\-standard. WebGPU is a JavaScript Application Programming Interface (API) provided by a web browser that enables webpage scripts to use a device’s graphics processing unit (GPU).

In this case, the discovered vulnerability could allow attackers to write data beyond the allocated memory, potentially leading to code execution or system crashes.

The other vulnerability, tracked as CVE-2024-10488, was reported by researcher Cassidy Kim. That vulnerability in Chrome’s WebRTC (Web Real-Time Communication) component could lead to the execution of arbitrary code or cause a crash. It could be used for potential data theft or system crashes.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Patch now! New Chrome update for two critical vulnerabilities 

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets.
The package, named "CryptoAITools," is said to have been distributed via both Python Package Index (PyPI) and bogus GitHub repositories. It was downloaded over 1,300

Cybercrim / Cryptocurrency

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets.

The package, named "CryptoAITools," is said to have been distributed via both Python Package Index (PyPI) and bogus GitHub repositories. It was downloaded over 1,300 times before being taken down on PyPI.

"The malware activated automatically upon installation, targeting both Windows and macOS operating systems," Checkmarx said in a new report shared with The Hacker News. "A deceptive graphical user interface (GUI) was used to distract vic4ms while the malware performed its malicious ac4vi4es in the background."

The package is designed to unleash its malicious behavior immediately after installation through code injected into its "\_\_init\_\_.py" file that first determines if the target system is Windows or macOS in order to execute the appropriate version of the malware.

Present within the code is a helper functionality that's responsible for downloading and executing additional payloads, thereby kicking-off a multi-stage infection process.

Specifically, the payloads are downloaded from a fake website ("coinsw\[.\]app") that advertises a cryptocurrency trading bot service, but is in fact an attempt to give the domain a veneer of legitimacy should a developer decide to navigate to it directly on a web browser.

This approach not only helps the threat actor evade detection, but also allows them to expand the malware's capabilities at will by simply modifying the payloads hosted on the legitimate-looking website.

A notable aspect of the infection process is the incorporation of a GUI component that serves to distract the victims by means of a fake setup process while the malware is covertly harvesting sensitive data from the systems.

"The CryptoAITools malware conducts an extensive data theft operation, targeting a wide range of sensitive information on the infected system," Checkmarx said. "The primary goal is to gather any data that could aid the attacker in stealing cryptocurrency assets."

This includes data from cryptocurrency wallets (Bitcoin, Ethereum, Exodus, Atomic, Electrum, etc.), saved passwords, cookies, browsing history, cryptocurrency extensions, SSH keys, files stored in Downloads, Documents, Desktop directories that reference cryptocurrencies, passwords, and financial information, and Telegram.

On Apple macOS machines, the stealer also takes the step of collecting data from Apple Notes and Stickies apps. The gathered information is ultimately uploaded to the gofile\[.\]io file transfer service, after which the local copy is deleted.

Checkmarx said it also discovered the threat actor distributing the same stealer malware through a GitHub repository named Meme Token Hunter Bot that claims to be "an AI-powered trading bot that lists all meme tokens on the Solana network and performs real-time trades once they are deemed safe."

This indicates that the campaign is also targeting cryptocurrency users who opt to clone and run the code directly from GitHub. The repository, which is still active as of writing, has been forked once and starred 10 times.

Also managed by the operators is a Telegram channel that promotes the aforementioned GitHub repository, as well as offers monthly subscriptions and technical support.

"This multi-platform approach allows the attacker to cast a wide net, potentially reaching victims who might be cautious about one platform but trust another," Checkmarx said.

"The CryptoAITools malware campaign has severe consequences for victims and the broader cryptocurrency community. Users who starred or forked the malicious 'Meme-Token-Hunter-Bot' repository are potential victims, significantly expanding the attack's reach."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#mac