Ubuntu Security Notice 6952-2 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6952-2August 13, 2024linux-azure vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systemsDetails:Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shindediscovered that an untrusted hypervisor could inject malicious #VCinterrupts and compromise the security guarantees of AMD SEV-SNP. This flawis known as WeSee. A local attacker in control of the hypervisor could usethis to expose sensitive information or possibly execute arbitrary code inthe trusted execution environment. (CVE-2024-25742)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM32 architecture;   - ARM64 architecture;   - M68K architecture;   - OpenRISC architecture;   - PowerPC architecture;   - RISC-V architecture;   - x86 architecture;   - Block layer subsystem;   - Accessibility subsystem;   - Bluetooth drivers;   - Clock framework and drivers;   - CPU frequency scaling framework;   - Hardware crypto device drivers;   - DMA engine subsystem;   - DPLL subsystem;   - FireWire subsystem;   - EFI core;   - Qualcomm firmware drivers;   - GPIO subsystem;   - GPU drivers;   - HID subsystem;   - Microsoft Hyper-V drivers;   - I2C subsystem;   - InfiniBand drivers;   - IOMMU subsystem;   - IRQ chip drivers;   - Macintosh device drivers;   - Multiple devices driver;   - Media drivers;   - EEPROM drivers;   - MMC subsystem;   - Network drivers;   - STMicroelectronics network drivers;   - Device tree and open firmware driver;   - HiSilicon SoC PMU drivers;   - PHY drivers;   - Pin controllers subsystem;   - Remote Processor subsystem;   - S/390 drivers;   - SCSI drivers;   - SPI subsystem;   - Media staging drivers;   - Thermal drivers;   - TTY drivers;   - Userspace I/O drivers;   - USB subsystem;   - DesignWare USB3 driver;   - ACRN Hypervisor Service Module driver;   - Virtio drivers;   - 9P distributed file system;   - BTRFS file system;   - eCrypt file system;   - EROFS file system;   - File systems infrastructure;   - GFS2 file system;   - JFFS2 file system;   - Network file systems library;   - Network file system client;   - Network file system server daemon;   - NILFS2 file system;   - Proc file system;   - SMB network file system;   - Tracing file system;   - Mellanox drivers;   - Memory management;   - Socket messages infrastructure;   - Slab allocator;   - Tracing infrastructure;   - User-space API (UAPI);   - Core kernel;   - BPF subsystem;   - DMA mapping infrastructure;   - RCU subsystem;   - Dynamic debug library;   - KUnit library;   - Maple Tree data structure library;   - Heterogeneous memory management;   - Amateur Radio drivers;   - Bluetooth subsystem;   - Ethernet bridge;   - Networking core;   - IPv4 networking;   - IPv6 networking;   - Multipath TCP;   - Netfilter;   - NET/ROM layer;   - NFC subsystem;   - NSH protocol;   - Open vSwitch;   - Phonet protocol;   - SMC sockets;   - TIPC protocol;   - Unix domain sockets;   - Wireless networking;   - Key management;   - ALSA framework;   - HD-audio driver;   - Kirkwood ASoC drivers;   - MediaTek ASoC drivers;(CVE-2024-38601, CVE-2024-36935, CVE-2024-35991, CVE-2024-36032,CVE-2024-35988, CVE-2024-36886, CVE-2024-36913, CVE-2024-36928,CVE-2024-38553, CVE-2024-36927, CVE-2024-38615, CVE-2024-36958,CVE-2024-36977, CVE-2024-36889, CVE-2024-38554, CVE-2024-38590,CVE-2024-42134, CVE-2024-35857, CVE-2024-35850, CVE-2024-35986,CVE-2024-36921, CVE-2024-38569, CVE-2024-36966, CVE-2024-38542,CVE-2024-38585, CVE-2024-36884, CVE-2024-36006, CVE-2024-38577,CVE-2024-36016, CVE-2024-38584, CVE-2024-36887, CVE-2024-38598,CVE-2024-35994, CVE-2024-38603, CVE-2024-35998, CVE-2024-27401,CVE-2024-35852, CVE-2024-36944, CVE-2024-38572, CVE-2024-36917,CVE-2024-36943, CVE-2024-36009, CVE-2024-38587, CVE-2024-35949,CVE-2024-36945, CVE-2024-36004, CVE-2024-36919, CVE-2024-27398,CVE-2024-38582, CVE-2024-35847, CVE-2024-38580, CVE-2024-38602,CVE-2024-36916, CVE-2024-36903, CVE-2024-38555, CVE-2024-36952,CVE-2024-38589, CVE-2024-27394, CVE-2024-36933, CVE-2024-36975,CVE-2024-38591, CVE-2024-38612, CVE-2024-36939, CVE-2024-35983,CVE-2024-38607, CVE-2024-36929, CVE-2024-35849, CVE-2024-36941,CVE-2024-35858, CVE-2024-38599, CVE-2024-35996, CVE-2024-36031,CVE-2024-36931, CVE-2024-35990, CVE-2024-35851, CVE-2024-38556,CVE-2024-36000, CVE-2024-36910, CVE-2024-38573, CVE-2024-36906,CVE-2024-36951, CVE-2024-38604, CVE-2024-38613, CVE-2024-38547,CVE-2024-36014, CVE-2024-36949, CVE-2024-36033, CVE-2024-38597,CVE-2024-36880, CVE-2024-38594, CVE-2024-36894, CVE-2024-38546,CVE-2024-36947, CVE-2024-38541, CVE-2024-35989, CVE-2024-27399,CVE-2024-38550, CVE-2024-36922, CVE-2024-36008, CVE-2024-38540,CVE-2024-36924, CVE-2024-36892, CVE-2024-38549, CVE-2024-36882,CVE-2024-36908, CVE-2024-38566, CVE-2024-36005, CVE-2024-38583,CVE-2024-36968, CVE-2024-36017, CVE-2024-38565, CVE-2024-36881,CVE-2024-38611, CVE-2024-36897, CVE-2024-38560, CVE-2024-36923,CVE-2024-38575, CVE-2024-36899, CVE-2024-38570, CVE-2024-36898,CVE-2024-36896, CVE-2024-38559, CVE-2024-38588, CVE-2024-38606,CVE-2024-38551, CVE-2024-36891, CVE-2024-38567, CVE-2024-36895,CVE-2024-35993, CVE-2024-38552, CVE-2024-36925, CVE-2024-36964,CVE-2024-36888, CVE-2024-36956, CVE-2024-36946, CVE-2024-38600,CVE-2024-35997, CVE-2024-36912, CVE-2024-35984, CVE-2024-35848,CVE-2024-38545, CVE-2024-38563, CVE-2024-36918, CVE-2024-36001,CVE-2024-36957, CVE-2024-38576, CVE-2024-36030, CVE-2024-38574,CVE-2024-36963, CVE-2024-36890, CVE-2024-36960, CVE-2024-36901,CVE-2024-38614, CVE-2024-35859, CVE-2024-38593, CVE-2024-36904,CVE-2024-36012, CVE-2024-38578, CVE-2024-36011, CVE-2024-36930,CVE-2024-36938, CVE-2024-36893, CVE-2024-35987, CVE-2024-36905,CVE-2024-35853, CVE-2024-36003, CVE-2024-38562, CVE-2024-38617,CVE-2024-35855, CVE-2024-36965, CVE-2024-38596, CVE-2024-38558,CVE-2024-38568, CVE-2024-36955, CVE-2024-36029, CVE-2024-36967,CVE-2024-36940, CVE-2024-38595, CVE-2024-36028, CVE-2024-38610,CVE-2024-36911, CVE-2024-35999, CVE-2024-35854, CVE-2024-38571,CVE-2024-38548, CVE-2024-36948, CVE-2024-36002, CVE-2024-36961,CVE-2024-36900, CVE-2024-36932, CVE-2024-36902, CVE-2024-35992,CVE-2024-36914, CVE-2024-38592, CVE-2024-38616, CVE-2024-27400,CVE-2024-36937, CVE-2024-36920, CVE-2024-38586, CVE-2024-36909,CVE-2024-35846, CVE-2024-39482, CVE-2024-38579, CVE-2024-38539,CVE-2024-27395, CVE-2024-36962, CVE-2024-36013, CVE-2024-27396,CVE-2024-38557, CVE-2024-36953, CVE-2024-41011, CVE-2023-52882,CVE-2024-36969, CVE-2024-36007, CVE-2024-35856, CVE-2024-38605,CVE-2024-36915, CVE-2024-36979, CVE-2024-36954, CVE-2024-38538,CVE-2024-36950, CVE-2024-36926, CVE-2024-38544, CVE-2024-36959,CVE-2024-38561, CVE-2024-36883, CVE-2024-36936, CVE-2024-38564,CVE-2024-38543, CVE-2024-36934, CVE-2024-35947, CVE-2024-38620)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   linux-image-6.8.0-1012-azure    6.8.0-1012.14   linux-image-6.8.0-1012-azure-fde  6.8.0-1012.14   linux-image-azure               6.8.0-1012.14   linux-image-azure-fde           6.8.0-1012.14After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6952-2   https://ubuntu.com/security/notices/USN-6952-1   CVE-2023-52882, CVE-2024-25742, CVE-2024-27394, CVE-2024-27395,   CVE-2024-27396, CVE-2024-27398, CVE-2024-27399, CVE-2024-27400,   CVE-2024-27401, CVE-2024-35846, CVE-2024-35847, CVE-2024-35848,   CVE-2024-35849, CVE-2024-35850, CVE-2024-35851, CVE-2024-35852,   CVE-2024-35853, CVE-2024-35854, CVE-2024-35855, CVE-2024-35856,   CVE-2024-35857, CVE-2024-35858, CVE-2024-35859, CVE-2024-35947,   CVE-2024-35949, CVE-2024-35983, CVE-2024-35984, CVE-2024-35986,   CVE-2024-35987, CVE-2024-35988, CVE-2024-35989, CVE-2024-35990,   CVE-2024-35991, CVE-2024-35992, CVE-2024-35993, CVE-2024-35994,   CVE-2024-35996, CVE-2024-35997, CVE-2024-35998, CVE-2024-35999,   CVE-2024-36000, CVE-2024-36001, CVE-2024-36002, CVE-2024-36003,   CVE-2024-36004, CVE-2024-36005, CVE-2024-36006, CVE-2024-36007,   CVE-2024-36008, CVE-2024-36009, CVE-2024-36011, CVE-2024-36012,   CVE-2024-36013, CVE-2024-36014, CVE-2024-36016, CVE-2024-36017,   CVE-2024-36028, CVE-2024-36029, CVE-2024-36030, CVE-2024-36031,   CVE-2024-36032, CVE-2024-36033, CVE-2024-36880, CVE-2024-36881,   CVE-2024-36882, CVE-2024-36883, CVE-2024-36884, CVE-2024-36886,   CVE-2024-36887, CVE-2024-36888, CVE-2024-36889, CVE-2024-36890,   CVE-2024-36891, CVE-2024-36892, CVE-2024-36893, CVE-2024-36894,   CVE-2024-36895, CVE-2024-36896, CVE-2024-36897, CVE-2024-36898,   CVE-2024-36899, CVE-2024-36900, CVE-2024-36901, CVE-2024-36902,   CVE-2024-36903, CVE-2024-36904, CVE-2024-36905, CVE-2024-36906,   CVE-2024-36908, CVE-2024-36909, CVE-2024-36910, CVE-2024-36911,   CVE-2024-36912, CVE-2024-36913, CVE-2024-36914, CVE-2024-36915,   CVE-2024-36916, CVE-2024-36917, CVE-2024-36918, CVE-2024-36919,   CVE-2024-36920, CVE-2024-36921, CVE-2024-36922, CVE-2024-36923,   CVE-2024-36924, CVE-2024-36925, CVE-2024-36926, CVE-2024-36927,   CVE-2024-36928, CVE-2024-36929, CVE-2024-36930, CVE-2024-36931,   CVE-2024-36932, CVE-2024-36933, CVE-2024-36934, CVE-2024-36935,   CVE-2024-36936, CVE-2024-36937, CVE-2024-36938, CVE-2024-36939,   CVE-2024-36940, CVE-2024-36941, CVE-2024-36943, CVE-2024-36944,   CVE-2024-36945, CVE-2024-36946, CVE-2024-36947, CVE-2024-36948,   CVE-2024-36949, CVE-2024-36950, CVE-2024-36951, CVE-2024-36952,   CVE-2024-36953, CVE-2024-36954, CVE-2024-36955, CVE-2024-36956,   CVE-2024-36957, CVE-2024-36958, CVE-2024-36959, CVE-2024-36960,   CVE-2024-36961, CVE-2024-36962, CVE-2024-36963, CVE-2024-36964,   CVE-2024-36965, CVE-2024-36966, CVE-2024-36967, CVE-2024-36968,   CVE-2024-36969, CVE-2024-36975, CVE-2024-36977, CVE-2024-36979,   CVE-2024-38538, CVE-2024-38539, CVE-2024-38540, CVE-2024-38541,   CVE-2024-38542, CVE-2024-38543, CVE-2024-38544, CVE-2024-38545,   CVE-2024-38546, CVE-2024-38547, CVE-2024-38548, CVE-2024-38549,   CVE-2024-38550, CVE-2024-38551, CVE-2024-38552, CVE-2024-38553,   CVE-2024-38554, CVE-2024-38555, CVE-2024-38556, CVE-2024-38557,   CVE-2024-38558, CVE-2024-38559, CVE-2024-38560, CVE-2024-38561,   CVE-2024-38562, CVE-2024-38563, CVE-2024-38564, CVE-2024-38565,   CVE-2024-38566, CVE-2024-38567, CVE-2024-38568, CVE-2024-38569,   CVE-2024-38570, CVE-2024-38571, CVE-2024-38572, CVE-2024-38573,   CVE-2024-38574, CVE-2024-38575, CVE-2024-38576, CVE-2024-38577,   CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38582,   CVE-2024-38583, CVE-2024-38584, CVE-2024-38585, CVE-2024-38586,   CVE-2024-38587, CVE-2024-38588, CVE-2024-38589, CVE-2024-38590,   CVE-2024-38591, CVE-2024-38592, CVE-2024-38593, CVE-2024-38594,   CVE-2024-38595, CVE-2024-38596, CVE-2024-38597, CVE-2024-38598,   CVE-2024-38599, CVE-2024-38600, CVE-2024-38601, CVE-2024-38602,   CVE-2024-38603, CVE-2024-38604, CVE-2024-38605, CVE-2024-38606,   CVE-2024-38607, CVE-2024-38610, CVE-2024-38611, CVE-2024-38612,   CVE-2024-38613, CVE-2024-38614, CVE-2024-38615, CVE-2024-38616,   CVE-2024-38617, CVE-2024-38620, CVE-2024-39482, CVE-2024-41011,   CVE-2024-42134Package Information:   https://launchpad.net/ubuntu/+source/linux-azure/6.8.0-1012.14

Ubuntu Security Notice USN-6952-2

Red Hat Security Advisory 2024-5316-03 - An update for krb5 is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5316.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: krb5 security updateAdvisory ID:        RHSA-2024:5316-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5316Issue date:         2024-08-14Revision:           03CVE Names:          CVE-2024-37370====================================================================Summary: An update for krb5 is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).Security Fix(es):* krb5: GSS message token handling (CVE-2024-37371)* krb5: GSS message token handling (CVE-2024-37370)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-37370References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2294676https://bugzilla.redhat.com/show_bug.cgi?id=2294677

Red Hat Security Advisory 2024-5316-03

Red Hat Security Advisory 2024-5315-03 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a bypass vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5315.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: open-vm-tools security updateAdvisory ID:        RHSA-2024:5315-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5315Issue date:         2024-08-14Revision:           03CVE Names:          CVE-2023-20900====================================================================Summary: An update for open-vm-tools is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.Security Fix(es):* open-vm-tools: SAML token signature bypass (CVE-2023-20900)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-20900References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2236542

Red Hat Security Advisory 2024-5315-03

Kortex version 1.0 suffers from an insecure direct object reference vulnerability.

**Kortex 1.0 Insecure Direct Object Reference**

Posted Aug 14, 2024

Authored by indoushka

Kortex version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | b5387d8bfce8e3033d7413641e3e9b7894ff5bafea17fd748b642abf24fa1ae8

Download | Favorite | View

**Kortex 1.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : Kortex v1.0 IDOR Vulnerability                                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.mayurik.com/source-code/P5339/best-free-law-office-management-software                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /control/data-table.php[+] https://www/ahmedshawki2110.freewebhostmost.com/control/data-table.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,399)
*   Arbitrary (16,878)
*   BBS (2,859)
*   Bypass (1,863)
*   CGI (1,033)
*   Code Execution (7,813)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,082)
*   Encryption (2,389)
*   Exploit (53,197)
*   File Inclusion (4,262)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (896)
*   Kernel (7,220)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,725)
*   Python (1,641)
*   Remote (31,657)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,027)
*   Shell (3,275)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,277)
*   SQL Injection (16,610)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,987)
*   Web (9,965)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,254)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,099)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,756)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,521)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,747)
*   UNIX (9,436)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Kortex 1.0 Insecure Direct Object Reference

Red Hat Security Advisory 2024-5314-03 - Red Hat OpenShift Virtualization release 4.13.10 is now available with updates to packages and images that fix several bugs and add enhancements.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5314.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: OpenShift Virtualization 4.13.10 Images security updateAdvisory ID:        RHSA-2024:5314-03Product:            OpenShift VirtualizationAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5314Issue date:         2024-08-14Revision:           03CVE Names:          CVE-2023-45857====================================================================Summary: Red Hat OpenShift Virtualization release 4.13.10 is now available with updates to packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.This advisory contains OpenShift Virtualization 4.13.10 images.Security Fix(es):* axios: exposure of confidential data stored in cookies (CVE-2023-45857)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45857References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2248979https://issues.redhat.com/browse/CNV-38482https://issues.redhat.com/browse/CNV-41951https://issues.redhat.com/browse/CNV-45277

Red Hat Security Advisory 2024-5314-03

Red Hat Security Advisory 2024-5312-03 - An update for krb5 is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5312.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: krb5 security updateAdvisory ID:        RHSA-2024:5312-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5312Issue date:         2024-08-14Revision:           03CVE Names:          CVE-2024-37370====================================================================Summary: An update for krb5 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).Security Fix(es):* krb5: GSS message token handling (CVE-2024-37371)* krb5: GSS message token handling (CVE-2024-37370)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-37370References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2294676https://bugzilla.redhat.com/show_bug.cgi?id=2294677

Red Hat Security Advisory 2024-5312-03

Red Hat Security Advisory 2024-5309-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5309.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python-urllib3 security updateAdvisory ID:        RHSA-2024:5309-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5309Issue date:         2024-08-14Revision:           03CVE Names:          CVE-2024-37891====================================================================Summary: An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.Security Fix(es):* urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-37891References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2292788

Red Hat Security Advisory 2024-5309-03

Red Hat Security Advisory 2024-5306-03 - An update for orc is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5306.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: orc security updateAdvisory ID:        RHSA-2024:5306-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5306Issue date:         2024-08-14Revision:           03CVE Names:          CVE-2024-40897====================================================================Summary: An update for orc is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data.  The \"language\" is a generic assembly language that represents many of the features available in SIMD architectures, including saturated addition and subtraction, and many arithmetic operations.Security Fix(es):* orc: Stack-based buffer overflow vulnerability in ORC (CVE-2024-40897)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-40897References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2300010

Red Hat Security Advisory 2024-5306-03

A coalition of law enforcement agencies coordinated by the U.K. National Crime Agency (NCA) has led to the arrest and extradition of a Belarussian and Ukrainian dual-national believed to be associated with Russian-speaking cybercrime groups.
Maksim Silnikau (aka Maksym Silnikov), 38, went by the online monikers J.P. Morgan, xxx, and lansky. He was extradited to the U.S. from Poland on August 9,

A coalition of law enforcement agencies coordinated by the U.K. National Crime Agency (NCA) has led to the arrest and extradition of a Belarussian and Ukrainian dual-national believed to be associated with Russian-speaking cybercrime groups.

Maksim Silnikau (aka Maksym Silnikov), 38, went by the online monikers J.P. Morgan, xxx, and lansky. He was extradited to the U.S. from Poland on August 9, 2024, to face charges related to international computer hacking and wire fraud schemes.

"J.P. Morgan and his associates are elite cyber criminals who practiced extreme operational and online security in an effort to avoid law enforcement detection," the NCA said in a statement.

These individuals, the agency said, were responsible for the development and distribution of ransomware strains such as Reveton and Ransom Cartel, as well as exploit kits like Angler. Reveton, introduced in 2011, has been described as the "first ever ransomware-as-a-service business model."

Victims of Reveton have been found to have received messages purporting to be from law enforcement, accusing them of downloading child abuse material and copyrighted programs and threatening them with large fines to avoid imprisonment and gain access to their locked devices.

The scam resulted in about $400,000 being extorted from victims every month from 2012 to 2014, with Angler infections accounting for an estimated annual turnover of around $34 million at its peak. As many as 100,000 devices are believed to have been targeted by the exploit kit.

Silnikau, alongside Volodymyr Kadariya and Andrei Tarasov, are said to have been involved in the distribution of Angler and for leveraging malvertising techniques from October 2013 through March 2022 to deliver malicious and scam content designed to trick users into providing their sensitive personal information.

The stolen information, such as banking information and login credentials, and access to the compromised devices were then offered for sale in Russian cybercrime forums on the dark web.

"Silnikau and his co-conspirators allegedly used malware and various online scams to target millions of unsuspecting internet users in the United States and around the world," FBI Deputy Director Paul Abbate said. "They hid behind online aliases and engaged in complex, far-reaching cyber fraud schemes to compromise victim devices and steal sensitive personal information."

The criminal scheme not only caused unsuspecting internet users to be forcibly redirected to malicious content on millions of occasions, but also defrauded and attempted to defraud various U.S.-based companies involved in the sale and distribution of legitimate online ads, the U.S. Justice Department (DoJ) said.

Prominent among the methods used to disseminate malware was the Angler Exploit Kit, which leveraged web-based vulnerabilities in web browsers and plugins to serve "scareware" ads that displayed warning messages claiming to have found a computer virus on victims' devices and then deceived them into downloading remote access trojans or disclosing personal identifying or financial information.

"For years, the conspirators tricked advertising companies into delivering their malvertising campaigns by using dozens of online personas and fictitious entities to pose as legitimate advertising companies," the DoJ said.

"They also developed and used sophisticated technologies and computer code to refine their malvertisements, malware, and computer infrastructure so as to conceal the malicious nature of their advertising."

A separate indictment from the Eastern District of Virginia also accused Silnikau of being the creator and administrator of the Ransom Cartel ransomware strain beginning in May 2021.

"On various occasions, Silnikau allegedly distributed information and tools to Ransom Cartel participants, including information about compromised computers, such as stolen credentials, and tools such as those designed to encrypt or 'lock' compromised computers," the DoJ noted.

"Silnikau also allegedly established and maintained a hidden website where he and his co-conspirators could monitor and control ransomware attacks; communicate with each other; communicate with victims, including sending and negotiating payment demands; and manage distribution of funds between co-conspirators."

Silnikau, Kadariya, and Tarasov have been charged with conspiracy to commit wire fraud, conspiracy to commit computer fraud, and two counts of substantive wire fraud. Silnikau has further been charged with conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud, conspiracy to commit access device fraud, and two counts each of wire fraud and aggravated identity theft.

If convicted on all counts, he faces more than 50 years in prison. Prior to his extradition, he was arrested from an apartment in Estepona, Spain in July 2023 as part of a coordinated effort between Spain, the U.K., and the U.S.

"Their impact goes far beyond the attacks they launched themselves," NCA Deputy Director Paul Foster said. "They essentially pioneered both the exploit kit and ransomware-as-a-service models, which have made it easier for people to become involved in cybercrime and continue to assist offenders."

"These are highly sophisticated cyber criminals who, for a number of years, were adept at masking their activity and identities."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Belarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime Charges

Simply relying on traditional password security measures is no longer sufficient. When it comes to protecting your organization from credential-based attacks, it is essential to lock down the basics first. Securing your Active Directory should be a priority – it is like making sure a house has a locked front door before investing in a high-end alarm system. Once the fundamentals are covered,

Password Security / Cyber Security

Simply relying on traditional password security measures is no longer sufficient. When it comes to protecting your organization from credential-based attacks, it is essential to lock down the basics first. Securing your Active Directory should be a priority – it is like making sure a house has a locked front door before investing in a high-end alarm system. Once the fundamentals are covered, look at how integrating external attack surface management (EASM) can significantly augment your password security, offering a robust shield against potential cyber threats and breaches.

**First Secure Your Active Directory**

IT administrators should not just adhere to the minimum password policy standards by including complexity mandates. To enhance Active Directory security, they should enforce a policy that prohibits users from generating feeble passwords and incorporate a tool to detect and block the use of compromised passwords. passwords and adding a solution that can check for the use of compromised passwords. Using a tool like Specops Password Policy enforces strong password practices and identifies password-related vulnerabilities, which is crucial for defending against credential-based attacks and other risks such as password reuse. Once these fundamentals are covered, EASM tools can further enhance security.

**What's EASM and how does it work?**

An EASM solution begins by identifying and cataloging all publicly accessible digital assets of an organization, including both known and unknown assets. Following this, the EASM tool scans these assets for vulnerabilities, scrutinizing configurations and identifying potential security risks. It then prioritizes these vulnerabilities based on their severity and the specific context of the organization, helping IT teams to address the most critical issues first.

Finally, EASM provides actionable recommendations for mitigating or correcting these vulnerabilities. This continuous monitoring and real-time feedback mechanism helps IT professionals maintain a secure and robust public-facing digital infrastructure.

**How does EASM augment password security?**

An IT admin might consider adding an EASM solution to improve their password security strategy for a few reasons. EASM can proactively monitor for leaked credentials, detect compromised accounts, and provide real-time alerts and notifications. This capability aids in investigating the source of breaches, understanding the context of leaked credentials, and identifying risky users who may need additional training.

Additionally, EASM assigns risk scores to leaked credentials, enabling the organization to prioritize its response and focus on addressing the most critical leaks first. This comprehensive approach helps mitigate the risks associated with credential leaks and strengthens your overall cybersecurity defenses in several ways.

1.  **Vulnerability detection and recommendations:** EASM solutions continuously monitors and assesses a company's publicly accessible digital assets to detect weak passwords, unencrypted passwords, and other password-related security flaws. Upon identifying vulnerabilities, EASM provides recommendations on how to address or mitigate these issues.
2.  **Dark web monitoring:** EASM integrates with Threat Intelligence sources to monitor the dark web for leaked credentials. This helps in identifying if any organizational credentials have been compromised and are available for purchase on underground forums.
3.  **Adding contextual information:** It provides contextual information about the origin and impact of credential leaks, which helps in understanding how the breach occurred, and the potential risks associated with it. This kind of information helps IT teams think about future sources of breaches instead of just firefighting existing leaks.
4.  **Identifying risky users:** EASM identifies users whose credentials are at risk or have been compromised, allowing IT teams to take specific actions such as forcing a password reset or enhancing monitoring on those accounts. It may also help identify end users who need a bit more training around password security.
5.  **Risk scoring:** It assigns risk scores to leaked or compromised credentials, which helps prioritize the response efforts based on the severity and potential impact of the leak. This is particularly useful in large organizations where there could be an extensive list of remediations.
6.  **Real-time alerts and remediation:** EASM is an ongoing process, so the solution can offer real-time alerts and remediation actions. This proactive approach lets organizations quickly respond to issues as they're identified.

**Augment your password security with EASM**

An organization can effectively combine a solution such as Specops Password Policy with an EASM tool to enhance its security measures. Specops Password Policy ensures the enforcement of strong password requirements and prevents the use of continuously checks an organization's Active Directory for compromised passwords, which minimizes the risk of credential-based attacks.

Meanwhile, you can actively monitor your organization's publicly accessible digital assets for vulnerabilities, identify sources of credential leaks, and get real-time alerts with a tool like Outpost24's EASM solution. By integrating password security management and EASM, an organization can achieve robust protection against credential-based attacks and effectively manage its external attack surface. This integration not only provides continuous monitoring but also proactive measures against credential leaks, ensuring a comprehensive approach to securing both the internal and external aspects of the organization's IT infrastructure.

By adding the capabilities of EASM to your existing password security solutions, you can proactively monitor for leaked credentials tied to your organization's domain, investigate the source of breaches, and target the right employees to educate them about the risks associated with credential leaks. This helps mitigate the potential impact of credential-based attacks and strengthens your overall cybersecurity defenses.

**Map your attack surface**

By understanding and implementing EASM strategies, organizations can fortify their defenses and ensure their sensitive information remains protected in an increasingly vulnerable digital landscape. See just how you can strengthen your organization's password security posture and bolster your defenses with Outpost24's EASM solution. Get a free attack surface analysis with actionable insights.

This combination with your existing password policies will provide you with the tools necessary for a more secure and resilient IT environment.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#vulnerability