Red Hat Security Advisory 2024-6610-03 - An update for git is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6610.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: git security updateAdvisory ID:        RHSA-2024:6610-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6610Issue date:         2024-09-11Revision:           03CVE Names:          CVE-2024-32002====================================================================Summary: An update for git is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.Security Fix(es):* git: Recursive clones RCE (CVE-2024-32002)* git: RCE while cloning local repos (CVE-2024-32004)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-32002References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2280421https://bugzilla.redhat.com/show_bug.cgi?id=2280428

Red Hat Security Advisory 2024-6610-03

Silver Spring, United States, 12th September 2024, CyberNewsWire

**Silver Spring, United States, September 12th, 2024, CyberNewsWire**

The investment will drive the company’s advancement of scalable workload access management for enterprises

Aembit, the leading non-human identity and access management (IAM) company, has secured $25 million in Series A funding, bringing its total capital raised to nearly $45 million. Acrew Capital led the round, with participation from existing investors Ballistic Ventures, Ten Eleven Ventures, Okta Ventures, and CrowdStrike Falcon Fund.

Aembit’s funding comes in the wake of continued high-profile non-human identity attacks on organizations such as Cloudflare, The New York Times, and Microsoft. Non-human identity (NHI) refers to the applications, scripts, and bots that businesses use to automate their operations, as well as the credentials used by NHIs to communicate to sensitive databases, applications, and infrastructure. 

These incidents exposed secrets such as API keys, access tokens, and other non-human access credentials, which were used to penetrate enterprise environments. In a newly published survey of security professionals, Aembit found that most organizations still struggle with managing NHI credentials securely: Over 30% still storing credentials in code, and 23% using email and chat to share credentials. Over 60% of respondents are looking for a comprehensive solution across their entire organization.

Security professionals are recognizing the need for an access-focused approach that automates identity-driven, secretless, centrally enforced, and auditable access between distributed applications and SaaS services to sensitive resources in the cloud and on-premises. 

Aembit has led the market in solving this emerging challenge by pioneering non-human IAM. It enables policy-based access management between workloads and the sensitive resources they access, moving beyond reactive visibility and governance to proactively shrink the attack surface of rapidly growing and highly distributed non-human identities. Aembit was recently lauded as a Top 2 finalist in the prestigious 2024 RSA Innovation Sandbox competition and is a finalist for Best Identity Management Solution at the 2024 SC Awards. Aembit continues to advance access management with capabilities such as MFA-strength conditional access, policy automation via infrastructure-as-code, and robust auditing for NHI access. 

> “Aembit is tackling one of the most pressing challenges in modern enterprise security,” said Mark Kraynak, founding partner at Acrew Capital. “The shift to cloud and SaaS, and AI has driven an order-of-magnitude expansion in non-human identities. With the proliferation of microservices and APIs across diverse environments, IAM has become the critical first line of defense for protecting sensitive data. Legacy access management approaches weren’t designed with this level of scale and automation in mind. We are thrilled to be partnering with Aembit to bring a new approach to the market.”

Co-Founders David Goldschlag and Kevin Sapp have spent their careers innovating across the identity landscape, most recently creating New Edge Labs (acquired by Netskope), one of the first user zero trust products on the market.

> “Kevin and I founded Aembit with a vision to help enterprises secure access between non-human workloads, applications, and software resources with the same principles used today to secure human access,” said David Goldschlag, co-founder and CEO of Aembit. “Talking to hundreds of enterprises, and working closely with design partners, our approach centers on proactively securing access between non-human identities, while eliminating friction for developers and security teams.”

> “By solving non-human IAM, Aembit is tackling an essential security challenge,” said Brad Jones, CISO at Snowflake and an Aembit customer. “Not only is their approach to non-human access innovative, but Aembit is a provider we can rely on.”

The Aembit Workload IAM Platform enforces secure access between non-human workloads and the services that authorize access to sensitive data and infrastructure. Aembit’s policy engine grants secretless access, just-in-time, based on the workload’s identity and posture. 

Leveraging native identities and sophisticated automation, organizations use Aembit to eliminate storage of sensitive secrets within applications or vaults by moving to short-lived access tokens with a no-code auth approach. With Aembit, businesses proactively secure non-human access while eliminating the manual and fragmented work required today by security, engineering, and DevSecOps teams.

**About Aembit**

Aembit is the non-human identity and access management platform that secures access between workloads across clouds, SaaS, and data centers. With Aembit’s identity control plane, DevSecOps can fully automate secretless, policy-based, and Zero Trust workload access with MFA-strength capabilities. For more information, users can visit https://aembit.io/ and follow us on LinkedIn.

**Contact**

**CMO**  
**Apurva Davé**  
**Aembit**  
**\[email protected\]**

Aembit Raises $25 Million in Series A Funding for Non-Human Identity and Access Management

Cybercriminals are increasingly targeting retail affiliate programs with sophisticated cryptocurrency scams. Retailers and customers must stay alert against…

Cybercriminals are increasingly targeting retail affiliate programs with sophisticated cryptocurrency scams. Retailers and customers must stay alert against domain fraud, brand impersonation, and online Ponzi schemes to prevent losses.

Cybercriminals and nation-state hackers are increasingly targeting retail affiliate programs to conduct cryptocurrency scams, according to the latest research by cybersecurity firm DomainTools.

With its vast economic footprint and consumer brand loyalty, the retail sector has become a prime target for these malicious actors, exploiting online platforms and brand reputations to deceive consumers and reap financial rewards.

**Leveraging Brand Loyalty for Fraud**

The global retail industry—valued at over $30 trillion annually and with the top 50 retailers contributing more than $1.13 trillion in revenue in 2023—has always been a lucrative target for scammers and fraudsters. However, the transition toward e-commerce has opened up new opportunities for cybercriminals to exploit.

The DomainTools detailed technical report, shared with Hackread.com ahead of publishing, dives deep into how threat actors use domain fraud, brand impersonation, and multi-level Ponzi schemes to deceive consumers and steal cryptocurrency.

Cybercriminals are not just after financial gains; they are also damaging brand reputations. By closely imitating well-known consumer brands, these actors aim to exploit the trust and loyalty consumers have for these companies. This multi-layered fraud not only affects individual consumers but also threatens the credibility of the brands themselves.

**Online Storefronts: A Hotspot for Fraud**

One noteworthy trend underlined in the report is the rise of **e-commerce domain fraud**. As physical stores closed during the global pandemic, the retail sector’s move to online platforms created another ground for cybercriminals.

One group of threat actors, for instance, set up hundreds of fraudulent websites to impersonate well-known global retailers. These sites often promised huge discounts through fake “store closing” sales, luring unsuspecting consumers into the trap.

DomainTools traced thousands of such fraudulent domains, some of which impersonated luxury brands like Rolex and Cartier. The scammers created these fake websites using templates, automated processes, and even legitimate e-commerce platforms to generate convincing landing pages. The scale of the operation is staggering, with over 2,300 fraudulent domains tied to just one SSL certificate alone.

**Ponzi Schemes Disguised as Affiliate Programs**

The report also uncovers a disturbing trend: the use of brand impersonation to conduct financial fraud. Cybercriminals are preying on individuals looking for side-income opportunities by promising commissions for completing simple tasks, such as boosting online sales for well-known brands like Amazon and Target. Victims are led to believe they are joining legitimate affiliate programs when, in reality, they are being lured into Ponzi schemes.

These scams often require victims to invest in cryptocurrency, such as USDT (Tether), with the promise of high returns. The fraudsters then push victims to recruit others, creating a multi-level marketing front.

In one case, a fraudulent website using the domain “amazon-9000com” mimicked Amazon’s platform to convince users to invest in these fake opportunities. This particular scheme was linked to over 200 other fraudulent domains impersonating major brands, including Lazada, Walmart, and TikTok.

Example of malicious domains impersonating top brands (Screenshot: DomainTools)

**Copycat Scams Spread Quickly**

The third major finding in the report is the proliferation of **copycat schemes**. Once a scam proves successful, it is quickly replicated by other cyber criminals. For example, a domain called “targetpk8top” appeared in late 2023, impersonating Target in much the same way as earlier scams targeted Amazon. The same templates, naming conventions, and SSL certificates were used, showing how quickly these tactics spread across the cybercriminal ecosystem.

These copycat scams often follow a familiar playbook: they use fake investment schemes, promise high cryptocurrency returns, and rely on social media platforms to find new victims. By the time consumers realize they’ve been duped, the scammers have often disappeared, leaving little chance of recovering lost funds.

**What’s Next for Retailers?**

The report urges the retail sector to remain vigilant. These scams have been ongoing since at least 2020, and the perpetrators show no signs of slowing down. Retailers must monitor their online presence closely, especially regarding domain registrations and brand impersonations.

Additionally, collaboration is key. Organizations like the **Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC)** and the **National Cyber-Forensics and Training Alliance (NCFTA)** are instrumental in sharing threat intelligence across the industry, helping retailers stay one step ahead of evolving cyber threats.

Although such scams are not new, their increased sophistication is only making it worse for unsuspecting customers and retailers. Therefore, both parties should recognize the threat posed by domain fraud and brand impersonation. Businesses should train their employees, and customers should learn how to identify scams or malicious websites.

1.  How to Increase Your Business’s Online Brand Awareness
2.  Memcyco Introduces Real-Time Solution to Combat Brandjacking
3.  Check Point Research: Microsoft the Most Phished Brand in Q2 2023
4.  Domain Squatting, rand Hijacking: A Silent Threat to Digital Enterprises
5.  42,000 phishing domains discovered masquerading as popular brands

From Amazon to Target: Hackers Mimic Top Brands in Global Crypto Scam

PRESS RELEASE

SAN FRANCISCO, Sept. 10, 2024 /PRNewswire/ -- appCD, the generative infrastructure from code company, today announced the close of its $12.3M seed round, its new identity as StackGen, and the appointment of Arshad Sayyad as Chief Business Officer. The round was led by Thomvest Ventures, with existing investors, FireBolt Ventures, WestWave Capital, and Secure Octane participating. StackGen will utilize the funding to accelerate product development, enhance its go-to-market strategy, and fuel company growth.

"StackGen represents the next evolution of our commitment to revolutionizing infrastructure from code," said Sachin Aggarwal, Co-founder and CEO of StackGen. "The funding will enable us to meet the growing demand from enterprise customers as we continue to deliver on our vision for the future of infrastructure from code. Our new name encapsulates this vision and mission to provide seamless, full-stack infrastructure solutions that enhance the developer experience and enforce industry standards, while embracing generative AI."

As stated in the Gartner® Hype Cycle™ for Platform Engineering, 2024, "The plethora of cloud infrastructure services across multiple cloud providers makes it difficult for platform engineers and developers to manage infrastructure change at the same pace as application code. Therefore, much like software engineers are productive working with higher-level abstractions using object-oriented programming languages with reusable modules, platform engineers seek similar benefits for improving their productivity and simplifying infrastructure delivery. IfC merges infrastructure and application code into a common programming model and a common programming language. IfC improves development and infrastructure agility by enabling infrastructure to change at the same pace as applications — developers focus on business logic and application architecture while infrastructure code is auto-generated based on organizational standards."

"Ensuring governance and consistency in deployments is crucial. StackGen provides default standardization, embedding consistency, security, and policy guardrails seamlessly into cloud deployments for enhanced application reliability," said Arvind Gidwani, CTO, SAP NS2. "StackGen is providing the necessary compliance and cloud automation at scale to help drive digital transformation."

"I am thrilled to be an investor and board member at StackGen, partnering with repeat founder and CEO Sachin Agarwal and his cofounders, Asif Awan and Arshad Sayyad," said Umesh Padval, Managing Director, Thomvest Ventures. "StackGen is revolutionizing the DevOps market with its Infrastructure from Code platform driving 10x productivity gains for DevOps and SecOps. The strong team, massive market opportunity along with differentiated and easy to use technology met the criterion of our thesis driven investments."

The rebranding to StackGen reflects the company's commitment to providing comprehensive infrastructure solutions that span the entire technology stack.

StackGen has expanded its leadership and go-to-market team with the appointment of Arshad Sayyad, former President of Fidelity Investments India and Managing Director at Accenture, Danielle Cook, CNCF Ambassador and ex-Fairwinds and Ondata, and Lauren Rother, ex-HashiCorp. 

StackGen launched its Dev Edition in March, and has already seen significant interest, with developers rapidly signing up to utilize its cutting-edge solutions. This early success underscores the growing demand for innovative infrastructure from code technologies and sets the stage for continued growth and market penetration.

Gartner, Hype Cycle for Platform Engineering, 2024, Manjunath Bhat, Bill Blosen, 19 June 2024

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, HYPE CYCLE are a registered trademark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About StackGen  
Founded in 2023 by serial entrepreneurs Sachin Aggarwal and Asif Awan, StackGen (formerly appCD) automatically generates Infrastructure from Code (IfC) based on application code with golden standards applied. Unlike manual Infrastructure as Code (IaC) creation or "golden templates" that quickly become outdated, StackGen generates IaC automatically from the application code, without requiring any code changes, and applies preset standards. StackGen provides seamless, full-stack infrastructure solutions that enhance the developer experience and enforce industry standards. Built for platform engineers and DevOps teams tasked with improving the developer experience and enforcing standards, StackGen reduces software development lifecycle (SDLC) bottlenecks, minimizes liabilities, and eliminates cognitive overload. StackGen is backed by notable venture capital firms Thomvest Ventures, WestWave Capital, FireBolt, and Secure Octane. For further information, please visit www.stackgen.com.

About appCD  
Founded in 2023 by serial entrepreneurs Sachin Aggarwal and Asif Awan, appCD automatically generates Infrastructure from Code (IfC) based on application code with golden standards applied. Unlike manual Infrastructure as Code (IaC) creation or "golden templates" that quickly become outdated, appCD generates IaC automatically from the application code, without requiring any code changes, and applies preset standards. Built for platform engineers and DevOps teams tasked with improving the developer experience and enforcing standards, appCD reduces software development lifecycle (SDLC) bottlenecks, minimizes liabilities, and eliminates cognitive overload. appCD is backed by notable venture capital firms Thomvest Ventures, WestWave Capital, FireBolt, and Secure Octane. For further information, please visit www.appCD.com.

AppCD Closes $12.3M Seed Round and Rebrands to StackGen

PRESS RELEASE

Darktrace plc (DARK.L), a global leader in cybersecurity AI, announces Poppy Gustafsson will step down as Chief Executive Officer (CEO) with effect from today and Jill Popelka, Darktrace's current Chief Operating Officer (COO), has been appointed as her successor. Jill will assume the role of CEO and will also be appointed to the Darktrace Board of Directors with effect from today.

Jill has more than two decades of experience of driving operational best practices and maturing teams, systems and processes for fast-growing businesses. She previously held senior leadership roles at leading global technology businesses, including Accenture, Snap Inc and SAP SuccessFactors, one of the largest enterprise cloud businesses in the world, which she led as President. Jill joined Darktrace in January 2024 as a Non-Executive Director, before assuming her current role of COO at Darktrace on 1 June 2024.

Poppy Gustafsson, outgoing CEO of Darktrace, said: "Darktrace has been a huge part of my life and my identity for over a decade and I am immensely proud of everything we have achieved in that time. Together we have revolutionised the marketplace for cyber security and brought our AI-powered technology to almost 10,000 customers around the world, keeping them safe from cyber disruption.

This challenge has required tremendous personal and professional commitment from me. With the acquisition of Darktrace by Thoma Bravo nearing its completion and with us having identified an excellent successor in Jill, now is the right time to hand over the reins so Jill can lead Darktrace through its transition into private ownership and beyond. I am profoundly grateful to have had the privilege of leading such an exceptional team and I look forward to remaining engaged in this exciting next chapter of the business as a non-executive director after the transaction completes. I remain Darktrace's number one fan."

Gordon Hurst, Chairman of Darktrace, said: "Poppy is a remarkable leader who has grown and nurtured one of the UK's proudest technology success stories. Under Poppy's stewardship, the business has transformed from a promising collaboration of AI and intelligence experts to a high-growth global leader in cyber security. This has been reflected in the significant value Darktrace has created for its shareholders under Poppy's leadership since its IPO in 2021 and through the acquisition by Thoma Bravo, one of the world's leading investors in software businesses.

"Jill is a proven and highly regarded leader in global technology businesses who has contributed immensely to the Board and more recently in her role as COO. With Poppy stepping down, the Board has implemented its CEO succession plan and is delighted that Jill has accepted the role of CEO. She has the deep sector experience, people leadership skills and energy and passion to lead Darktrace into the next stage of its journey."

Jill Popelka, incoming CEO of Darktrace, said: "Poppy and the team have built something very special. The potential of Darktrace is enormous - our technology has never been more critical to organisations around the world and our AI-native capabilities position us at the forefront of the ever-changing cyber security market. We have an outstanding platform offering, a broad base of customers across the globe, and some of the most talented people working in technology, not least our remarkable R&D teams based in Cambridge and The Hague.  I am excited to partner with the whole Darktrace team to take advantage of the many opportunities we have ahead of us as we embark on this next phase of our journey." 

Andrew Almeida, Partner at Thoma Bravo, said: "We are fully supportive of Poppy and the Board's succession plan. Jill is the perfect leader to build on Poppy's tremendous legacy at Darktrace as it embarks on this next phase of its life given her immense experience of scaling and maturing fast-growing businesses. She cares deeply about people, about serving customers and about creating a company with a sense of mission and purpose at its core. We look forward to working with Jill and the wider team to help elevate Darktrace's place as the essential cybersecurity platform for the changing threat landscape."

The acquisition of Darktrace by Thoma Bravo continues to progress as anticipated. All antitrust and regulatory approvals have now been received, with the exception of one foreign regulatory approval, which is currently anticipated by 28 September 2024. Per the transaction timetable, Darktrace will seek the UKcourt's sanction of the transaction as soon as this final regulatory approval has been received, with the closing of the transaction expected shortly afterwards.  

This announcement is made in accordance with the notification requirement in UKLR 6.4.6R and there are no other disclosures that need to be made under UKLR 6.4.8R relating to the appointment of Jill Popelka.

Poppy Gustafsson to Step Down As CEO of Darktrace; Jill Popelka Appointed Successor

Red Hat Security Advisory 2024-6559-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6559.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:12 security updateAdvisory ID:        RHSA-2024:6559-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6559Issue date:         2024-09-10Revision:           03CVE Names:          CVE-2024-7348====================================================================Summary: An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL (CVE-2024-7348)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-7348References:https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-6559-03

Red Hat Security Advisory 2024-6558-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6558.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:13 security updateAdvisory ID:        RHSA-2024:6558-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6558Issue date:         2024-09-10Revision:           03CVE Names:          CVE-2024-7348====================================================================Summary: An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL (CVE-2024-7348)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-7348References:https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-6558-03

Red Hat Security Advisory 2024-6557-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6557.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:13 security updateAdvisory ID:        RHSA-2024:6557-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6557Issue date:         2024-09-10Revision:           03CVE Names:          CVE-2024-7348====================================================================Summary: An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL (CVE-2024-7348)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-7348References:https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-6557-03

Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, "If it sounds too good to be true, it probably is." 
If your organization is like many, you may be contemplating a move to passwordless authentication. But the reality is that a passwordless security approach comes with its own

Password Security / Identity Management

Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, "If it sounds too good to be true, it probably is."

If your organization is like many, you may be contemplating a move to passwordless authentication. But the reality is that a passwordless security approach comes with its own set of pitfalls and perils. In this post, we'll discuss the real-world complexity of going passwordless and explore why strengthening your existing password protocols may be the simpler solution.

**The appeal of passwordless authentication**

Password-related vulnerabilities pose a major threat to organizational security. According to research by LastPass, a full 80% of data breaches stem from weak, reused, or compromised passwords. This sobering statistic highlights the appeal of passwordless systems, which offer a way to completely circumvent the risks associated with traditional passwords.

Passwordless authentication — including methods like biometrics, security keys, or magic links — offers several benefits:

*   **Enhanced security:** By eliminating the need for users to create and remember complex credentials, passwordless authentication systems significantly reduce the risk of breaches caused by human error.
*   **Improved end user experience:** Passwordless authentication is desirable from an end-user perspective. After all, who relishes the challenge of remembering multiple complex passwords across various accounts?
*   **Reduced IT burden:** Passwordless solutions promise to lighten IT teams' administrative load by decreasing password reset requests and related support tickets.

Interested to know how many of your end users are currently using breached or compromised passwords? Run a read-only scan of your Active Directory today – download Specops Password Auditor for free.

**The challenges of going passwordless**

Despite the benefits, organizations face numerous challenges when considering a move to passwordless authentication:

1.  **Legacy system compatibility:** Many businesses rely on a mix of modern and legacy systems — some of which may not support passwordless authentication methods. And updating or replacing these systems can be costly and time-consuming, often requiring significant changes to existing infrastructure.
2.  **User adoption and training:** While passwordless methods may be intuitive to tech-savvy users, they can confuse others. Your organization may need to invest in comprehensive training to ensure all employees can effectively use the new authentication system.
3.  **Backup authentication methods:** Even with passwordless primary authentication, most systems still require a backup method — which tends to be a traditional password. This means passwords don't truly disappear; they just become less visible, potentially leading to weaker security practices around these "hidden" passwords.
4.  **Biometric data privacy concerns:** Many passwordless solutions rely on biometric data, such as fingerprints or facial recognition. This raises important questions about data privacy and storage. Your organization must carefully consider the legal (and ethical) implications of collecting and managing this type of sensitive information.
5.  **Hardware requirements:** Some passwordless solutions require specific hardware, such as fingerprint readers or security keys. Equipping your organization with these devices can be expensive, especially if you have a large or distributed workforce.
6.  **Interoperability challenges:** In environments where employees need to access multiple systems and applications, it can be tricky for your IT team to ensure seamless interoperability between different passwordless solutions.
7.  **Regulatory considerations:** Depending on your industry and location, your business may face regulatory requirements that impact your choice of authentication methods. Some regulations may mandate specific security measures or data protection practices that could influence your decision between passwordless and traditional password systems.

**Strategies to improve password security**

Given these challenges, your organization may find that enhancing your existing password security measures is a more practical, cost-effective solution. To boost your current password security efforts, consider implementing these strategies:

*   **Enforce robust password policies:** Implementing strong password requirements — like minimum length and complexity — can improve your security. But remember: frustrated end users look for password policy workarounds. Balance your need for security with usability by encouraging the creation of passphrases.
*   **Use multi-factor authentication (MFA):** Adding an additional layer of security through MFA can reduce the risk of unauthorized access, even if a password is compromised.
*   **Employ password management tools:** Password management solutions can help your employees quickly generate and store strong, unique passwords for all their accounts, lessening the risk of password reuse.
*   **Provide regular security training:** Educating your end users about password hygiene best practices and how to recognize phishing attempts can reduce security breaches.
*   **Continuously monitor for compromised credentials:** Consider implementing solutions to detect and alert when employee credentials appear in known data breaches. This early warning will allow you to mitigate potential threats quickly.

To further enhance your efforts, your organization may want to integrate specialized tools into your security strategy. For example, tools like Specops Password Policy work with Active Directory to enhance password security across your organization.

With Specops Password Policy, you can:

*   Customize password complexity requirements
*   Give users real-time feedback during password creation
*   Detect and prevent the use of compromised passwords
*   Gain insights with detailed reporting and compliance tools

By implementing a tool like Specops Password Policy, your business can improve its password security posture without completely overhauling its authentication systems. This approach provides a balanced solution that addresses your immediate security needs while helping your business prepare for future authentication technologies.

**A balanced approach to passwords vs. passwordless**

While passwordless authentication is appealing, it remains a long-term goal for many organizations rather than an immediate solution. The implementation challenges — from legacy system compatibility to user adoption — make it a complex, potentially expensive endeavor.

In the meantime, your business can enhance password security by developing robust policies, deploying multi-factor authentication to gain another layer of protection, and investing in specialized tools like the Specops Password Policy. This balanced approach will help you achieve security benefits without having to completely shift your organization's security approach.

_Ready to enhance your password security? Try Specops Password Policy for free._

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Why Is It So Challenging to Go Passwordless?

Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024.
The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech

Windows Security / Vulnerability

Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024.

The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech giant resolved in its Chromium-based Edge browser since last month's Patch Tuesday release.

The three vulnerabilities that have been weaponized in a malicious context are listed below, alongside a bug that Microsoft is treating as exploited -

*   **CVE-2024-38014** (CVSS score: 7.8) - Windows Installer Elevation of Privilege Vulnerability
*   **CVE-2024-38217** (CVSS score: 5.4) - Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability
*   **CVE-2024-38226** (CVSS score: 7.3) - Microsoft Publisher Security Feature Bypass Vulnerability
*   **CVE-2024-43491** (CVSS score: 9.8) - Microsoft Windows Update Remote Code Execution Vulnerability

"Exploitation of both CVE-2024-38226 and CVE-2024-38217 can lead to the bypass of important security features that block Microsoft Office macros from running," Satnam Narang, senior staff research engineer at Tenable, said in a statement.

"In both cases, the target needs to be convinced to open a specially crafted file from an attacker-controlled server. Where they differ is that an attacker would need to be authenticated to the system and have local access to it to exploit CVE-2024-38226."

As disclosed by Elastic Security Labs last month, CVE-2024-38217 – also referred to as LNK Stomping – is said to have been abused in the wild as far back as February 2018.

CVE-2024-43491, on the other hand, is notable for the fact that it's similar to the downgrade attack that cybersecurity company SafeBreach detailed early last month.

"Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015)," Redmond noted.

"This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024 — KB5035858 (OS Build 10240.20526) or other updates released until August 2024."

The Windows maker further said it can be resolved by installing the September 2024 Servicing stack update (SSU KB5043936) and the September 2024 Windows security update (KB5043083), in that order.

It's also worth pointing out that Microsoft's "Exploitation Detected" assessment for CVE-2024-43491 stems from the rollback of fixes that addressed vulnerabilities impacting some Optional Components for Windows 10 (version 1507) that have been previously exploited.

"No exploitation of CVE-2024-43491 itself has been detected," the company said. "In addition, the Windows product team at Microsoft discovered this issue, and we have seen no evidence that it is publicly known."

**Software Patches from Other Vendors**

In addition to Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including —

*   Adobe
*   Arm
*   Bosch
*   Broadcom (including VMware)
*   Cisco
*   Citrix
*   CODESYS
*   D-Link
*   Dell
*   Drupal
*   F5
*   Fortinet
*   Fortra
*   GitLab
*   Google Android and Pixel
*   Google Chrome
*   Google Cloud
*   Google Wear OS
*   Hitachi Energy
*   HP
*   HP Enterprise (including Aruba Networks)
*   IBM
*   Intel
*   Ivanti
*   Lenovo
*   Linux distributions Amazon Linux, Debian, Oracle Linux, Red Hat, Rocky Linux, SUSE, and Ubuntu
*   MediaTek
*   Mitsubishi Electric
*   MongoDB
*   Mozilla Firefox, Firefox ESR, Focus and Thunderbird
*   NVIDIA
*   ownCloud
*   Palo Alto Networks
*   Progress Software
*   QNAP
*   Qualcomm
*   Rockwell Automation
*   Samsung
*   SAP
*   Schneider Electric
*   Siemens
*   SolarWinds
*   SonicWall
*   Spring Framework
*   Synology
*   Veeam
*   Zimbra
*   Zoho ManageEngine ServiceDesk Plus, SupportCenter Plus, and ServiceDesk Plus MSP
*   Zoom, and
*   Zyxel

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#sap