The cybersecurity agency issued a warning not to agree to any payment requests and to alert law enforcement or CISA after being contacted.

Source: Brian Jackson via Alamy Stock Photo

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert this week warning that malicious actors have been making phone calls claiming to be representatives from the organization, and making requests for cash, gift card, or cryptocurrency transfers.

"Impersonation scams are on the rise and often use the names and titles of government employees," CISA explained in the brief advisory. "As a reminder, CISA staff will never contact you with a request to wire money, cash, cryptocurrency, or use gift cards and will never instruct you to keep the discussion secret."

The CISA did not offer additional details as to whom might be perpetrating the voice phishing ("vishing") fraud attempts, but advised anyone who is contacted in such a scheme to deny the request for payment, make note of the phone number and hang up immediately.

Those contacted were also asked to report the incident to law enforcement and reach out to CISA by calling (844) SAY-CISA (844-729-2472).

The perpetrators might aim to fund further criminal activities or simply profit from the immediate financial returns of their deceitful tactics, says Ezra Graziano, director of federal accounts at Zimperium.

"Such scams can be orchestrated by organized cybercriminal groups or individual actors seeking to exploit people's trust in government agencies," he said. "This incident highlights the evolving tactics of cybercriminals, who are increasingly using sophisticated social engineering techniques to exploit trust in government agencies."

He added the fact that scammers are impersonating CISA employees underscores the urgency for individuals and organizations to be vigilant.

"It also reflects the broader trend of targeted phishing attacks where fraudsters aim to exploit the authority and credibility of well-known institutions," Graziano said.

Other government agencies impacted by impersonation scams include the FBI and its Internet Crime Complaint Center, which has been targeted as far back as 2018.

Beyond impersonation of government officials and agencies, malicious actors are also targeting brands by setting up scam sites aping those of legitimate businesses to sell counterfeit goods or process payments without sending the product.

These types of scams have cost consumers more than $2 billion since 2017, according to the US Federal Trade Commission (FTC).

**Education, Training Helps Prepare for Vishing**

Sean McNee, head of research for DomainTools, said the most important thing employers can do is educate employees about various types of scams, how they work, and how to recognize them.

"This includes understanding tactics used by scammers, such as impersonation, social engineering, and phishing," he says.

For instance, employees should be suspect of unsolicited calls or emails, verify the identity of unknown or new callers, and be wary of unusual requests for sensitive information.

He explains that phone-based scams work by creating a false sense of urgency to manipulate the receiver to take actions they normally wouldn’t take.

"Understanding this … helps reduce its effectiveness," McNee says.

Patrick Harr, CEO of SlashNext Email Security+, points out that impersonation scams have long been a tool of scammers whereby they impersonate high-value individuals, such as executives, CEOs, or other high-value targets and sometimes what can be perceived as scary agencies, such as the IRS. He predicts that scams like these will only increase with the weaponization of AI generated voice, video and text.

Thus, from Harr's perspective, any good cyber defense is a multi-layered defense against scams, phishing, business email companies and other socially engineered attacks.

"Firstly, ensure businesses have multifactor authentication (MFA), password change control, AI based email and messaging security and detection and monitoring in place," he cautions. "Companies, organizations, and individuals must employ AI themselves to fight these scams, otherwise we will see continued success."

Don't miss "Anatomy of a Data Breach: What to Do if It Happens to You," a free Dark Reading virtual event scheduled for June 20! Speakers include Verizon's Alex Pinto, execs from Snowflake, pharma giant GSK, Salesforce, and more — register today!

**About the Author(s)**

Nathan Eddy is a freelance journalist and award-winning documentary filmmaker specializing in IT security, autonomous vehicle technology, customer experience technology, and architecture and urban planning. A graduate of Northwestern University’s Medill School of Journalism, Nathan currently lives in Berlin, Germany.

Widespread Vishing Effort Impersonates CISA Staff

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

TestSSL 3.0.9

Ubuntu Security Notice 6834-1 - It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6834-1  
June 13, 2024

h2database vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

H2 could be made to allow arbitrary code execution.

Software Description:  
- h2database: H2 Database Engine

Details:

It was discovered that H2 was vulnerable to deserialization of  
untrusted data. An attacker could possibly use this issue to  
execute arbitrary code. (CVE-2021-42392)

It was discovered that H2 incorrectly handled some specially  
crafted connection URLs. An attacker could possibly use this  
issue to execute arbitrary code. (CVE-2022-23221)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS  
   libh2-java                      1.4.196-2ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   libh2-java                      1.4.191-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6834-1   
<https://ubuntu.com/security/notices/USN-6834-1>  
   CVE-2021-42392, CVE-2022-23221

Ubuntu Security Notice USN-6834-1

Ubuntu Security Notice 6833-1 - Siddharth Dushantha discovered that VTE incorrectly handled large window resize escape sequences. An attacker could possibly use this issue to consume resources, leading to a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6833-1  
June 13, 2024

vte2.91 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

VTE could be made to consume resources and crash if it displayed specially  
crafted data.

Software Description:  
- vte2.91: Terminal emulator widget for GTK

Details:

Siddharth Dushantha discovered that VTE incorrectly handled large window  
resize escape sequences. An attacker could possibly use this issue to  
consume resources, leading to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   libvte-2.91-0                   0.76.0-1ubuntu0.1  
   libvte-2.91-gtk4-0              0.76.0-1ubuntu0.1

Ubuntu 23.10  
   libvte-2.91-0                   0.74.0-2ubuntu0.1  
   libvte-2.91-gtk4-0              0.74.0-2ubuntu0.1

Ubuntu 22.04 LTS  
   libvte-2.91-0                   0.68.0-1ubuntu0.1

Ubuntu 20.04 LTS  
   libvte-2.91-0                   0.60.3-0ubuntu1~20.5

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6833-1  
   CVE-2024-37535

Package Information:  
   https://launchpad.net/ubuntu/+source/vte2.91/0.76.0-1ubuntu0.1  
   https://launchpad.net/ubuntu/+source/vte2.91/0.74.0-2ubuntu0.1  
   https://launchpad.net/ubuntu/+source/vte2.91/0.68.0-1ubuntu0.1  
   https://launchpad.net/ubuntu/+source/vte2.91/0.60.3-0ubuntu1~20.5

Ubuntu Security Notice USN-6833-1

Ubuntu Security Notice 6832-1 - Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affects Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.

    ==========================================================================Ubuntu Security Notice USN-6832-1June 13, 2024virtuoso-opensource vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 23.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:Open-Source Edition could be made to crash if it received specially craftedinput.Software Description:- virtuoso-opensource: high-performance databaseDetails:Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectlyhandled certain crafted SQL statements. An attacker could possibly usethis issue to crash the program, resulting in a denial of service.(CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610,CVE-2023-31611, CVE-2023-31616, CVE-2023-31617, CVE-2023-31618,CVE-2023-31619, CVE-2023-31623, CVE-2023-31625, CVE-2023-31628)Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectlyhandled certain crafted SQL statements. An attacker could possibly usethis issue to crash the program, resulting in a denial of service.This issue only affects Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu24.04 LTS. (CVE-2023-31612, CVE-2023-31613, CVE-2023-31614,CVE-2023-31615)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   virtuoso-opensource             7.2.5.1+dfsg1-0.8ubuntu0.1~esm1                                   Available with Ubuntu Pro   virtuoso-opensource-7           7.2.5.1+dfsg1-0.8ubuntu0.1~esm1                                   Available with Ubuntu Pro   virtuoso-opensource-7-bin       7.2.5.1+dfsg1-0.8ubuntu0.1~esm1                                   Available with Ubuntu ProUbuntu 23.10   virtuoso-opensource             7.2.5.1+dfsg1-0.3ubuntu1.1   virtuoso-opensource-7           7.2.5.1+dfsg1-0.3ubuntu1.1   virtuoso-opensource-7-bin       7.2.5.1+dfsg1-0.3ubuntu1.1Ubuntu 22.04 LTS   virtuoso-opensource             7.2.5.1+dfsg1-0.2ubuntu0.1~esm1                                   Available with Ubuntu Pro   virtuoso-opensource-7           7.2.5.1+dfsg1-0.2ubuntu0.1~esm1                                   Available with Ubuntu Pro   virtuoso-opensource-7-bin       7.2.5.1+dfsg1-0.2ubuntu0.1~esm1                                   Available with Ubuntu ProUbuntu 20.04 LTS   virtuoso-opensource             6.1.6+repack-0ubuntu10+esm1                                   Available with Ubuntu Pro   virtuoso-opensource-6.1         6.1.6+repack-0ubuntu10+esm1                                   Available with Ubuntu Pro   virtuoso-opensource-6.1-bin     6.1.6+repack-0ubuntu10+esm1                                   Available with Ubuntu ProUbuntu 18.04 LTS   virtuoso-opensource             6.1.6+repack-0ubuntu9+esm1                                   Available with Ubuntu Pro   virtuoso-opensource-6.1         6.1.6+repack-0ubuntu9+esm1                                   Available with Ubuntu Pro   virtuoso-opensource-6.1-bin     6.1.6+repack-0ubuntu9+esm1                                   Available with Ubuntu ProUbuntu 16.04 LTS   virtuoso-opensource             6.1.6+repack-0ubuntu5+esm1                                   Available with Ubuntu Pro   virtuoso-opensource-6.1         6.1.6+repack-0ubuntu5+esm1                                   Available with Ubuntu Pro   virtuoso-opensource-6.1-bin     6.1.6+repack-0ubuntu5+esm1                                   Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6832-1   CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610,   CVE-2023-31611, CVE-2023-31612, CVE-2023-31613, CVE-2023-31614,   CVE-2023-31615, CVE-2023-31616, CVE-2023-31617, CVE-2023-31618,   CVE-2023-31619, CVE-2023-31623, CVE-2023-31625, CVE-2023-31628Package Information:   https://launchpad.net/ubuntu/+source/virtuoso-opensource/7.2.5.1+dfsg1-0.3ubuntu1.1

Ubuntu Security Notice USN-6832-1

Premium Support Tickets For WHMCS version 1.2.10 suffers from a cross site scripting vulnerability.

    Exploit Title: Premium Support Tickets For WHMCS Reflected XSSExploit Author: Sajibe KantiVendor: ModulesGardenVendor Homepage:https://www.modulesgarden.com/products/whmcs/premium-support-ticketsProduct Name: Premium Support Tickets For WHMCSProduct Version: v1.2.10Tested Version: WHMCS 8.10.1Tested on: Windows 10Vulnerabilities Discovered Date: 29/04/2024Description:The Premium Support Tickets For WHMCS plugin by ModulesGarden is vulnerableto a reflected cross-site scripting (XSS) attack. This vulnerability allowsan attacker to inject malicious JavaScript code into the "error&msg="parameter of the submitticket.php page, leading to the execution ofarbitrary code in the context of the victim's browser.Proof of Concept (POC):1. Identify a website that utilizes the Premium Support Tickets For WHMCSplugin by ModulesGarden.2. Navigate to the ticket submission page (submitticket.php).3. Select any department to open a new ticket.4. If you lack support credit points, you will receive an error messagewith the parameter "error&msg=clientarea_message_cantcreateinthisdept".5. Inject your payload into the "error&msg=" parameter.6. Construct the following URL with your payload:https://example.com/submitticket.php?PremiumSupportTickets=error&msg=%22/%3E%3CsvG%20onLoad=alert(/xss/)%3E7. Replace the payload with your desired XSS payload:   "<svg/onLoad=alert(/OPENBUGBOUNTY/)>"8. Visit the modified URL in your browser.9. Observe the XSS popup indicating successful exploitation of thevulnerability.Impact:Successful exploitation of this vulnerability could allow an attacker toexecute arbitrary JavaScript code in the context of an authenticated user'sbrowser session. This could lead to various attacks, including but notlimited to:- Theft of sensitive information (session cookies, credentials, etc.)- Phishing attacks targeting users of the affected WHMCS instance- Defacement of the website or redirection to malicious content- Browser-based attacks such as keylogging or screen capturingNote: This exploit is for educational purposes only. Unauthorized access toor modification of systems is illegal and unethical. Always obtain properauthorization before testing or exploiting vulnerabilities.

Premium Support Tickets For WHMCS 1.2.10 Cross Site Scripting

Red Hat Security Advisory 2024-3929-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3929.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: dnsmasq security updateAdvisory ID:        RHSA-2024:3929-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3929Issue date:         2024-06-13Revision:           03CVE Names:          CVE-2023-50387====================================================================Summary: An update for dnsmasq is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.Security Fix(es):* bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-50387References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263914https://bugzilla.redhat.com/show_bug.cgi?id=2263917

Red Hat Security Advisory 2024-3929-03

Red Hat Security Advisory 2024-3927-03 - A new container image for Red Hat Ceph Storage 7.1 is now available in the Red Hat Ecosystem Catalog.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3927.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Red Hat Ceph Storage 7.1 container image security, and bug fix update  
Advisory ID:        RHSA-2024:3927-03  
Product:            Red Hat Ceph Storage  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3927  
Issue date:         2024-06-13  
Revision:           03  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

A new container image for Red Hat Ceph Storage 7.1 is now available in the  
Red Hat Ecosystem Catalog.

Description:

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

This new container image is based on Red Hat Ceph Storage 7.0 and Red Hat Enterprise Linux 9.2.

Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/7.1/html/release_notes/index

All users of Red Hat Ceph Storage are advised to pull these new images from  
the Red Hat Ecosystem catalog, which provides numerous enhancements and bug  
fixes.

Solution:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/7

https://access.redhat.com/articles/1548993

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/security/cve/CVE-2023-39325  
https://access.redhat.com/security/cve/CVE-2024-22195  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://bugzilla.redhat.com/show_bug.cgi?id=2257854  
https://bugzilla.redhat.com/show_bug.cgi?id=2268114

Red Hat Security Advisory 2024-3927-03

Red Hat Security Advisory 2024-3926-03 - An update for expat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3926.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: expat security updateAdvisory ID:        RHSA-2024:3926-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3926Issue date:         2024-06-13Revision:           03CVE Names:          CVE-2023-52425====================================================================Summary: An update for expat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Expat is a C library for parsing XML documents.Security Fix(es):* expat: parsing large tokens can trigger a denial of service (CVE-2023-52425)* expat: XML Entity Expansion (CVE-2024-28757)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-52425References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2262877https://bugzilla.redhat.com/show_bug.cgi?id=2268766

Red Hat Security Advisory 2024-3926-03

Red Hat Security Advisory 2024-3920-03 - Migration Toolkit for Runtimes 1.2.6 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a password leak vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3920.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Migration Toolkit for Runtimes security, bug fix and enhancement updateAdvisory ID:        RHSA-2024:3920-03Product:            Migration Toolkit for RuntimesAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3920Issue date:         2024-06-13Revision:           03CVE Names:          CVE-2023-45857====================================================================Summary: Migration Toolkit for Runtimes 1.2.6 releaseRed Hat Product Security has rated this update as having a security impact of Important.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Migration Toolkit for Runtimes 1.2.6 ZIP artifactsSecurity Fix(es):* axios: exposure of confidential data stored in cookies (CVE-2023-45857)* follow-redirects: Possible credential leak (CVE-2024-28849)* commons-configuration2: various flaws (CVE-2024-29131)* commons-configuration2: various flaws (CVE-2024-29133)* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2023-45857References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributionshttps://issues.redhat.com/browse/WINDUPRULE-1049

Latest News