A February 2022 attack knocked the giant tire maker's North American operations offline for several days.

As a CISO that helped his company navigate through the aftermath of a crippling ransomware attack last year, Bridgestone Americas' Tom Corridon says his biggest advice for other organizations is to designate key decision-makers for handling such crises before they happen.

Not having a clear-cut line of action at the executive level in advance can exacerbate the consequences of a cyberattack and allow the attacker an opportunity to create more damage, Corridon said in an interview at Accenture's third annual virtual OT cybersecurity summit last week..

"When you want to pull a lever, when you want to make a decision about disconnecting networks, or paying a ransom, who makes those decisions?" Corridon said. "To know that going in is really, really important because then you are not caught flatfooted. You are not caught looking around the room going, 'is that you, or is that me?'"

The February 2022 ransomware attack on Bridgestone led to the tire giant to shut down its networks at manufacturing and retreading facilities in North America and Latin America for several days. The well-known ransomware group LockBit 2.0 later claimed credit for the attack and announced plans to publicly leak data accessed from Bridgestone's systems if the company did not comply with the group's ransomware demand.

Bridgestone later disclosed that the cyberattackers had accessed business records as well as files containing Social Security numbers, bank information, and other sensitive data on some of its customers. But the company has released no other details of the attack since then, including whether it paid the LockBit gang a ransom or not. 

The attack was one of several last year that affected operating technology (OT) networks at industrial and manufacturing companies in the US and elsewhere. A second-quarter 2022 analysis of ransomware attacks from Dragos showed most attacks (68%) on industrial organizations targeted the manufacturing sector.

**Tabletop Exercises for Executives**

Corridon's interview at the Accenture virtual event steered clear of the details of the attack, the damage it had caused, and the recovery effort. However, it focused on several lessons the company was able to take away from the attack. The biggest, according to Corridon, is knowing who makes crucial decisions during an unfolding crisis, and how.

Corridon advocates that organizations that do tabletop exercises for their technical team need to have a parallel scenario-based exercise that involves key executives and decision-makers. Just like incident management processes have two threads — one technical and one for executives — so, too, should tabletop exercises.

Another key consideration is that the executives in charge of making critical decisions during a ransomware attack need to be comfortable making them without a lot of data. 

"They need to be comfortable making decisions in the moment that are going to feel like gut decisions or rash decisions," Corridon noted. "But we need to be prepared for that because the longer you sit on a decision and you analyze it and think it through and wait for that perfect decision to land in your lap, the more time the threat actor has to go further into your environment and do more damage."

**Never Let a Good Crisis Go to Waste**

According to Corridon, who was interim CISO at Bridgestone when the attack happened, one silver lining with major security events is the heightened awareness and willingness to change that it can foster. In the year since the attack, Bridgestone has implemented security changes that would otherwise have taken years to convince executives of, push through, and enable, he said.

He advised that security teams take a never-let-a-good-crisis-go-to waste approach to push through change, if they are unfortunate enough to experience a major security breach. 

"In an incident, your executives have a front-row seat to the action," Corridon said. "So, they are walking away with a better understanding of terms they never wanted to understand or wanted to know." 

That heightened awareness and understanding often means they are more prepared to give security teams the money and resources they need to implement a stronger security posture moving forward. "They are prepared for change \[because\] they have a taste in their mouth of a bad experience," he says.

Similar change can be harder to achieve in the lower echelons, where concerns over everyday jobs and goals can quickly relegate security concerns to the backburner once an immediate crisis has passed, Corridon acknowledged. Therefore, it's important to always keep cybersecurity a relevant and top of mind topic for employees. In much the same way that OT environments emphasize physical safety precautions, organizations need to make cybersecurity a part of the daily routine for employees.

One way to begin getting stakeholders to think differently about cyber resilience is to stop describing breaches and attacks as security incidents. "An incident is when you trip and fall or somebody unplugs something by accident," he said. A ransomware attack, on the other hand, is a criminal act against the company. 

"Having that reframing of thought can go a long way," Corridon said. "The words you use as you are going through the event and actually recognizing it as a crime against the organization is a first step."

Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking

Categories: Business
There are a lot of benefits to ChatGPT, but many in the security community have concerns about it. Malwarebytes' CEO Marcin Kleczynski takes a deep dive into the topic.



(Read more...)




The post ChatGPT: Cybersecurity friend or foe? appeared first on Malwarebytes Labs.

ChatGPT: Cybersecurity friend or foe?

TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection.

**Basic information**

    - ## CVE-ID: ## CVE-2023-31729
    - ## Vendor: ## Totolink
    - ## Product: ## A3300R - V17.0.0cu.557_B20221024
    - ## Firmware version: ## the latest V17.0.0cu.557_B20221024 firmware version
    - ## Type: ## command injection
    

**Vulnerability description**

FIRMWA DOWNLOAD: HTTPS://WWW.TOTOLINK.CN/DATA/UPLOAD/20230228/EEA9795866EA68EE471C1B6573A370E1.RAR

Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion setddnscfg. Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion setiptvcfg. Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion setipv6cfg. Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion setlancfg. Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion setremotecfg. Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion setschedulecfg. Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion settraceroutecfg. Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion seturlfilterrules. Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion setwancfg.

**Vulnerability Proof****run Poc**

  

**repair suggestion**

Filter characters such as **\` $ | & ;** for the hostname parameter in the setwancfg function.

CVE-2023-31729: CVE/CVE-2023-31729.md at main · D2y6p/CVE

Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**WULT Software Advisory**

**Summary: **

A potential security vulnerability in the Wake Up Latency Tracer (WULT) software maintained by Intel® may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2023-27298

Description: Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

WULT software maintained by Intel® before version 1.0.0 (commit id 592300b).

**Recommendations:**

Intel recommends updating the WULT software maintained by Intel® to version 1.0.0 (commit id 592300b) or later.

Updates are available for download at this location:

https://github.com/intel/wult/commits

**Acknowledgements:**

Intel would like to thank Sanidhya Ved for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2023-27298: INTEL-SA-00853

We talk to the Signal Foundation’s Meredith Whittaker about how the surveillance economy is newer than we all might realize—and what we can do to fight back.

How to Reclaim Your Online Privacy

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.

CVE-2023-31804: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.

CVE-2023-31802: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.

CVE-2023-31801: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.

CVE-2023-31800: Security issues - Chamilo LMS

llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.

Reproduced at commit fdbc55a5

mlir-opt --canonicalize temp.mlir

temp.mlir.txt

PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.	Program arguments: mlir-opt --canonicalize temp.mlir
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var \`LLVM\_SYMBOLIZER\_PATH\` to point to it):
0  mlir-opt                 0x000000010528a10c llvm::sys::PrintStackTrace(llvm::raw\_ostream&, int) + 72
1  mlir-opt                 0x000000010528a628 PrintStackTraceSignalHandler(void\*) + 28
2  mlir-opt                 0x0000000105288738 llvm::sys::RunSignalHandlers() + 148
3  mlir-opt                 0x000000010528bef8 SignalHandler(int) + 252
4  libsystem\_platform.dylib 0x00000001a33254c4 \_sigtramp + 56
5  mlir-opt                 0x0000000105320820 mlir::IROperand<mlir::OpOperand, mlir::Value>::insertIntoCurrent() + 52
6  mlir-opt                 0x0000000105320674 mlir::IROperand<mlir::OpOperand, mlir::Value>::set(mlir::Value) + 48
7  mlir-opt                 0x000000010532056c void mlir::IRObjectWithUseList<mlir::OpOperand>::replaceAllUsesWith<mlir::Value&>(mlir::Value&) + 228
8  mlir-opt                 0x00000001052ef310 mlir::Value::replaceAllUsesWith(mlir::Value) const + 40
9  mlir-opt                 0x0000000106b8f834 std::\_\_1::enable\_if<!std::is\_convertible<mlir::ValueRange&, mlir::Operation\*>::value, void>::type mlir::ResultRange::replaceAllUsesWith<mlir::ValueRange&>(mlir::ValueRange&) + 332
10 mlir-opt                 0x0000000106b8f36c void mlir::Operation::replaceAllUsesWith<mlir::ValueRange&>(mlir::ValueRange&) + 64
11 mlir-opt                 0x0000000109157758 mlir::RewriterBase::replaceOp(mlir::Operation\*, mlir::ValueRange) + 200
12 mlir-opt                 0x0000000105cb2ee8 (anonymous namespace)::DeduplicateAndRemoveDeadOperandsAndResults::matchAndRewrite(mlir::linalg::GenericOp, mlir::PatternRewriter&) const + 1240
13 mlir-opt                 0x0000000105f5a700 mlir::detail::OpOrInterfaceRewritePatternBase<mlir::linalg::GenericOp>::matchAndRewrite(mlir::Operation\*, mlir::PatternRewriter&) const + 72
14 mlir-opt                 0x0000000109b158e8 mlir::PatternApplicator::matchAndRewrite(mlir::Operation\*, mlir::PatternRewriter&, llvm::function\_ref<bool (mlir::Pattern const&)>, llvm::function\_ref<void (mlir::Pattern const&)>, llvm::function\_ref<mlir::LogicalResult (mlir::Pattern const&)>) + 1432
15 mlir-opt                 0x0000000108e67820 (anonymous namespace)::GreedyPatternRewriteDriver::simplify(llvm::MutableArrayRef<mlir::Region>) + 1640
16 mlir-opt                 0x0000000108e67068 mlir::applyPatternsAndFoldGreedily(llvm::MutableArrayRef<mlir::Region>, mlir::FrozenRewritePatternSet const&, mlir::GreedyRewriteConfig) + 240
17 mlir-opt                 0x0000000105915fb4 mlir::applyPatternsAndFoldGreedily(mlir::Operation\*, mlir::FrozenRewritePatternSet const&, mlir::GreedyRewriteConfig) + 76
18 mlir-opt                 0x0000000108d581d0 (anonymous namespace)::Canonicalizer::runOnOperation() + 132
19 mlir-opt                 0x0000000108ce0838 mlir::detail::OpToOpPassAdaptor::run(mlir::Pass\*, mlir::Operation\*, mlir::AnalysisManager, bool, unsigned int) + 512
20 mlir-opt                 0x0000000108ce0f08 mlir::detail::OpToOpPassAdaptor::runPipeline(mlir::OpPassManager&, mlir::Operation\*, mlir::AnalysisManager, bool, unsigned int, mlir::PassInstrumentor\*, mlir::PassInstrumentation::PipelineParentInfo const\*) + 364
21 mlir-opt                 0x0000000108ce30cc mlir::PassManager::runPasses(mlir::Operation\*, mlir::AnalysisManager) + 108
22 mlir-opt                 0x0000000108ce2ea0 mlir::PassManager::run(mlir::Operation\*) + 732
23 mlir-opt                 0x0000000108cc7b80 performActions(llvm::raw\_ostream&, bool, bool, llvm::SourceMgr&, mlir::MLIRContext\*, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, bool, bool) + 560
24 mlir-opt                 0x0000000108cc7714 processBuffer(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, bool, bool, bool, bool, bool, bool, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, llvm::ThreadPool\*) + 496
25 mlir-opt                 0x0000000108cc74dc mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool)::$\_0::operator()(std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&) const + 204
26 mlir-opt                 0x0000000108cc73f0 mlir::LogicalResult llvm::function\_ref<mlir::LogicalResult (std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&)>::callback\_fn<mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool)::$\_0>(long, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&) + 80
27 mlir-opt                 0x0000000108ec4700 llvm::function\_ref<mlir::LogicalResult (std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&)>::operator()(std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&) const + 96
28 mlir-opt                 0x0000000108ec41e4 mlir::splitAndProcessBuffer(std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&)>, llvm::raw\_ostream&, bool, bool) + 128
29 mlir-opt                 0x0000000108cc4e48 mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool) + 320
30 mlir-opt                 0x0000000108cc5050 mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, mlir::PassPipelineCLParser const&, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool, bool) + 296
31 mlir-opt                 0x0000000108cc5bfc mlir::MlirOptMain(int, char\*\*, llvm::StringRef, mlir::DialectRegistry&, bool) + 2888
32 mlir-opt                 0x0000000104ac9df8 main + 148
33 dyld                     0x0000000121d1d088 start + 516

Tag

#acer