Dozens of international delegations meet for the second year to share intel, with a goal of stopping ransomware attacks on critical infrastructure.

U.S. officials will meet this week with delegations from more than 36 countries to share intelligence and strategize about how to push back against crippling and costly ransomware attacks against critical infrastructure.

The second-annual ransomware summit will include briefings from intelligence officials on the more than 4,000 cyberattacks that have occurred just over the past 18 months, Biden administration officials told reporters.

In addition to public sector experts, Microsoft and SAP will also contribute their data and analysis as part of their participation in the summit.

Russia, which is the country of origin of many ransomware operations, is not represented at the meetings.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

White House Convenes International Ransomware Summit

Categories: News
Categories: Ransomware
Tags: Raspberry Robin

Tags:  FakeUpdates

Tags:  LockBit

Tags:  Clop

Tags:  ransomware

Microsoft warns that the Raspberry Robin worm has triggered payload alerts on devices of almost 1,000 organizations in the past 30 days and is used to introduce ransomware.



(Read more...)




The post Raspberry Robin worm used as ransomware prelude appeared first on Malwarebytes Labs.

Raspberry Robin aka Worm.RaspberyRobin started out as an annoying, yet relatively low-profile threat that was often installed via USB drive. First spotted in September 2021, it was typically introduced into a network through infected removable drives, often USB devices.

Now the worm has been found to be the foothold for more serious threats like ransomware as laid out in this Microsoft Security blog. Microsoft warns that the worm has triggered payload alerts on devices of almost 1,000 organizations in the past 30 days.

**Primary infection**

Initially, the Raspberry Robin worm often appears as a shortcut .lnk file masquerading as a legitimate folder on the infected USB device. The name of the lnk file was _recovery.lnk_ which later changed to filenames associated with the brand of the USB device. Raspberry Robin uses both autoruns to launch and social engineering to encourage users to click the LNK file.

Raspberry Robin’s LNK file points to _cmd.exe_ to launch the Windows Installer service _msiexec.exe_ and install a malicious payload hosted on compromised QNAP network attached storage (NAS) devices.

**Infrastructure**

A NAS device is a storage server connected to a computer network, storing data that can be accessed by a wide variety of devices, including Windows, macOS, and other systems. In real life this usually means they are used as an external hard-drive that can be accessed over an intranet or the internet. There are several vulnerabilities in QNAP devices for which patches are available, but unfortunately many of them remain unpatched due to unawareness.

**Backdoor**

To be able to act as a backdoor, malware needs to be active or you need to be able to trigger it remotely. Raspberry Robin gains persistence by adding itself to the RunOnce key in the CurrentUser registry hive of the user who executed the initial malware.

By using command-and-control (C2) servers hosted on Tor nodes the Raspberry Robin implant can be used to distribute other malware.

**Guests**

As an established access provider in the current malware-as-a-service landscape you can make money by selling the access to affected networks to other malware operators like ransomware groups. Microsoft found that Raspberry Robin has been used to facilitate FakeUpdates (SocGholish), Fauppod, IcedID, Bumblebee, TrueBot, LockBit, and human-operated intrusions.

Fauppod is heavily obfuscated malweare that is also used to spread FakeUpdates, and writes Raspberry Robin to USB drives. TrueBot Trojans are used in targeted attacks for reconnaissance purposes.

An example of the human-operated intrusions was the deployment of Cobalt Strike to deliver the Clop ransomware.

**Stop the worm**

In Windows, the autorun of USB drives is disabled by default. However, many organizations have widely enabled it through legacy Group Policy changes, according to Microsoft. If you enabled it, this is a policy worth re-thinking.

Owners of QNAP devices should be aware of the fact that they are not only putting their own files at risk by not applying the patches, but they are providing malware authors with a free-to-use infrastructure to victimize others.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Raspberry Robin worm used as ransomware prelude

**Why is this Chrome CVE included in the Security Update Guide?**

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

**How can I see the version of the browser?**

1.  In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2.  Click on **Help and Feedback**
3.  Click on **About Microsoft Edge**

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

\*\* RESERVED \*\* This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

Assigning CNA

N/A

Date Record Created

**20221027**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20221027)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

CVE-2022-3723: Chromium: CVE-2022-3723 Type Confusion in V8

As Cybersecurity Awareness Month 2022 comes to a close, I’m grateful for the impact it has had in bringing cybersecurity to the forefront since it began in 2004. Though the month may be over, our work in cybersecurity is never done. Often, we think about cybersecurity as a complex technology problem, but at its core, …
  Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People Read More »

As Cybersecurity Awareness Month 2022 comes to a close, I’m grateful for the impact it has had in bringing cybersecurity to the forefront since it began in 2004. Though the month may be over, our work in cybersecurity is never done. Often, we think about cybersecurity as a complex technology problem, but at its core, it’s really about people: the customers and communities we work to protect and defend, the current and future cybersecurity professionals on the front lines of the fight, and the larger security community coming together to strengthen cybersecurity for all.

> __“WITH EACH OF US PLAYING OUR PART, WE CAN MAKE IT SO THAT OUR ADVERSARIES WILL HAVE TO BEAT ALL OF US TO BEAT ONE OF US.”__
> 
> _CHRIS INGLIS, U.S. NATIONAL CYBER DIRECTOR_

**Our commitment to our customers means always improving how we protect and defend against threats to security and privacy.**  
In MSRC, we work every day to innovate and strengthen our capabilities to safeguard customers and communities across the globe. For example, we’re leveraging AI/ML to help scale our solutions and increase incident response speed and efficiencies. But in addition to technological innovations, improving how we protect customers also means providing them with transparency and information to help manage security risks and keep their systems protected. To this end, we’re communicating more security research and defense information via the MSRC blog and improving our Security Update Guide (SUG) notification system. As the cybersecurity landscape changes and our customers’ needs evolve, so will we.

**Our front-line cyber defenders in MSRC are leading the fight against cyber attacks each and every day.**  
We focus on preventing harm, fast defense, and building trust. Our dedicated cybersecurity experts work 24/7 to protect customers, communities, and Microsoft from emerging and future threats. But the ever-growing cybersecurity challenges we face are compounded by a growing shortage of cybersecurity professionals—the very people we need to take up this fight. Microsoft is actively supporting a variety of initiatives to build the cybersecurity talent pool by investing in cybersecurity education programs and inspiring students to consider careers in cyber. While technology is critical in helping defend against threats, we know that people are the key.

**Our commitment to collaboration is helping us raise the bar for security and get ahead of threats.**  
We’re cultivating critical partnerships across government, academia, industry, and the security community because we are stronger together—and together we will find ways to better protect customers, communities, and the broader cybersecurity ecosystem. One area we have prioritized is building a strong partnership with the security research community. We have scaled our Bug Bounty Program and Researcher Recognition Program and connected personally with researchers at community events to share lessons learned, hear their feedback, and forge new partnerships. We strongly believe that security researchers play an integral role in helping us to better protect our customers across the globe.

As you can see, cybersecurity really is all about _people…_and we all have a role to play in helping to make our digital world safer and more secure.  

**Aanchal Gupta**  
_Corporate Vice President | Microsoft Security Response Center_

Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People

xfig 3.2.7 is vulnerable to Buffer Overflow.

Toggle useless messages

**Report forwarded** to debian-bugs-dist@lists.debian.org, subin.kim@prosys.kr, Roland Rosenfeld <roland@debian.org>:  
Bug#992395; Package xfig. (Wed, 18 Aug 2021 06:15:03 GMT) (full text, mbox, link).

**Acknowledgement sent** to "Potential Buffer Overflow vulnerability in xfig-3.2.7b" <subin.kim@prosys.kr>:  
New Bug report received and forwarded. Copy sent to subin.kim@prosys.kr, Roland Rosenfeld <roland@debian.org>. (Wed, 18 Aug 2021 06:15:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: xfig
Version: xfig
Severity: important

Dear Maintainer,

It seems that there exists a potential Buffer Overflow.
(src/w\_help.c:55)
sprintf(filename, "%s/html/%s/index.html", XFIGDOCDIR, getenv("LANG"));

the length of getenv("LANG") may become very long and cause Buffer Overflow while executing sprintf(...).


-System Information:
Debian Release: 11.0
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86\_64)

Kernel: Linux 4.4.0-19041-Microsoft
Locale: LANG=en\_US.UTF-8, LC\_CTYPE=en\_US.UTF-8 (charmap=UTF-8), LANGUAGE=en\_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages xfig depends on:
pn  fig2dev | transfig  <none>
ii  libc6               2.31-13
ii  libjpeg62-turbo     1:1.5.2-2+deb10u1
ii  libpng16-16         1.6.36-6
ii  libx11-6            2:1.6.7-1+deb10u2
ii  libxi6              2:1.7.9-1
pn  libxpm4             <none>
ii  libxt6              1:1.1.5-1+b3
ii  sensible-utils      0.0.14
pn  xaw3dg              <none>

Versions of packages xfig recommends:
pn  xfig-libs  <none>

Versions of packages xfig suggests:
pn  cups-client | lpr  <none>
pn  ghostscript        <none>
pn  gimp               <none>
pn  gsfonts-x11        <none>
pn  netpbm             <none>
pn  spell              <none>
pn  xfig-doc           <none>

**Reply sent** to Roland Rosenfeld <roland@debian.org>:  
You have taken responsibility. (Fri, 20 Aug 2021 12:09:03 GMT) (full text, mbox, link).

**Notification sent** to "Potential Buffer Overflow vulnerability in xfig-3.2.7b" <subin.kim@prosys.kr>:  
Bug acknowledged by developer. (Fri, 20 Aug 2021 12:09:03 GMT) (full text, mbox, link).

Message #12 received at 992395-close@bugs.debian.org (full text, mbox, reply):

Source: xfig
Source-Version: 1:3.2.8a-1
Done: Roland Rosenfeld <roland@debian.org>

We believe that the bug you reported is fixed in the latest version of
xfig, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 992395@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Roland Rosenfeld <roland@debian.org> (supplier of updated xfig package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 20 Aug 2021 13:26:32 +0200
Source: xfig
Architecture: source
Version: 1:3.2.8a-1
Distribution: unstable
Urgency: medium
Maintainer: Roland Rosenfeld <roland@debian.org>
Changed-By: Roland Rosenfeld <roland@debian.org>
Closes: 992395
Changes:
 xfig (1:3.2.8a-1) unstable; urgency=medium
 .
   \* New upstream release 3.2.8a.
   \* 07\_missing-config.h, 08\_fig-format-doc, 09\_repair-table-doc are now
     incorporated upstream.
   \* Adapt file preservation to new upstream version.
   \* Update debian/copyright.
   \* Move xfig binary to /usr/libexec/xfig/xfig.
   \* Package test binaries and use them in autopkgtest.
   \* Update to Standards-Version 4.6.0 (no changes).
   \* 07\_LANG\_overflow: Avoid buffer overflow in LANG (Closes: #992395).
Checksums-Sha1:
 3c61e420b37da903f6a7e246fb0bacdab13c5ab8 2268 xfig\_3.2.8a-1.dsc
 0ac17ad33fdc8d570c187641e3d62ca9cd8faa2e 5380896 xfig\_3.2.8a.orig.tar.xz
 cd9de585ba1cf9f60cb888db8e6c23aedac8db8a 31736 xfig\_3.2.8a-1.debian.tar.xz
 7ec24ede8ad6c45982f1d6daecdf8eb2bbeb78db 8802 xfig\_3.2.8a-1\_source.buildinfo
Checksums-Sha256:
 5ccff8d437f6cca74c999902606c5288bc2faa3d4e369fbf5e9e41f06f528b83 2268 xfig\_3.2.8a-1.dsc
 ba43c0ea85b230d3efa5a951a3239e206d0b033d044c590a56208f875f888578 5380896 xfig\_3.2.8a.orig.tar.xz
 5bce4925951b4da43606ea0fdbc58e6d5bd586db5d3288f1b6abd2f69bc7dbe8 31736 xfig\_3.2.8a-1.debian.tar.xz
 8b72190e5c937543ef4692e84125a5bc816e234e68982b38f2c2d9f63e48f407 8802 xfig\_3.2.8a-1\_source.buildinfo
Files:
 47505378c399e92bd8320c9e7c3cfa26 2268 graphics optional xfig\_3.2.8a-1.dsc
 58dd2b6f9f17d7006c78156ce2da0073 5380896 graphics optional xfig\_3.2.8a.orig.tar.xz
 21becafff522811fd703ad707848b2c8 31736 graphics optional xfig\_3.2.8a-1.debian.tar.xz
 1ad72572a407e7d1ee3be3d287bbf4f4 8802 graphics optional xfig\_3.2.8a-1\_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErC+9sQSUPYpEoCEdAnE7z8pUELIFAmEfkesACgkQAnE7z8pU
ELK3ihAAjb2QzTyLRtUVTT50trBehzl8WJvfo7txeYBvJZup+j0hd0T46EFlpZ7M
gTFTN2zxWf7w8WUYQyfSqM7anzl3otEEaLSQ3kE3vzo+ZH9T0J98m2F/OQbEqF1u
QLbZxQF4f8M98s3TY3qBrE8Q+jN9CxcAaHMD4raoUw5LVz6FJ8c/l/xg8AQN2ekK
YWwwhZnxRWJjM3mu6hK7Cj9ihOsrs6f9q10t08q6sKVnuWLTUuvl5mGB3cDd/zHk
YNJ724pBwqUNPU1sDfGl6/DWiuWjmJwaQ1H/MnPEnV/7Utu3adfvF7AAodmxuV91
Jvx5Tb9VqnY84eRdCi2zFFyMKk4Kv6VXNLcOtFbpg7chFcWApIm+NY4Ql5s21yZg
JJZgrVHEo1rjqGbNQ9dnQHN8qZCANeKbJ44eGDgFnYPrUr963TWHhbDOOcwgU4sS
/HQf6aeq6OtXU5gSpLW2yfex2PAPustTmedREnSLuI3V5yiQxNa3Z8fQe3I36AKR
f0M4PU0c8JFEucA4ocwnzKflGsEqwGd/0OOSiPLShCdE+iaBrbz7FaOnQBO81Oyx
KUEXbL19EgBvSiz1oXIuVxgoObcEx2PK+W8uw1RkWq7Y2yjfx2N+kuDvTsJAEDzA
xYOtje3y6/VKKGWBVlDz8rFJSBA0hSY68XS+xQTzFPnNIU5wFPw=
=/r76
-----END PGP SIGNATURE-----

**Bug archived.** Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 18 Sep 2021 07:29:13 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org\>. Last modified: Mon Oct 31 16:35:27 2022; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

CVE-2021-40241: #992395 - xfig: Potential Buffer Overflow vulnerability in src/w_help.c

Dormant 32 bit-era coding flaw causes problems for 64-bit systems

Dormant 32 bit-era coding flaw causes problems for 64-bit systems

The maintainers of the SQLite database engine have patched a high severity vulnerability that attackers could exploit to crash or control programs that rely on the software.

Developers of the software have offered The Daily Swig a convincing argument that the flaw would be difficult to exploit in practice. Even so, they have revised the software with a patch to defend against the flaw – rather than dismissing the issue as something that can be safely ignored.

SQLite is a popular open source C-language library that underpins many enterprise apps and services. Notable users of SQLite include Apple, Adobe, Google, Facebook, and Microsoft. There are billions of copies of SQLite deployed worldwide.

The SQLite team is quick to fix emerging vulnerabilities in the software due to their potentially wide-reaching impact. However, a vulnerability disclosed this month by Trail of Bits was introduced 22 years ago and highlighted how initially secure functionality could have unintended consequences much further down the line.

Catch up with the latest database-related security news and analysis

In a blog post dated October 25, Trail of Bits researcher Andreas Kellas said the vulnerability was introduced in SQLite version 1.0.12, a 2000 release that landed when the software was primarily based on 32-bit architectures. According to Kellas, the bug “may not have seemed like an error” at the time.

The high severity vulnerability is tracked as CVE-2022-35737, scoring a CVSS severity score of 7.5.

Trail of Bits said the bug impacts any app that relies on the SQLite library API.

The vulnerability is exploitable on 64-bit systems when large string inputs contain %Q, %q, or %w format substitution types that – in this scenario – might cause programs to crash or worse.

In the most severe cases – when the ! special character exists in the format string – it may be “possible to achieve arbitrary code execution, in the worst case, or to cause the program to hang and loop (nearly) indefinitely,” according to the researchers.

**Root cause analysis**

Speaking to The Daily Swig, the creator of SQLite, D. Richard Hipp, said the root cause of the problem was the use of signed 32-bit integers as a byte index into the input string and to compute the size of the output string. When an input string was large enough, the integer would overflow, and “all kinds of problems” ensued.

However, the potential impact of the flaw appears to be limited.

Hipp told us that it is not possible to reach the vulnerability for malicious purposes via SQL inputs or by passing SQLite a malformed database file. Instead, an attacker would have to abuse the use the sqlite3\_mprintf() function – or “similar C-level interfaces with a format string that includes one of the non-standard \[;...\] conversion symbols, and then pass in a string that is over 2GB in size”.

The software developer added:

“Lots of applications use SQLite, but only a small percentage of those use the sqlite3\_mprintf() API, and an even smaller percentage make use of %Q, %q, or %w. Of those that do, most do not provide a way for an attacker to arrange for a 2GB+ string to be passed into the argument to %Q, %q, or %w.”

**Unearthing Fossil**

In addition, while the project uses the Fossil control system and this software uses printf, the team couldn’t find a way to inject a 2GB string.

CVE-2022-35737 was reported to the Computer Emergency Response Team (CERT) Coordination Center by Trail of Bits on July 14. CERT confirmed the issue, reached out to SQLite maintainers, and the team fixed the bug in the software’s source code only three days later – a task accomplished by converting to the use of 64-bit integers.

The patched SQLite version, v3.39.2, was released on July 21.

“We are grateful for the responsible disclosure from the researchers who found it,” Hipp said. “It doesn’t hurt to upgrade to a newer release of SQLite. But very few if any real-world applications should be affected by this.”

The Daily Swig has reached out to Trail of Bits with additional queries and we will update this story as and when we hear back.

RELATED HyperSQL DataBase flaw leaves library vulnerable to RCE

SQLite patches 22-year-old code execution, denial of service vulnerability

While fewer cloud providers are suffering outages, customers should prepare for the uncommon event, especially when relying on cloud services for security.

When cybersecurity software-as-a-service offerings are impacted by an outage, it can result in a significant disruption, especially if the service protects business-critical portions of a firm's infrastructure. 

In the past two weeks, for example, outages at cybersecurity services firm Zscaler resulted in latency, packet loss, and outages for some businesses. On Oct. 25, a traffic-forwarding issue caused disruptions and packet loss to some of the cybersecurity provider's regional customers. The previous week, the company warned clients that they could experience packet loss due to damage to a transoceanic cable near France.

Unfortunately, many companies weren't prepared. "Took down entire company for several hours this morning," one IT security engineer said on Twitter of the impact on his firm.

While outages of any cloud service can have a dramatic impact on business operations — an Amazon Web Services outage in December 2021 took down swaths of the web for hours, for example — cyberdefenses often have a favored position within a company's infrastructure, making an outage more impactful. A business software-as-a-service (SaaS) application typically only impacts its own user base, whereas cybersecurity SaaS services can often have impacts across applications.

Companies need to be prepared for such outages, even if rare, says Merritt Maxim, vice president and research director for security and risk at Forrester Research.

Zscaler "is not the first cloud outage and won’t be the last, either," he says, adding: "Cloud products and services are not necessarily more susceptible to outages than on-prem equivalents, \[but\] the issue is often that because of this perception, organizations do not properly assess all possible causes of cloud outages and develop mitigation plans in response to these threats."

Indeed, the Zscaler incidents are not unique. In October 2020, an outage affected Microsoft Azure AD, the company's SaaS identity and access management service, blocking businesses and users from connecting to their applications. A year later, a six-hour Facebook outage blocked many users — including some businesses — from using the company's single sign-on technology and slowed many websites when scripts relying on the company's service failed to run.  

**Cloud Outages Increasingly Rare, But Impactful**

Overall, there has been a reduction in the number of significant outages among cloud services, with 60% of operators saying that they have had an outage in the past three years, down from 78% in 2020, according to survey results published by the Uptime Institute.

And compared with on-premises cybersecurity software and appliances, cloud-based services are nonetheless more reliable, says Jim Reavis, CEO of the Cloud Security Alliance, an industry organization.

"Mature cloud providers, including those with cybersecurity offerings, operate much like public utilities that provide on-demand services to large customer bases," he says. "They are generally very reliable, which is why their intermittent failures, like public utilities, are newsworthy."

For that reason, the two disruptions weathered by Zscaler stand out — as does companies' unpreparedness for them.  

"Things will happen as long as humans and nature are involved," says Misha Kuperman, senior vice president of cloud operations and ecosystem at Zscaler. He adds, "With the right tools, we can deliver more reliability and work around such incidents, as we have done on multiple occasions."

**Building in Cloud Security Redundancy**

Businesses also should ensure that they realize the cloud security and reliability is a shared responsibility model. Cloud providers — including cybersecurity services based in the cloud — are responsible for their infrastructure, but companies should architect their cloud or hybrid infrastructure to handle outages.  

Companies that know their cloud vendor's architecture will be better prepared for outages, says CSA's Reavis.

"It is important to understand how the provider achieves redundancy in its architecture, operating procedures including software updates, and its footprint of global data centers," he says. "The customer should then understand how that redundancy satisfies their own risk requirements and if their own architecture takes full advantage of the redundancy capabilities."

Business customers should also regularly re-evaluate their technology landscape and risk profile. While network and power failures — and natural disasters — used to dominate resilience discussions, malicious threats such as ransomware and denial-of-service attacks are often more likely to dominate discussions today, says Forrester's Maxim.

"Understanding the evolving risks and their respective impact on business is an imperative to prioritize the risks that you'd want to mitigate," he says. A business impact analysis conducted with internal teams "allows you to create tiers for application criticality that help determine if the default resilience of cloud services is enough — or if you need a more robust solution."

Zscaler's Cloud-Based Cybersecurity Outages Showcase Redundancy Problem

Apple Security Advisory 2022-10-27-15 - Safari 16.1 addresses code execution, spoofing, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-10-27-15 Additional information for APPLE-SA-2022-10-24-7 Safari 16.1

Safari 16.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213495.

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Visiting a malicious website may lead to user interface  
spoofing  
Description: The issue was addressed with improved UI handling.  
WebKit Bugzilla: 243693  
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A type confusion issue was addressed with improved  
memory handling.  
WebKit Bugzilla: 244622  
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may disclose  
sensitive user information  
Description: A logic issue was addressed with improved state  
management.  
WebKit Bugzilla: 245058  
CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser  
Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University,  
Dohyun Lee (@l33d0hyun) of DNSLab at Korea University

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may disclose  
internal states of the app  
Description: A correctness issue in the JIT was addressed with  
improved checks.  
WebKit Bugzilla: 242964  
CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab  
Entry added October 27, 2022

WebKit PDF  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
WebKit Bugzilla: 242781  
CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend  
Micro Zero Day Initiative

Additional recognition

WebKit  
We would like to acknowledge Maddie Stone of Google Project Zero,  
Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an  
anonymous researcher for their assistance.

Safari 16.1 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKowACgkQ4RjMIDke  
NxlhOg/+I94LgMI7No4xw6dub1rdzNTbMV6A0R14HXwA7PoMzXgXJotYFyAfGUY4  
zd2fE9ixEuXqt+OsVrQ0/ZU4HcLEJLQk2ZkULoDfNeGiuJpi6k9VhPp6995XtLNb  
zGZgMu5dOPBkYsSaM5XaVwLQPtsIbac3u/Uoo6l2TyyN1B2clsI1dS2IXS8DEHkr  
2fCImTAcFfqIW7TZ6xqAdYOL5QLoJ8qXTcjSMaWtPpPzkfpZCTTwV8ifauK5rTQd  
JsFf49RFWMNdZ3qHNRaENsFMh1Y+bMRIW6Xt41WKXhSPdNXonv93N472YGhMtt7Z  
k+IuibGRVlwzc5Ri4AnQspBjhint6vo4vbJ39h1FoSzqTm3PruH+HGrhlfMTGR8/  
0s/QDBLQbA+UlM5r6uinQ5pI771rRyHTCWOxLUVVopDOV9ImV36Y+INakc3pTXL1  
420Wg31lCMO3cwwXyVYq/zDbCpJ2gDptSWTqlubli+omxMG7LRs0Vn9P4NTosVzk  
jN49FHJE2moD8O0D+sia6+lhyVhcP8UIA3WtcXegVngrwL6sAoFa5SCp49wmbb/O  
Ye1eysxuMR2xu7piVbUpGh0wRY50MbwwSWX0vRt0CwxcoiQK90lQFbqy2RFX4eN8  
k/jjh3nPUl20WxgOfQfLfiY/9aPcQSzvcOzba2bSovdgyk8xH+o=  
=3IzG  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-10-27-15

Apple Security Advisory 2022-10-27-12 - watchOS 9.1 addresses code execution, out of bounds write, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-10-27-12 Additional information for APPLE-SA-2022-10-24-5 watchOS 9.1

watchOS 9.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213491.

AppleMobileFileIntegrity  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to modify protected parts of the file  
system  
Description: This issue was addressed by removing additional  
entitlements.  
CVE-2022-42825: Mickey Jin (@patch1t)

Apple Neural Engine  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges   
Description: The issue was addressed with improved memory handling.   
CVE-2022-32932: Mohamed Ghannam (@_simo36)  
Entry added October 27, 2022

Audio  
Available for: Apple Watch Series 4 and later  
Impact: Parsing a maliciously crafted audio file may lead to  
disclosure of user information   
Description: The issue was addressed with improved memory handling.   
CVE-2022-42798: Anonymous working with Trend Micro Zero Day  
Initiative  
Entry added October 27, 2022

AVEVideoEncoder  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved bounds checks.  
CVE-2022-32940: ABC Research s.r.o.

CFNetwork  
Available for: Apple Watch Series 4 and later  
Impact: Processing a maliciously crafted certificate may lead to  
arbitrary code execution  
Description: A certificate validation issue existed in the handling  
of WKWebView. This issue was addressed with improved validation.  
CVE-2022-42813: Jonathan Zhang of Open Computing Facility  
(ocf.berkeley.edu)

GPU Drivers  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32947: Asahi Lina (@LinaAsahi)

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32924: Ian Beer of Google Project Zero

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: A remote user may be able to cause kernel code execution  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-42808: Zweig of Kunlun Lab

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A memory corruption issue was addressed with improved  
state management.   
CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai  
Entry added October 27, 2022

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges   
Description: A race condition was addressed with improved locking.   
CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)  
Entry added October 27, 2022

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges   
Description: The issue was addressed with improved bounds checks.  
CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai  
Entry added October 27, 2022

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges   
Description: A logic issue was addressed with improved checks.   
CVE-2022-42801: Ian Beer of Google Project Zero  
Entry added October 27, 2022

Safari  
Available for: Apple Watch Series 4 and later  
Impact: Visiting a maliciously crafted website may leak sensitive  
data   
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois  
at Chicago; Binoy Chitale, MS student, Stony Brook University;  
Mohammad Ghasemisharif, PhD Candidate, University of Illinois at  
Chicago; Chris Kanich, Associate Professor, University of Illinois at  
Chicago  
Entry added October 27, 2022

Sandbox  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access user-sensitive data  
Description: An access issue was addressed with additional sandbox  
restrictions.  
CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Visiting a malicious website may lead to user interface  
spoofing  
Description: The issue was addressed with improved UI handling.  
WebKit Bugzilla: 243693  
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A type confusion issue was addressed with improved  
memory handling.  
WebKit Bugzilla: 244622  
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may disclose  
sensitive user information  
Description: A logic issue was addressed with improved state  
management.  
WebKit Bugzilla: 245058  
CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser  
Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University,  
Dohyun Lee (@l33d0hyun) of DNSLab at Korea University

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may disclose  
internal states of the app   
Description: A correctness issue in the JIT was addressed with  
improved checks.  
WebKit Bugzilla: 242964  
CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab  
Entry added October 27, 2022

zlib  
Available for: Apple Watch Series 4 and later  
Impact: A user may be able to cause unexpected app termination or  
arbitrary code execution   
Description: This issue was addressed with improved checks.  
CVE-2022-37434: Evgeny Legerov  
CVE-2022-42800: Evgeny Legerov  
Entry added October 27, 2022

Additional recognition

iCloud  
We would like to acknowledge Tim Michaud (@TimGMichaud) of  
Moveworks.ai for their assistance.

Kernel  
We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud  
(@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their  
assistance.

WebKit  
We would like to acknowledge Maddie Stone of Google Project Zero,  
Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an  
anonymous researcher for their assistance.

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpQACgkQ4RjMIDke  
NxndmQ/9FlBich1M+naXLmjo/AyBTdlmBdFUH6cU92PspO7vrzTZl3Gl3dSjvGg0  
TU7AGeAAvr278Zra0Hrm+D+w2BMAd3SSIjBXyum02lx0AGyyAFaPEDVq4CpxnqUG  
AEqBRrgoU9yZpTrIQXZlsnqphdv3KLVDzqqKlZjkPzIboYJ0I0c0HMP54618kx1n  
oBtoEEjPrIhH9LJyt37FbtgRntCzuuyistaxKGugZo4UDUt8hkHLKpYHf/5BNfWl  
/SaX1sy1ZJBoOezMC7/egaHPBbJRDnU3dXSQ7ON7h6w1Tc9NeUjXP0wf8BByeIko  
zJF5StfqfBKa3fR8wl0uM4CWDuHVtVjHAv5lWSqEQoEFoAjud+Ajjr5j3DJegVW7  
Xp5Xu7W2XRR03dCM/SCQXMttr/Eu7z4EPJZD1W5y/UYH+ZwF4tq+4fxdrLOzPh4j  
uDLW+CWvF0d/+lVINDXzvzfQwEk77fbFJtUwL6Z5Sq95rtIL0/1OgtK/F/ODeyAX  
8xYDCVdbn84K0/5K58NsvLS01XKXGISVY5yWrf3R7f69AVq7aiaaREY71pkuIwKf  
+aGpuOJibybGZqIOedMES/FCYuUqZF/0N7TJH8LpmlYt/T+fXjeJkupdeT+2vpcX  
iq3rTxsee+WgHhuR/3utIdIFZwVvgZBOadtHO6vIOQ1ce1QyLqI=  
=ZTUZ  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-10-27-12

When looking at the scale and scope of worldwide cybercrime, password attacks are the most commonly observed type of threat in a given 60-second period.

Cybercrime is big and still growing bigger. It is often difficult to fully grasp the impact online attacks have had over the past decades. We used data from various Microsoft-owned properties and a mix of external sources to illustrate the scale and scope of worldwide cybercrime. Our comprehensive report on malicious activity highlights what is happening around the world within any given 60-second window.

**Cyberattacks Vary By Type and Focus**

If we’ve learned anything from our examination of last year’s online attacks, it’s that security teams need to be prepared to defend against a wide variety of threats at all times. According to RiskIQ, acquired by Microsoft in 2021, password attacks were far and away the most commonly observed type of threat, clocking in at 34,740 per minute. However, we also saw 1,902 Internet of Things (IoT) attacks and 1,095 distributed denial-of-service (DDoS) attacks during the same 60-second time period.

The threat picture gets even more complex the deeper we dive into internal Microsoft security data. We most commonly blocked email threats, identity threats, and brute-force authorization attacks for our customers.

When we examined a broad range of market data, we uncovered even more attacks. In 2021, seven phishing attacks occurred every minute, one SQL injection attack every two minutes, one new threat infrastructure detection every 35 minutes, one supply chain attack every 44 minutes, and one ransomware attack every 195 minutes. All of this comes together to create a tangled cybercrime landscape that security teams have to contend with.

**What Is the True Cost of Cybercrime?**

Cybercrime is a highly disruptive force, estimated to cause trillions of dollars in damages globally every year. The cost of cybercrime comes from damage done to data and property, stolen assets — including intellectual property — and the disruption of business systems and productivity.

Here’s a breakdown of how much cybercriminals cost businesses and consumers in 2021 per minute:

*   Worldwide economic impact of cybercrime: $1,141,553

*   Global cybersecurity spend: $285,388

*   E-commerce payment fraud losses: $38,052

*   Global ransomware damages: $38,051

*   Total cost of business email compromise: $4,566

*   Amount lost to cryptocurrency scams: $3,615

*   Average cost of breach: $8

*   Average cost of malware attacks: $5

How should enterprises guard against the disruptions and financial losses that come with a cybersecurity breach? They should start by understanding the full scope of the digital landscape that needs to be protected.

**What Should Organizations Expect?**

Threat actors are getting savvier about the tools and methods they use for evading detection, bypassing security systems, and perpetrating attacks. In 2021 there were 79,861 new hosts and 7,620 new IoT devices every minute. Likewise, we discovered 150 new domains, 53 new active LetsEncrypt SSL certificates, and 23 new mobile apps created in the same time period. Each of these additions can potentially act as a doorway for threat actors.

Cloud migrations, new digital initiatives, and shadow IT all widen the attack surface. At the enterprise level, that can mean a vast estate spanning multiple clouds and massively complex ecosystems. Meanwhile, cheap infrastructure and flourishing cybercrime economies grow the threat landscape that organizations, in turn, must track. Organizations need to ensure they’re one step ahead by creating a more holistic cybersecurity strategy that protects their operations on all fronts.

To gain control of this dynamic threat landscape, security teams must keep a pulse on new and emerging threats, the latest cybercrime tactics, and the leading tools at their disposal. Microsoft tracks more than 43 trillion signals every day to develop dynamic, hyper-relevant threat intelligence that evolves with the attack surface and helps us to detect and respond to threats rapidly. Our customers can access this intelligence directly to create a deep and unique view of the threat landscape, a 360-degree understanding of their exposure to it, and tools to mitigate and respond.

Tag

#microsoft