Alignment between these domains is quickly becoming a strategic imperative.

Source: Panther Media GmbH via Alamy Stock

COMMENTARY

With an increasingly complex threat landscape and the progression of threat-actor tactics, effective cybersecurity is non-negotiable. At the same time, staffing challenges and an uncertain economy have made it increasingly challenging to manage your attack surface and keep would-be threat actors at bay.

That's not for lack of effort — or expenditure. Gartner forecasts that the world will spend $215 billion on risk management and cybersecurity in 2024. That's a 14% increase over 2023. Gartner expects that expenditures for IT will reach a whopping $5.1 trillion in 2024.

Amid all this, companies are striving for disruptive innovation and progress while keeping a close eye on budgets. Many workers are feeling spread thin, with more data and endpoints than ever and not enough qualified talent to be found. As a chief information officer (CIO), I can attest that I've seen this crunch particularly within the global IT space. This is not a good moment for IT to be stressed out and overworked. The stakes are simply too high.

So, how can organizations mitigate threats while maintaining momentum?

It's time to finally break down the silos between IT and security. That starts by fostering alignment between the CIO and chief information security officer (CISO).

**Streamlined, Secure — or Both?**

Individually, CISOs and CIOs are powerful forces with a lot on their plates — and a lot on the line. Together, they could be unstoppable. However, historically, organizational structures have relegated CISOs and CIOs to separate domains with distinct — and occasionally contradictory — objectives.

**Access, Please: The CIO Imperative**

For many CIOs, it's common to be focused on streamlining and efficiency, especially given staffing challenges. Additionally, CIOs and IT teams work to ensure continuous access to optimized tools that help employees get their jobs done. Sixty-one percent of IT professionals admit that negative technology experiences directly impact their morale, underscoring the palpable connection between tech efficiency and employee engagement.

Lack of access to the right tools can contribute to "shadow IT." Conversely, streamlined, efficient operations enhance speed and elevate the digital employee experience.

**Standing Guard: The CISO Imperative**

Meanwhile, my peers in the CISO role dial in to ensure organizations are as secure as possible. This is a critical and constantly moving target, as threat actors continue to find new avenues of attack. Effective cybersecurity prevents all manner of problems, ranging from the inconvenient (unexpected downtime) to the catastrophic (a major breach).

I have an enormous amount of respect for the CISO role, as should everyone impacted by security. (And that's all of us.) In 2022, the average cost of a single data breach was $4.5 million — not counting ransomware costs. Meanwhile, nearly 87% of businesses grapple with a shortfall in IT security staff. This talent crunch severely threatens organizations’ defenses against evolving cyber threats.

**Exploring the Overlap**

Both CIO and CISO roles seek to optimize business outcomes, though we often take differing approaches. "Streamlined" and "secure" are frequently mutually exclusive, particularly if your organization lacks the right tools.

There are several areas impacting both IT and security. Just two include:

*   Influx of devices and data: It's anticipated that more than 180 zettabytes of data will be floating around by 2025. If you thought we were already facing a data firehose, you haven't seen anything yet. The more data produced, the more streamlined operations must be to manage relevant data effectively — and the more importance must be placed on data protection.
    

*   Shifting work environments posing challenges: The mix of remote, hybrid, and in-person work environments — plus the increasing reliance on personal devices used to access company data — makes things more challenging for both IT and security.
    

Problems like these aren't theoretical — they’re real. According to Duke University research, "more than 80 percent of U.S. companies indicate their systems have been successfully hacked in an attempt to steal, change or make public important data." Meanwhile, the digital employee experience is more critical than ever in the battle to attract, engage, and retain top talent — so any tools and policies must be user friendly and secure.

I like to think of these challenges as shared opportunities. 

**Unlock the Collaborative Potential of CIOs and CISOs**

This is where alignment comes in. IT and security may have been siloed, but that could change. The past few years have shown change is not only possible but essential for survival. 

Breaking down the silos between your IT and security leaders doesn't diminish their roles, it elevates them.

Collaborative IT and security leaders, and their teams, enjoy the benefits of:

*   Financial optimization through consolidation: Streamlining vendor and technology portfolios for optimized spending and resource utilization.
    

*   Elevated employee engagement: Eradicating shadow IT and fortifying digital business for heightened engagement and security. 
    

*   Heightened enterprise resilience: Bolstering cybersecurity measures to curtail risks and fortify the organizational backbone.
    

Fostering alignment between these teams will vary, but there are a few universal principles to keep in mind:

*   Loop in your applicable executive(s), e.g., your CEO, from the start. They should be on board with and involved in facilitating this alignment.
    

*   Clarify objectives and define roles. Seek commonalities with your counterpart to identify overlap and gaps. 
    

*   Make yourself open for regular communication and collaboration — and find out if there are cross-training initiatives available.
    

*   In collaboration with applicable executives, adopt a unified approach to performance metrics, reporting mechanisms, risk management, data governance, and compliance.
    

*   Work together when making decisions on technology adoption, resource allocation, and budgeting.
    

*   Tooling should be a shared responsibility to ensure coverage and observability are always meeting key performance indicators (KPIs).
    

The endgame with these tactics is a more efficient operation to make life easier for both parties. Worth noting: Intelligent hyperautomation can be a massive benefit in streamlining processes and amplifying operational efficiency.

IT and security alignment is a strategic necessity. This collaborative effort fosters mutual accountability and improves overall security by eliminating data silos that hinder response times and hide crucial insights.

**About the Author(s)**

Chief Information Officer, Ivanti

Robert Grazioli is chief information officer (CIO) of Ivanti, responsible for all of its global IT systems and SaaS Operations, including the integration of Ivanti acquisitions over the past two years. Bob originally joined Ivanti in June 2020 as vice president of SaaS operations. Bob brings more than 25 years of global experience spanning the financial services and the software industry. He has been involved in some of the biggest software acquisitions in the industry over the past 10 years and has been responsible for some of the largest SaaS offerings in the industry. In addition, Bob has oversight of Customer Zero, taking Ivanti’s SaaS operations to the next level through leveraging our own learnings to benefit the needs of our customers.

Why CIO &amp; CISO Collaboration Is Key to Organizational Resilience

Ubuntu Security Notice 6819-2 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6819-2June 11, 2024linux-aws, linux-oracle vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10Summary:Several security issues were fixed in the Linux kernel.Software Description:- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-oracle: Linux kernel for Oracle Cloud systemsDetails:Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kerneldid not properly validate H2C PDU data, leading to a null pointerdereference vulnerability. A remote attacker could use this to cause adenial of service (system crash). (CVE-2023-6356, CVE-2023-6535,CVE-2023-6536)Chenyuan Yang discovered that the RDS Protocol implementation in the Linuxkernel contained an out-of-bounds read vulnerability. An attacker could usethis to possibly cause a denial of service (system crash). (CVE-2024-23849)It was discovered that a race condition existed in the Bluetooth subsystemin the Linux kernel, leading to a null pointer dereference vulnerability. Aprivileged local attacker could use this to possibly cause a denial ofservice (system crash). (CVE-2024-24860)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM64 architecture;   - PowerPC architecture;   - RISC-V architecture;   - S390 architecture;   - Core kernel;   - x86 architecture;   - Block layer subsystem;   - Cryptographic API;   - ACPI drivers;   - Android drivers;   - Drivers core;   - Power management core;   - Bus devices;   - Device frequency scaling framework;   - DMA engine subsystem;   - EDAC drivers;   - ARM SCMI message protocol;   - GPU drivers;   - IIO ADC drivers;   - InfiniBand drivers;   - IOMMU subsystem;   - Media drivers;   - Multifunction device drivers;   - MTD block device drivers;   - Network drivers;   - NVME drivers;   - Device tree and open firmware driver;   - PCI driver for MicroSemi Switchtec;   - Power supply drivers;   - RPMSG subsystem;   - SCSI drivers;   - QCOM SoC drivers;   - SPMI drivers;   - Thermal drivers;   - TTY drivers;   - VFIO drivers;   - BTRFS file system;   - Ceph distributed file system;   - EFI Variable file system;   - EROFS file system;   - Ext4 file system;   - F2FS file system;   - GFS2 file system;   - JFS file system;   - Network file systems library;   - Network file system server daemon;   - File systems infrastructure;   - Pstore file system;   - ReiserFS file system;   - SMB network file system;   - BPF subsystem;   - Memory management;   - TLS protocol;   - Ethernet bridge;   - Networking core;   - IPv4 networking;   - IPv6 networking;   - Logical Link layer;   - MAC80211 subsystem;   - Multipath TCP;   - Netfilter;   - NetLabel subsystem;   - Network traffic control;   - SMC sockets;   - Sun RPC protocol;   - AppArmor security module;   - Intel ASoC drivers;   - MediaTek ASoC drivers;   - USB sound devices;(CVE-2023-52612, CVE-2024-26808, CVE-2023-52691, CVE-2023-52618,CVE-2023-52463, CVE-2023-52447, CVE-2024-26668, CVE-2023-52454,CVE-2024-26670, CVE-2024-26646, CVE-2023-52472, CVE-2024-26586,CVE-2023-52681, CVE-2023-52453, CVE-2023-52611, CVE-2023-52622,CVE-2024-26641, CVE-2023-52616, CVE-2024-26592, CVE-2023-52606,CVE-2024-26620, CVE-2023-52692, CVE-2024-26669, CVE-2023-52623,CVE-2023-52588, CVE-2024-26616, CVE-2024-26610, CVE-2024-35839,CVE-2023-52490, CVE-2023-52672, CVE-2024-26612, CVE-2023-52617,CVE-2023-52697, CVE-2024-26644, CVE-2023-52458, CVE-2023-52598,CVE-2024-35841, CVE-2023-52664, CVE-2023-52635, CVE-2023-52676,CVE-2023-52669, CVE-2024-26632, CVE-2023-52486, CVE-2024-26625,CVE-2023-52608, CVE-2024-26634, CVE-2023-52599, CVE-2024-26618,CVE-2024-26640, CVE-2023-52489, CVE-2023-52675, CVE-2023-52678,CVE-2024-26583, CVE-2023-52693, CVE-2023-52498, CVE-2024-26649,CVE-2023-52670, CVE-2023-52473, CVE-2023-52449, CVE-2023-52667,CVE-2023-52467, CVE-2023-52686, CVE-2024-26633, CVE-2023-52666,CVE-2024-35840, CVE-2024-26629, CVE-2024-26595, CVE-2023-52593,CVE-2023-52687, CVE-2023-52465, CVE-2024-26627, CVE-2023-52493,CVE-2023-52491, CVE-2024-26636, CVE-2024-26584, CVE-2023-52587,CVE-2023-52597, CVE-2023-52462, CVE-2023-52633, CVE-2023-52696,CVE-2024-26585, CVE-2023-52589, CVE-2023-52456, CVE-2023-52470,CVE-2024-35838, CVE-2024-26645, CVE-2023-52591, CVE-2023-52464,CVE-2023-52609, CVE-2024-26608, CVE-2023-52450, CVE-2023-52584,CVE-2023-52469, CVE-2023-52583, CVE-2023-52451, CVE-2023-52495,CVE-2023-52626, CVE-2023-52595, CVE-2023-52680, CVE-2023-52632,CVE-2024-26582, CVE-2024-35837, CVE-2023-52494, CVE-2023-52614,CVE-2023-52443, CVE-2023-52698, CVE-2023-52448, CVE-2024-26615,CVE-2023-52452, CVE-2023-52492, CVE-2024-26647, CVE-2023-52468,CVE-2023-52594, CVE-2023-52621, CVE-2024-26638, CVE-2024-26594,CVE-2024-26673, CVE-2023-52457, CVE-2023-52677, CVE-2023-52607,CVE-2024-26623, CVE-2023-52488, CVE-2023-52497, CVE-2023-52445,CVE-2024-26607, CVE-2023-52610, CVE-2024-35842, CVE-2023-52690,CVE-2023-52683, CVE-2023-52444, CVE-2024-26671, CVE-2023-52455,CVE-2023-52679, CVE-2024-26598, CVE-2023-52674, CVE-2023-52627,CVE-2023-52619, CVE-2023-52487, CVE-2023-52446, CVE-2024-35835,CVE-2023-52682, CVE-2023-52685, CVE-2023-52694, CVE-2024-26631)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10   linux-image-6.5.0-1021-aws      6.5.0-1021.21   linux-image-6.5.0-1024-oracle   6.5.0-1024.24   linux-image-6.5.0-1024-oracle-64k  6.5.0-1024.24   linux-image-aws                 6.5.0.1021.21   linux-image-oracle              6.5.0.1024.26   linux-image-oracle-64k          6.5.0.1024.26After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6819-2   https://ubuntu.com/security/notices/USN-6819-1   CVE-2023-52443, CVE-2023-52444, CVE-2023-52445, CVE-2023-52446,   CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52450,   CVE-2023-52451, CVE-2023-52452, CVE-2023-52453, CVE-2023-52454,   CVE-2023-52455, CVE-2023-52456, CVE-2023-52457, CVE-2023-52458,   CVE-2023-52462, CVE-2023-52463, CVE-2023-52464, CVE-2023-52465,   CVE-2023-52467, CVE-2023-52468, CVE-2023-52469, CVE-2023-52470,   CVE-2023-52472, CVE-2023-52473, CVE-2023-52486, CVE-2023-52487,   CVE-2023-52488, CVE-2023-52489, CVE-2023-52490, CVE-2023-52491,   CVE-2023-52492, CVE-2023-52493, CVE-2023-52494, CVE-2023-52495,   CVE-2023-52497, CVE-2023-52498, CVE-2023-52583, CVE-2023-52584,   CVE-2023-52587, CVE-2023-52588, CVE-2023-52589, CVE-2023-52591,   CVE-2023-52593, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597,   CVE-2023-52598, CVE-2023-52599, CVE-2023-52606, CVE-2023-52607,   CVE-2023-52608, CVE-2023-52609, CVE-2023-52610, CVE-2023-52611,   CVE-2023-52612, CVE-2023-52614, CVE-2023-52616, CVE-2023-52617,   CVE-2023-52618, CVE-2023-52619, CVE-2023-52621, CVE-2023-52622,   CVE-2023-52623, CVE-2023-52626, CVE-2023-52627, CVE-2023-52632,   CVE-2023-52633, CVE-2023-52635, CVE-2023-52664, CVE-2023-52666,   CVE-2023-52667, CVE-2023-52669, CVE-2023-52670, CVE-2023-52672,   CVE-2023-52674, CVE-2023-52675, CVE-2023-52676, CVE-2023-52677,   CVE-2023-52678, CVE-2023-52679, CVE-2023-52680, CVE-2023-52681,   CVE-2023-52682, CVE-2023-52683, CVE-2023-52685, CVE-2023-52686,   CVE-2023-52687, CVE-2023-52690, CVE-2023-52691, CVE-2023-52692,   CVE-2023-52693, CVE-2023-52694, CVE-2023-52696, CVE-2023-52697,   CVE-2023-52698, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536,   CVE-2024-23849, CVE-2024-24860, CVE-2024-26582, CVE-2024-26583,   CVE-2024-26584, CVE-2024-26585, CVE-2024-26586, CVE-2024-26592,   CVE-2024-26594, CVE-2024-26595, CVE-2024-26598, CVE-2024-26607,   CVE-2024-26608, CVE-2024-26610, CVE-2024-26612, CVE-2024-26615,   CVE-2024-26616, CVE-2024-26618, CVE-2024-26620, CVE-2024-26623,   CVE-2024-26625, CVE-2024-26627, CVE-2024-26629, CVE-2024-26631,   CVE-2024-26632, CVE-2024-26633, CVE-2024-26634, CVE-2024-26636,   CVE-2024-26638, CVE-2024-26640, CVE-2024-26641, CVE-2024-26644,   CVE-2024-26645, CVE-2024-26646, CVE-2024-26647, CVE-2024-26649,   CVE-2024-26668, CVE-2024-26669, CVE-2024-26670, CVE-2024-26671,   CVE-2024-26673, CVE-2024-26808, CVE-2024-35835, CVE-2024-35837,   CVE-2024-35838, CVE-2024-35839, CVE-2024-35840, CVE-2024-35841,   CVE-2024-35842Package Information:   https://launchpad.net/ubuntu/+source/linux-aws/6.5.0-1021.21   https://launchpad.net/ubuntu/+source/linux-oracle/6.5.0-1024.24

Ubuntu Security Notice USN-6819-2

Ubuntu Security Notice 6820-2 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6820-2June 11, 2024linux-nvidia vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-nvidia: Linux kernel for NVIDIA systemsDetails:It was discovered that the ATA over Ethernet (AoE) driver in the Linuxkernel contained a race condition, leading to a use-after-freevulnerability. An attacker could use this to cause a denial of service orpossibly execute arbitrary code. (CVE-2023-6270)It was discovered that the Atheros 802.11ac wireless driver did notproperly validate certain data structures, leading to a NULL pointerdereference. An attacker could possibly use this to cause a denial ofservice. (CVE-2023-7042)It was discovered that the HugeTLB file system component of the LinuxKernel contained a NULL pointer dereference vulnerability. A privilegedattacker could possibly use this to to cause a denial of service.(CVE-2024-0841)It was discovered that the Intel Data Streaming and Intel AnalyticsAccelerator drivers in the Linux kernel allowed direct access to thedevices for unprivileged users and virtual machines. A local attacker coulduse this to cause a denial of service. (CVE-2024-21823)Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the LinuxKernel contained a race condition, leading to a NULL pointer dereference.An attacker could possibly use this to cause a denial of service (systemcrash). (CVE-2024-22099)It was discovered that the MediaTek SoC Gigabit Ethernet driver in theLinux kernel contained a race condition when stopping the device. A localattacker could possibly use this to cause a denial of service (deviceunavailability). (CVE-2024-27432)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM32 architecture;   - RISC-V architecture;   - x86 architecture;   - ACPI drivers;   - Block layer subsystem;   - Clock framework and drivers;   - CPU frequency scaling framework;   - Cryptographic API;   - DMA engine subsystem;   - EFI core;   - GPU drivers;   - InfiniBand drivers;   - IOMMU subsystem;   - Multiple devices driver;   - Media drivers;   - MMC subsystem;   - Network drivers;   - NTB driver;   - NVME drivers;   - PCI subsystem;   - MediaTek PM domains;   - Power supply drivers;   - SPI subsystem;   - Media staging drivers;   - TCM subsystem;   - USB subsystem;   - Framebuffer layer;   - AFS file system;   - File systems infrastructure;   - BTRFS file system;   - EROFS file system;   - Ext4 file system;   - F2FS file system;   - Network file system client;   - NTFS3 file system;   - Diskquota system;   - SMB network file system;   - BPF subsystem;   - Netfilter;   - TLS protocol;   - io_uring subsystem;   - Bluetooth subsystem;   - Memory management;   - Ethernet bridge;   - Networking core;   - HSR network protocol;   - IPv4 networking;   - IPv6 networking;   - L2TP protocol;   - MAC80211 subsystem;   - Multipath TCP;   - Netlink;   - NET/ROM layer;   - Packet sockets;   - RDS protocol;   - Sun RPC protocol;   - Unix domain sockets;   - Wireless networking;   - USB sound devices;(CVE-2024-26776, CVE-2024-26802, CVE-2024-26790, CVE-2024-27388,CVE-2024-27077, CVE-2024-26884, CVE-2024-26779, CVE-2024-26897,CVE-2024-27045, CVE-2024-26851, CVE-2024-27065, CVE-2024-26843,CVE-2024-26743, CVE-2024-27052, CVE-2024-26855, CVE-2024-27436,CVE-2024-27078, CVE-2024-26898, CVE-2024-27405, CVE-2024-26894,CVE-2024-26584, CVE-2024-26915, CVE-2024-26763, CVE-2024-27047,CVE-2024-26809, CVE-2024-26883, CVE-2024-26901, CVE-2024-27412,CVE-2024-26803, CVE-2024-26751, CVE-2024-35829, CVE-2024-27432,CVE-2023-52447, CVE-2024-26748, CVE-2024-27051, CVE-2023-52434,CVE-2024-26749, CVE-2024-27034, CVE-2024-27390, CVE-2024-26879,CVE-2024-26859, CVE-2024-26835, CVE-2024-26861, CVE-2024-27030,CVE-2024-27415, CVE-2023-52656, CVE-2024-26773, CVE-2024-27043,CVE-2024-26601, CVE-2024-27073, CVE-2024-26782, CVE-2024-27413,CVE-2024-26880, CVE-2024-26793, CVE-2024-26766, CVE-2024-26750,CVE-2024-26852, CVE-2024-26805, CVE-2024-35830, CVE-2024-26798,CVE-2023-52644, CVE-2024-26787, CVE-2024-26846, CVE-2024-26857,CVE-2024-26752, CVE-2024-26792, CVE-2023-52641, CVE-2024-26771,CVE-2024-26736, CVE-2024-27417, CVE-2024-26840, CVE-2024-26838,CVE-2024-26820, CVE-2024-26778, CVE-2024-26688, CVE-2024-27403,CVE-2024-26862, CVE-2024-27038, CVE-2024-26839, CVE-2024-26889,CVE-2024-26774, CVE-2024-26907, CVE-2023-52645, CVE-2024-27431,CVE-2024-27410, CVE-2024-27416, CVE-2024-26795, CVE-2023-52497,CVE-2024-27419, CVE-2024-26744, CVE-2024-26833, CVE-2024-26735,CVE-2024-26651, CVE-2024-27074, CVE-2023-52652, CVE-2024-27044,CVE-2024-26733, CVE-2024-26659, CVE-2024-35811, CVE-2024-27053,CVE-2024-27037, CVE-2023-52620, CVE-2024-26882, CVE-2024-35828,CVE-2024-26856, CVE-2024-26881, CVE-2024-27075, CVE-2024-26583,CVE-2023-52662, CVE-2024-26788, CVE-2024-26903, CVE-2024-26870,CVE-2024-26777, CVE-2024-26874, CVE-2024-26906, CVE-2024-26872,CVE-2024-26895, CVE-2024-26845, CVE-2024-27024, CVE-2024-27076,CVE-2024-26603, CVE-2024-27054, CVE-2024-26754, CVE-2024-35844,CVE-2024-26764, CVE-2024-26885, CVE-2024-26772, CVE-2024-26804,CVE-2024-26585, CVE-2024-26791, CVE-2024-27414, CVE-2024-26878,CVE-2024-26816, CVE-2024-27046, CVE-2024-26891, CVE-2024-26875,CVE-2024-26747, CVE-2024-26863, CVE-2023-52640, CVE-2023-52650,CVE-2024-27039, CVE-2024-26877, CVE-2024-26801, CVE-2024-35845,CVE-2024-26769, CVE-2024-27028, CVE-2024-26737)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS   linux-image-5.15.0-1058-nvidia  5.15.0-1058.59   linux-image-5.15.0-1058-nvidia-lowlatency  5.15.0-1058.59   linux-image-nvidia              5.15.0.1058.58   linux-image-nvidia-lowlatency   5.15.0.1058.58After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6820-2   https://ubuntu.com/security/notices/USN-6820-1   CVE-2023-52434, CVE-2023-52447, CVE-2023-52497, CVE-2023-52620,   CVE-2023-52640, CVE-2023-52641, CVE-2023-52644, CVE-2023-52645,   CVE-2023-52650, CVE-2023-52652, CVE-2023-52656, CVE-2023-52662,   CVE-2023-6270, CVE-2023-7042, CVE-2024-0841, CVE-2024-21823,   CVE-2024-22099, CVE-2024-26583, CVE-2024-26584, CVE-2024-26585,   CVE-2024-26601, CVE-2024-26603, CVE-2024-26651, CVE-2024-26659,   CVE-2024-26688, CVE-2024-26733, CVE-2024-26735, CVE-2024-26736,   CVE-2024-26737, CVE-2024-26743, CVE-2024-26744, CVE-2024-26747,   CVE-2024-26748, CVE-2024-26749, CVE-2024-26750, CVE-2024-26751,   CVE-2024-26752, CVE-2024-26754, CVE-2024-26763, CVE-2024-26764,   CVE-2024-26766, CVE-2024-26769, CVE-2024-26771, CVE-2024-26772,   CVE-2024-26773, CVE-2024-26774, CVE-2024-26776, CVE-2024-26777,   CVE-2024-26778, CVE-2024-26779, CVE-2024-26782, CVE-2024-26787,   CVE-2024-26788, CVE-2024-26790, CVE-2024-26791, CVE-2024-26792,   CVE-2024-26793, CVE-2024-26795, CVE-2024-26798, CVE-2024-26801,   CVE-2024-26802, CVE-2024-26803, CVE-2024-26804, CVE-2024-26805,   CVE-2024-26809, CVE-2024-26816, CVE-2024-26820, CVE-2024-26833,   CVE-2024-26835, CVE-2024-26838, CVE-2024-26839, CVE-2024-26840,   CVE-2024-26843, CVE-2024-26845, CVE-2024-26846, CVE-2024-26851,   CVE-2024-26852, CVE-2024-26855, CVE-2024-26856, CVE-2024-26857,   CVE-2024-26859, CVE-2024-26861, CVE-2024-26862, CVE-2024-26863,   CVE-2024-26870, CVE-2024-26872, CVE-2024-26874, CVE-2024-26875,   CVE-2024-26877, CVE-2024-26878, CVE-2024-26879, CVE-2024-26880,   CVE-2024-26881, CVE-2024-26882, CVE-2024-26883, CVE-2024-26884,   CVE-2024-26885, CVE-2024-26889, CVE-2024-26891, CVE-2024-26894,   CVE-2024-26895, CVE-2024-26897, CVE-2024-26898, CVE-2024-26901,   CVE-2024-26903, CVE-2024-26906, CVE-2024-26907, CVE-2024-26915,   CVE-2024-27024, CVE-2024-27028, CVE-2024-27030, CVE-2024-27034,   CVE-2024-27037, CVE-2024-27038, CVE-2024-27039, CVE-2024-27043,   CVE-2024-27044, CVE-2024-27045, CVE-2024-27046, CVE-2024-27047,   CVE-2024-27051, CVE-2024-27052, CVE-2024-27053, CVE-2024-27054,   CVE-2024-27065, CVE-2024-27073, CVE-2024-27074, CVE-2024-27075,   CVE-2024-27076, CVE-2024-27077, CVE-2024-27078, CVE-2024-27388,   CVE-2024-27390, CVE-2024-27403, CVE-2024-27405, CVE-2024-27410,   CVE-2024-27412, CVE-2024-27413, CVE-2024-27414, CVE-2024-27415,   CVE-2024-27416, CVE-2024-27417, CVE-2024-27419, CVE-2024-27431,   CVE-2024-27432, CVE-2024-27436, CVE-2024-35811, CVE-2024-35828,   CVE-2024-35829, CVE-2024-35830, CVE-2024-35844, CVE-2024-35845Package Information:   https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1058.59

Ubuntu Security Notice USN-6820-2

Ubuntu Security Notice 6828-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6828-1June 11, 2024linux-intel-iotg-5.15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-intel-iotg-5.15: Linux kernel for Intel IoT platformsDetails:Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linuxkernel contained a race condition during device removal, leading to a use-after-free vulnerability. A physically proximate attacker could possiblyuse this to cause a denial of service (system crash). (CVE-2023-47233)It was discovered that the ATA over Ethernet (AoE) driver in the Linuxkernel contained a race condition, leading to a use-after-freevulnerability. An attacker could use this to cause a denial of service orpossibly execute arbitrary code. (CVE-2023-6270)It was discovered that the Atheros 802.11ac wireless driver did notproperly validate certain data structures, leading to a NULL pointerdereference. An attacker could possibly use this to cause a denial ofservice. (CVE-2023-7042)It was discovered that the HugeTLB file system component of the LinuxKernel contained a NULL pointer dereference vulnerability. A privilegedattacker could possibly use this to to cause a denial of service.(CVE-2024-0841)It was discovered that the Open vSwitch implementation in the Linux kernelcould overflow its stack during recursive action operations under certainconditions. A local attacker could use this to cause a denial of service(system crash). (CVE-2024-1151)Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffridadiscovered that the Linux kernel mitigations for the initial Branch HistoryInjection vulnerability (CVE-2022-0001) were insufficient for Intelprocessors. A local attacker could potentially use this to expose sensitiveinformation. (CVE-2024-2201)Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the LinuxKernel contained a race condition, leading to a NULL pointer dereference.An attacker could possibly use this to cause a denial of service (systemcrash). (CVE-2024-22099)Chenyuan Yang discovered that the RDS Protocol implementation in the Linuxkernel contained an out-of-bounds read vulnerability. An attacker could usethis to possibly cause a denial of service (system crash). (CVE-2024-23849)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM32 architecture;   - PowerPC architecture;   - RISC-V architecture;   - S390 architecture;   - Core kernel;   - x86 architecture;   - Block layer subsystem;   - ACPI drivers;   - Android drivers;   - Power management core;   - Bus devices;   - Hardware random number generator core;   - Clock framework and drivers;   - CPU frequency scaling framework;   - Cryptographic API;   - Device frequency scaling framework;   - DMA engine subsystem;   - ARM SCMI message protocol;   - EFI core;   - GPU drivers;   - HID subsystem;   - Hardware monitoring drivers;   - I2C subsystem;   - IIO ADC drivers;   - IIO subsystem;   - IIO Magnetometer sensors drivers;   - InfiniBand drivers;   - IOMMU subsystem;   - Multiple devices driver;   - Media drivers;   - MMC subsystem;   - Network drivers;   - NTB driver;   - NVME drivers;   - PCI subsystem;   - PCI driver for MicroSemi Switchtec;   - PHY drivers;   - MediaTek PM domains;   - Power supply drivers;   - SCSI drivers;   - SPI subsystem;   - Media staging drivers;   - TCM subsystem;   - USB subsystem;   - DesignWare USB3 driver;   - Framebuffer layer;   - AFS file system;   - File systems infrastructure;   - BTRFS file system;   - Ceph distributed file system;   - EROFS file system;   - Ext4 file system;   - F2FS file system;   - JFS file system;   - Network file system client;   - NILFS2 file system;   - NTFS3 file system;   - Pstore file system;   - Diskquota system;   - SMB network file system;   - BPF subsystem;   - Memory management;   - Netfilter;   - TLS protocol;   - io_uring subsystem;   - Bluetooth subsystem;   - Ethernet bridge;   - CAN network layer;   - Networking core;   - HSR network protocol;   - IPv4 networking;   - IPv6 networking;   - L2TP protocol;   - Logical Link layer;   - MAC80211 subsystem;   - Multipath TCP;   - Netlink;   - NET/ROM layer;   - NFC subsystem;   - Packet sockets;   - RDS protocol;   - SMC sockets;   - Sun RPC protocol;   - TIPC protocol;   - Unix domain sockets;   - Wireless networking;   - Tomoyo security module;   - Realtek audio codecs;   - USB sound devices;(CVE-2024-26910, CVE-2024-27074, CVE-2023-52494, CVE-2023-52594,CVE-2024-26915, CVE-2024-26766, CVE-2023-52489, CVE-2024-35845,CVE-2024-26846, CVE-2024-26898, CVE-2024-26897, CVE-2024-26826,CVE-2024-26798, CVE-2023-52662, CVE-2024-26856, CVE-2023-52608,CVE-2024-26782, CVE-2024-27047, CVE-2024-27390, CVE-2024-26610,CVE-2024-26804, CVE-2023-52638, CVE-2024-26771, CVE-2024-26752,CVE-2024-26585, CVE-2024-26645, CVE-2024-26715, CVE-2024-27028,CVE-2024-26809, CVE-2024-26880, CVE-2024-27432, CVE-2024-27065,CVE-2024-26717, CVE-2023-52616, CVE-2024-26748, CVE-2024-26795,CVE-2024-26671, CVE-2024-26743, CVE-2024-27412, CVE-2024-26802,CVE-2024-26733, CVE-2024-26736, CVE-2023-52618, CVE-2024-27046,CVE-2024-26688, CVE-2024-26679, CVE-2024-26769, CVE-2024-27051,CVE-2024-26603, CVE-2024-26744, CVE-2023-52434, CVE-2024-26697,CVE-2024-27075, CVE-2023-52583, CVE-2024-26583, CVE-2024-27403,CVE-2024-26907, CVE-2024-26636, CVE-2024-27410, CVE-2023-52530,CVE-2024-26840, CVE-2024-26851, CVE-2024-26862, CVE-2023-52640,CVE-2024-35829, CVE-2024-26906, CVE-2024-26777, CVE-2024-27419,CVE-2024-26664, CVE-2024-26627, CVE-2024-26859, CVE-2023-52486,CVE-2023-52652, CVE-2024-26835, CVE-2024-35844, CVE-2024-26702,CVE-2024-26635, CVE-2024-26704, CVE-2023-52633, CVE-2024-26816,CVE-2024-26894, CVE-2024-26778, CVE-2023-52599, CVE-2024-35828,CVE-2024-26776, CVE-2023-52493, CVE-2024-26845, CVE-2024-26594,CVE-2024-26885, CVE-2024-26829, CVE-2023-52645, CVE-2024-26695,CVE-2023-52615, CVE-2024-26651, CVE-2024-26843, CVE-2023-52606,CVE-2024-26675, CVE-2024-26874, CVE-2024-26883, CVE-2024-26772,CVE-2024-26673, CVE-2024-26737, CVE-2023-52631, CVE-2024-26640,CVE-2023-52598, CVE-2024-26735, CVE-2024-26895, CVE-2024-26592,CVE-2023-52492, CVE-2024-26861, CVE-2023-52644, CVE-2024-26920,CVE-2024-26877, CVE-2024-26863, CVE-2024-26720, CVE-2024-26722,CVE-2024-27045, CVE-2024-27038, CVE-2024-26763, CVE-2024-26833,CVE-2024-27417, CVE-2024-26916, CVE-2024-26857, CVE-2024-26875,CVE-2024-26606, CVE-2024-27024, CVE-2024-26615, CVE-2023-52614,CVE-2023-52641, CVE-2024-26600, CVE-2024-27043, CVE-2023-52635,CVE-2024-26787, CVE-2024-26622, CVE-2024-27413, CVE-2024-26791,CVE-2023-52622, CVE-2023-52491, CVE-2023-52604, CVE-2024-27037,CVE-2024-26881, CVE-2024-26754, CVE-2024-26659, CVE-2024-26663,CVE-2024-26747, CVE-2023-52602, CVE-2024-26712, CVE-2024-26839,CVE-2024-26749, CVE-2024-26764, CVE-2024-26820, CVE-2024-26882,CVE-2024-27039, CVE-2024-27078, CVE-2024-26889, CVE-2024-26870,CVE-2024-26788, CVE-2024-26602, CVE-2024-26903, CVE-2024-27044,CVE-2024-27073, CVE-2023-52601, CVE-2023-52595, CVE-2024-26707,CVE-2024-27415, CVE-2023-52637, CVE-2024-26660, CVE-2024-27414,CVE-2024-27054, CVE-2023-52497, CVE-2024-26801, CVE-2023-52435,CVE-2023-52620, CVE-2023-52627, CVE-2024-26698, CVE-2023-52597,CVE-2024-27077, CVE-2023-52650, CVE-2024-26750, CVE-2024-26852,CVE-2024-27053, CVE-2023-52656, CVE-2024-26625, CVE-2024-26779,CVE-2024-27431, CVE-2024-26751, CVE-2024-26684, CVE-2024-26803,CVE-2024-26593, CVE-2023-52642, CVE-2023-52447, CVE-2024-26790,CVE-2024-26825, CVE-2024-26668, CVE-2023-52607, CVE-2024-26872,CVE-2024-27030, CVE-2023-52643, CVE-2024-26901, CVE-2024-35830,CVE-2024-26855, CVE-2023-52588, CVE-2023-52587, CVE-2024-26891,CVE-2024-26644, CVE-2024-26884, CVE-2024-26793, CVE-2024-26805,CVE-2024-26584, CVE-2024-27405, CVE-2023-52623, CVE-2024-26608,CVE-2024-26878, CVE-2024-27388, CVE-2024-27416, CVE-2024-26685,CVE-2024-27034, CVE-2024-26879, CVE-2024-26614, CVE-2024-26792,CVE-2023-52617, CVE-2024-26773, CVE-2024-26665, CVE-2024-26641,CVE-2023-52619, CVE-2024-35811, CVE-2024-27052, CVE-2024-27076,CVE-2024-26838, CVE-2024-26808, CVE-2024-26696, CVE-2024-26676,CVE-2024-26689, CVE-2024-26774, CVE-2024-26601, CVE-2023-52498,CVE-2024-27436)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS   linux-image-5.15.0-1058-intel-iotg  5.15.0-1058.64~20.04.1   linux-image-intel               5.15.0.1058.64~20.04.1   linux-image-intel-iotg          5.15.0.1058.64~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6828-1   CVE-2023-47233, CVE-2023-52434, CVE-2023-52435, CVE-2023-52447,   CVE-2023-52486, CVE-2023-52489, CVE-2023-52491, CVE-2023-52492,   CVE-2023-52493, CVE-2023-52494, CVE-2023-52497, CVE-2023-52498,   CVE-2023-52530, CVE-2023-52583, CVE-2023-52587, CVE-2023-52588,   CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598,   CVE-2023-52599, CVE-2023-52601, CVE-2023-52602, CVE-2023-52604,   CVE-2023-52606, CVE-2023-52607, CVE-2023-52608, CVE-2023-52614,   CVE-2023-52615, CVE-2023-52616, CVE-2023-52617, CVE-2023-52618,   CVE-2023-52619, CVE-2023-52620, CVE-2023-52622, CVE-2023-52623,   CVE-2023-52627, CVE-2023-52631, CVE-2023-52633, CVE-2023-52635,   CVE-2023-52637, CVE-2023-52638, CVE-2023-52640, CVE-2023-52641,   CVE-2023-52642, CVE-2023-52643, CVE-2023-52644, CVE-2023-52645,   CVE-2023-52650, CVE-2023-52652, CVE-2023-52656, CVE-2023-52662,   CVE-2023-6270, CVE-2023-7042, CVE-2024-0841, CVE-2024-1151,   CVE-2024-2201, CVE-2024-22099, CVE-2024-23849, CVE-2024-26583,   CVE-2024-26584, CVE-2024-26585, CVE-2024-26592, CVE-2024-26593,   CVE-2024-26594, CVE-2024-26600, CVE-2024-26601, CVE-2024-26602,   CVE-2024-26603, CVE-2024-26606, CVE-2024-26608, CVE-2024-26610,   CVE-2024-26614, CVE-2024-26615, CVE-2024-26622, CVE-2024-26625,   CVE-2024-26627, CVE-2024-26635, CVE-2024-26636, CVE-2024-26640,   CVE-2024-26641, CVE-2024-26644, CVE-2024-26645, CVE-2024-26651,   CVE-2024-26659, CVE-2024-26660, CVE-2024-26663, CVE-2024-26664,   CVE-2024-26665, CVE-2024-26668, CVE-2024-26671, CVE-2024-26673,   CVE-2024-26675, CVE-2024-26676, CVE-2024-26679, CVE-2024-26684,   CVE-2024-26685, CVE-2024-26688, CVE-2024-26689, CVE-2024-26695,   CVE-2024-26696, CVE-2024-26697, CVE-2024-26698, CVE-2024-26702,   CVE-2024-26704, CVE-2024-26707, CVE-2024-26712, CVE-2024-26715,   CVE-2024-26717, CVE-2024-26720, CVE-2024-26722, CVE-2024-26733,   CVE-2024-26735, CVE-2024-26736, CVE-2024-26737, CVE-2024-26743,   CVE-2024-26744, CVE-2024-26747, CVE-2024-26748, CVE-2024-26749,   CVE-2024-26750, CVE-2024-26751, CVE-2024-26752, CVE-2024-26754,   CVE-2024-26763, CVE-2024-26764, CVE-2024-26766, CVE-2024-26769,   CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26774,   CVE-2024-26776, CVE-2024-26777, CVE-2024-26778, CVE-2024-26779,   CVE-2024-26782, CVE-2024-26787, CVE-2024-26788, CVE-2024-26790,   CVE-2024-26791, CVE-2024-26792, CVE-2024-26793, CVE-2024-26795,   CVE-2024-26798, CVE-2024-26801, CVE-2024-26802, CVE-2024-26803,   CVE-2024-26804, CVE-2024-26805, CVE-2024-26808, CVE-2024-26809,   CVE-2024-26816, CVE-2024-26820, CVE-2024-26825, CVE-2024-26826,   CVE-2024-26829, CVE-2024-26833, CVE-2024-26835, CVE-2024-26838,   CVE-2024-26839, CVE-2024-26840, CVE-2024-26843, CVE-2024-26845,   CVE-2024-26846, CVE-2024-26851, CVE-2024-26852, CVE-2024-26855,   CVE-2024-26856, CVE-2024-26857, CVE-2024-26859, CVE-2024-26861,   CVE-2024-26862, CVE-2024-26863, CVE-2024-26870, CVE-2024-26872,   CVE-2024-26874, CVE-2024-26875, CVE-2024-26877, CVE-2024-26878,   CVE-2024-26879, CVE-2024-26880, CVE-2024-26881, CVE-2024-26882,   CVE-2024-26883, CVE-2024-26884, CVE-2024-26885, CVE-2024-26889,   CVE-2024-26891, CVE-2024-26894, CVE-2024-26895, CVE-2024-26897,   CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26906,   CVE-2024-26907, CVE-2024-26910, CVE-2024-26915, CVE-2024-26916,   CVE-2024-26920, CVE-2024-27024, CVE-2024-27028, CVE-2024-27030,   CVE-2024-27034, CVE-2024-27037, CVE-2024-27038, CVE-2024-27039,   CVE-2024-27043, CVE-2024-27044, CVE-2024-27045, CVE-2024-27046,   CVE-2024-27047, CVE-2024-27051, CVE-2024-27052, CVE-2024-27053,   CVE-2024-27054, CVE-2024-27065, CVE-2024-27073, CVE-2024-27074,   CVE-2024-27075, CVE-2024-27076, CVE-2024-27077, CVE-2024-27078,   CVE-2024-27388, CVE-2024-27390, CVE-2024-27403, CVE-2024-27405,   CVE-2024-27410, CVE-2024-27412, CVE-2024-27413, CVE-2024-27414,   CVE-2024-27415, CVE-2024-27416, CVE-2024-27417, CVE-2024-27419,   CVE-2024-27431, CVE-2024-27432, CVE-2024-27436, CVE-2024-35811,   CVE-2024-35828, CVE-2024-35829, CVE-2024-35830, CVE-2024-35844,   CVE-2024-35845Package Information: https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1058.64~20.04.1

Ubuntu Security Notice USN-6828-1

Cybersecurity firm Recorded Future counted 44 health-care-related incidents in the month after Change Healthcare’s payment came to light—the most it’s ever seen in a single month.

In fact, ransomware attacks on health care targets were on the rise even before the Change Healthcare attack, which crippled the United Healthcare subsidiary's ability to process insurance payments on behalf of its health care provider clients starting in February of this year. Recorded Future's Liska points out that every month of 2024 has seen more health care ransomware attacks than the same month in any previous year that he's tracked. (While this May's 32 health care attacks is lower than May 2023's 33, Liska says he expects the more recent number to rise as other incidents continue to come to light.)

Yet Liska still points to the April spike visible in Recorded Future's data in particular as a likely follow-on effect of Change's debacle—not only the outsize ransom that Change paid to AlphV, but also the highly visible disruption that the attack caused. “Because these attacks are so impactful, other ransomware groups see an opportunity,” Liska says. He also notes that health care ransomware attacks have continued to grow even compared to overall ransomware incidents, which stayed relatively flat or fell overall: The first four months of this year, for instance, saw 1,153 incidents compared to 1,179 in the same period of 2023.

When WIRED reached out to United Healthcare for comment, a spokesperson for the company pointed to the overall rise in health care ransomware attacks beginning in 2022, suggesting that the overall trend predated Change's incident. The spokesperson also quoted from testimony United Healthcare CEO Andrew Witty gave in a congressional hearing about the Change Healthcare ransomware attack last month. “As we have addressed the many challenges in responding to this attack, including dealing with the demand for ransom, I have been guided by the overriding priority to do everything possible to protect peoples’ personal health information,” Witty told the hearing. "As chief executive officer, the decision to pay a ransom was mine. This was one of the hardest decisions I’ve ever had to make. And I wouldn’t wish it on anyone.”

Change Healthcare's deeply messy ransomware situation was complicated further—and made even more attention-grabbing for the ransomware hacker underworld—by the fact that AlphV appears to have taken Change's $22 million extortion fee and jilted its hacker partners, disappearing without giving those affiliates their cut of the profits. That led to a highly unusual situation where the affiliates then offered the data to a different group, RansomHub, which demanded a second ransom from Change while threatening to leak the data on its dark web site.

That second extortion threat later inexplicably disappeared from RansomHub's site. United Healthcare has declined to answer WIRED's questions about that second incident or to answer whether it paid a second ransom.

Many ransomware hackers nonetheless widely believe that Change Healthcare actually paid two ransoms, says Jon DiMaggio, a security researcher with cybersecurity firm Analyst1 who frequently talks to members of ransomware gangs to gather intelligence. “Everyone was talking about the double ransom,” DiMaggio says. “If the people I’m talking to are excited about this, it’s not a leap to think that other hackers are as well.”

The noise that situation created, as well as the scale of disruption to health care providers from Change Healthcare's downtime and its hefty ransom, served as the perfect advertisement for the lucrative potential of hacking fragile, high-stakes health care victims, DiMaggio says. “Health care has always had so much to lose, it’s just something the adversary has realized now because of Change,” he says. “They just had so much leverage.”

As those attacks snowball—and some health care victims have likely forked over their own ransoms to control the damage to their life-saving systems—the attacks aren't likely to stop. “It’s always looked like an easy target,” DiMaggio notes. “Now it looks like an easy target that’s willing to pay.”

_Updated 6/12/24 9:35am ET: This story has been updated to reflect that ransomware incident totals comprise the fist four months of the year, not just April._

Medical-Targeted Ransomware Is Breaking Records After Change Healthcare’s $22M Payout

Lacework has been looking for a buyer for some time. The deal gives Fortinet a boost in the cloud security space.

Fortinet announced Monday its plans to acquire cloud security firm Lacework to enhance its secure access service edge (SASE) offerings with cloud-native security services.

Lacework integrates cloud-native application protection platform services to safeguard what's happening inside the cloud infrastructure. The data-powered cloud security platform collects and analyzes data from across cloud environments so that customers can manage and secure their cloud workflows. The platform identifies and shares details about abnormal or unexpected activities that could indicate a security problem. Lacework offers artificial intelligence and machine-learning technology, data collection capabilities, a data lake, and code security tools, wrote John Maddison, chief marketing officer at Fortinet, in a blog post announcing the acquisition.

Fortinet plans to integrate capabilities from Lacework's cloud-native application protection platform into its SASE portfolio. According to Maddison, combining Lacework with Fortinet's firewall and Web application and API protection (WAAP) capabilities will allow customers to protect what's happening inside the cloud application, as well as what's happening between the application and outside the network.

Back in 2021, Lacework was valued at $8.3 billion. Earlier this year, there were reports that Wiz was in talks with Lacework for a small fraction of the company's valuation. The terms of Fortinet's deal, expected to be completed in the second half of the year, were not disclosed.

**About the Author(s)**

Fortinet Plans to Acquire Lacework

PRESS RELEASE

PARAMUS, NJ – JUNE 11, 2024  – Checkmarx, the industry leader in cloud-native application security for the enterprise, has released Checkmarx Application Security Posture Management (ASPM) and Cloud Insights to provide organizations with unmatched visibility into their application security posture stretching from code to cloud. Available on the Checkmarx One AppSec platform, ASPM and Cloud Insights empower enterprises developing cloud-native applications to dramatically reduce application and business risk by delivering end-to-end insights into their application security posture, helping them better correlate, prioritize and triage remediation efforts.

“Developers and AppSec teams are looking to consolidate the vulnerabilities and insights they get from security scanners and tools so they can identify and work on what are truly the most important to remediate in order to prevent issues in cloud runtime.  With the increase in complexity inherent with cloud-native applications, and the various solutions required to detect vulnerabilities in every aspect of the applications, development and application security teams are simply lost,” said Kobi Tzruya, Chief Product Officer at Checkmarx. “Checkmarx Cloud Insights revolutionizes the way that teams approach application security by bringing runtime context back into the development life cycle, where Checkmarx helps them prioritize. Now developers can focus on what matters most, allowing them to make the most effective remediation efforts in less time.”

Checkmarx ASPM correlates and prioritizes security signals from every application security solution in the enterprise development environment, to improve visibility, reduce risk, and better manage overall application security posture. ASPM is built on Checkmarx’ award-winning Fusion correlation engine and Application Risk Management, which already extracted unique insights from our consolidated AppSec platform, such as identifying reachable vulnerabilities. It now adds a new capability to Bring Your Own Results (BYOR) to expand coverage beyond Checkmarx’ award-winning solutions by importing SARIF and OSCF results from any third-party solution, including those from Checkmarx partners such as Zimperium, Onapsis and others.

With Checkmarx Cloud Insights, developers and AppSec leaders benefit from:

*   Correlation and integration of Checkmarx data with data from cloud service providers (CSPs) and cloud-native application protection platforms (CNAPP).
    
*   New ways to prioritize remediation, including through open-source libraries called in the runtime environment (via integration with Sysdig) and by internet-facing network exposure when deployed in the cloud environment (through partnerships with Wiz and Amazon Web Services.) The information is integrated within Checkmarx Application Risk Management.
    
*   The ability to track remediation of a vulnerability through the software development life cycle (SDLC) by way of the attack path. For example, if a vulnerability is found in a running application, Cloud Insights:
    
    *   Identifies the repository and the developer to speed the process of remediation
        
    *   Pinpoints the container image to verify that the fix is reflected there
        
    *   Lists the running container clusters to enable verification that the running application was rebooted with fixed images and is no longer in the running environment.
        
    
*   Improved developer experience with the delivery of prioritized risk intelligence that focuses developers on remediating vulnerabilities that are most critical, are most at risk of exploitation or represent the greatest risk.
    

 “Checkmarx One is the leading enterprise application security platform. By opening it to third-party results, our joint customers can easily extend their coverage and get a unified view within Checkmarx ASPM. We’re excited to partner with Checkmarx, which brings Zimperium’s leading mobile security threat insights directly into the Checkmarx Application Security Posture Management (ASPM) platform,” said Nitin Bhatia, Chief Strategy Officer at Zimperium. “This collaboration empowers an organization to manage and secure their entire mobile application landscape more effectively, ensuring comprehensive protection against emerging threats.”

For more information on the Checkmarx One platform, ASPM and Cloud Insights, visit this page.

**About Checkmarx**

Checkmarx has been trusted by enterprises worldwide to secure their application development from code to cloud. Our consolidated platform and services balance the dynamic needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it’s not just about finding risk, but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders. We are honored to serve more than 1,800 customers, including 40 percent of all Fortune 100 companies.

Follow Checkmarx on LinkedIn, YouTube, and Twitter/X.

You May Also Like

Checkmarx Application Security Posture Management and Cloud Insights Offer Enterprises Code-to-Cloud Visibility

PRESS RELEASE

WASHINGTON, D.C. – June 6, 2024 – DNSFilter announced today that it has hired TK Keanini as Chief Technology Officer (CTO). In his new role, Keanini will lead product management, customer experience, engineering, and security intelligence toward ongoing innovation and growth, focusing on customer needs and feedback to determine product direction.

Keanini brings to his new role more than 30 years of experience in network security. Prior to joining DNSFilter, he was the Vice President of security architecture and CTO of Cisco Secure. During his time there, he led Cisco’s Encrypted Traffic Analytics security solution, where he saw revolutionary potential in the ability to gain insights through existing network telemetry. He has also held leadership roles at security startups Lancope and nCircle Network Security, as well as at Morgan Stanley Dean Witter Online. 

Keanini is driven by a goal to do right by his customers and ensure their voice is present in product decisions. He brings this passion to DNSFilter, where he will build on the company’s commitment to customer experience in everything it does. 

TK Keanini, CTO, DNSFilter, said: “Cybersecurity companies that grow and succeed long-term have a few consistent properties. First, these solutions have an inherently simple design. Second, the layer protected is one critical (not optional) to both businesses and adversaries alike. And third, these solutions intercept as early in the lifecycle as possible, often the first to detect and respond to a threat. DNSFilter has all three of these properties, and I knew I wanted to join a company where I saw the potential for scale and success.”

Ken Carnesi, CEO and co-founder, DNSFilter, said: ‘We are thrilled to welcome TK to our team. A great CTO bridges the gap between technical innovation and business strategy, ensuring technology drives success. TK brings decades of experience and a passion for his work. He views engineers and developers as creative artists and aims to harness their inventiveness to go beyond the industry standard. With TK on board, we are enhancing our focus on security and driving innovation. Together, we will deliver features that excite our customers and strengthen our position as a key player within the cybersecurity landscape.”

About the company

DNSFilter is redefining how organizations secure their largest threat vector: the Internet itself. DNSFilter is making the internet safer and workplaces more productive, by actively blocking an average of 12M threat queries every single day. With 79% of attacks using Domain Name System (DNS), DNSFilter provides the world’s fastest protective DNS powered by machine learning that uniquely identifies 61% more threats than competitors on an average of ten days earlier, including zero-day attacks.

Over 35 million monthly users trust DNSFilter to protect them from phishing, malware, and advanced cyber threats. DNSFilter’s brands include Webshrinker, its next generation web categorization software, and Guardian, a consumer app focused on privacy protection.

DNSFilter Welcomes Cisco Veteran TK Keanini As CTO

PRESS RELEASE

Darktrace, a global leader in cybersecurity AI, today announces the launch of its new service offering, Darktrace Managed Detection & Response (MDR). The service combines its best-in-class detection and response capabilities spanning across the enterprise, with the expertise of its global analyst team. This powerful combination augments internal security teams with AI-powered threat containment and expert alert management across Darktrace environments, allowing them to focus resources on more strategic security efforts, like improving cyber resilience.

Over 40% of security leaders cite enhancing and optimizing technology and processes in the security operations center (SOC) as a top priority for improving defenses against the rise of AI powered threats according to the Darktrace State of AI Cybersecurity 2024 report. As a leader in applying AI to the challenge of cybersecurity, Darktrace has transformed security operations for thousands of customers for more than a decade. Building upon this expertise Darktrace introduced its MDR service in March 2024, empowering customers to maximize the benefits of effective human-AI collaboration. The service offers customers expanded hands-on analyst support with 24/7 managed detection and response, featuring SOC investigation and action on Darktrace alerts, across network, cloud, operational technology (OT), endpoints and software-as-a-service (SaaS) applications.

With MDR, Darktrace’s SOC team will monitor customer environments for high priority alerts indicative of an attack, conduct investigations to alert customers of potentially severe incidents and begin initial triage with human engagement on the AI’s actions. The SOC will carefully review the response measures the autonomous AI has taken and subsequently take proactive steps on behalf of the customer to contain threats, which may include extending or escalating response actions. By doing so, the SOC buys valuable time for internal teams to prepare for engagement while also gathering essential context for effective remediation efforts.

Darktrace’s existing global SOC team comprised of 100+ world-class cybersecurity analysts support the service, offering a breadth of real-time knowledge, threat analysis and containment expertise, and extensive field experience. Darktrace’s SOC offers 24/7 support, utilizing a follow-the-sun model with operations headquartered in the United Kingdom, United States and Singapore, to ensure analysts are available and ready to support around-the-clock.

The service builds upon Darktrace’s leadership and expertise with best-in-class detection and response capabilities. The Darktrace ActiveAI Security Platform utilizes its unique self-learning AI engine to detect known, unknown, and novel threats in real-time and provide an autonomous response to contain active threats without disrupting business operations. However, high-priority threats often require humans to engage and make decisions following the initial containment. Darktrace Managed Detection & Response now enables the Darktrace SOC to immediately step in, conduct the initial triage, and gather context for internal teams, buying them added time to coordinate an effective response to remove the threat. Additional features and benefits of Darktrace Managed Detection & Response include:

*   Expansive coverage across network, cloud, OT, endpoints, or SaaS applications offering one of the broadest vendor MDR services available today.
    
*   Unlimited access to Darktrace’s analyst team providing 24/7 support for expert assistance during live threat investigations or even day-to-day operations.
    
*   Semi-annual operational efficiency reports featuring consultancy insight with objectives and recommendations for optimizing and tuning deployments for maximum operational efficiency, and suggestions on improving overall cybersecurity hygiene.
    
*   Quarterly analyst MDR reviews ensuring deployments are reaching their full potential, with tailored advice on streamlining workflows, model optimization and custom use cases.
    
*   Regular MDR service reports summarizing all alerts raised as well as those resolved by Darktrace’s SOC for full transparency of service.
    

> “As cyberthreats become more sophisticated and frequent, organizations are looking for ways to help improve their security outcomes without adding to their team’s existing workloads,” said Denise Walter, Chief Revenue Officer, Darktrace. “Our AI-powered MDR service gives our customers added peace of mind that a Darktrace human expert is monitoring their environment 24/7 to keep them protected. Darktrace Managed Detection & Response brings not only the power of our technology, but the power of our people directly into our customers’ environments.”

Darktrace Managed Detection & Response is available now to customers using Darktrace DETECT™ and RESPOND™, across Network, Cloud, OT, Endpoints, or SaaS applications. Darktrace partners can re-sell the service, helping to deliver added value for customers with a complementary offering for their existing portfolio.

> “At Grove, we are excited to partner with Darktrace to offer their Managed Detection & Response (MDR) service to our clients. This collaboration seamlessly integrates our services and together, Darktrace's MDR service and our dSOC service, offer unparalleled security through skilled analysis and consistent oversight," said James Vintin, CEO at Grove Group, a global partner, reseller and distributor focused on defending customers with advanced cybersecurity solutions. “Combining Darktrace's 24/7 AI-driven threat containment and immediate intervention with Grove's proactive daily analysis, Indicator of Compromise reports, and continuous customer interaction ensures that potential threats are promptly identified and addressed. Our partnership enhances our clients' overall security posture and delivers the best of both worlds: immediate and long-term protection against evolving cyber threats.”

To learn more about Darktrace Managed Detection & Response, register for the upcoming webinar on June 6th at 2pm BST, 3pm AEST, or 3pm ET. 

ABOUT DARKTRACE

Darktrace (DARK.L), a global leader in cybersecurity artificial intelligence, is on a mission to free the world from cyber disruption. Breakthrough innovations from our R&D teams in Cambridge, UK, and The Hague, Netherlands have resulted in over 175 patent applications filed. Rather than study historic attacks, Darktrace's technology continuously learns and updates its knowledge of your business data and applies that understanding to help transform security operations to a state of proactive cyber resilience. The Darktrace ActiveAI Security Platform™ provides a full lifecycle approach to cyber resilience that can autonomously spot and respond to known and unknown in progress threats within seconds across the entire organization, including cloud, apps, email, endpoint, network and operational technology (OT). Darktrace, which listed on the London Stock Exchange in 2021, employs over 2,300 people around the world and protects over 9,400 customers globally from advanced cyber threats. To learn more, visit https://darktrace.com/.

Darktrace Launches Managed Detection &amp; Response Service to Bolster Security Operations

The fresh-baked malware is being widely distributed, but still specifically targets individuals with tailored lures. It's poised to evolve into a bigger threat, researchers warn.

Source: Weyo via Alamy Stock Photo

A purpose-built Windows backdoor appears to be the new flavor of the month for giving attackers entry into targeted systems; after initial access, they pivot to ransomware delivery and system compromise in a wave of recent attacks.

Dubbed WarmCookie by researchers at Elastic Security Labs, the backdoor has been distributed widely in a spate of phishing emails starting in late April by a campaign called REF6127. It uses recruitment and potential jobs as lures, the researchers revealed in a blog post today.

While the malware itself isn't particularly sophisticated — it's mainly an initial backdoor tool for scouting out victim networks and deploying additional payloads — "it shouldn't be taken lightly as it's actively being used and impacting organizations at a global scale," Daniel Stepanic, Elastic Security principal security research engineer, wrote in the post.

The backdoor's code overlaps with a sample that was previously reported by eSentire, suggesting that WarmCookie may be an update to malware that already was in circulation since 2022. However, the latest version of the backdoor represents a different, more pervasive threat, Stepanic noted.

"While some features are similar, such as the implementation of string obfuscation, WarmCookie contains differing functionality," he wrote. "Our team is seeing this threat distributed daily with the use of recruiting and job themes targeting individuals.

**Targeting Specific Appetites**

Phishing lures that use job recruitment are a common theme for attackers, which have found success previously in targeting various professionals with fake promises of new employment positions. North Korean APT Lazarus is among attackers that has been particularly active with this tactic.

The emails in the REF6127 campaign put a twist on this with lures that are specific to the individuals that the attackers are targeting, the researchers said. Indeed, the campaign uses info about targets' current employers attempt to lure them with a type of position that might pique their interest, "enticing victims to pursue new job opportunities by clicking a link to an internal system to view a job description," Stepanic wrote.

In terms of the infection routine, one screenshot included in the post shows a message telling the recipient there is an "exciting opportunity" in the form of a new position open with one of the recruiter's clients. The message includes a "View Position Details" link which eventually leads to the process for deploying WarmCookie.

If a target clicks on the link, it goes to a landing page that looks like a legitimate page specifically targeted for the intended victim using his or her name, and that prompts the user to download a document by solving a CAPTCHA challenge. The landing pages used in the campaign resemble previous campaigns discovered by Google Cloud's security team in a campaign used to spread a new variant of the URSNIF malware, Stepanic noted.

Solving the CAPTCHA challenge downloads an obfuscated JavaScript file that runs PowerShell, kicking off the first task to load WarmCookie. The PowerShell script abuses the Background Intelligent Transfer Service (BITS) to download the malware and run the DLL with the Start export.

To keep defenders on their toes, attackers continuously generate new landing pages rapidly on IP address 45.9.74\[.\]135, targeting different recruiting firms in combination with keywords related to the job search industry with their malicious activity. Moreover, before hitting each landing page, "the adversary distances itself by using compromised infrastructure to host the initial phishing URL, which redirects the different landing pages," Stepanic noted.

**How the Cookie Crumbles**

WarmCookie is a two-stage "lightweight backdoor" that ultimately provides "relatively straightforward" functionality — such as retrieving victim info and screenshot recording — for monitoring victims and further deploying more damaging payloads, such as ransomware, according to the post.

In the first stage, which occurs after the PowerShell download of the malware, the backdoor sets itself up to run with System privileges from the Task Scheduler Engine. "A critical part of the infection chain comes from the scheduled task, which is set up at the very beginning of the infection," Stepanic noted. "The task name (RtlUpd) is scheduled to run every 10 minutes every day."

The malware's second stage contains the backdoor's core functionality and is one in which the DLL is combined with the command line (Start /p) to set execution in motion.

Along the way, WarmCookie uses several tactics to avoid detection. One is to protect its strings using a custom string decryption algorithm in which "the first four bytes of each encrypted string in the .rdata section represent the size, the next four-bytes represent the RC4 key, and the remaining bytes represent the string," Stephanic wrote. Developers also made the "interesting" choice not always to rotate the RC4 key between the encrypted strings.

WarmCookie also uses dynamic API loading to prevent static analysis from identifying its core functionality, and includes a few anti-analysis checks commonly used to target sandboxes "based on logic for checking the active number of CPU processors and physical/virtual memory values," he added.

**Evolving Recipes for Malware**

Elastic is urging organizations to be on the lookout for WarmCookie, which will likely evolve over time as its developers enhance it with advanced functionality.

"Our team believes this malware represents a formidable threat that provides the capability to access target environments and push additional types of malware down to victims," Stepanic wrote.

The post includes a screenshot of YARA rules that organizations use to identify the presence of WarmCookie in an environment. Elastic also specifically addresses various behavior of the backdoor — including its Powershell download and execution and Scheduled Task creation — to provide insight on how to detect this activity on an organization's network.

**About the Author(s)**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Tag

#intel