Integrated OT solution streamlines the auditing of firewalls for misconfigurations and conflicting rules.

**CHICAGO & SAN CARLOS, Calif. —** **(BUSINESS WIRE) —** Network Perception, innovators of operational technology (OT) solutions that protect mission-critical assets, and Check Point Software Technologies Ltd., a leading provider of cyber security solutions globally, today announced the integration of security technologies, making it possible to ensure that OT firewall environments are properly configured and continuously verified for the protection of critical assets.

Check Point provides the security infrastructure while Network Perception’s NP-View platform protects critical assets by providing compliance verification, cybersecurity visibility and operational velocity, allowing for the continuous verification and visualization of the security posture. Network Perception NP-View uses the Check Point Security Management Restful API to import network device configurations, offline or continuously, to instantly visualize network architecture, identifying all points of network connectivity and the exposure of protected assets. The combined solution verifies access to ports and services across different trust zones to protect mission critical assets.

“Checking for firewall misconfigurations and conflicting rules sounds easy, but manual audits on dozens or hundreds of firewalls can take days or weeks of time - and one error or omission can expose your network to security vulnerabilities and risks,” said Robin Berthier, CEO of Network Perception. “Integrating with Check Point ensures that a security infrastructure is configured the best way possible, protecting networks from the latest threats.”

“Network Perception’s platform takes essential auditing technology and makes it continuous for proactive OT network security that builds cyber resiliency,” said Jason Min, Head of Business Development at Check Point Software Technologies. “By integrating our technologies, our joint solution allows for a fully consolidated cyber security architecture that protects business and OT infrastructure against sophisticated cyber-attacks across networks, endpoint, cloud and mobile.”

For more information on the integration between Network Perception NP-View and Check Point, please view this short video: https://www.youtube.com/watch?v=rZfHHmWAmEw

**About Network Perception**

Network Perception proactively protects industrial control systems by ensuring network access security as the first line of perimeter defense. Our monitoring software provides complete network transparency and continuous mapping to better support cybersecurity compliance and enable greater cyber resiliency. For more information, visit www.network-perception.com.

Network Perception and Check Point Software Technologies Partner to Tighten the Security of OT Firewall Environments

36% of Americans have fallen victim to holiday shopping scams.

**TEMPE, Ariz. and PRAGUE, Nov. 1, 2022 /PRNewswire/ —** A global study from Norton, a consumer Cyber Safety brand1 of NortonLifeLock (NASDAQ: NLOK), sheds new light on the risks consumers will take this holiday shopping this season. According to the 2022 Norton Cyber Safety Insights Report: Special Release – Holiday, conducted online in August 2022among 1,000 U.S. adults 18+ by The Harris Poll, one in three American adults (34%) admit to taking more risks when online shopping during holiday season compared to other times of the year.

The study found a staggering 36% of Americans have fallen victim to online shopping scams during the holidays, losing $387 on average as a result. Of those victimized, most frequently cybercriminals connected with them via email (40%), through social media (38%), third-party websites (32%), texts (28%) or phone calls (23%).

"Now more than ever, many are willing to do whatever it takes online to save on big ticket holiday items, even if it puts them at risk," said Kevin Roundy, Researcher and Senior Technical Director, NortonLifeLock. "The past frenzy of lining up outside stores early to grab must-have holiday gifts has mostly moved online."

Roundy continues, "Inflation and cost-cutting has pushed more Americans to look for discounts, with three-quarters of U.S. adults (77%) willing to take any action to cut costs this holiday season. At this time of year, and this year in particular, vigilance is needed around offers that seem too good to be true, especially when shopping on unfamiliar sites or links via social media."

Nearly 1 in 5 U.S. adults (17%) admit they would willingly risk giving away personal information to obtain a high demand gift or toy over the holiday season– more than one in ten (12%) would go so far as to share their name, email or birthdate which could compromise their identity, however 9% admit they would share the personal details of a friend or family member to secure a high demand gift. Further, more than 2 in 5 Americans (41%) admit to risking their personal information in some way during the holiday season, typically by posting a picture of an expensive gift they have received (19%), posting a picture of their travel destination (18%), tagging their current location on social media (18%), or posting a picture of their travel plans without removing any personal information (13%).

While most Americans (89%) say they feel confident shopping safely online this holiday season, more than 2 in 5 (43%) admit they aren't really sure of the best ways to do so. When shopping online Norton experts recommend the following actionable steps to identify and avoid risks when online shopping:

*   Checking ratings of online sellers
*   Avoiding suspicious links from social media ads or unfamiliar emails using a virtual private network (VPN) when making online purchases on public or unsecured Wi-Fi.

Norton helps consumers shop safely online with products like Norton Safe Web, which enables users to check for unsafe hyperlinks with the Link Guard Feature. For those looking to take preventative steps to safeguard their connected devices, online privacy and identities, Norton provides all-in-one protection from cyber threats through Norton 360 with LifeLock Select.

To view the study's full results and accompanying visual assets, please visit the 2022 Norton Cyber Safety Insights Report: Special Release – Holiday press kit at https://newsroom.nortonlifelock.com/norton-cyber-safety-report.

**About the 2022 Norton Cyber Safety Insights Report: Special Release – Holiday**

The research was conducted online in the United States by The Harris Poll on behalf of NortonLifeLock among 1,000 adults aged 18+. The survey was conducted August 15 – September 1, 2022. Data are weighted where necessary by age, gender, race/ethnicity, region, education, marital status, household size, household income, and propensity to be online to bring them in line with their actual proportions in the population.

Respondents for this survey were selected from among those who have agreed to participate in our surveys. The sampling precision of Harris online polls is measured by using a Bayesian credible interval. For this study, the sample data is accurate to within + 3.8 percentage points using a 95% confidence level. This credible interval will be wider among subsets of the surveyed population of interest.

**About NortonLifeLock Inc.**

NortonLifeLock Inc. (NASDAQ: NLOK) is a global leader in consumer Cyber Safety, protecting and empowering people to live their digital lives safely. We are the consumer's trusted ally in an increasingly complex and connected world. Learn more about how we're transforming Cyber Safety at NortonLifeLock.com.

Online Holiday Shopping Frenzy: Study Shows 1 in 3 Americans Tend to Take More Risks When Shopping Online During Holiday Season

Ubuntu Security Notice 5707-1 - It was discovered that Libtasn1 did not properly perform bounds checking. An attacker could possibly use this issue to cause a crash.

    ==========================================================================Ubuntu Security Notice USN-5707-1October 31, 2022libtasn1-6 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:Libtasn1 could cause a crash when processing certain inputs.Software Description:- libtasn1-6 - Library to manage ASN.1 structuresDetails:It was discovered that Libtasn1 did not properly perform boundschecking. An attacker could possibly use this issue to cause acrash.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM:   libtasn1-6                   4.7-3ubuntu0.16.04.3+esm3In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-5707-1   CVE-2021-46848

Ubuntu Security Notice USN-5707-1

lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash.

**Bug 865631** \- <app-text/lesspipe-2.06: Perl storable (pst) files security fix

Summary: <app-text/lesspipe-2.06: Perl storable (pst) files security fix

Status:

IN\_PROGRESS

Alias:

None

Product:

Gentoo Security

Classification:

Unclassified

Component:

Vulnerabilities (show other bugs)

Hardware:

All Linux

Importance:

Normal normal (vote)

Assignee:

Gentoo Security

URL:

Whiteboard:

B2 \[glsa\]

Keywords:

Depends on:

872749

Blocks:

 

Show dependency tree

Reported:

2022-08-18 02:58 UTC by Sam James

Modified:

2022-10-31 15:37 UTC (History)

CC List:

1 user (show)

See Also:

Package list:

Runtime testing required:

\---

  

Attachments

Add an attachment (proposed patch, testcase, etc.)

  

Note You need to log in before you can comment on or make changes to this bug.

CVE-2022-44542: Perl storable (pst) files security fix

A lax API governance strategy can lead to abandoned or overlooked APIs that open up organizations to security threats.

**Question: What is the difference between zombie APIs and shadow APIs?**

**Nick Rago, Field CTO, Salt Security:** Zombie APIs and shadow APIs represent by-products of a larger challenge that enterprises are struggling to tackle today: API sprawl.

As companies seek to maximize the business value associated with APIs, APIs have proliferated. Digital transformation, app modernization to microservices, API-first app architectures, and advancements in rapid continuous software deployment methods have fueled the high-velocity growth of the number of APIs created and in use by organizations. As a result of this rapid API production, API sprawl has manifested itself across multiple teams who leverage multiple technology platforms (legacy, Kubernetes, VMs, etc.) across multiple distributed infrastructures (on-premises data centers, multiple public clouds, etc.). Unwanted entities such as zombie APIs and shadow APIs emerge when organizations do not have the proper strategies in place to manage API sprawl.

Simply put, a zombie API is an exposed API or an API endpoint that has become abandoned, outdated, or forgotten. At one point, the API served a function. However, that function may no longer be needed or the API has been replaced/updated with a newer version. When an organization does not have proper controls in place around versioning, deprecating, and sunsetting old APIs, those APIs may linger on indefinitely — hence, the term zombie.

Because they are essentially forgotten, zombie APIs don't receive any ongoing patching, maintenance, or updates in any functional or security capacity. Therefore, the zombie APIs become a security risk. In fact, Salt Security's "State of API Security" report names zombie APIs as organizations' No. 1 API security concern over its past four surveys.

In contrast, a shadow API is an exposed API or an API endpoint whose creation and deployment were done "under the radar." Shadow APIs have been created and deployed outside of an organization's official API governance, visibility, and security controls. Consequently, they can pose a wide variety of security risks, including:

*   The API may not have proper authentication and access gates in place.
*   The API may be exposing sensitive data improperly.
*   The API may not be adhering to best practices from a security standpoint, making it vulnerable to many of the OWASP API Security Top 10 attack threats.

A number of motivating factors are behind why a developer or app team would want to deploy an API or endpoint quickly; however, a strict API governance strategy must be followed to enforce controls and process over how and when an API gets deployed regardless of the motivation.

Adding to the risks, API sprawl and the emergence of zombie and shadow APIs extend beyond APIs developed in-house. Third-party APIs deployed and utilized as part of packaged applications, SaaS-based services, and infrastructure components can also introduce problems if not properly inventoried, governed, and maintained.

Zombie and shadow APIs pose similar security risks. Depending on an organization's existing API controls (or lack thereof), one may be less or more problematic than the other. As a first step to tackle the challenges of zombie and shadow APIs, organizations must use a proper API discovery technology to help inventory and understand all of the APIs deployed in their infrastructures. Additionally, organizations must adopt an API governance strategy that standardizes how APIs are built, documented, deployed, and maintained — regardless of team, technology, and infrastructure.

Why Are Zombie APIs and Shadow APIs So Scary?

The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection

CVE-2022-3254

While fewer cloud providers are suffering outages, customers should prepare for the uncommon event, especially when relying on cloud services for security.

When cybersecurity software-as-a-service offerings are impacted by an outage, it can result in a significant disruption, especially if the service protects business-critical portions of a firm's infrastructure. 

In the past two weeks, for example, outages at cybersecurity services firm Zscaler resulted in latency, packet loss, and outages for some businesses. On Oct. 25, a traffic-forwarding issue caused disruptions and packet loss to some of the cybersecurity provider's regional customers. The previous week, the company warned clients that they could experience packet loss due to damage to a transoceanic cable near France.

Unfortunately, many companies weren't prepared. "Took down entire company for several hours this morning," one IT security engineer said on Twitter of the impact on his firm.

While outages of any cloud service can have a dramatic impact on business operations — an Amazon Web Services outage in December 2021 took down swaths of the web for hours, for example — cyberdefenses often have a favored position within a company's infrastructure, making an outage more impactful. A business software-as-a-service (SaaS) application typically only impacts its own user base, whereas cybersecurity SaaS services can often have impacts across applications.

Companies need to be prepared for such outages, even if rare, says Merritt Maxim, vice president and research director for security and risk at Forrester Research.

Zscaler "is not the first cloud outage and won’t be the last, either," he says, adding: "Cloud products and services are not necessarily more susceptible to outages than on-prem equivalents, \[but\] the issue is often that because of this perception, organizations do not properly assess all possible causes of cloud outages and develop mitigation plans in response to these threats."

Indeed, the Zscaler incidents are not unique. In October 2020, an outage affected Microsoft Azure AD, the company's SaaS identity and access management service, blocking businesses and users from connecting to their applications. A year later, a six-hour Facebook outage blocked many users — including some businesses — from using the company's single sign-on technology and slowed many websites when scripts relying on the company's service failed to run.  

**Cloud Outages Increasingly Rare, But Impactful**

Overall, there has been a reduction in the number of significant outages among cloud services, with 60% of operators saying that they have had an outage in the past three years, down from 78% in 2020, according to survey results published by the Uptime Institute.

And compared with on-premises cybersecurity software and appliances, cloud-based services are nonetheless more reliable, says Jim Reavis, CEO of the Cloud Security Alliance, an industry organization.

"Mature cloud providers, including those with cybersecurity offerings, operate much like public utilities that provide on-demand services to large customer bases," he says. "They are generally very reliable, which is why their intermittent failures, like public utilities, are newsworthy."

For that reason, the two disruptions weathered by Zscaler stand out — as does companies' unpreparedness for them.  

"Things will happen as long as humans and nature are involved," says Misha Kuperman, senior vice president of cloud operations and ecosystem at Zscaler. He adds, "With the right tools, we can deliver more reliability and work around such incidents, as we have done on multiple occasions."

**Building in Cloud Security Redundancy**

Businesses also should ensure that they realize the cloud security and reliability is a shared responsibility model. Cloud providers — including cybersecurity services based in the cloud — are responsible for their infrastructure, but companies should architect their cloud or hybrid infrastructure to handle outages.  

Companies that know their cloud vendor's architecture will be better prepared for outages, says CSA's Reavis.

"It is important to understand how the provider achieves redundancy in its architecture, operating procedures including software updates, and its footprint of global data centers," he says. "The customer should then understand how that redundancy satisfies their own risk requirements and if their own architecture takes full advantage of the redundancy capabilities."

Business customers should also regularly re-evaluate their technology landscape and risk profile. While network and power failures — and natural disasters — used to dominate resilience discussions, malicious threats such as ransomware and denial-of-service attacks are often more likely to dominate discussions today, says Forrester's Maxim.

"Understanding the evolving risks and their respective impact on business is an imperative to prioritize the risks that you'd want to mitigate," he says. A business impact analysis conducted with internal teams "allows you to create tiers for application criticality that help determine if the default resilience of cloud services is enough — or if you need a more robust solution."

Zscaler's Cloud-Based Cybersecurity Outages Showcase Redundancy Problem

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.

A vulnerability related to online certificate revocation checking was discovered in strongSwan that can lead to a denial-of-service attack. All versions may be affected.

Lahav Schlesinger reported a bug related to online certificate revocation checking that can lead to a denial-of-service attack.

**Using Untrusted URIs for Revocation Checking**

Because the _revocation_ plugin uses potentially untrusted OCSP URIs and CRL distribution points (CDP) in certificates, a remote attacker is able to initiate IKE\_SAs and send crafted certificates that contain URIs pointing to servers under their control, which can lead to a denial-of-service attack.  Affected are all strongSwan versions if they use the _revocation_ plugin or a custom plugin that implements similar features.

CVE-2022-40617 has been assigned for this vulnerability.

**Problematic Inline Revocation Checking in Trust Chain Validation**

strongSwan's credential manager component, which is responsible for verifying trust chains, always did online certificate revocation checks inline while traversing the certificate chain.  That is, for each certificate, starting with the end-entity certificate, it searches a matching issuer certificate and if the signature and lifetimes are valid, calls plugins via the cert_validator_t interface to do extended validation of the current certificate.  One of these plugins is the _revocation_ plugin that uses OCSP URIs and CDPs in the issued certificate to check its status (e.g. whether it was revoked by the issuing CA).

While this approach allows to immediately abort the validation if a revoked certificate is encountered, the problem is that the certificate chain might not yet be trusted when the revocation plugin accesses the contained URIs. Only for a single-level PKI is the trust immediately established when finding the trusted, self-signed CA certificate that issued the end-entity certificate. So if an attacker sends specifically crafted end-entity and intermediate CA certificates, the URIs in the end-entity certificate are used for online revocation checks before the intermediate CA certificate is later rejected because no trusted issuer certificate is found and the authentication fails.

This allows attackers to encode URIs to servers under their control and force a strongSwan instance to connect to them.

**Denial-of-Service Due To Attacker-Controlled OCSP URIs and CDPs**

As described above, attackers are able force the _revocation_ plugin to make requests to arbitrary servers. This can lead to different kinds of denial-of-service attacks, depending on how these servers react.

A first one can be caused via a server that lets clients complete the TCP three-way handshake but then sends no data. It has to be reachable as there is an initial connection timeout (for DNS resolution and TCP handshake completion). But because the _revocation_ plugin doesn't set an overall timeout for its requests and some fetcher plugins don't use one by default, in particular the commonly used _curl_ plugin, the worker thread will be blocked practically indefinitely (i.e. until the default TCP timeout of the underling TCP/IP stack). By initiating multiple IKE\_SAs with the same certificates, attackers are able to block worker threads to the point the daemon will not be able to process any further IKE messages or other events.

In a second potential attack, instead of sending no data, the server sends a lot of it. Because the fetched OCSP/CRL data is stored in memory and without any upper limits, the attacker might be able to exhaust all memory of the host strongSwan runs on, or at least force a system like Linux's OOM killer to terminate the IKE daemon.

Remote code execution is not possible due to this issue.

As mentioned in the introduction, credit to Lahav Schlesinger for finding this vulnerability.

**Mitigation**

Setups that don't use the _revocation_ plugin are not directly vulnerable. However, if custom plugins are loaded that implement the validate() method of the cert_validator_t interface, there could be similar problems due to the inline certificate validation described above.

The just released strongSwan 5.9.8 fixes this vulnerability by creating a trusted certificate chain before starting online revocation checks. For older releases, we provide a patch that fixes the vulnerability and should apply with appropriate hunk offsets (please note that we don't provide patches for versions < 5.1.0).

CVE-2022-40617: strongSwan Vulnerability (CVE-2022-40617)

Ubuntu Security Notice 5706-1 - It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information. It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5706-1  
October 27, 2022

linux-azure-fde vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems

Details:

It was discovered that the BPF verifier in the Linux kernel did not  
properly handle internal data structures. A local attacker could use this  
to expose sensitive information (kernel memory). (CVE-2021-4159)

It was discovered that an out-of-bounds write vulnerability existed in the  
Video for Linux 2 (V4L2) implementation in the Linux kernel. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-20369)

Duoming Zhou discovered that race conditions existed in the timer handling  
implementation of the Linux kernel's Rose X.25 protocol layer, resulting in  
use-after-free vulnerabilities. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-2318)

Roger Pau Monné discovered that the Xen virtual block driver in the Linux  
kernel did not properly initialize memory pages to be used for shared  
communication with the backend. A local attacker could use this to expose  
sensitive information (guest kernel memory). (CVE-2022-26365)

Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan  
and Ariel Sabba discovered that some Intel processors with Enhanced  
Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET  
instructions after a VM exits. A local attacker could potentially use this  
to expose sensitive information. (CVE-2022-26373)

Eric Biggers discovered that a use-after-free vulnerability existed in the  
io_uring subsystem in the Linux kernel. A local attacker could possibly use  
this to cause a denial of service (system crash) or possibly execute  
arbitrary code. (CVE-2022-3176)

Roger Pau Monné discovered that the Xen paravirtualization frontend in the  
Linux kernel did not properly initialize memory pages to be used for shared  
communication with the backend. A local attacker could use this to expose  
sensitive information (guest kernel memory). (CVE-2022-33740)

It was discovered that the Xen paravirtualization frontend in the Linux  
kernel incorrectly shared unrelated data when communicating with certain  
backends. A local attacker could use this to cause a denial of service  
(guest crash) or expose sensitive information (guest kernel memory).  
(CVE-2022-33741, CVE-2022-33742)

Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in  
the Linux kernel on ARM platforms contained a race condition in certain  
situations. An attacker in a guest VM could use this to cause a denial of  
service in the host OS. (CVE-2022-33744)

It was discovered that the Netlink Transformation (XFRM) subsystem in the  
Linux kernel contained a reference counting error. A local attacker could  
use this to cause a denial of service (system crash). (CVE-2022-36879)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   linux-image-5.4.0-1092-azure-fde  5.4.0-1092.97+cvm1.1  
   linux-image-azure-fde           5.4.0.1092.97+cvm1.32

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-5706-1  
   CVE-2021-4159, CVE-2022-20369, CVE-2022-2318, CVE-2022-26365,  
   CVE-2022-26373, CVE-2022-3176, CVE-2022-33740, CVE-2022-33741,  
   CVE-2022-33742, CVE-2022-33744, CVE-2022-36879

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-azure-fde/5.4.0-1092.97+cvm1.1

Ubuntu Security Notice USN-5706-1

Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by writing outside the memory buffer.

Tag

#perl