Red Hat Security Advisory 2024-4083-03 - An update for git is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4083.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: git security update  
Advisory ID:        RHSA-2024:4083-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4083  
Issue date:         2024-06-25  
Revision:           03  
CVE Names:          CVE-2024-32002  
====================================================================

Summary: 

An update for git is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Security Fix(es):

* git: Recursive clones RCE (CVE-2024-32002)

* git: RCE while cloning local repos (CVE-2024-32004)

* git: additional local RCE (CVE-2024-32465)

* git: insecure hardlinks (CVE-2024-32020)

* git: symlink bypass (CVE-2024-32021)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-32002

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2280421  
https://bugzilla.redhat.com/show_bug.cgi?id=2280428  
https://bugzilla.redhat.com/show_bug.cgi?id=2280446  
https://bugzilla.redhat.com/show_bug.cgi?id=2280466  
https://bugzilla.redhat.com/show_bug.cgi?id=2280484

Red Hat Security Advisory 2024-4083-03

Red Hat Security Advisory 2024-4081-03 - An update for the quarkus-mandrel-java and quarkus-mandrel-23 packages is now available for the Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4081.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: [23.0] Security update for the 23.0 release (RPMs)Advisory ID:        RHSA-2024:4081-03Product:            Red Hat build of QuarkusAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4081Issue date:         2024-06-25Revision:           03CVE Names:          CVE-2024-20954====================================================================Summary: An update for the quarkus-mandrel-java and quarkus-mandrel-23 packages is now available for the Red Hat build of Quarkus.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:The quarkus-mandrel-java and quarkus-mandrel-23 packages provide the GraalVM installation for the quarkus/mandrel-23-rhel8:23.0 container image on top of the latest release of OpenJDK 17.0.11.Security Fix(es):* org.graalvm.compiler/compiler: graalvm: Unauthorized Read Access(CVE-2024-20954)* org.graalvm.compiler/compiler: graalvm: unauthorized ability to cause a partial denial of service(CVE-2024-21098)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-20954References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2278636https://bugzilla.redhat.com/show_bug.cgi?id=2278674

Red Hat Security Advisory 2024-4081-03

Red Hat Security Advisory 2024-4079-03 - An update for the quarkus-mandrel-java and quarkus-mandrel-231 packages is now available for the Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4079.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: [23.1] Security update for the 23.1 release (RPMs)Advisory ID:        RHSA-2024:4079-03Product:            Red Hat build of QuarkusAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4079Issue date:         2024-06-25Revision:           03CVE Names:          CVE-2024-20954====================================================================Summary: An update for the quarkus-mandrel-java and quarkus-mandrel-231 packages isnow available for the Red Hat build of Quarkus.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:The quarkus-mandrel-java and quarkus-mandrel-231 packages provide theGraalVM installation for the quarkus/mandrel-for-jdk-21-rhel8:23.1 container image on top of the latest release of OpenJDK 21.0.3.Security Fix(es):* org.graalvm.compiler/compiler: graalvm: Unauthorized Read Access(CVE-2024-20954)* org.graalvm.compiler/compiler: graalvm: unauthorized ability to cause a partial denial of service(CVE-2024-21098)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-20954References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2278636https://bugzilla.redhat.com/show_bug.cgi?id=2278674

Red Hat Security Advisory 2024-4079-03

Red Hat Security Advisory 2024-4078-03 - An update for python3.9 is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and traversal vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4078.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python3.9 security updateAdvisory ID:        RHSA-2024:4078-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4078Issue date:         2024-06-25Revision:           03CVE Names:          CVE-2023-6597====================================================================Summary: An update for python3.9 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)* python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6597References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2276518https://bugzilla.redhat.com/show_bug.cgi?id=2276525

Red Hat Security Advisory 2024-4078-03

Red Hat Security Advisory 2024-4077-03 - An update for python3.11 is now available for Red Hat Enterprise Linux 9. Issues addressed include a traversal vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4077.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python3.11 security updateAdvisory ID:        RHSA-2024:4077-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4077Issue date:         2024-06-25Revision:           03CVE Names:          CVE-2023-6597====================================================================Summary: An update for python3.11 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6597References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2276518

Red Hat Security Advisory 2024-4077-03

Red Hat Security Advisory 2024-4075-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4075.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2024:4075-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4075Issue date:         2024-06-25Revision:           03CVE Names:          CVE-2024-1086====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-1086References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2262126

Red Hat Security Advisory 2024-4075-03

Red Hat Security Advisory 2024-4074-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4074.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2024:4074-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4074Issue date:         2024-06-25Revision:           03CVE Names:          CVE-2024-1086====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-1086References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2262126

Red Hat Security Advisory 2024-4074-03

Red Hat Security Advisory 2024-4073-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4073.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2024:4073-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4073Issue date:         2024-06-25Revision:           03CVE Names:          CVE-2024-1086====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-1086References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2262126

Red Hat Security Advisory 2024-4073-03

The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners.
The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation.
"With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates

The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners.

The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation.

"With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates the malware author's continued efforts into profiting off their illicit access and spreading the network further, as it continues to worm across the internet," Cado Security said in a report published this week.

P2PInfect came to light nearly a year ago, and has since received updates to target MIPS and ARM architectures. Earlier this January, Nozomi Networks uncovered the use of the malware to deliver miner payloads.

It typically spreads by targeting Redis servers and its replication feature to transform the victim systems into a follower node of the attacker-controlled server, subsequently allowing it to issue arbitrary commands to them.

The Rust-based worm also features the ability to scan the internet for more vulnerable servers, not to mention incorporating an SSH password sprayer module that attempts to log in using common passwords.

Besides taking steps to prevent other attackers from targeting the same server, P2PInfect is known to change the passwords of other users, restart the SSH service with root permissions, and even perform privilege escalation.

"As the name suggests, it is a peer-to-peer botnet, where every infected machine acts as a node in the network, and maintains a connection to several other nodes," security researcher Nate Bill said.

"This results in the botnet forming a huge mesh network, which the malware author makes use of to push out updated binaries across the network, via a gossip mechanism. The author simply needs to notify one peer, and it will inform all its peers and so on until the new binary is fully propagated across the network."

Among the new behavioral changes to P2PInfect include the use of the malware to drop miner and ransomware payloads, the latter of which is designed to encrypt files matching certain file extensions and deliver a ransom note urging the victims to pay 1 XMR (~$165).

"As this is an untargeted and opportunistic attack, it is likely the victims are to be low value, so having a low price is to be expected," Bill pointed out.

Also of note is a new usermode rootkit that makes use of the LD\_PRELOAD environment variable to hide their malicious processes and files from security tools, a technique also adopted by other cryptojacking groups like TeamTNT.

It's suspected that P2PInfect is advertised as a botnet-for-hire service, acting as a conduit to deploy other attackers' payloads in exchange for payment.

This theory is bolstered by the fact that the wallet addresses for the miner and ransomware are different, and that the miner process is configured to take up as much processing power as possible, causing it to interfere with the functioning of the ransomware.

"The choice of a ransomware payload for malware primarily targeting a server that stores ephemeral in-memory data is an odd one, and P2Pinfect will likely see far more profit from their miner than their ransomware due to the limited amount of low-value files it can access due to its permission level," Bill said.

"The introduction of the usermode rootkit is a 'good on paper' addition to the malware. If the initial access is Redis, the usermode rootkit will also be completely ineffective as it can only add the preload for the Redis service account, which other users will likely not log in as."

The disclosure follows AhnLab Security Intelligence Center's (ASEC) revelations that vulnerable web servers that have unpatched flaws or are poorly secured are being targeted by suspected Chinese-speaking threat actors to deploy crypto miners.

"Remote control is facilitated through installed web shells and NetCat, and given the installation of proxy tools aimed at RDP access, data exfiltration by the threat actors is a distinct possibility," ASEC said, highlighting the use of Behinder, China Chopper, Godzilla, BadPotato, cpolar, and RingQ.

It also comes as Fortinet FortiGuard Labs pointed out that botnets such as UNSTABLE, Condi, and Skibidi are abusing legitimate cloud storage and computing services operators to distribute malware payloads and updates to a broad range of devices.

"Using cloud servers for \[command-and-control\] operations ensures persistent communication with compromised devices, making it harder for defenders to disrupt an attack," security researchers Cara Lin and Vincent Li said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads

By committing to build secure habits at work and in our personal lives, and to helping others do the same, our personal information will be much better protected.

Source: Aleksey Funtap via Alamy Stock Photo

COMMENTARY

In the world of cybersecurity, we often hear the saying, "It's not a matter of if, but when." While this is said mostly in reference to security breaches, it could also be used to remind us that secure social habits reduce the likelihood of those breaches happening in the first place.

Throughout my career in cybersecurity, I've observed a high level of security carelessness, even among security professionals. This is problematic because one individual's insecure behavior can cause others to be less secure as well. Remember the human behavior studies that showed the tendency to litter is higher if a person sees litter all around them? It's the same for cybersecurity. If we see insecure behaviors all around us, we are less motivated to improve security practices.

The good news is that change can truly happen, and it can start with one person: you.

**What Are Secure Social Norms, and Why Create Them?**

Social norms typically are informal, unwritten rules that guide acceptable behavior among members of a group or society. Secure social norms can be established at two levels: The general level that focuses on what everyone needs to know about protecting information, and the role-based level that pertains to groups of people performing specific tasks.

Consider the example of protecting personal identifiable information (PII). While organizations are bound to protect the personal information of their employees and customers, it is up to individuals to take action to secure their data, and to help others learn how to do so as well. Not doing this can lead to financial loss, identity theft, and so much more.

Security professionals have a unique opportunity to transform security awareness concepts into social norms and actions. By doing so, we elevate the security culture all around us. Now is the time to step up and become the team member who practices secure behaviors and inspires others to do the same.

**Steps for Establishing Secure Social Norms**

Below are some practices security practitioners can adopt to establish secure social norms for ourselves and everyone around us.

**1\. Make data security relatable and actionable.**

Launching a security awareness campaign that helps people understand PII in tangible, everyday terms can be a great way to teach people how to protect their personal data. Always use brief, clear language to explain security words and topics. When sharing tips and best practices, provide examples. And be sure to spell out the specific actions to take to be more secure, as well as the positive impact it can have.

**2\. Educate people on what constitutes PII and how to protect it.**

The more we use apps and websites, the more important it is to know how our personal information can be accessed, how it might be used, and when we should not share it. Below are some key examples to help develop a security mindset:

*   Safeguard the primary identifier. A Social Security number is the critical primary identifier of an individual within the United States. If you reside outside the US, find out what the primary identifier is for your country.
    
*   Protect your banking information. Your bank account number should be carefully protected. A stolen bank account number can be used to commit fraud on fintech platforms.
    
*   Know other elements that can be considered PII. Your IP address, school, and degree are all PII. When isolated, this information may not be used to identify you. However, when collected and used together, it can pinpoint you.
    
*   Set up multifactor authentication. Adding multifactor authentication is an easy way to protect your accounts. However, numerous organizations ask only for usernames and passwords. This lack of focus on using strong credentials is disappointing. Stolen PII can be used to take over an individual's identity in order to open bank accounts, apply for loans, and more. 
    
*   Beware of social engineering scams. Phishing messages from senders who impersonate close friends and family are common ways fraudsters target individuals. Read the Federal Trade Commission's guidance to learn how to protect yourself.
    
*   Build consistent and secure social norms at places you frequent often. You might not think about protecting your data when going to the supermarket. However, be wary when the checkout clerk asks for your phone number or email address. Don't be embarrassed to ask why they need this information. Develop a habit of being inquisitive about such requests.
    
*   Protect your data when seeking expert advice. If you are looking for professional support like tax or legal services, ask them how they protect your information. Some services may not have the bandwidth to focus on customer data security. Go with a reputable firm that has a lot at stake.
    
*   Safeguard protected health information (PHI). PHI is information in a medical record or designated record set that was created, used, or disclosed in the course of providing a health care service and can be used to identify an individual. 
    
*   Develop a habit of knowing the privacy policy of any website where you open an account. Most websites are required to ask how you want your data to be shared. Choose the option that protects you the most.
    
*   Obtain an identity protection service. It's a no-brainer. It's advisable to freeze your credit in all three credit bureaus: Equifax, Experian, and Transunion. This option is available free of charge and ensures that no new accounts can be fraudulently opened. It isn't sufficient to get protection from just one of the credit bureaus — you need all three.
    

**You Can Make a Difference**

We know much more about security today; the issue is that we don't act on it. If we commit to build secure habits and help others do the same, we can be much better protected. If we don't take action, the costs and its outcome will be significant. Instead of simply hearing about someone else's security breach, we will be the ones affected. Remember, it's not a matter of if, but when.

This content is not intended to provide tax, legal, or financial advice. Please consult your adviser with any questions.

**About the Author(s)**

Director of Information Security, BILL

Sriram Dandapani is a seasoned cybersecurity leader with a strong engineering background and a passion for executing enterprise-wide initiatives critical to the infrastructure. Sriram also enjoys mentoring early-in-career security practitioners and dedicates his time to building security awareness with the engineering community. Before joining BILL, Sriram held leadership and senior technical positions at Lifelock, Nimble Storage, and BT Counterpane. Sriram has a master's in computer science (data science) from the University of Illinois Urbana, Champaign, and has obtained the Stanford LEAD professional certificate for driving innovation and change.

Latest News