Debian Linux Security Advisory 5775-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5775-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonSeptember 26, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-9120 CVE-2024-9121 CVE-2024-9122 CVE-2024-9123Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 129.0.6668.70-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmb1qSEACgkQZF0CR8NudjdJ1xAAwHCBuCBtp2ecK6dEPHkMkq5rb+kr907VAzDoH7xs7qLe95pf7oKoC4H4d2yvb57sb8uU6QlUX42GzfiE2cT6UaZXLigh4Fxi5x/uW4dwT5E6OHnEzugAbLsBj5k8VKevPrI0D7rqXQWtPfDCDdwMCkc2jmbzLdPIcTmkeU1+uyF6xzoCD12O/lQw+ybpyv1Y2om3VIxdDil6wAO+m3GILGrAeSkxs5AY8Etsy1zInhQlmJfgya+AV25egzm3w+rmx54zkea4RSLK75yLmWlMNGXLYSlX8jykSBdM+fFvLTmWbvOj4lI/4vBZPPcNW2DNRC+K4jwURSUyeJoq6zhCgebjXR1FfI4Ebehht/7Wrum+y6w97+liPtNj930oOywXNUZEy3r/5k6EEYiul7I2DHVo/y1GlsdSpdIz8dd1bN3H3vlBhJ2P62ZUVOLAzAsyfCJV6AEi8XSa64bcH2+qPn4J076PrXx9bX09Mmigafi3bDDFgCwktbF98FX+Bbfy46Hxnh5fheWmzEMErsLBpSxABJGL4yqVDiQgRX//FDdxF71i09jEbbQAlBxUtpve8FfMF3D2xEjufY4OU9NK75xfVu8sV7EWRgJT824Sbzz4M+FfvWe2aG1HBzbHFkPwHiavpFh3hAuTEq3zpf5C0a1+z3A4MuqQIuex/9bFsGQ==gfXn-----END PGP SIGNATURE-----

Debian Security Advisory 5775-1

Ubuntu Security Notice 7040-1 - It was discovered that ConfigObj contains regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue to cause a regular expression denial of service.

==========================================================================  
Ubuntu Security Notice USN-7040-1  
September 26, 2024

configobj vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

ConfigObj could be made to crash if it received specially crafted input.

Software Description:  
- configobj: simple but powerful config file reader and writer for Python

Details:

It was discovered that ConfigObj contains regex that is susceptible to  
catastrophic backtracking. An attacker could possibly use this issue to  
cause a regular expression denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
  python3-configobj               5.0.6-5ubuntu0.1

Ubuntu 20.04 LTS  
  python3-configobj               5.0.6-4ubuntu0.1

Ubuntu 18.04 LTS  
  python-configobj                5.0.6-2ubuntu0.18.04.1~esm1  
                                  Available with Ubuntu Pro  
  python3-configobj               5.0.6-2ubuntu0.18.04.1~esm1  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  python-configobj                5.0.6-2ubuntu0.16.04.1~esm1  
                                  Available with Ubuntu Pro  
  python3-configobj               5.0.6-2ubuntu0.16.04.1~esm1  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7040-1  
  CVE-2023-26112

Package Information:  
  https://launchpad.net/ubuntu/+source/configobj/5.0.6-5ubuntu0.1  
  https://launchpad.net/ubuntu/+source/configobj/5.0.6-4ubuntu0.1

Ubuntu Security Notice USN-7040-1

Simple Online Banking System version 1.0 suffers from an ignored default credential vulnerability.

    =============================================================================================================================================| # Title     : Simple Online Banking System v1.0 Insecure Settings Vulnerability                                                           || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/14868/banking-system-using-php-free-source-code.html                                     |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user = admin & pass = admin123[+] https://www/127.0.0.1/demo/site/loginGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Simple Online Banking System 1.0 Insecure Settings

As Superman has kryptonite, software has weaknesses — with misconfigurations leading the pack.

Mark Troester, Vice President of Strategy, Progress

September 27, 2024

4 Min Read

Source: Borka Kiss via Alamy Stock Photo

COMMENTARY

The convergence of rising cyber threats, advanced artificial intelligence (AI), remote work, and hybrid infrastructures presents significant cybersecurity challenges in today's IT landscape. As a result, it's necessary to make your endpoints, cloud infrastructure, and remote access channels more secure. As cyber adversaries adopt new tactics, organizations worldwide respond by expanding the use of continuous threat exposure management (CTEM) systems, investing in robust security solutions, and leveraging cross-functional collaboration to mitigate risks and safeguard digital assets effectively.

But like Superman has kryptonite, even the best software has weaknesses, with misconfigurations leading the pack.

Consider this: Microsoft research indicates that a staggering 80% of ransomware attacks can be attributed to common configuration errors in software and devices. 

Misconfigurations now hold an unenviable fifth place on the Open Worldwide Application Security Project Top 10 — a crucial vulnerability reference for the cybersecurity community. OWASP found 208,000 occurrences of common weakness enumeration (CWE) within 90% of applications tested for misconfiguration, highlighting the widespread nature of this vulnerability.

OWASP says, "Without a concerted, repeatable application security configuration process, systems are at a higher risk."

With this evidence, it's no wonder that organizations are paying more attention to "misconfigurations."

**Picture This ... **

You're sitting down with your morning cuppa and stories of a data leak hit the headlines. The company affected is a leading insurance firm, and the personal information of thousands of customers has been made available on the Internet for months. With a little research, you learn that the firm left several customer records unprotected on one of its clouds, making it easy for anyone to access this information through a simple SQL command. While digging through the tabloids you stumble upon the cause of such a tremendously ironic turn of events. Turns out, it was a simple misconfiguration error: The system administrator left the cloud open to the public since they missed updating the privacy settings and permissions for the cloud storage in question.

We learn that human errors, despite stringent protocols, are difficult to control and, consequentially, remove. The increasing complexity of distributed and component-based systems and common misunderstandings of system requirements and design will likely lead to more problems. While humans play a critical role in decision-making and monitoring systems, manual updates are no longer viable.

**So, What Can You Do About It?**

With all that's happening in cybersecurity, can you confidently say you have all your endpoints covered? And by all, I mean all — including the data on third-party systems. If your answer to this is yes, congratulations! You're doing better than most organizations in the world! But if your answer is no, I would like you to consider the following measures to improve the security of your systems: 

1.  Employ automation that extends DevOps from application delivery to IT operations to DevSecOps. Automation is the remedy that will help organizations avoid manual errors. It will allow employees to use their precious time for more important tasks while confirming that initial and ongoing configurations are error-free. By automating audits on configurations, you can create a repeatable system hardening process that will potentially save you a lot of time and money in the future. Automation will enable you to reduce human error, improve reliability, maintain consistency, and support collaboration across teams. It will also give all stakeholders visibility over the security posture of your IT estate.
    
2.  Use a policy-as-code approach to help frame your security and compliance policies or rules. Organizations can configure systems by encoding security rules in human-readable and machine-enforceable policies and continuously checking for and remediating drift. In fact, policy-as-code brings both configuration and compliance management into a single step. This removes the security silo and brings all stakeholders into a shared pipeline and framework, enabling collaboration among team members and allowing for security to be shifted left in the development process. The policy-as-code approach can help detect misconfigurations, increase efficiency and speed, and reduce the risk of production errors.
    

While there is a technical aspect to DevSecOps, there is also a human aspect that involves collaboration and planning. A multiprong approach that starts with collaboration across IT operations and security and compliance teams, while discussing the appropriate external and internal compliance requirements, is a critical starting point.

After understanding the configuration and policies, you can start with pre-packaged policies that align with standards such as the Center for Internet Security (CIS) Benchmarks and the Department of Defense Systems Agency-Security Technical Implementation Guides (DISA-STIG). Consider using an automated system to verify if your configurations are continuously accurate. This, in turn, will allow your organization to address complex and heterogeneous environments, including cloud-native public cloud services, Kubernetes configurations, and any on-premises or hybrid cloud workload.

**About the Author**

Vice President of Strategy, Progress

Mark Troester is the vice president of strategy at Progress. He helped guide the strategic go-to-market efforts for Progress before transitioning into a leadership role for the Progress Infrastructure Management division, which includes DevOps/DevSecOps, network management, network detection and response, and application delivery control offerings. Previously, he worked with both upstarts and stalwarts like Sonatype, SAS, and Progress DataDirect. Before these positions, Mark worked as a developer and developer manager for startups and enterprises alike. Mark has extensive speaking experience on topics at the intersection of business and technology, including industry events hosted by Gartner, Forrester, TDWI, and more.

Could Security Misconfigurations Become No. 1 in OWASP Top 10?

A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions.
"A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print

A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions.

"A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer)," security researcher Simone Margaritelli said.

CUPS is a standards-based, open-source printing system for Linux and other Unix-like operating systems, including ArchLinux, Debian, Fedora, Red Hat Enterprise Linux (RHEL), ChromeOS, FreeBSD, NetBSD, OpenBSD, openSUSE, and SUSE Linux.

The list of vulnerabilities is as follows -

*   **CVE-2024-47176** - cups-browsed <= 2.0.1 binds on UDP INADDR\_ANY:631 trusting any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker-controlled URL
*   **CVE-2024-47076** - libcupsfilters <= 2.1b1 cfGetPrinterAttributes5 does not validate or sanitize the IPP attributes returned from an IPP server, providing attacker-controlled data to the rest of the CUPS system
*   **CVE-2024-47175** - libppd <= 2.1b1 ppdCreatePPDFromIPP2 does not validate or sanitize the IPP attributes when writing them to a temporary PPD file, allowing the injection of attacker-controlled data in the resulting PPD
*   **CVE-2024-47177** - cups-filters <= 2.0.1 foomatic-rip allows arbitrary command execution via the FoomaticRIPCommandLine PPD parameter

A net consequence of these shortcomings is that they could be fashioned into an exploit chain that allows an attacker to create a malicious, fake printing device on a network-exposed Linux system running CUPS and trigger remote code execution upon sending a print job.

"The issue arises due to improper handling of 'New Printer Available' announcements in the 'cups-browsed' component, combined with poor validation by 'cups' of the information provided by a malicious printing resource," network security company Ontinue said.

"The vulnerability stems from inadequate validation of network data, allowing attackers to get the vulnerable system to install a malicious printer driver, and then send a print job to that driver triggering execution of the malicious code. The malicious code is executed with the privileges of the lp user – not the superuser 'root.'"

RHEL, in an advisory, said all versions of the operating system are affected by the four flaws, but noted that they are not vulnerable in their default configuration. It tagged the issues as Important in severity, given that the real-world impact is likely to be low.

"By chaining this group of vulnerabilities together, an attacker could potentially achieve remote code execution which could then lead to theft of sensitive data and/or damage to critical production systems," it said.

Cybersecurity firm Rapid7 pointed out that affected systems are exploitable, either from the public internet or across network segments, only if UDP port 631 is accessible and the vulnerable service is listening.

Palo Alto Networks has disclosed that none of its products and cloud services contain the aforementioned CUPS-related software packages, and therefore are not impacted by the flaws.

Patches for the vulnerabilities are currently being developed and are expected to be released in the coming days. Until then, it's advisable to disable and remove the cups-browsed service if it's not necessary, and block or restrict traffic to UDP port 631.

"It looks like the embargoed Linux unauth RCE vulnerabilities that have been touted as doomsday for Linux systems, may only affect a subset of systems," Benjamin Harris, CEO of WatchTowr, said in a statement shared with The Hacker News.

"Given this, while the vulnerabilities in terms of technical impact are serious, it is significantly less likely that desktop machines/workstations running CUPS are exposed to the Internet in the same manner or numbers that typical server editions of Linux would be."

Satnam Narang, senior staff research engineer at Tenable, said these vulnerabilities are not at a level of a Log4Shell or Heartbleed.

"The reality is that across a variety of software, be it open or closed source, there are a countless number of vulnerabilities that have yet to be discovered and disclosed," Narang said. "Security research is vital to this process and we can and should demand better of software vendors."

"For organizations that are honing in on these latest vulnerabilities, it's important to highlight that the flaws that are most impactful and concerning are the known vulnerabilities that continue to be exploited by advanced persistent threat groups with ties to nation states, as well as ransomware affiliates that are pilfering corporations for millions of dollars each year."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remaining_text leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-355v-2rjx-fpx7: Inefficient Regular Expression Complexity in langflow

As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection.
Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or “interactive intrusion” techniques is especially alarming.

How to Plan and Prepare for Penetration Testing

The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks.
The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent

The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks.

The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment, Microsoft said.

"Storm-0501 is a financially motivated cybercriminal group that uses commodity and open-source tools to conduct ransomware operations," according to the tech giant's threat intelligence team.

Active since 2021, the threat actor has a history of targeting education entities with Sabbath (54bb47h) ransomware before evolving into a ransomware-as-a-service (RaaS) affiliate delivering various ransomware payloads over the years, including Hive, BlackCat (ALPHV), Hunters International, LockBit, and Embargo ransomware.

A notable aspect of Storm-0501's attacks is the use of weak credentials and over-privileged accounts to move from organizations on-premises to cloud infrastructure.

Other initial access methods include using a foothold already established by access brokers like Storm-0249 and Storm-0900, or exploiting various known remote code execution vulnerabilities in unpatched internet-facing servers such as Zoho ManageEngine, Citrix NetScaler, and Adobe ColdFusion 2016.

The access afforded by any of the aforementioned approaches paves the way for extensive discovery operations to determine high-value assets, gather domain information, and perform Active Directory reconnaissance. This is followed by the deployment of remote monitoring and management tools (RMMs) like AnyDesk to maintain persistence.

"The threat actor took advantage of admin privileges on the local devices it compromised during initial access and attempted to gain access to more accounts within the network through several methods," Microsoft said.

"The threat actor primarily utilized Impacket's SecretsDump module, which extracts credentials over the network, and leveraged it across an extensive number of devices to obtain credentials."

The compromised credentials are then used to access even more devices and extract additional credentials, with the threat actor simultaneously accessing sensitive files to extract KeePass secrets and conducting brute-force attacks to obtain credentials for specific accounts.

Microsoft said it detected Storm-0501 employing Cobalt Strike to move laterally across the network using the compromised credentials and send follow-on commands. Data exfiltration from the on-premises environment is accomplished by using Rclone to transfer the data to the MegaSync public cloud storage service.

The threat actor has also been observed creating persistent backdoor access to the cloud environment and deploying ransomware to the on-premises, making it the latest threat actor to target hybrid cloud setups after Octo Tempest and Manatee Tempest.

"The threat actor used the credentials, specifically Microsoft Entra ID (formerly Azure AD), that were stolen from earlier in the attack to move laterally from the on-premises to the cloud environment and establish persistent access to the target network through a backdoor," Redmond said.

The pivot to the cloud is said to be accomplished either through a compromised Microsoft Entra Connect Sync user account or via cloud session hijacking of an on-premises user account that has a respective admin account in the cloud with multi-factor authentication (MFA) disabled.

The attack culminates with the deployment of Embargo ransomware across the victim organization upon obtaining sufficient control over the network, exfiltrating files of interest, and lateral movement to the cloud. Embargo is a Rust-based ransomware first discovered in May 2024.

"Operating under the RaaS model, the ransomware group behind Embargo allows affiliates like Storm-0501 to use its platform to launch attacks in exchange for a share of the ransom," Microsoft said.

"Embargo affiliates employ double extortion tactics, where they first encrypt a victim's files and threaten to leak stolen sensitive data unless a ransom is paid."

The disclosure comes as the DragonForce ransomware group has been targeting companies in manufacturing, real estate, and transportation sectors using a variant of the leaked LockBit3.0 builder and a modified version of Conti.

The attacks are characterized by the use of the SystemBC backdoor for persistence, Mimikatz and Cobalt Strike for credential harvesting, and Cobalt Strike for lateral movement. The U.S. accounts for more than 50% of the total victims, followed by the U.K. and Australia.

"The group employs double extortion tactics, encrypting data, and threatening leaks unless a ransom is paid," Singapore-headquartered Group-IB said. "The affiliate program, launched on 26 June 2024, offers 80% of the ransom to affiliates, along with tools for attack management and automation."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks

Cary, North Carolina, 27th September 2024, CyberNewsWire

**Cary, North Carolina, September 27th, 2024, CyberNewsWire**

INE, a global leader in networking and cybersecurity training and certifications, is proud to announce they have earned 14 awards in G2’s Fall 2024 Report, including “Fastest Implementation” and “Most Implementable,” which highlight INE’s superior performance relative to competitors. 

> “Best hands-on and real world scenario based curriculum,” raves small business user Satvik V. in a recent 5-star review. ”Their dedication towards improving the curriculum and providing the best learning experience is the best thing and I would rate 10/10.”

G2 calculates rankings using a proprietary algorithm sourced from verified reviews of actual product users and is a trusted review source for thousands of organizations around the world. Its recognition of INE’s strong performance in enterprise, small business, and global impact for technical training showcases the depth and breadth of INE’s online learning library. 

> **“**At INE, we are driven not just by our achievements, but by our mission to equip professionals and enterprises with the skills necessary to navigate the evolving cybersecurity landscape,” said Dara Warn, CEO of INE. “Our commitment goes beyond winning awards; it’s about forging a pathway that prepares our clients to face future challenges head-on. By consistently updating and expanding our training modules, we ensure that every course reflects the latest in technology and security practices. This approach helps us empower organizations across the globe to build a resilient, well-prepared workforce capable of turning potential threats into opportunities for growth and innovation.”

INE’s G2 Fall 2024 Report highlights include:

*   **Fastest Implementation**: Online Course Providers
*   **Most Implementable**: Online Course Providers
*   **Leader**: Europe, Asia, and Asia Pacific Online Course Providers
*   **High Performer**: India, Asia Technical Skills Development
*   **Small Business High Performer**: Asia Pacific Online Course Providers
*   **Small Business Leader**: Online Course Providers
*   **Enterprise Leader**: Online Course Providers
*   **Momentum Leader**: Online Course Providers
*   **Leader**: Online Course Providers
*   **Small Business High Performer**: Technical Skills Development
*   **High Performer**: Technical Skills Development

> “The flexibility to learn at one’s own pace, coupled with the ability to access a vast library of resources anytime, anywhere, makes INE an ideal platform for both students and professionals looking to advance their skills or transition into new tech roles,” writes Oussama E., another small business user. 

This fall, the prestigious SC Awards recognized INE Security, INE’s cybersecurity-specific training, as the **Best IT Security-Related Training Program**. This designation further underscores INE Security’s role as a frontrunner in cybersecurity training for businesses, providing the tools and knowledge essential for tackling today’s complex cyber threats.

Earlier this year, the Global InfoSec Awards presented INE Security with 4 awards at RSAC 2024, including: 

*   **Best Product – Cybersecurity Education for Enterprises**
*   **Most Innovative – Cybersecurity Education for SMBs**
*   **Publisher’s Choice – Cybersecurity Training**
*   **Cutting Edge – Cybersecurity Training Videos**

Combined, these accolades highlight INE’s leadership in delivering innovative and effective networking and cybersecurity education across various market segments, including enterprises and small to medium-sized businesses.

**About INE:** 

INE is the premier provider of online technical training for the IT industry. Harnessing the world’s most powerful hands-on lab platform, cutting-edge technology, global video distribution network, and world-class instructors, INE is the top training choice for Fortune 500 companies worldwide, and for IT professionals looking to advance their careers. INE’s suite of learning paths offers an incomparable depth of expertise across cybersecurity, cloud, networking, and data science. INE is committed to delivering the most advanced technical training on the planet, while also lowering the barriers worldwide for those looking to enter and excel in an IT career. 

**Contact**

**Director of Global Strategic Communications and Events**  
**Kathryn Brown**  
**INE Security**  
**\[email protected\]**

G2 Names INE 2024 Enterprise and Small Business Leader

A handful of Tesla’s electric pickup trucks are armed and ready for battle in the hands of Chechen forces fighting in Ukraine as part of Russia’s ongoing invasion. Can the EV take the heat?

The Greeks had their chariots. Patton had his tanks. Now, a handful of soldiers are riding into combat in one of the most unusual-looking vehicles in the history of warfare: an armed Cybertruck.

In a video posted to messaging platform Telegram last week, Ramzan Kadyrov, the leader of Russia’s Chechnya region, showed off a pair of Tesla’s distinctive boxy electric pickup trucks painted forest green and armed with what appear to be Soviet-era DShK 12.7 x 108 mm heavy machine guns—vehicles he claimed had been sent to fight alongside Russian forces taking part in the country’s ongoing invasion of Ukraine.

The footage shows the vehicles patrolling down a dirt road as part of a four-vehicle platoon, with several soldiers manning their weapons mounted on their truck beds and blasting airborne targets out of the sky.

“Mobility, convenience, maneuverability: such qualities of an electric vehicle are in great demand here,” Kadyrov wrote on Telegram.

The new footage came just over a month after Kadyrov published an initial video to Telegram showing off a Cybertruck armed with a Russian Kord 12.7 x 108 mm heavy machine gun. That Cybertruck, Kadyrov claimed in a separate Telegram post made the day before unveiling the fresh pair of vehicles, had recently been disabled “remotely” by Tesla chief Elon Musk, who had previously denied gifting the notorious warlord the vehicle in the first place, likely because it’s prohibited under US sanctions on Russia.

“This is not manly,” Kadyrov seethed on Telegram over the remote shutoff. (Tesla did not immediately respond to WIRED’s request for comment.)

It was only a matter of time before some enterprising combatant somewhere slapped a machine gun on a Cybertruck. Both regular militaries and irregular forces around the world have been whipping up “technicals”—or “nonstandard tactical vehicles” improvised from civilian rides—for more than a century. While the general concept of armored cars outfitted with firearms presaged the outbreak of World War I by at least a decade, the conflict accelerated their production and fielding—and, in moments of necessity, innovation. In one of the earliest documented manifestations of the technical, French navy lieutenant Maxime François Émile Destremau prepared a defense of the strategically important coaling station in the city of Papeete in Tahiti against a pair of German cruisers in September 1914 by tearing six 37 mm cannons off the warship under his command and mounting them on six Ford trucks to repel potential landing parties, according to the 2004 book _On Armor_. As long as the automobile has existed, so has the technical.

The technical as most defense observers know it, built on commercial flatbed pickup trucks like the rugged and reliable Toyota Hilux and Land Cruiser, became a fixture of modern irregular warfare during the so-called “Toyota War” of the 1980s that saw militia forces from Chad achieve a decisive victory over the Libyan military thanks to the superior mobility and maneuverability afforded by their lightweight vehicles. (Chadian forces discovered that, at an appropriately high speed, technicals could traverse open areas mined with Soviet-era munitions without risk of setting them off.)

Since then, technicals have become a fixture of conflicts like the US military campaigns in Afghanistan and Iraq, the Syrian and Libyan Civil Wars, and now the Russian invasion of Ukraine. And those conflicts continued to prompt a flurry of novel innovations when it comes to improvised fighting vehicles. Examples include Libyan militants mounting a S-5 rocket pod meant for an aircraft on the back of a truck and a Land Cruiser outfitted with a Russian-made 14.5 mm ZPU-2 antiaircraft gun that American soldiers traded two cans of chewing tobacco for to secure Hamid Karzai International Airport in Kabul during the US withdrawal from Afghanistan in 2021—the latter of which is now in a US military museum. (Does a DShK on a shopping cart count as a technical? That’s up for debate.)

All of those innovations open up the question: Will an armed Cybertruck actually make for a good technical on the battlefield?

Despite the many issues that have plagued the Cybertruck since its release, the vehicle isn’t necessarily the worst option. While the Cybertruck currently has a maximum range of 340 miles (or 500 miles with an extra battery pack)—well behind the roughly 570- to 700-mile range of the Hilux—the former is actually quicker, capable of accelerating up to 60 mph between 2.6 and 3.9 seconds, depending on the model, a noteworthy achievement given the vehicle’s size and weight.

In terms of safeguarding its occupants from external threats like small arms fire, the Cybertruck’s steel “exoskeleton” offers purportedly superior protection to that of the conventional pickup truck, a feature that Tesla has been quick to flaunt on promotional materials. Finally, the Cybertruck, as an electric vehicle, is freakishly quiet, offering an element of stealth that the US Defense Department in particular has eyed in recent years compared to other fossil-fuel-powered ground vehicles.

“There are some attributes that work,” David Tracy, a cofounder of the car website The Autopian and a former auto engineer, tells WIRED. “It’s off-road capable and has big 35-inch tires and good ground clearance. It has stainless steel panels that can take some amount of abuse. From a defense standpoint—as in, ‘How safe am I in the vehicle?’—if you were to take a stock Hilux or a stock Cybertruck, the Cybertruck would probably be the better choice in a firefight.”

If technicals are built for speed and maneuverability, then the Cybertruck “offers significant benefits over the Hilux,” Tracy says.

“It is absolutely, absurdly quick,” he says. “In a drag race between the two, the Hilux would be an ant in the Cybertruck’s rearview mirror. If you need speed and agility, and it isn’t necessarily going through rigorous off-roading or being fired upon regularly, then it could actually work fine.”

Despite these potential tactical benefits, defense analysts aren’t convinced the Cybertruck has a place on the modern battlefield. As retired Marine colonel Mark Cancian, a senior adviser at the Center for Strategic and International Studies think tank, tells WIRED, the armed vehicles flaunted by Kadyrov on Telegram “are totally cool and totally useless.”

“They are cool because they look like something out of a video game and portray Kadyrov as a sort of futuristic warlord,” Cancian tells WIRED in an email. “They are useless because they don't provide a new capability, except perhaps a bit of stealth.”

Indeed, the Cybertruck is not totally suited for hostile and chaotic environments like the front lines of the Russian invasion of Ukraine. First, the EV’s exoskeleton actually consists of steel panels attached to a standard “unibody” frame that’s more akin to the chassis of a conventional car rather than the “body-on-frame” design of most pickup trucks like the Hilux. This design, according to Motor Trend, makes the former a weaker and less resilient vehicle. Second, while the Cybertruck is certainly off-road capable, it’s still significantly heavier than Hilux, which can make maneuverability and traction on rough terrain a challenge. Third, while its armor portends to offer at least some additional coverage compared to the conventional pickup truck-based technical, the vehicle’s bulletproofing only appears to work with subsonic rounds like the .45 ACP ammo used in Tesla’s tests and not the ubiquitous NATO-standard 5.56 mm round or, say, a shot from a .50 caliber rifle. (Though, to be fair, aftermarket armor packages for the vehicle do exist.)

Beyond design and engineering challenges, there’s also the critical matter of maintenance and logistics, the lifeblood of any motorized conflict. As Tracy points out, the Cybertruck’s unique complexity and software-forward design (like the lack of a physical connection between steering wheel and wheels) means a distinct lack of spare parts and higher potential for catastrophic system failures, challenges that all but guarantee that the vehicle is unable to operate reliably and ensure consistent uptime—not necessarily ideal for troops whose lives may depend on them.

“Simplicity is everything; simplicity and parts availability,” Tracy says. “If you’re driving a complex vehicle and there’s a failure of some sort and you need someone to flash it with a computer, you’re hosed if you’re in the middle of nowhere. The beauty of the Hilux is that they’re very tough, for one, but they can be repaired with simple tools and fairly ubiquitous parts. The Cybertruck does not really make a whole lot of sense in that regard.”

“It’s great that it is safe in a crash and can take a bullet,” he adds. “But if you break a control arm and can’t get the part, it’s pretty useless.”

Plus, the Cybertruck’s reliance on charging stations would make a fleet of armed vehicles “likely impossible to support” in any sort of protracted conflict like that taking place in Ukraine, according to CSIS’s Cancian.

“I doubt there are garages or mechanics near the front lines who can fix these complex devices, which are so unlike the fossil fuel vehicles that the region is accustomed to,” he says. “Further, I doubt there are many recharging stations in the battle area. Unlike with fossil fuel vehicles, where the fuel can be brought to the vehicle if necessary, the Cybertrucks must go to the recharging point.”

How the Cybertruck will actually perform in a combat situation remains to be seen. But if the Kadyrov video is any indication, it’s only a matter of time before an armed Cybertrucks makes the transition from YouTube sensation to tried-and-true, battle-tested technical.

Latest News