Red Hat Security Advisory 2024-9056-03 - An update for gstreamer1-plugins-base is now available for Red Hat Enterprise Linux 8. Issues addressed include an integer overflow vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9056.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: gstreamer1-plugins-base security updateAdvisory ID:        RHSA-2024:9056-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9056Issue date:         2024-11-12Revision:           03CVE Names:          CVE-2024-4453====================================================================Summary: An update for gstreamer1-plugins-base is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins.Security Fix(es):* gstreamer: EXIF Metadata Parsing Integer Overflow (CVE-2024-4453)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-4453References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2282999

Red Hat Security Advisory 2024-9056-03

Red Hat Security Advisory 2024-9051-03 - An update for podman is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and traversal vulnerabilities.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9051.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: podman security updateAdvisory ID:        RHSA-2024:9051-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9051Issue date:         2024-11-12Revision:           03CVE Names:          CVE-2024-9407====================================================================Summary: An update for podman is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.Security Fix(es):* Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (CVE-2024-9407)* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)* Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (CVE-2024-9676)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9407References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2315887https://bugzilla.redhat.com/show_bug.cgi?id=2317458https://bugzilla.redhat.com/show_bug.cgi?id=2317467

Red Hat Security Advisory 2024-9051-03

Red Hat Security Advisory 2024-8969-03 - An update is now available for Red Hat Ansible Automation Platform Execution Environments.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8969.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat Ansible Automation Platform Execution Environments Container Release UpdateAdvisory ID:        RHSA-2024:8969-03Product:            Red Hat Ansible Automation PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8969Issue date:         2024-11-12Revision:           03CVE Names:          CVE-2024-8775====================================================================Summary: An update is now available for Red Hat Ansible Automation Platform Execution EnvironmentsDescription:Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.Security Fix(es):* ansible-core: Exposure of Sensitive Information in Ansible Vault Files Due to Improper Logging (CVE-2024-8775)* ansible-core: Ansible-core user may read/write unauthorized content (CVE-2024-9902)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Updates and fixes:* ansible-core has been updated to 2.16.13 (ee-minimal 2.16 stream)* ansible-core has been updated to 2.17.6 (ee-minimal 2.17 stream)* ansible-core 2.18.0 has been added (ee-minimal 2.18 stream)Solution:CVEs:CVE-2024-8775References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2312119https://bugzilla.redhat.com/show_bug.cgi?id=2318271

Red Hat Security Advisory 2024-8969-03

CISA should make its recommended goals mandatory and perform audits to ensure compliance.

Gary Barlet, Public Sector Chief Technology Officer, Illumio

November 12, 2024

5 Min Read

Source: Zoonar GmbH via Alamy Stock Photo

COMMENTARY  
Companies across the country are lining up to join the latest cybersecurity trend: the Cybersecurity and Infrastructure Security Agency's (CISA) Secure by Design pledge, a commitment aimed at software manufacturers that compels them to keep up with fundamental cybersecurity strategies. Companies such as Lenovo, Google, AWS, Cloudflare, and Microsoft have already signed on. 

On the face of it, the Secure by Design pledge is a good thing. Its seven goals each encourage manufacturers to adopt or increase the usage of a key cybersecurity strategy within one year. The goals, such as "implement multifactor authentication (MFA)" are worthy, if basic, and CISA encourages companies to document their progress. If they fall short, they are also encouraged to report that failure to CISA. 

The problem is that this pledge is entirely voluntary. Companies are free to sign it — or not — as they wish. And there's no regulatory compliance factored in. This means that if a company does sign the pledge and falls short of one or more goals, no one may ever know and no action will be taken. It will be as if the pledge never existed in the first place.   

Without teeth, the pledge is essentially worthless. Outside of highlighting the low-bar steps major companies should take to ensure their infrastructure is secured from the most common attacks (which, admittedly, is a good thing), it takes no steps to ensure that companies will actually do so. And it provides no repercussions if they fail.    

**Is the Honor System Good Enough?**

With data breaches up 72% in 2023 and the average cost of a breach estimated at $4.88 million, can we afford for our nation's technological infrastructure to be governed by the honor system? What happens when the next big cyberattack takes down a pillar of our society because the company responsible failed to implement MFA?  

I'd argue for a much more aggressive approach from our federal government. Given the potential for widespread disruptions inherent with any cybersecurity failure, we can't afford to take such a lax attitude toward securing our systems. The sanctity of our nation's airlines, power grids, and other critical infrastructure relies on stringent cybersecurity measures. Merely "suggesting" that companies institute basic protocols is not enough. We need to mandate it — and punish those who fail. 

**The EU's Higher Standard**

I look at the European Union's approach to setting standards for its electronic devices. In 2022,  the EU passed a law mandating electronics manufacturers move to a standardized charging port for their mobile devices. The EU's stance toward Apple, which famously used a proprietary Lightning charging port for its iPhones, was simply: Adapt or die. Apple adapted. As a result, iPhones in Europe are now sold with the standardized USB-C charging port, alongside every other mobile device. 

The EU did not fool around with vague suggestions or pledges. It saw the value to consumers of a standardized charging port and demanded that manufacturers make the change. Those that failed to comply were not allowed to sell their devices in Europe. Simple. Effective. 

You can also look closer to home, to California, for an example of this kind of confident action by the government. The government of California adopted the Zero Emissions Vehicle requirements in 1990, and has adjusted the rules over the ensuing decades as technology has evolved. The purpose was to protect the state's air from automotive pollution. The result has been a near industrywide reduction in auto emissions for the past 30 years. 

For vehicle manufacturers that want to sell cars in California, the largest economy in the United States, the equation was the same one facing Apple in the EU: Adapt or die. They could either engineer their vehicles to produce fewer emissions or simply not sell them in California. Most elected for the former option, and, as a result, automotive emission control technology has advanced further in the past 30 years than at any point since the automobile was introduced. 

**Adopting a Similar Approach**

To protect our cyber infrastructure, we need to adopt a similar approach. Instead of simply making recommendations, our nation's cybersecurity agency should be empowered to make regulations.  

CISA should begin by making its recommended goals mandatory, forcing software companies to do the following: 

●      Increase the use of MFA 

●      Reduce default passwords 

●      Enable a significant measurable reduction in the prevalence of one or more vulnerability classes 

●      Increase the installation of security patches by customers 

●      Publish a vulnerability disclosure policy 

●      Demonstrate transparency in vulnerability reporting. 

●      Increase the ability for customers to gather evidence of cybersecurity intrusions 

Next, CISA should perform audits to ensure compliance. Relying on companies to self-report is no different from giving them permission not to report. Look closely at CISA's list of pledgees and come back in a year to see how many of these vaunted companies will have willingly admitted they aren't taking the most basic steps toward protecting their users' data. 

Finally, CISA should be empowered to make a simple statement to software manufacturers that want to sell products in the US similar to what the EU said to electronics manufacturers and what California said to automobile manufacturers: Adapt or die. 

If you want to sell software in the US, you should have to follow basic principles that will ensure your software is safe. This should not be a "nice to have." It should be mandatory. The stakes are as high if not higher than with charging ports and automobile emissions. As we witnessed with the recent failure of cybersecurity software, the impact was felt across entire industries and resulted in billions of dollars in lost productivity. This is not a realm for timidity.    

Hi all -- please add this to all of your content at the bottom between now and Thursday -- I'm adding it to this week's news items now. Rashid, Fahmida Donahue, Jim Bracken, Becky Spiegelman, Karen Beek, Kristina

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 a.m. ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!

**About the Author**

Public Sector Chief Technology Officer, Illumio

Gary Barlet has nearly three decades of cloud, cybersecurity, and network experience in the US federal government leading security and IT teams in both civilian agencies and the Department of Defense (DoD). At Illumio, Gary works with government agencies, contractors, and the broader ecosystem to build in zero-trust segmentation as a strategic component of the government’s zero-trust architecture. Before joining Illumio, Gary served as the chief information officer at the Office of the Inspector General for the US Postal Service and served in the Air Force in several technology leadership capacities, retiring from his role as cyber operations officer.

The Power of the Purse: How to Ensure Security by Design

SlashNext researchers have discovered a new, sophisticated phishing tool GoIssue targeting GitHub developers. Learn about its capabilities, the…

SlashNext researchers have discovered a new, sophisticated phishing tool GoIssue targeting GitHub developers. Learn about its capabilities, the impact in case of successful attacks, and how to protect yourself from this growing threat.

Cybersecurity researchers at SlashNext have identified a new threat called GoIssue. This advanced tool, possibly linked to the GitLoker extortion campaign, enables attackers to carry out large-scale phishing attacks aimed at GitHub users.

According to SlashNext’s investigation, shared with Hackread.com ahead of publishing on Tuesday, GoIssue can also harvest email addresses from public GitHub profiles.

“At its core, the tool systematically harvests email addresses from public GitHub profiles, using automated processes and GitHub tokens to collect data based on various criteria – from organization memberships to stargazer lists,” the blog post read.

GoIssue is priced at $700 for a custom build or $3,000 for full source code access. The attackers can use it to execute complex, targeted campaigns against the GitHub developer community. They can harvest email addresses from public profiles and use them in mass phishing campaigns using fake notifications.

GoIssue ad – Screenshot: SlashNext

This means the impact of GoIssue-powered attacks could be broad. These campaigns could lead to a phishing page, malware download, or a rogue OAuth app authorization prompt, granting access to private repositories and data.

Not only can individual developers be compromised, but entire organizations can be at risk. Successful attacks could lead to source code theft, supply chain attacks, and corporate network breaches.

According to SlashNext’s **report**, Cyberluffy, a member of the GitLoker Team, has been linked to the GoIssue tool, which is believed to be an extension of the GitLoker campaign. The connection between GoIssue and the GitLoker campaign is a cause for serious concern. Both tools share a common target and employ similar tactics, suggesting a potential collaboration or evolution of the same threat actor. 

The Gitloker campaign refers to a recent series of cyberattacks targeting GitHub users, primarily focused on extortion. The attackers, known as “Gitloker” on Telegram, used various techniques, including phishing attacks, to compromise user accounts and sensitive data.

GitHub users should adopt best online security practices, such as strong password hygiene, enabling Two-Factor Authentication (**2FA**), being cautious of phishing emails, and regularly reviewing OAuth app permissions and revocation of unnecessary ones.

These measures help protect against potential compromises and ensure the safety of all users, including GitHub. By understanding the capabilities of GoIssue and the tactics employed by attackers, developers can take the necessary steps to protect themselves and their organizations from possible damage.

Jason Soroko, Senior Fellow at Sectigo weighed in on the situation calling out GoIssue as a major threat to not only GitHub but other developer platforms as well.

_“_The emergence of GoIssue signals a new era where developer platforms become high-stakes battlegrounds, and security defences must evolve rapidly to counteract this pervasive threat,_“_ explained Jason.

_“_By automating email address harvesting and executing large-scale, customized phishing campaigns, this tool enables attackers to exploit trusted developer environments,_“_ he warned. _“_As usual, the attacker’s goal is credential theft using OAuth-based repository hijacks. The bad guys know what they are doing. This is a high-impact attack mechanism that specifically preys on the trust and openness of the developer community._“_

New GitLoker-Linked GoIssue Tool Targets GitHub Users for Phishing

Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE)
The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the

New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration

Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users.
The program, first marketed by a threat actor named cyberdluffy (aka Cyber D' Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub

New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns

Romance Scammer Sentenced to 25 Years for Hostage-Taking. The Venezuelan national lured US citizens via online dating and…

Romance Scammer Sentenced to 25 Years for Hostage-Taking. The Venezuelan national lured US citizens via online dating and held them at knifepoint. Learn about the case and stay safe online.

A Venezuelan national, Deivy Jose Rodriguez Delgado, also known as “Sebastian,” has been sentenced to 25 years in prison for **online dating scams**, romance scams in particular, leading to a series of hostage situations targeting American citizens in the Dominican Republic.

Delgado, 30, exploited online dating platforms to bait his victims. Between July 5 and July 30, 2022, he used this tactic to kidnap three separate victims. In each case, Delgado picked up his victim, only to stop shortly after and allow an accomplice to enter the vehicle. The victims were then held at knifepoint, restrained, and threatened while Delgado and his accomplice demanded ransom payments.

Deivy Jose Rodriguez Delgado (Via DOJ)

According to a **press release** from the US Department of Justice (DOJ), Delgado forced his victims to contact family and friends, pleading for money to secure their release. He directed the ransom payments to online banking accounts, including a CashApp account. The victims were held captive for up to an hour, robbed of their belongings, and released only after Delgado believed the ransom had been paid.

Dominican authorities launched an investigation in August 2022, after receiving reports from multiple victims. They traced a vehicle used in one of the kidnappings back to Delgado, leading to his arrest on September 14, 2022. Two serrated knives, similar to those used in the crimes, were discovered during a search of the vehicle.

****Staying Safe Online****

This case shows the **risks of online dating**, where seemingly harmless interactions can lead to real-life dangers. When meeting someone from a dating app for the first time, prioritize safety by choosing public places and informing trusted contacts of your plans.

1.  Iranian hackers leak trove of Israeli LGBTQ dating app data
2.  AI-Powered Scams, Human Trafficking Fuel Global Cybercrime
3.  Dangers of Online Dating: Watch Out for Sweetheart Scammers
4.  Vulnerability in Bumble dating app risked data of 100 million users
5.  US military personnel defrauded into losing $822m through scams

Man Gets 25 Years for Online Dating Hostage Scams Targeting Americans

Threat actors with ties to the Democratic People's Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices.
Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built

North Korean Hackers Target macOS Using Flutter-Embedded Malware

Atlas Biomed, a DNA testing company that promised clients insights into their genetic disposition has suddenly disappeared.

A DNA testing company that promised clients insights into their genetic disposition has suddenly disappeared. The BBC reports it tried several methods to reach the company but failed in this effort.

London offices are closed, nobody answers the phone, and clients are no longer capable of accessing their online records. All the company’s social media accounts haven’t been updated since 2023 at the latest.

The atlasbiomed.com domain appears to be inactive. Customers were only able to look at their test results online, these were not downloadable, so now they are not only unable to see them, but they also have no idea what has happened to that data.

Although there is no evidence that any of the data has been misused, it is worrying to not know who now has access to the data, especially now that the investigation shows that there might be ties to Russia.

While four out of eight company officers have resigned, two of those that remain are listed at the same address in Moscow. That happens to be the same address as that of a Russian billionaire, who is described as a now resigned director.

DNA testing has become so commonplace that many people have blindly participated without truly understanding the implications. It has always been a problem to figure out who you could trust with your genetic data. For some people it’s their cheapest chance of finding out whether they are affected by some genetic disorder.

Since those early days, we’ve had several warnings about how submitting your genetic data can go sideways.

In 2018, MyHeritage suffered a security incident which exposed the email addresses and hashed passwords of 92 million users.

In 2020, Ancestry was acquired by investment firm Blackstone for $4.7 billion, which raised questions about the potential commercialization of genetic data and its transfer to new owners.

And the ongoing saga of what happened at 23andMe is the clearest example of why people would be hesitant to submit genetic data. In 2023, cybercriminals put up information belonging to as many as seven million 23andMe customers for sale on criminal forums following a credential stuffing attack against the genomics company.

Since then all board members have resigned, except for CEO Anne Wojcicki who has stood by her plans to take the company private, raising again the subject of what happens to customer genetic data when a company is sold.

Data breaches happen to the best companies. So, even if a company has good intentions, there is still a risk of your genetic data being linked to your personally identifiable information (PII). This makes the information a treasure trove for advertisers, insurance companies, and Big Pharma.

All of this makes it very understandable that customers of Atlas Biomed are worried about where their data might end up.

**Words of warning**

The UK regulator, the Information Commissioner’s Office (ICO) has confirmed it has received a complaint about Atlas Biomed, saying in a statement:

> “People have the right to expect that organizations will handle their personal information securely and responsibly.”

Unfortunately, we know that not all organizations will meet that expectation, so there are a few things you should keep in mind.

If you submit genetic material, research the company you want to trust with it thoroughly.

Only share the personal information you absolutely have to provide with the genetic testing company. Lie if you must and create a separate free email account so the information can’t be tied to your main account.

Make sure to familiarize yourself with the company’s privacy policy and opt out of sharing information where possible. Make sure to stay informed about any policy updates or changes from the company.

As a wise lady and one of my former editors once wrote:

> “Many a friend and family member have scoffed at my warnings to stay away from consumer DNA testing kits, remarking that they have nothing to hide or that there’s no harm in releasing their DNA into the hands of researchers. I honestly hope they’re right.
> 
> I hope they never have to fear having their health insurance ripped away because of pre-existing conditions or an increased risk of developing certain diseases. I hope they aren’t inundated with marketing emails about cancer-preventative nutrition or the best new medicines to prolong the onset of Alzheimer’s. I sincerely hope they’re never targeted by racial-profiling police officers, denied a job by a prejudiced employer or buried in paperwork after having their identity stolen by a hacker. And I fervently hope they’ll never have to hide their genetic profile from a government hell-bent on ridding its country of a certain ethnicity or race.”

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Latest News