Consumers are being swamped by Google ads claiming to be eBay's customer service.

Tech support scammers are targeting eBay customers in the U.S. via fraudulent Google ads. In a few separate searches, we were able to identify multiple Sponsored results that were created from at least four different advertiser accounts.

While most of those ads clearly looked fake, they appeared consistently and prominently enough to trick the inattentive user into a scam. Victims who clicked the ad were redirected to bogus websites prompting them to call for assistance, leading them straight into the scammer’s den.

We have reported the malicious ads to Google and are monitoring for similar campaigns targeting other brands.

**Flurry of ads**

A search for ‘_ebay phone number_‘ or ‘_ebay customer service_‘ from the U.S. using Google Chrome returned several ads that were entirely fraudulent. Upon closer inspection, we found that they were created from four separate advertiser accounts, some belonging to legitimate entities, some created from scratch.

The first ad shown in the screenshot above is the most deceiving of all since it uses eBay’s brand name, logo and website. While Google has strict rules about who may be allowed to do this (i.e. the owner, affiliates), scammers are able to still “comply” with the rule and yet be total crooks.

All they need to do is ensure the final URL (once you click the ad) is one the same domain or is a subdomain that matches the one shown in the ad. That’s the case here, as they are using _developer.ebay.com_. (part of eBay’s Developers Program Search) which can technically be claimed as belonging to _ebay.com_.

Yet, as you can see below, the destination URL is not what one would expect. It shows a search portal with a printed search result that has eBay’s customer service phone number (narrator: it is not).

This is a trick we’ve seen recently with various online platforms: you perform a calculated search query, even if you know no result will be found. What matters is that your search query will appear on screen, and will be used to fool people who see it. In the example above, the search query was for “_eBay.Customer-Service +1 (866) 409\[-\]9281_“.

The other ads redirect to fake websites or pages hosted on cloud providers such as BitBucket claiming to be eBay customer service. Once again, scammers make it clear and obvious that users should call the phone number displayed on screen.

**Keeping scammers at bay**

Calling any of those phone numbers is strongly discouraged, unless of course your favorite sport is scam baiting. The tried and tested “tech support scam” is one of the most costly type of crime for American consumers.

From call centres mostly located overseas, young people with a broken English accent will attempt to trick victims into giving them access to their computer or phone. The end goal is to steal as much money as they can, by requesting gift cards or by taking over people’s own bank accounts.

It is important to always double check before calling any phone number, especially if it came from an ad or an unsolicited email. In doubt, always visit the source, i.e. _ebay.com_ to access support via live chat or get their official number.

If you weren’t already, you may want to consider using a browser extension such as Malwarebytes Browser Guard. Not only does it block ads, it also detects phishing sites of various kinds.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

**Indicators of Compromise**

Fake pages

e-bays-24x7support-number\[.\]vercel\[.\]app  
developer\[.\]ebay\[.\]com  
e-bay24x7pluscaresupport\[.\]bitbucket\[.\]io  
upbay\[.\]online  
e-bay24x7customer\[.\]casterins\[.\]online  
e-bay24x7-customers-services-assist\[.\]onrender\[.\]com

Fraudulent phone numbers

1\[-\]866\[-\]409\[-\]9281  
1\[-\]833\[-\]714\[-\]3970  
1\[-\]805\[-\]372\[-\]1369

 Large eBay malvertising campaign leads to scams 

Attackers are triggering victims' deep-seated fear of getting in trouble in order to spread the sophisticated stealer across continents.

Source: Charles Walker Collection via Alamy Stock Photo

Hundreds of companies worldwide have been targeted with spear-phishing emails claiming copyright infringement that actually deliver an infostealer.

Starting in July, Check Point Research began to track the emails as they spread across the Americas, Europe, and Southeast Asia, coming from a new domain each time. Hundreds of its customers have been targeted, indicating that the real reach of the campaign may be far greater still.

The goal of the emails is to bait guilt-riddled victims into downloading Rhadamanthys, a sophisticated infostealer equally capable of pilfering nation-state intelligence or, in this case, cryptocurrency wallet passphrases.

**CopyR(ight)hadamantys**

No two emails in the campaign that researchers have dubbed "CopyR(ight)hadamantys" come from the same address, indicating that there must be some kind of automation behind their distribution. This automation proves awkward in some circumstances — like when an Israeli target receives an email almost entirely in Korean — and limits the emails' ability to realistically impersonate known brands.

Each one is made to seem as if it came from legal representatives of specific, known companies. Nearly 70% of those companies come from either technology — like Check Point itself — or from media and entertainment industries.

The profile of impersonated brands weaves in neatly with the story the attackers peddle: that recipients have posted some sort of content on social media that violated a copyright. "I assume everyone has done it to some degree in his life," says Sergey Shykevich, threat intelligence group manager at Check Point. "It just makes people hesitate and think, 'Oh, did I use some wrong image? Did I copy some text \[by accident\]?' Even if you didn't."

Recipients are asked to remove specific images and videos, the details of which are contained in a password-protected file. The file is actually a link that redirects the user to download an archive from Dropbox or Discord. The archive contains a decoy document, a legitimate executable, and a malicious dynamic link library (DLL) containing the Rhadamanthys stealer.

**What to Know About Rhadamanthys**

Rhadamanthys is a popular and accomplished information stealer. As Shykevich explains, "It's without any doubt the most sophisticated of those infostealers which are sold as commodity malware in the Dark Web. It's more expensive than other infostealers: Mostly you'll rent other infostealers from between $100 to $200. Rhadamanthys is more, around $1,000. It's much more modular, more obfuscated, and more complicated in how it's built: The way it loads itself, hides itself, all this makes detection much more complicated."

Among other features, the newest Rhadamanthys version 0.7 sports a slightly archaic machine-learning-based optical character recognition (OCR) component. It's hardly advanced artificial intelligence (AI) — it struggles with text in mixed colors, can't read handwriting, and only interprets the most popular fonts. Nonetheless, it helps the malware read data from static documents (like PDFs) and images.

In CopyR(ight)hadamantys, the OCR module comes loaded with a dictionary of 2,048 words associated with Bitcoin wallet protection codes. This might suggest that the attackers are after cryptocurrencies, which, if true, would also align with the campaign's broad targeting, characteristic of financially motivated campaigns. In recent months, Rhadamanthys has also been associated with nation-state threat actors like Iran's Void Manticore, and the pro-Palestine group "Handala."

**One Strange Stealth Feature**

Organizations looking to defend against CopyR(ight)hadamantys should start with phishing protections, but there's another quirk of the campaign worth noting as well.

After making landfall, the malicious DLL writes a significantly larger version of itself to the victim computer's Documents folder, which masquerades as a component of Firefox. This version of the file is functionally equivalent to the first. What makes it so much heavier is an "overlay" — useless data that serves two meta-functions. First, it changes the file's hash value, a common means by which antivirus programs identify malware.

Some antivirus programs also avoid scanning extra large files. "For example, they don't want to run files associated with games, with a huge number of gigabytes, because it makes for an intense load," Shykevich explains. By this logic, an otherwise uselessly larger Rhadamanthys file might improve its chances of avoiding detection. Though, he adds, "It's not extremely common because it's also not convenient for the attackers to deal with huge files. With some email solutions, you can't attach files more than 20MB, so you need to send the victim to some external resource. So it's a tactic, but it's not some crazy tactic that always works."

Organizations might want to sniff out at any particularly large files that employees may be downloading from emails. "It's not easy, because there are many reasons why some legitimate files will be big," he says. "But I think it's possible to implement some \[effective\] rules for what you can download."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Fake Copyright Infringement Emails Spread Rhadamanthys

Google Cloud will take a phased approach to make multifactor authentication mandatory for all users.

Source: Genius Studio via Adobe Stock Photo

In a bid to improve account security, Google will enforce mandatory multifactor authentication (MFA) for all Google Cloud users by the end of 2025. Currently, 70% of Google users have MFA enabled.

This requirement will apply to all Google Cloud users who currently use passwords for authentication and all new users; it will not apply to general consumer Google accounts. The company will begin the first phase of a year-long implementation this month.

*   In Phase 1, Google Cloud administrators will receive information on how to prepare for the transition. Phase 1 will raise awareness and provide materials to help plan a rollout and conduct testing.
    
*   Phase 2, to begin in early 2025, will require all new users and existing Google Cloud users who use passwords for authentication to enable MFA on their accounts. The notifications and guidance will be displayed in Google Cloud Console, Firebase Console, gCloud, and other platforms.
    
*   Phase 3, at the end of 2025, will require users who federate authentication into Google Cloud to turn on MFA. Users can enable MFA with their primary identity providers before accessing Google Cloud — or add an extra layer of MFA through the Google account.
    

"Beginning this month, you'll find helpful reminders and information in the Google Cloud console, including resources to help raise awareness, plan your rollout, conduct testing, and smoothly enable MFA for your users," the company said.

MFA adoption is one of the key recommendations in the Cybersecurity and Infrastructure Security Agency's (CISA) Secure By Design initiative. The shift to mandatory MFA is happening throughout the industry. In June, Amazon started requiring mandatory MFA for Amazon Web Services. Customers signing into the AWS Management Console with the root user of an AWS Organizations management account also had to start using MFA, which has since been extended to stand-alone accounts outside of AWS Organizations.

Mandatory MFA has also be adopted by Snowflake, which in July introduced an option to allow administrators to enforce mandatory MFA for all users. The following monty, Microsoft announced its rollout for Microsoft Azure. Microsoft's plan, similar to Google Cloud's, takes a phased approach. Phase 1 for Microsoft started last month, with MFA required to sign in to Azure portal, Microsoft Entra admin center, and Intune admin center. Phase 2, also beginning early next year, will gradually enforce MFA for Azure CLI (command-line interface), Azure PowerShell, Azure mobile app, and infrastructure-as-code tools.

While CISA has said that MFA means users are 99% less likely to be hacked, it is important to remember that MFA is not foolproof.

"Mandatory MFA is necessary but not sufficient for enterprise security," says Jasson Casey, CEO of Beyond Identity. "This is because MFA is not created equal and doesn't offer the same level of security assurances."

MFA and two-factor authentication has been in use in some shape or form for more than 20 years, and attackers have had time to innovate against it, said Kris Bondi, CEO and co-founder of Mimoto, in an emailed statement. Threat actors are increasingly launching phishing operations that can bypass legacy MFA, which is why the National Institute of Standards and Technology and CISA have urged adopting phishing-resistant MFA.

Google Cloud to Enforce MFA on Accounts in 2025

Gentoo Linux Security Advisory 202411-5 - Multiple vulnerabilities have been discovered in libgit2, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 1.7.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202411-05  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: libgit2: Multiple Vulnerabilities  
     Date: November 06, 2024  
     Bugs: #891525, #923971  
       ID: 202411-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in libgit2, the worst of  
which could lead to arbitrary code execution.

Background  
==========

libgit2 is a portable, pure C implementation of the Git core methods  
provided as a re-entrant linkable library with a solid API, allowing you  
to write native speed custom Git applications in any language that  
supports C bindings.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
dev-libs/libgit2  < 1.7.2       >= 1.7.2

Description  
===========

Multiple vulnerabilities have been discovered in libgit2. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All libgit2 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-libs/libgit2-1.7.2"

References  
==========

[ 1 ] CVE-2023-22742  
      https://nvd.nist.gov/vuln/detail/CVE-2023-22742

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202411-05

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202411-05

Gentoo Linux Security Advisory 202411-4 - A vulnerability has been discovered in EditorConfig Core C library, which may lead to arbitrary code execution. Versions greater than or equal to 0.12.6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202411-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: EditorConfig core C library: arbitrary stack write  
     Date: November 06, 2024  
     Bugs: #905308  
       ID: 202411-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in EditorConfig Core C library,  
which may lead to arbitrary code execution.

Background  
==========

EditorConfig core library written in C (for use by plugins supporting  
EditorConfig parsing)

Affected packages  
=================

Package                       Vulnerable    Unaffected  
----------------------------  ------------  ------------  
app-text/editorconfig-core-c  < 0.12.6      >= 0.12.6

Description  
===========

A vulnerability has been discovered in EditorConfig Core C library.  
Please review the CVE identifier referenced below for details.

Impact  
======

Please review the referenced CVE identifier for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All EditorConfig core C library users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-text/editorconfig-core-c-0.12.6"

References  
==========

[ 1 ] CVE-2023-0341  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0341

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202411-04

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202411-04

Gentoo Linux Security Advisory 202411-3 - A vulnerability has been discovered in Ubiquiti UniFi, which can lead to local privilege escalation. Versions greater than or equal to 8.5.6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202411-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Ubiquiti UniFi: Privilege Escalation  
     Date: November 06, 2024  
     Bugs: #941922  
       ID: 202411-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Ubiquiti UniFi, which can lead to  
local privilege escalation.

Background  
==========

Ubiquiti UniFi is a Management Controller for Ubiquiti Networks UniFi  
APs.

Affected packages  
=================

Package             Vulnerable    Unaffected  
------------------  ------------  ------------  
net-wireless/unifi  < 8.5.6       >= 8.5.6

Description  
===========

A vulnerability has been discovered in Ubiquiti UniFi. Please review the  
CVE identifier referenced below for details.

Impact  
======

The vulnerability allows a malicious actor with a local operational  
system user to execute high privilege actions on UniFi Network Server.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Ubiquiti UniFi users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-wireless/unifi-8.5.6"

References  
==========

[ 1 ] CVE-2024-42028  
      https://nvd.nist.gov/vuln/detail/CVE-2024-42028

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202411-03

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202411-03

Gentoo Linux Security Advisory 202411-2 - A vulnerability has been discovered in Flatpak, which can lead to a sandbox escape. Versions greater than or equal to 1.4.10 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202411-02  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Flatpak: Sandbox Escape  
     Date: November 06, 2024  
     Bugs: #937936  
       ID: 202411-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Flatpak, which can lead to a  
sandbox escape.

Background  
==========

Flatpak is a Linux application sandboxing and distribution framework.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
sys-apps/flatpak  < 1.4.10      >= 1.4.10

Description  
===========

A vulnerability has been discovered in Flatpak. Please review the CVE  
identifier referenced below for details.

Impact  
======

A malicious or compromised Flatpak app using persistent directories  
could  
read and write files in locations it would not normally have access to.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Flatpak users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-apps/flatpak-1.4.10"

References  
==========

[ 1 ] CVE-2024-42472  
      https://nvd.nist.gov/vuln/detail/CVE-2024-42472

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202411-02

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202411-02

Ubuntu Security Notice 7088-3 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7088-3November 06, 2024linux-aws-5.4, linux-oracle-5.4 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems- linux-oracle-5.4: Linux kernel for Oracle Cloud systemsDetails:Ziming Zhang discovered that the VMware Virtual GPU DRM driver in theLinux kernel contained an integer overflow vulnerability. A localattacker could use this to cause a denial of service (system crash).(CVE-2022-36402)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM64 architecture;  - PowerPC architecture;  - User-Mode Linux (UML);  - x86 architecture;  - Block layer subsystem;  - Cryptographic API;  - Android drivers;  - Serial ATA and Parallel ATA drivers;  - ATM drivers;  - Drivers core;  - CPU frequency scaling framework;  - Device frequency scaling framework;  - GPU drivers;  - HID subsystem;  - Hardware monitoring drivers;  - InfiniBand drivers;  - Input Device core drivers;  - Input Device (Miscellaneous) drivers;  - IOMMU subsystem;  - IRQ chip drivers;  - ISDN/mISDN subsystem;  - LED subsystem;  - Multiple devices driver;  - Media drivers;  - EEPROM drivers;  - VMware VMCI Driver;  - MMC subsystem;  - Network drivers;  - Near Field Communication (NFC) drivers;  - NVME drivers;  - Device tree and open firmware driver;  - Parport drivers;  - PCI subsystem;  - Pin controllers subsystem;  - Remote Processor subsystem;  - S/390 drivers;  - SCSI drivers;  - QCOM SoC drivers;  - Direct Digital Synthesis drivers;  - TTY drivers;  - Userspace I/O drivers;  - DesignWare USB3 driver;  - USB Gadget drivers;  - USB Serial drivers;  - BTRFS file system;  - File systems infrastructure;  - Ext4 file system;  - F2FS file system;  - JFS file system;  - NILFS2 file system;  - BPF subsystem;  - Core kernel;  - DMA mapping infrastructure;  - Tracing infrastructure;  - Radix Tree data structure library;  - Kernel userspace event delivery library;  - Objagg library;  - Memory management;  - Amateur Radio drivers;  - Bluetooth subsystem;  - CAN network layer;  - Networking core;  - Ethtool driver;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - KCM (Kernel Connection Multiplexor) sockets driver;  - MAC80211 subsystem;  - Netfilter;  - Network traffic control;  - SCTP protocol;  - Sun RPC protocol;  - TIPC protocol;  - TLS protocol;  - Wireless networking;  - AppArmor security module;  - Simplified Mandatory Access Control Kernel framework;  - SoC audio core drivers;  - USB sound devices;(CVE-2021-47212, CVE-2024-44965, CVE-2024-46676, CVE-2024-41091,CVE-2024-44946, CVE-2024-43894, CVE-2024-26668, CVE-2024-42259,CVE-2024-42295, CVE-2024-46685, CVE-2024-46722, CVE-2024-45028,CVE-2024-46815, CVE-2024-41081, CVE-2024-41022, CVE-2024-44948,CVE-2024-42301, CVE-2024-43914, CVE-2024-46771, CVE-2024-42289,CVE-2024-43841, CVE-2024-41042, CVE-2024-44999, CVE-2024-43893,CVE-2024-46758, CVE-2024-46828, CVE-2024-36484, CVE-2024-26669,CVE-2024-44952, CVE-2024-42265, CVE-2024-42311, CVE-2024-43880,CVE-2024-41070, CVE-2024-46829, CVE-2024-42292, CVE-2024-46719,CVE-2024-41020, CVE-2024-41015, CVE-2024-42283, CVE-2024-46744,CVE-2024-46679, CVE-2024-46800, CVE-2024-46777, CVE-2024-43835,CVE-2024-42271, CVE-2024-43882, CVE-2024-41072, CVE-2024-35848,CVE-2024-43860, CVE-2024-38611, CVE-2024-26607, CVE-2024-47663,CVE-2024-46780, CVE-2024-46675, CVE-2024-45003, CVE-2024-44969,CVE-2024-42244, CVE-2024-43856, CVE-2024-46755, CVE-2024-42286,CVE-2024-41063, CVE-2024-41068, CVE-2024-46743, CVE-2024-43839,CVE-2024-41065, CVE-2023-52531, CVE-2024-41090, CVE-2024-46747,CVE-2023-52614, CVE-2024-43853, CVE-2024-46737, CVE-2024-45021,CVE-2024-41012, CVE-2024-41064, CVE-2024-26800, CVE-2024-42246,CVE-2024-43908, CVE-2024-46723, CVE-2024-42310, CVE-2024-46781,CVE-2023-52918, CVE-2024-42313, CVE-2024-45006, CVE-2024-43890,CVE-2024-44954, CVE-2024-43858, CVE-2024-41098, CVE-2024-41071,CVE-2024-26641, CVE-2024-42280, CVE-2024-46673, CVE-2024-43846,CVE-2024-46721, CVE-2024-47667, CVE-2024-26885, CVE-2024-42304,CVE-2024-46745, CVE-2024-26640, CVE-2024-43861, CVE-2024-42287,CVE-2024-44998, CVE-2024-40929, CVE-2024-41073, CVE-2024-46689,CVE-2024-44944, CVE-2024-46756, CVE-2024-42305, CVE-2024-42284,CVE-2024-42281, CVE-2024-42288, CVE-2024-41011, CVE-2024-47668,CVE-2024-43830, CVE-2024-46740, CVE-2024-46677, CVE-2024-43867,CVE-2024-46783, CVE-2024-46844, CVE-2024-43854, CVE-2024-42297,CVE-2024-46738, CVE-2024-46739, CVE-2024-44947, CVE-2024-43883,CVE-2024-43884, CVE-2024-46798, CVE-2024-46757, CVE-2024-43879,CVE-2024-47659, CVE-2024-46817, CVE-2024-45008, CVE-2024-47669,CVE-2024-43871, CVE-2024-44960, CVE-2024-27051, CVE-2024-44988,CVE-2024-46840, CVE-2024-41059, CVE-2024-46822, CVE-2024-42276,CVE-2024-45026, CVE-2024-46761, CVE-2024-44995, CVE-2024-44987,CVE-2024-26891, CVE-2024-46782, CVE-2024-42309, CVE-2024-42131,CVE-2024-46759, CVE-2024-42229, CVE-2024-46714, CVE-2024-42290,CVE-2024-44935, CVE-2024-42285, CVE-2024-38602, CVE-2024-43829,CVE-2024-42306, CVE-2024-41017, CVE-2024-45025, CVE-2024-46818,CVE-2024-46750)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  linux-image-5.4.0-1134-oracle   5.4.0-1134.143~18.04.1          Available with Ubuntu Pro  linux-image-5.4.0-1135-aws      5.4.0-1135.145~18.04.1          Available with Ubuntu Pro  linux-image-aws                 5.4.0.1135.145~18.04.1          Available with Ubuntu Pro  linux-image-oracle              5.4.0.1134.143~18.04.1          Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7088-3  https://ubuntu.com/security/notices/USN-7088-2  https://ubuntu.com/security/notices/USN-7088-1  CVE-2021-47212, CVE-2022-36402, CVE-2023-52531, CVE-2023-52614,  CVE-2023-52918, CVE-2024-26607, CVE-2024-26640, CVE-2024-26641,  CVE-2024-26668, CVE-2024-26669, CVE-2024-26800, CVE-2024-26885,  CVE-2024-26891, CVE-2024-27051, CVE-2024-35848, CVE-2024-36484,  CVE-2024-38602, CVE-2024-38611, CVE-2024-40929, CVE-2024-41011,  CVE-2024-41012, CVE-2024-41015, CVE-2024-41017, CVE-2024-41020,  CVE-2024-41022, CVE-2024-41042, CVE-2024-41059, CVE-2024-41063,  CVE-2024-41064, CVE-2024-41065, CVE-2024-41068, CVE-2024-41070,  CVE-2024-41071, CVE-2024-41072, CVE-2024-41073, CVE-2024-41081,  CVE-2024-41090, CVE-2024-41091, CVE-2024-41098, CVE-2024-42131,  CVE-2024-42229, CVE-2024-42244, CVE-2024-42246, CVE-2024-42259,  CVE-2024-42265, CVE-2024-42271, CVE-2024-42276, CVE-2024-42280,  CVE-2024-42281, CVE-2024-42283, CVE-2024-42284, CVE-2024-42285,  CVE-2024-42286, CVE-2024-42287, CVE-2024-42288, CVE-2024-42289,  CVE-2024-42290, CVE-2024-42292, CVE-2024-42295, CVE-2024-42297,  CVE-2024-42301, CVE-2024-42304, CVE-2024-42305, CVE-2024-42306,  CVE-2024-42309, CVE-2024-42310, CVE-2024-42311, CVE-2024-42313,  CVE-2024-43829, CVE-2024-43830, CVE-2024-43835, CVE-2024-43839,  CVE-2024-43841, CVE-2024-43846, CVE-2024-43853, CVE-2024-43854,  CVE-2024-43856, CVE-2024-43858, CVE-2024-43860, CVE-2024-43861,  CVE-2024-43867, CVE-2024-43871, CVE-2024-43879, CVE-2024-43880,  CVE-2024-43882, CVE-2024-43883, CVE-2024-43884, CVE-2024-43890,  CVE-2024-43893, CVE-2024-43894, CVE-2024-43908, CVE-2024-43914,  CVE-2024-44935, CVE-2024-44944, CVE-2024-44946, CVE-2024-44947,  CVE-2024-44948, CVE-2024-44952, CVE-2024-44954, CVE-2024-44960,  CVE-2024-44965, CVE-2024-44969, CVE-2024-44987, CVE-2024-44988,  CVE-2024-44995, CVE-2024-44998, CVE-2024-44999, CVE-2024-45003,  CVE-2024-45006, CVE-2024-45008, CVE-2024-45021, CVE-2024-45025,  CVE-2024-45026, CVE-2024-45028, CVE-2024-46673, CVE-2024-46675,  CVE-2024-46676, CVE-2024-46677, CVE-2024-46679, CVE-2024-46685,  CVE-2024-46689, CVE-2024-46714, CVE-2024-46719, CVE-2024-46721,  CVE-2024-46722, CVE-2024-46723, CVE-2024-46737, CVE-2024-46738,  CVE-2024-46739, CVE-2024-46740, CVE-2024-46743, CVE-2024-46744,  CVE-2024-46745, CVE-2024-46747, CVE-2024-46750, CVE-2024-46755,  CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759,  CVE-2024-46761, CVE-2024-46771, CVE-2024-46777, CVE-2024-46780,  CVE-2024-46781, CVE-2024-46782, CVE-2024-46783, CVE-2024-46798,  CVE-2024-46800, CVE-2024-46815, CVE-2024-46817, CVE-2024-46818,  CVE-2024-46822, CVE-2024-46828, CVE-2024-46829, CVE-2024-46840,  CVE-2024-46844, CVE-2024-47659, CVE-2024-47663, CVE-2024-47667,  CVE-2024-47668, CVE-2024-47669

Ubuntu Security Notice USN-7088-3

Gentoo Linux Security Advisory 202411-1 - A vulnerability has been discovered in Neat VNC, which can lead to authentication bypass. Versions greater than or equal to 0.8.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202411-01  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Neat VNC: Authentication Bypass  
     Date: November 06, 2024  
     Bugs: #937140  
       ID: 202411-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Neat VNC, which can lead to  
authentication bypass.

Background  
==========

Neat VNC is a liberally licensed VNC server library that's intended to  
be fast and neat.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
gui-libs/neatvnc  < 0.8.1       >= 0.8.1

Description  
===========

Neat VNC allows remote attackers to bypass authentication via a request  
in which the client specifies an insecure security type such as "Type 1  
- None", which is accepted even if it is not offered by the server, as  
originally demonstrated using a long password.

Impact  
======

A remote attacker can opt not to use any authentication method and  
access the VNC server.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Neat VNC users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=gui-libs/neatvnc-0.8.1"

References  
==========

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202411-01

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202411-01

Red Hat Security Advisory 2024-8686-03 - Red Hat OpenShift Container Platform release 4.16.20 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8686.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.16.20 packages and security update  
Advisory ID:        RHSA-2024:8686-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8686  
Issue date:         2024-11-06  
Revision:           03  
CVE Names:          CVE-2024-9675  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.16.20 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.16.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.16.20. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:8683

Security Fix(es):

* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)  
* Podman: Buildah: CRI-O: symlink traversal vulnerability in the  
containers/storage library can cause Denial of Service (DoS)  
(CVE-2024-9676)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.16/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.16/release_notes/ocp-4-16-release-notes.html

CVEs:

CVE-2024-9675

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2317458  
https://bugzilla.redhat.com/show_bug.cgi?id=2317467

Tag

#web