Welcome to this week’s edition of the Threat Source newsletter.
I’m fascinated by how things live and die on the internet. Things that are ubiquitous to our daily lives are simply gone the next. LiveJournal and Myspace we hardly knew you. Elon Musk’s purchase

Thursday, November 3, 2022 16:11

Welcome to this week’s edition of the Threat Source newsletter.

I’m fascinated by how things live and die on the internet. Things that are ubiquitous to our daily lives are simply gone the next. LiveJournal and Myspace we hardly knew you. Elon Musk’s purchase of Twitter and the subsequent exodus led me down the nostalgic path of thinking about how times change and platforms change but things largely remain the same. Until now. We’ve grown as an entire internet community and we remember the pain of moving from app to app and site to site. Many top infosec follows have deactivated their accounts while others are weighing when and if they will leave. Several have moved to decentralized solutions like mastodon.social which saw an uptick of more than 70,000 new users in a single day after the purchase was official. In theory Mastadon can’t be controlled by a single person or entity and to me it feels like this is the next step in our path as an internet community. Will it catch on and be the answer to all of our needs? Doubtful. It is a step in the evolution of the internet and I’m very interested to see what the next adaptation brings.

**The one big thing**

Cisco Talos Incident Response recently released their Quarterly Report highlighting the ransomware and pre-ransomware engagements, making up nearly 40 percent of threats this quarter. This quarter saw ongoing Qakbot, Hive, and Vice Society activity as well as the emergence of Black Basta, which first surfaced in April 2022. Adversaries continue to leverage not only LoLBins but a variety of publicly available tools and scripts hosted on GitHub repositories or free to download from third-party websites to support operations across multiple stages of the attack lifecycle. Defenders continue to struggle with MFA rollouts, as lack of MFA remains one of the biggest impediments to enterprise security. Nearly 18 percent of engagements either had no MFA or only had it enabled on a handful of accounts and critical services.

**Why do I care?**

Understanding the current tools and trends used by attackers, as well as understanding the vulnerabilities that are targeted are intrinsic to good security posture. Knowing your environment is step one. Understanding that same environment from the view of the attacker is the next step. Per the report “In nearly 15 percent of engagements this quarter, adversaries identified and/or exploited misconfigured public-facing applications by conducting SQL injection attacks against external websites, exploiting Log4Shell in vulnerable versions of VMware Horizon, and targeting misconfigured and/or publicly exposed servers.”

**So now what?**

Ensuring that you know your environment and are covering the base of the security pyramid well is critical. Patch, self-assess, and follow trusted threat intelligence sources. Talos IR recommends disabling VPN access for all accounts that are not using two-factor authentication and to disable or delete inactive accounts from Active Directory to prevent suspicious activity.

For the OpenSSL vulnerability we strongly recommend users mitigate affected OpenSSL systems as soon as possible by upgrading to version 3.0.7. Talos has released coverage across the device portfolio including Snort Rules: 60790, 300306-300307 to protect against exploitation of CVE-2022-3602 and ClamAV signature, Multios.Exploit.CVE\_2022\_3602-9976476-0, to detect malware artifacts related to this threat.

**Top security headlines of the week**

Security researchers were once again falsely implied by a ransomware gang in an effort to indicate their involvement. This time around Azov implicated BleepingComputer, Hasherazade, MalwareHunterTeam, Michael Gillespie, Lawrence Abrams, and Vitali Kremez, urging infected users to contact them via their accounts on Twitter to recover files.

Dropbox was the target of a recent phishing campaign that led to attackers gaining access to code stored in Github and copying 130 code repositories, including third-party libraries, internal software projects, and a few tools and configuration files maintained by the Dropbox security team. The attackers didn't gain access to any user content, passwords, or payment information. The Dropbox security team released a report detailing how they handled the incident.

**Can't get enough Talos?**

*   https://blog.talosintelligence.com/researcher-spotlight-how-azim-khodjibaev-went-from-hunting-real-world-threats-to-threats-on-the-dark-web/
*   https://blog.talosintelligence.com/quarterly-report-incident-response-trends-in-q3-2022/
*   https://blog.talosintelligence.com/openssl-vulnerability/
*   https://youtu.be/KhG6RUZgMas

**Upcoming events where you can find Talos**

BSides Lisbon (Nov. 10 - 11)  
Cidade Universitária, Lisboa, Portugal

SIS(Security Intelligence Summit), 2022.ON (Nov. 29)  
Josun Palace, Seoul

**Most prevalent malware files from Talos telemetry over the past week**

SHA 256:  
9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
MD5: 2915b3f8b703eb744fc54c81f4a9c67f  
Typical Filename: VID001.exe  
Detection Name: Simple\_Custom\_Detection

  
SHA256:  
d5dc790f6f220cf7e42c6c1c9f5bc6e4443cb52d07bcdef24a6bf457153c1d86  
MD5: 69fbf6849d935432bac8b04bdb00fd68  
Typical Filename: KMSAuto++.exe  
Detection Name: W32.File.MalParent

SHA256:  
e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934  
MD5: 93fefc3e88ffb78abb36365fa5cf857c  
Typical Filename: Wextract  
Claimed Product: Internet Explorer  
Detection Name: PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg

SHA 256:  
125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645  
MD5: 2c8ea737a232fd03ab80db672d50a17a  
Typical Filename: LwssPlayer.scr  
Claimed Product: 梦想之巅幻灯播放器  
Detection Name: Auto.125E12.241442.in02

SHA 256:  
00ab15b194cc1fc8e48e849ca9717c0700ef7ce2265511276f7015d7037d8725  
MD5: d47fa115154927113b05bd3c8a308201  
Typical Filename: outlook.exe  
Claimed Product: MS Outlook  
Detection Name: W32.00AB15B194-95.SBX.TG

Threat Source newsletter (Nov. 3, 2022): Mastadon, evolution, and LiveJournal oh my!

Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them.

**  
Zettlr \[_ˈset·lər_\]**

**A Markdown Editor for the 21st century**.

     

Homepage | Download | Documentation | Discord | Contributing | Support Us

With Zettlr, writing professional texts is easy and motivating: Whether you are a college student, a researcher, a journalist, or an author — Zettlr has the right tools for you. Watch the video or continue reading to see what they are!

Visit our Website.

**Features**

*   Available in over a dozen languages
*   Tight and ever-growing **integration with your favourite reference manager** (such as Zotero or JabRef)
*   **Cite with Zettlr** using citeproc and your existing literature database
*   Five **themes and dark mode support**
*   File-agnostic writing: Enjoy **full control over your own files**
*   Keep all your notes and texts **in one place** — searchable and accessible
*   **Code highlighting** for many languages
*   Simple and beautiful **exports** with Pandoc, LaTeX, and Textbundle
*   Support for state of the art knowledge management techniques (**Zettelkasten**)
*   A revolutionary **search algorithm** with integrated heatmap

… and the best is: **Zettlr is Open Source (FOSS)!**

**Installation**

To install Zettlr, just download the latest release for your operating system! Currently supported are macOS, Windows, and most Linux distributions (via Debian- and Fedora-packages as well as AppImages).

All other platforms that Electron supports are supported as well, but you will need to build the app yourself for this to work.

**Please also consider becoming a patron or making a one-time donation!**

**Getting Started**

After you have installed Zettlr, head over to our documentation to get to know Zettlr. Refer to the Quick Start Guide, if you prefer to use software heads-on.

**Contributing**

Zettlr is an Electron\-based app, so to start developing, you'll need to have:

1.  A NodeJS\-stack installed on your computer. Make sure it's at least Node 14 (lts/fermium). To test what version you have, run node -v.
2.  Yarn installed. Yarn is the required package manager for the project, as we do not commit package-lock.json\-files and many commands require yarn. You can install this globally using npm install -g yarn or Homebrew, if you are on macOS.

Then, simply clone the repository and install the dependencies on your local computer:

$ git clone https://github.com/Zettlr/Zettlr.git
$ cd Zettlr
$ yarn install --frozen-lockfile

The --frozen-lockfile flag ensures that yarn will stick to the versions as listed in the yarn.lock and not attempt to update them.

During development, hot module reloading is active so that you can edit the renderer's code easily and hit F5 after the changes have been compiled by electron-forge. You can keep the developer tools open to see when HMR has finished loading your changes.

**What Should I Know To Contribute Code?**

In order to provide code, you should have basic familiarity with the following topics and/or manuals (ordered by importance descending):

*   JavaScript (especially asynchronous code) and TypeScript
*   Node.js
*   Electron
*   Vue.js (2.x) and Vuex
*   CodeMirror (5.x)
*   ESLint
*   LESS
*   Webpack 5.x
*   Electron forge
*   Electron builder

> Note: See the "Directory Structure" section below to get an idea of how Zettlr specifically works.

**Development Commands**

This section lists all available commands that you can use during application development. These are defined within the package.json and can be run from the command line by prefixing them with yarn. Run them from within the base directory of the repository.

**start**

Starts electron-forge, which will build the application and launch it in development mode. This will use the normal settings, so if you use Zettlr on the same computer in production, it will use the same configuration files as the regular application. This means: be careful when breaking things. In that case, it's better to use test-gui.

**package**

Packages the application, but not bundle it into an installer. Without any suffix, this command will package the application for your current platform and architecture. To create specific packages (may require running on the corresponding platform), the following suffixes are available:

*   package:mac-x64 (Intel-based Macs)
*   package:mac-arm (Apple Silicon-based Macs)
*   package:win-x64 (Intel-based Windows)
*   package:win-arm (ARM-based Windows)
*   package:linux-x64 (Intel-based Linux)
*   package:linux-arm (ARM-based Linux)

The resulting application packages are stored in ./out.

> This command will skip typechecking to speed up builds, so be extra cautious.

**release:{platform-arch}**

Packages the application and then bundles it into an installer for the corresponding platform and architecture. To create such a bundle (may require running on the corresponding platform), one of the following values for {platform-arch} is required:

*   release:mac-x64 (Intel-based Macs)
*   release:mac-arm (Apple Silicon-based Macs)
*   release:win-x64 (Intel-based Windows)
*   release:win-arm (ARM-based Windows)
*   release:linux-x64 (Intel-based Linux)
*   release:linux-arm (ARM-based Linux)

The resulting setup bundles are stored in ./release.

> Please note that, while you can package directly for your platform without any suffix, for creating a release specifying the platform is required as electron-builder would otherwise include the development-dependencies in the app.asar, resulting in a bloated application.

**lang:refresh**

This downloads the four default translations of the application from Zettlr Translate, with which it is shipped by default. It places the files in the static/lang\-directory. Currently, the default languages are: German (Germany), English (USA), English (UK), and French (France).

> Please note, that this command is intended for an automated workflow that runs from time to time on the repository to perform this action. This means: Do **not** commit updated files to the repository. Instead, the updated files will be downloaded whenever you git fetch.

**csl:refresh**

This downloads the Citation Style Language (CSL) files with which the application is shipped, and places them in the static/csl-locales\- and static/csl-styles\-directories respectively.

> Please note, that this command is intended for an automated workflow that runs from time to time on the repository to perform this action. This means: Do **not** commit updated files to the repository. Instead, the updated files will be downloaded whenever you git fetch.

**lint**

This simply runs ESLint. Apps such as Atom or Visual Studio Code will automatically run ESLint in the background, but if you want to be extra-safe, make sure to run this command prior to submitting a Pull Request.

> This command will run automatically on each Pull Request to check your code for inconsistencies.

**reveal:build**

This re-compiles the source-files needed by the exporter for building reveal.js\-presentations. Due to the nature of how Pandoc creates such presentations, Zettlr needs to modify the output by Pandoc, which is why these files need to be pre-compiled.

> Please note, that this command is intended for an automated workflow that runs from time to time on the repository to perform this action. This means: Do **not** commit updated files to the repository. Instead, the updated files will be downloaded whenever you git fetch.

**test**

This runs the unit tests in the directory ./test. Make sure to run this command prior to submitting a Pull Request, as this will be run every time you commit to the PR, and this way you can make sure that your changes don't break any tests, making the whole PR-process easier.

**test-gui**

Use this command to carefree test any changes you make to the application. This command will start the application as if you ran yarn start, but will provide a custom configuration and a custom directory.

> This command will skip typechecking to speed up builds, so be extra cautious.

**The first time you start this command**, pass the --clean\-flag to copy a bunch of test-files to your ./resources\-directory, create a test-config.yml in your project root, and start the application with this clean configuration. Then, you can adapt the test-config.yml to your liking (so that certain settings which you would otherwise _always_ set will be pre-set without you having to open the preferences).

Whenever you want to reset the test directory to its initial state (or you removed the directory, or cloned the whole project anew), pass the flag --clean to the command in order to create or reset the directory. **This is also necessary if you changed something in test-config.yml**.

You can pass additional command-line switches such as --clear-cache to this command as well. They will be passed to the child process.

> Attention: Before first running the command, you **must** run it with the --clean\-flag to create the directory in the first place!

Additionally, have a look at our full development documentation.

**Directory Structure**

Zettlr is a mature app that has amassed hundreds of directories over the course of its development. Since it is hard to contribute to an application without any guidance, we have compiled a short description of the directories with how they interrelate.

    .
    ├── resources                      # Contains resource files
    │   ├── NSIS                       # Images for the Windows installer
    │   ├── icons                      # Icons used to build the application
    │   ├── screenshots                # The screenshots used in this README file
    ├── scripts                        # Scripts that are run by the CI and some YARN commands
    │   ├── assets                     # Asset files used by some scripts
    │   └── test-gui                   # Test files used by `yarn test-gui`
    ├── source                         # Contains the actual source code for the app
    │   ├── app                        # Contains service providers and the boot/shutdown routines
    │   ├── common                     # Common files used by several or all renderer processes
    │   │   ├── fonts                  # Contains the font files (note: location will likely change)
    │   │   ├── img                    # Currently unused image files
    │   │   ├── less                   # Contains the themes (note: location will likely change)
    │   │   ├── modules                # Contains renderer modules
    │   │   │   ├── markdown-editor    # The central CodeMirror markdown editor
    │   │   │   ├── preload            # Electron preload files
    │   │   │   └── window-register    # Run by every renderer during setup
    │   │   ├── util                   # A collection of utility functions
    │   │   └── vue                    # Contains Vue components used by the graphical interface
    │   ├── main                       # Contains code for the main process
    │   │   ├── assets                 # Static files (note: location will likely change)
    │   │   ├── commands               # Commands that perform user-actions, run from within zettlr.ts
    │   │   └── modules                # Main process modules
    │   │       ├── document-manager   # The document manager handles all open files
    │   │       ├── export             # The exporter converts Markdown files into other formats
    │   │       ├── fsal               # The File System Abstraction Layer provides the file tree
    │   │       ├── import             # The importer converts other formats into Markdown files
    │   │       └── window-manager     # The window manager manages all application windows
    │   ├── win-about                  # Code for the About window
    │   ├── win-custom-css             # Code for the Custom CSS window
    │   ├── win-defaults               # Code for the defaults file editor
    │   ├── win-error                  # The error modal window
    │   ├── win-log-viewer             # Displays the running logs from the app
    │   ├── win-main                   # The main window
    │   ├── win-paste-image            # The modal displayed when pasting an image
    │   ├── win-preferences            # The preferences window
    │   ├── win-print                  # Code for the print and preview window
    │   ├── win-quicklook              # Code for the Quicklook windows
    │   ├── win-stats                  # Code for the general statistics window
    │   ├── win-tag-manager            # Code for the tag manager
    │   └── win-update                 # The dedicated update window
    ├── static                         # Contains static files, cf. the README-file in there
    └── test                           # Unit tests
    

**On the Distinction between Modules and Service Providers**

You'll notice that Zettlr contains both "modules" and "service providers". The difference between the two is simple: Service providers run in the main process and are completely autonomous while providing functionality to the app as a whole. Modules, on the other hand, provide functionality that must be triggered by user actions (e.g. the exporter and the importer).

**The Application Lifecycle**

Whenever you run Zettlr, the following steps will be executed:

0.  Execute source/main.ts
1.  Environment check (source/app/lifecycle.ts::bootApplication)
2.  Boot service providers (source/app/lifecycle.ts::bootApplication)
3.  Boot main application (source/main/zettlr.ts)
4.  Load the file tree and the documents
5.  Show the main window

And when you shut down the app, the following steps will run:

1.  Close all windows except the main window
2.  Attempt to close the main window
3.  Shutdown the main application (source/main/zettlr.ts::shutdown)
4.  Shutdown the service providers (source/app/lifecycle.ts::shutdownApplication)
5.  Exit the application

During development of the app (yarn start and yarn test-gui), the following steps will run:

1.  Electron forge will compile the code for the main process and each renderer process separately (since these are separate processes), using TypeScript and webpack to compile and transpile.
2.  Electron forge will put that code into the directory .webpack, replacing the constants you can find in the "create"-methods of the window manager with the appropriate entry points.
3.  Electron forge will start a few development servers to provide hot module reloading (HMR) and then actually start the application.

Whenever the app is built, the following steps will run:

1.  Electron forge will perform steps 1 and 2 above, but instead of running the app, it will package the resulting code into a functional app package.
2.  Electron builder will then take these pre-built packages and wrap them in a platform-specific installer (DMG-files, Windows installer, or Linux packages).

Electron forge will put the packaged applications into the directory ./out while Electron builder will put the installers into the directory ./release.

**Command-Line Switches**

The Zettlr binary features a few command line switches that you can make use of for different purposes.

**--launch-minimized**

This CLI flag will instruct Zettlr not to show the main window on start. This is useful to create autostart entries. In that case, launching Zettlr with this flag at system boot will make sure that you will only see its icon in the tray.

Since this implies the need to have the app running in the tray bar or notification area when starting the app like this, it will automatically set the corresponding setting system.leaveAppRunning to true.

> Note: This flag will not have any effect on Linux systems which do not support displaying an icon in a tray bar or notification area.

**--clear-cache**

This will direct the File System Abstraction Layer to fully clear its cache on boot. This can be used to mitigate issues regarding changes in the code base. To ensure compatibility with any changes to the information stored in the cache, the cache is also automatically cleared when the version field in your config.json does not match the one in the package.json, which means that, as long as you do not explicitly set the version\-field in your test-config.yml, the cache will always be cleared on each run when you type yarn test-gui.

**--data-dir=path**

Use this switch to specify custom data directory, which holds your configuration files. Without this switch data directory defaults to %AppData%/Zettlr (on Windows 10), ~/.config/Zettlr (on Linux), etc. The path can be absolute or relative. Basis for the relative path will be either the binary's directory (when running a packaged app) or the repository root directory (when running an app that is not packaged). If the path contains spaces, do not forget to escape it in quotes. ~ to denote home directory does not work. Due to the bug in Electron an empty Dictionaries subdirectory is created in the default data directory, but it does not impact functionality.

**--disable-hardware-acceleration**

This switch causes Zettlr to disable hardware acceleration, which could be necessary in certain setups. For more information on why this flag was added, see issue #2127.

**VSCode Extension Recommendations**

This repository makes use of Visual Studio Code's recommended extensions feature. This means: If you use VS Code and open the repository for the first time, VS Code will tell you that the repository recommends to install a handful of extensions. These extensions are recommended if you work with Zettlr and will make contributing much easier. The recommendations are specified in the file .vscode/extensions.json.

Since installing extensions is sometimes a matter of taste, we have added short descriptions for each recommended extension within that file to explain why we recommend it. This way you can make your own decision whether or not you want to install any of these extensions (for example, the SVG extension is not necessary if you do not work with the SVG files provided in the repository).

If you choose not to install all of the recommended extensions at once (which we recommend), VS Code will show you the recommendations in the extensions sidebar so you can first decide which of the ones you'd like to install and then manually install those you'd like to have.

> Using the same extensions as the core developer team will make the code generally more consistent since you will have the same visual feedback.

**License**

This software is licensed via the GNU GPL v3-License.

The brand (including name, icons and everything Zettlr can be identified with) is excluded and all rights reserved. If you want to fork Zettlr to develop another app, feel free but please change name and icons. Read about the logo usage.

CVE-2022-40276: GitHub - Zettlr/Zettlr: A Markdown Editor for the 21st century.

By Owais Sultan
Next gen SIEM is a cloud-native cyberscurity tool that utilizes artificial intelligence and machine learning to discover malicious activity in real-time.
This is a post from HackRead.com Read the original post: 4 Major Benefits of Next Gen SIEM

Security analysts are **up against more cyberattacks than ever**, increased attack surfaces, and more protective tools on the cloud and premises than ever before.

All of that is accompanied by cybersecurity experts that are leaving the field. Stress, poor company culture, and long hours have prompted top talent to seek alternative employment.

Bombarded with alerts and understaffed, those who stay need all the help they can get.

This also means that they require tools that aid them in decreasing manual labor and, essentially, working smarter instead of harder.

For example, next-generation security information and event management (AKA next-gen SIEM) is a tool that addresses the key issues security experts have been dealing with for years.

What is this solution all about, and what are the major **advantages of next gen SIEM** over traditional SIEM technology?

We uncover the details below.

**What Is Next Gen SIEM, Exactly?**

Next gen SIEM is a cloud-native cybersecurity tool that utilizes artificial intelligence and machine learning to discover malicious activity in real time.

SIEM, the predecessor of the next gen SIEM solution, has been notorious for its **high number of alerts**, a large quantity of data that is not properly categorized, and poor quality of information concerning threats within systems.

The new and improved version of the tool (next gen SIEM) is more precise, less overwhelming for security teams, and makes data more manageable.

The main advantages of the next gen SIEM include:

*   The early discovery of threats
*   Unified data management
*   Reduced alert fatigue
*   Simpler scaling of security 

Let’s break down these benefits even further.

**#1 Early Discovery of Threats**

Since it relies on artificial intelligence, next gen SIEM is an automated tool that can detect critical issues within the infrastructure early. 

The data that is gathered from the versatile security solutions is both streamlined and actionable, helping teams to react promptly — close security gaps or mitigate threats as they appear within the system.

This includes **zero-day attacks** as well. Dubbed zero-day, such threats refer to weaknesses that have been exploited before IT teams had a chance to patch them up — the teams have zero days to fix them.

Considering that next gen SIEM utilizes machine learning and continually learns about the regular behavior within the system, it’s quick to detect anomalies that point to high-risk threats.

Identifying security issues on time is essential because **prompt reaction time cuts costs** that a company would have to allocate in order to repair the aftermath of a cyberattack.

**#2 Unified Data Management**

One of the major pain points of traditional SIEM has been managing the large quantity of data as well as discerning the important information.

Within the next gen tool, the information is automatically categorized and contextualized — regardless of its quantity.

The best next gen SIEM tool unifies the information in a single platform — this includes third-party data as well as that unique to one’s architecture.

For the teams that manage security, having all the essential data within a single dashboard means they can find the information they need quickly as well as identify the issue in time.

**#3 Reduced Alert Fatigue**

Traditional SIEM is an alert-happy tool that generates an overwhelming number of notifications from separate tools. Even more, those alerts come from multiple dashboards that have to change all the time. Shifting from one to another **causes alert fatigue** (PDF).

Alarms would be raised on any change within the network, and IT teams would have to discern whether the alert is something to worry about, wasting time as they discover to which extent the system has been affected as well as where the threat is exactly.

Many of these alerts are false positives — not high-risk issues that are likely to turn into cyber incidents.

As a result, security experts are likely to disregard even those alerts that flag real concerns.

Next gen SIEM is designed to facilitate understaffed and overworked teams that are tired of playing catch-up. 

Nuanced data analytics and automation link alert with exact incidents that are taking place in real-time. 

In short — fewer alerts coming from one dashboard make for happier security teams and leave them with more time to focus on more challenging issues.

**#4 Simpler Scaling of Security**

Security has to keep up with the changes within the company’s systems. As more and more organizations rely on the cloud, they require solutions that can be easily deployed.

This involves relying on security tools that can adapt to both growing and complex infrastructures.

Namely, most architectures nowadays are a combination of several cloud deployments (multi-cloud) and structures on the premises.

All the devices and software that are being added (whether it’s a new remote worker’s device or more cloud storage) have to be protected with versatile security points and continually managed afterward.

More complex structures and a larger number of tools generate even more data about security that has to be categorized on the go.

Next gen SIEM is a cloud-powered tool that can be adjusted based on the needs of growing companies.

The scalability of big data is an important feature of the tool as well because it is designed to add more volume within the **cloud-based solution**.

**Final Word**

In a nutshell, next gen SIEM delivers on the empty promises of its forerunner (SIEM).

Traditional SIEM is slowly fading into the past as next gen technology takes its place by fixing the headache-inducing shortcomings such as poor data quality, an overwhelming number of alerts, and failure to detect zero-day attacks.

For businesses, this means better security for a lower price tag and having security teams that are less overworked and overwhelmed with the incoming data that is being generated from multiple siloed tools.

What’s more, next gen SIEM also created the security that can keep up with the rapidly advancing technology, large quantities of information, and complex infrastructures of modern businesses.

1.  **Free and Best OSINT Tools**
2.  **Tools for Testing Your Proxy Servers**
3.  **CISA Publishes List of Free Cybersecurity Tools and Services**
4.  **Psst! tool by 1Password lets users share passwords using a link**
5.  **New Underactor tool reveals pixelated text to expose sensitive data**

4 Major Benefits of Next Gen SIEM

Banco de Crédito Cooperativo (BCC) wins the first hyper-realistic cybersecurity competition for the financial industry.

**RESTON, Va. and BOSTON, Nov. 3, 2022 /PRNewswire/ —** FS-ISAC, the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, and Cyberbit, provider of the world's leading cybersecurity skill development and readiness platform, announced today that team "IsNotTheEDR" from Banco de Crédito Cooperativo (BCC) is the winner of the first International Cyber League (ICL) Financial Cup, 2022 – the first hyper-realistic cybersecurity tournament for the financial industry. The first runner-up is team "Suboptimal" from a leading Fortune 500 financial institution, the second runner-up is Team "AskITTeam" from BCC and the third runner up is team "TIAA" from TIAA.

The tournament ran from 6-26 October 2022 and challenged cybersecurity teams from the financial sector to respond to live-fire cyberattack simulations replicating attacks they may encounter in real life. Teams were scored based on typical incident response KPIs including investigation, eradication, and remediation goals, as well as their response times. The BCC team outperformed 55 cyber defense teams from leading financial organizations around the world and scored a perfect 100 in the live-fire challenge. The Cyberbit platform, normally used by enterprises to train and upskill information security teams, as well as for FS-ISAC's monthly cyber range workshops, was repurposed to power the ICL competition. The platform provided a virtual arena that emulated an organizational network and a virtual security operations center (SOC) that simulated the live attacks and automatically scored the teams based on their achievements.

The ICL reinvents cybersecurity competition formats by assessing cyber defense skills in real-world scenarios, allowing teams to predict their performance during an attack. Traditional Capture-the-Flag (CTF) events test offensive skills, but these do not reflect the capabilities that cyber defenders will be required to demonstrate during an attack. The ICL leverages cyber range live-fire scenarios to simulate real threat vectors and malware that assess essential "blue team" skills, including technical skills like malware analysis and SIEM investigation, as well as soft skills like teamwork, critical thinking, and communications.

"We in the financial sector believe that exercising builds muscle memory to ensure smooth and efficient incident response," said **Cameron Dicker, Global Head of Business Resilience at FS-ISAC**. "We run a wide variety of exercises to ensure preparedness throughout all different organizational levels and functions, and we chose this competition format during Cybersecurity Awareness Month to bring a little fun into this critical tool for operational resilience."

"CISA and the NCA aptly named this year's cyber awareness month theme as 'See Yourself in Cyber,' demonstrating that cybersecurity is ultimately, about people," said **Sharon Rosenman, Chief Marketing Officer at Cyberbit**. "The feedback from the ICL teams was overwhelmingly positive and we are proud to collaborate with FS-ISAC in helping the financial industry become better prepared for real-world attacks by assessing and maximizing human performance."

"A Cyber Range is a strategic capability that enables governments and companies to effectively educate and train their professionals, as well as to experiment, test and validate new cybersecurity and cyber defense concepts, technologies, techniques, and tactics. Cyber range competitions such as the ICL Financial Cup help in providing a comparison with the rest of the peers in the sector", said Francisco Navarro García, Chief Information Security Officer, Banco de Crédito Cooperativo (BCC).

Additional teams who reached the top 10 in ICL finals include Loan Depot and Somerset Trust.

"The International Cyber League has been an excellent experience for our teams and a fantastic opportunity for them to test their skills with other elite teams across the financial services sector. We are incredibly proud of their work in keeping our company safe. Their strong performance in this competition is celebrated across Technology and the entire company", said Harold Rivas, Chief Information Officer, Loan Depot.

"Somerset Trust takes the security of our information very seriously, and I have always known that we assembled a good team of security professionals. It's always nice to see a competition like this that hones their skills and proves our dedication to security", said John Ash, Sr. Vice President and Chief Information Officer, Somerset Trust.

**About FS-ISAC**

FS-ISAC is the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, protecting the financial institutions and the people they serve. Founded in 1999, the organization's real-time information sharing network amplifies the intelligence, knowledge, and practices of its members for the financial sector's collective security and defenses. Member financial firms represent $100 trillion in assets in 75 countries.

**About Cyberbit**

Cyberbit provides the global leading attack readiness platform for enabling SOC teams to maximize their performance when responding to cyberattacks. The platform empowers security leaders to make the most of their cybersecurity investment by boosting the impact of the human element in their organization. Cyberbit delivers hyper-realistic attack simulations mirroring real-world scenarios. It enables security leaders to dramatically reduce MTTR, dwell time and cybercrime costs, improve hiring and onboarding, and increase employee retention. Customers include Fortune 500 companies, MSSPs, systems integrators, governments, and leading healthcare providers.

FS-ISAC and Cyberbit Announce Winner of the First Financial Cyber League

Confused economies and rising unemployment rates foster a rich opportunity for cybercrime recruitment.

It's well known that cybercrime has become big business — and not just in terms of the volume but also in how crime syndicates are organizing themselves. As we saw earlier this year with the leak of files from the Conti ransomware group, that organization was operating very much like any other enterprise — it even had an HR lead and a recruitment director. We've also seen how bad actors are actively recruiting internal help with their missions.

Here's one aspect of cybercrime syndicates that's unlike most of their legitimate business counterpoints — economic uncertainty and rising unemployment rates are a boon for them. That's because these factors create a ripe opportunity for ramped-up recruitment efforts.

We're witnessing huge growth in ransomware-as-a-service (RaaS). The ransomware threat continues to adapt with more variants enabled by RaaS; our researchers saw 10,666 different variants in the first half of 2022, compared with just 5,400 in the previous six-month period. Why is this important? Because it underscores just how much easier RaaS is making it for bad actors to operate — they're able to perpetrate attacks faster and at a high rate of scale.

**Recruitment, Recruitment, Recruitment**

One way cybercriminals operate is through the use of "cyber mules" to launder their financial gain. Sometimes these mules know what they're getting into, and sometimes they're lured in under false pretenses. Criminal organizations frequently rely on legitimate-looking job postings on legitimate job-hunting websites. A dubious job ad might refer to the need for a "money transfer agent," a "payment processing agent," or even a role as vague and general as an "administration representative." These job listings and solicitation emails prey on people's desperation by offering what seems to be legitimate employment.

Leaning on insiders within organizations for help is another tactic cybercrime syndicates use for their recruitment efforts. One recent survey found 65% of respondents said they had been approached by bad actors to help with ransomware attacks against the organizations they work for.

With more people and resources, cybercrime organizations will be able to pull off more attacks and organizations need to be aware of this. Recruitment efforts show that ransomware groups are expanding and potentially able to pull off more sophisticated attacks.

**Collaboration to Combat Cybercrime Recruiting**

It takes a global team effort with solid, dependable relationships among cybersecurity stakeholders to defeat international cybercriminal groups. Criminal organizations operate nearly identically to legitimate enterprises. They have costs and profit margins. They may start looking for a new way to make money if they are unable to make a profit in a timely manner because cyber defenders are destroying their infrastructures and making them constantly start over. Cybercrime may start to decline after attackers start to give up out of concern about being discovered and arrested or because they believe the rewards aren't worth the dangers.

The World Economic Forum Partnership Against Cybercrime (PAC) is undertaking one such initiative. To disrupt cybercrime ecosystems, PAC has concentrated on fusing private sector data and digital knowledge with public sector threat intelligence. PAC has long said that breaking down communication barriers and adopting a worldwide strategy will make it simpler to get beyond the factors that protect cybercriminals.

Last year, this private-public partnership introduced the Cybercrime Atlas, a joint research initiative that gathers and compiles data about the cybercriminal ecosystem and the main threat actors active today. Legal authorities will gain from increased visibility into cybercrime operations in their investigations, takedowns, prosecutions, and convictions.

Economic insecurity provides a ripe opportunity for cybercriminals to recruit, and they've gotten so good at it that some unsuspecting job seekers get pulled into their web of evil. Or they go after employees at companies they want to target, hoping for some insider help. Collaboration at the global level combines the strengths and resources of the private and public sectors to give organizations the up-to-date intel they need to protect their networks from increased cybercrime recruitment and its fruits.

Economic Uncertainty Isn't Stopping Cybercrime Recruitment — It's Fueling It

Investment to advance efforts to detect and mitigate disinformation.

**WASHINGTON and SAN FRANCISCO, Nov. 2, 2022 /PRNewswire/ —** Alethea, a technology company that detects and mitigates disinformation, misinformation, and social media manipulation, raised $10 million Series A, led by Ted Schleinand Kevin Mandia of Ballistic Ventures.

Proceeds will be invested into Alethea's machine learning SaaS platform, Artemis (in closed beta), by growing its engineering and data science teams. Currently in use by household name brands, Artemis conducts multichannel analysis across billions of datapoints to identify disinformation and social media manipulation at its start. As a result, communicators and risk and intelligence teams have the insights they need to protect their brands, bottom lines, and market cap.

"Disinformation is the next iteration of information security, and communicators and risk professionals are on the front lines of protecting their organizations from the information that exists outside their systems," said Lisa Kaplan, Founder and CEO of Alethea. "We've earned our record of alerting customers to the unknown unknowns to help avoid crises. Our incident response capabilities during high-stress periods, such as short-seller attacks, protects our customers. To provide this protection at scale, we created the system that didn't exist – Artemis – to provide tailored insights into the disinformation, misinformation, and social media manipulation ecosystem."

"We have found the right partners with Ted, Kevin, and the Ballistic network to deliver this capability at scale. With the ability to operate in free economies and democracies at stake, we look forward to rapidly scaling our support to customers as they navigate the new digital reality," continued Kaplan.

"Alethea is on the cutting edge of the fight against misinformation, one of the biggest threats to our modern society," said Ted Schlein, Chairman and General Partner of Ballistic Ventures. "We invested in the company because we believe Alethea's proven technology is critical to helping corporations promote access to accurate information and a more secure world."

Alethea was represented by outside counsel, WilmerHale, in the transaction.

**About Ballistic Ventures**

Ballistic Ventures is a venture capital firm solely dedicated to early-stage cybersecurity and cyber-related companies. The founding partners, Kevin Mandia, Barmak Meftah, Ted Schlein, Jake Seid, and Roger Thornton, have spent their entire careers defending against every cyber threat conceivable. Collectively, they have founded, funded, and operated over 90 successful cybersecurity firms, led over 10,000 security professionals globally, and have 40+ years of experience in venture capital. Learn more at ballisticventures.com.

**About Alethea**

Alethea is a technology company helping the Fortune 500, private companies and nonprofits protect themselves from harms stemming from disinformation. Leveraging its multi-channel machine learning platform, Artemis, Alethea detects disinformation narratives across the internet, enabling customers to proactively defend against this pervasive threat. With Artemis-powered early detection, Alethea customers can protect their reputations, key assets, physical safety and market value. The company was founded in 2019 and is woman-owned. Learn more at www.aletheagroup.com.

Alethea Closes $10M Series A Financing Led by Ballistic Ventures

Red Hat Security Advisory 2022-7338-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include code execution, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2022:7338-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7338  
Issue date:        2022-11-02  
CVE Names:         CVE-2022-2588 CVE-2022-23816 CVE-2022-23825  
                   CVE-2022-26373 CVE-2022-29900 CVE-2022-29901  
====================================================================  
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* A use-after-free in cls_route filter implementation may lead to privilege  
escalation (CVE-2022-2588)

* RetBleed Arbitrary Speculative Code Execution with Return Instructions  
(CVE-2022-23816, CVE-2022-29900)

* Branch Type Confusion (non-retbleed) (CVE-2022-23825)

* Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)

* Intel: RetBleed Arbitrary Speculative Code Execution with Return  
Instructions (CVE-2022-29901)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Update to the latest RHEL7.9.z18 source tree (BZ#2117337)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2090226 - CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions  
2103148 - CVE-2022-29901 hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions  
2103153 - CVE-2022-23825 hw: cpu: AMD: Branch Type Confusion (non-retbleed)  
2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation  
2115065 - CVE-2022-26373 hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions

6. Package List:

Red Hat Enterprise Linux for Real Time for NFV (v. 7):

Source:  
kernel-rt-3.10.0-1160.80.1.rt56.1225.el7.src.rpm

noarch:  
kernel-rt-doc-3.10.0-1160.80.1.rt56.1225.el7.noarch.rpm

x86_64:  
kernel-rt-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debug-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debug-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debug-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debug-kvm-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-kvm-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-kvm-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-trace-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-trace-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-trace-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-trace-kvm-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm

Red Hat Enterprise Linux for Real Time (v. 7):

Source:  
kernel-rt-3.10.0-1160.80.1.rt56.1225.el7.src.rpm

noarch:  
kernel-rt-doc-3.10.0-1160.80.1.rt56.1225.el7.noarch.rpm

x86_64:  
kernel-rt-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debug-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debug-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debug-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-trace-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-trace-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-trace-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/cve/CVE-2022-23816  
https://access.redhat.com/security/cve/CVE-2022-23825  
https://access.redhat.com/security/cve/CVE-2022-26373  
https://access.redhat.com/security/cve/CVE-2022-29900  
https://access.redhat.com/security/cve/CVE-2022-29901  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/solutions/6971358

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9NtzjgjWX9erEAQjkRRAAm/2K718txKtGuCBa6NclLP2TpOKlk8dw  
R3eORyTgVZTrl6Qm6RQSA50kcqMFn6/6hzUto5NRvuSgw4H7I2hg/CS+TQlPdFi4  
0WcZiZ0vbu7csrsAtAKpmWOpu1O1FzNdqSF5MA7s7zZ0oht9ZnszT+exzcjHbgpO  
qVMRhgaKmbdlKkKi/32gZP7IwKIZS+CkhqpHhFy7V736FtNyWFT0VNCHdKCklkdP  
K6gAClFQuMv8npxovTURJfhLjqv6ymcRVrl6KQT3Qlu+iHiy0j18CA3ewW0TdAkO  
IzDOEh+W9gfTR4bgrrUl5+A5oZkkazYqm6joGJBI7uZHv9v3yoOLzP4HAduSVFBC  
AgBo9yhGnP6xXzunT5nYVs0EpnCpHFaJhlxsavm/pKjS+c35enuawyN2l24kACnE  
Kdv3KZ6XQtBTdaR9e/UTqCCiSXznEcJJ0xE4VfKFNtngXrWGftAIcTBMDQpfePP7  
rfBo/C9IT8rKqt1T62M0Xu+NfjoeziKrpPoXi86rn90bw93Mdl0rrmAhTISeL92K  
M5m5DIyPD9HQuX4/3NKWXJDEKgPao+JFouEAlm86YMfFzjxzBE8GXTnvp2xw5vf1  
BJkFxtUe74jR8YqJYO7KxyOS9K9Z7BeqEcvSRwNdBAY6TgcDa5lB347Kcgl1WvDf  
SmJAIcuqXRk=WLhk  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7338-01

Red Hat Security Advisory 2022-7337-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include code execution, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2022:7337-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7337  
Issue date:        2022-11-02  
CVE Names:         CVE-2022-2588 CVE-2022-23816 CVE-2022-23825  
                   CVE-2022-26373 CVE-2022-29900 CVE-2022-29901  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* a use-after-free in cls_route filter implementation may lead to privilege  
escalation (CVE-2022-2588)

* RetBleed Arbitrary Speculative Code Execution with Return Instructions  
(CVE-2022-23816, CVE-2022-29900)

* Branch Type Confusion (non-retbleed) (CVE-2022-23825)

* Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)

* Intel: RetBleed Arbitrary Speculative Code Execution with Return  
Instructions (CVE-2022-29901)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* lpfc panics in lpfc_els_free_iocb() during port recovery (BZ#1969988)

* mlx5 reports error messages during shutdown then panic with mce  
(BZ#2077711)

* Kernel panic due to hard lockup caused by deadlock between tasklist_lock  
and k_itimer->it_lock (BZ#2115147)

* fix excess double put in nfs_prime_dcache (BZ#2117856)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2090226 - CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions  
2103148 - CVE-2022-29901 hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions  
2103153 - CVE-2022-23825 hw: cpu: AMD: Branch Type Confusion (non-retbleed)  
2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation  
2115065 - CVE-2022-26373 hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
kernel-3.10.0-1160.80.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1160.80.1.el7.noarch.rpm  
kernel-doc-3.10.0-1160.80.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1160.80.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1160.80.1.el7.x86_64.rpm  
perf-3.10.0-1160.80.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
python-perf-3.10.0-1160.80.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
bpftool-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1160.80.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
kernel-3.10.0-1160.80.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1160.80.1.el7.noarch.rpm  
kernel-doc-3.10.0-1160.80.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1160.80.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1160.80.1.el7.x86_64.rpm  
perf-3.10.0-1160.80.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
python-perf-3.10.0-1160.80.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
bpftool-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1160.80.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
kernel-3.10.0-1160.80.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1160.80.1.el7.noarch.rpm  
kernel-doc-3.10.0-1160.80.1.el7.noarch.rpm

ppc64:  
bpftool-3.10.0-1160.80.1.el7.ppc64.rpm  
bpftool-debuginfo-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-bootwrapper-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-debug-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-debug-debuginfo-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-debug-devel-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-debuginfo-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-debuginfo-common-ppc64-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-devel-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-headers-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-tools-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-tools-debuginfo-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-tools-libs-3.10.0-1160.80.1.el7.ppc64.rpm  
perf-3.10.0-1160.80.1.el7.ppc64.rpm  
perf-debuginfo-3.10.0-1160.80.1.el7.ppc64.rpm  
python-perf-3.10.0-1160.80.1.el7.ppc64.rpm  
python-perf-debuginfo-3.10.0-1160.80.1.el7.ppc64.rpm

ppc64le:  
bpftool-3.10.0-1160.80.1.el7.ppc64le.rpm  
bpftool-debuginfo-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-bootwrapper-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-debug-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-devel-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-headers-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-tools-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-tools-libs-3.10.0-1160.80.1.el7.ppc64le.rpm  
perf-3.10.0-1160.80.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1160.80.1.el7.ppc64le.rpm  
python-perf-3.10.0-1160.80.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1160.80.1.el7.ppc64le.rpm

s390x:  
bpftool-3.10.0-1160.80.1.el7.s390x.rpm  
bpftool-debuginfo-3.10.0-1160.80.1.el7.s390x.rpm  
kernel-3.10.0-1160.80.1.el7.s390x.rpm  
kernel-debug-3.10.0-1160.80.1.el7.s390x.rpm  
kernel-debug-debuginfo-3.10.0-1160.80.1.el7.s390x.rpm  
kernel-debug-devel-3.10.0-1160.80.1.el7.s390x.rpm  
kernel-debuginfo-3.10.0-1160.80.1.el7.s390x.rpm  
kernel-debuginfo-common-s390x-3.10.0-1160.80.1.el7.s390x.rpm  
kernel-devel-3.10.0-1160.80.1.el7.s390x.rpm  
kernel-headers-3.10.0-1160.80.1.el7.s390x.rpm  
kernel-kdump-3.10.0-1160.80.1.el7.s390x.rpm  
kernel-kdump-debuginfo-3.10.0-1160.80.1.el7.s390x.rpm  
kernel-kdump-devel-3.10.0-1160.80.1.el7.s390x.rpm  
perf-3.10.0-1160.80.1.el7.s390x.rpm  
perf-debuginfo-3.10.0-1160.80.1.el7.s390x.rpm  
python-perf-3.10.0-1160.80.1.el7.s390x.rpm  
python-perf-debuginfo-3.10.0-1160.80.1.el7.s390x.rpm

x86_64:  
bpftool-3.10.0-1160.80.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1160.80.1.el7.x86_64.rpm  
perf-3.10.0-1160.80.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
python-perf-3.10.0-1160.80.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
bpftool-debuginfo-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-debug-debuginfo-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-debuginfo-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-debuginfo-common-ppc64-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-tools-debuginfo-3.10.0-1160.80.1.el7.ppc64.rpm  
kernel-tools-libs-devel-3.10.0-1160.80.1.el7.ppc64.rpm  
perf-debuginfo-3.10.0-1160.80.1.el7.ppc64.rpm  
python-perf-debuginfo-3.10.0-1160.80.1.el7.ppc64.rpm

ppc64le:  
bpftool-debuginfo-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-debug-devel-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1160.80.1.el7.ppc64le.rpm  
kernel-tools-libs-devel-3.10.0-1160.80.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1160.80.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1160.80.1.el7.ppc64le.rpm

x86_64:  
bpftool-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1160.80.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
kernel-3.10.0-1160.80.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1160.80.1.el7.noarch.rpm  
kernel-doc-3.10.0-1160.80.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1160.80.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1160.80.1.el7.x86_64.rpm  
perf-3.10.0-1160.80.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
python-perf-3.10.0-1160.80.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
bpftool-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1160.80.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.80.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/cve/CVE-2022-23816  
https://access.redhat.com/security/cve/CVE-2022-23825  
https://access.redhat.com/security/cve/CVE-2022-26373  
https://access.redhat.com/security/cve/CVE-2022-29900  
https://access.redhat.com/security/cve/CVE-2022-29901  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/solutions/6971358

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9KdzjgjWX9erEAQjbHQ//b/sY9t/NBkK+XiKoe/02KTfkUBUNJaIe  
v7xs7oJHskxABWcY9ze1iUVS7aHZ4/CygDsKHb5dNq6z7x4li8aCWCQNZStxc1jL  
knCCvHsJ3Ekw1USNBbujbKA13kT3rBQlyQk0mDgfwrDZNaE9mPlnL5rycXRXQFeY  
ezEz5VzjM59pxTkWBN45hpHjZF26VrYup383I3asnwinpZF54xzQebVMDpVmO4mh  
e1TaXl6pwzP0ZfPyC+HYx7h36WyiXNrvoDtRJBWn7oJBN7fWzHNt4phvktQdRDdL  
t/tQc91k3KigZ9GOAdmupfORlgzLsuu/jgdpezwqhjzXgElnWmIZFZF2L224AQup  
PyzdK9ud2ot8lIk5QjI1oyWL19ppoNxxIYV15AngPoOOgikuZjoUj8df1IfjBq0p  
XRN2rdmv4Lccj/7wSb8450LGmRWX32SbJuBUGOVXl80RU530Uu3S+QteotYEbUtn  
jwVrXamfqfn0S86Hm+x0bkJ4lfXzAxoneSdezaW5ipoeeIdhq/y21LLue6+n+fPk  
+SmwLgriQ0c51iTROPOZbwAkF58iQrLmLHV9Trf5CazAsKpGLe1/nYx6pwiOPT1v  
5X5Ga08pzuthhAn9bZvTn+/x2A1EVraUFKCqF7Of1+Z9QB48UaKQnLUlMKxL+ztC  
zYvUNS92+Ns=QW8W  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7337-01

Stadiums around the world, including at the 2022 World Cup in Qatar, are subjecting spectators to invasive biometric surveillance tech.

“Public safety is a longstanding justification for the spread of biometric surveillance systems, while Covid-19 introduced a health dimension through body-temperature monitoring,” Hutchins says. “Marketing speaks to a seamless consumer experience for attendees at high-profile and high-cost events and encompasses everything from ease of movement in and out of the stadium through to minimizing queues for toilets and food and drinks.”

Is the deployment of such systems inevitable? “The problem here is the idea that the rollout of such technologies and infrastructures are unavoidable and an increasingly ‘natural’ part of the stadium experience,” says Hutchins. He stresses the importance of “clear and visible notifications for spectators that such technologies are in use.” Most importantly, he advocates for the introduction of “strong legislative and regulatory safeguards governing the introduction and use of these systems and the control and use of data.”

Indeed, European lawmakers have been attempting to regulate biometric mass surveillance. In April 2021, the European Commission submitted a proposal for an EU regulatory framework on artificial intelligence. Currently, the European Parliament is forming its opinion on the proposal, while the European Council is due to discuss the file in early December.

“The European Commission’s draft AI Act recognized that biometric identification is an inherently risky technology but bizarrely put forward a prohibition in Article 5 that is so weak, if anything it amounts to more of a blueprint for how to conduct biometric mass surveillance than a genuine ban,” explains EDRi’s Jakubowska.

Although there hasn’t been a final vote yet, members of the European Parliament have supported a full ban on remote biometric identification in publicly accessible spaces, by both public and private actors, and are likely to adopt that final position. However, such a ban would not include emotion-recognition uses of biometric systems, nor biometric categorization (e.g. profiling people based on their age, gender, or ethnicity). “We think that those urgently need to be banned in the AI Act. Shockingly, in the vast majority of cases, the Commission’s text did not even make those uses high-risk,” says Jakubowska.

“There should be no exceptions to the ban, as even a supposedly narrow exception would mean that mass facial recognition infrastructure would be rolled out and primed to be switched on whenever it is deemed necessary,” she adds. By definition, these systems scan the faces or bodies of every person who passes by, so it is not technically possible to limit them to, for example, suspects or perpetrators of serious crime.

In the US, the Biden administration has proposed a blueprint for an AI Bill of Rights, which commentators consider toothless, as it does not contain clear prohibitions on AI deployments that have been most controversial, like the use of facial recognition for mass surveillance.

As Qatar prepares to roll out the red carpet, fresh reports suggest everyone traveling to the country during the World Cup will be asked to download two apps that, according to experts, essentially hand over all the information on your phone. They say this highlights the urgent need for privacy regulation in global sporting events.

“Without regulation, there is a tendency to hoover up all available data and hold on to it indefinitely—this creates ‘honey pots’ for hackers and also contributes to function creep: the temptation to find other uses for the data,_”_ says Hutchins.

“Law enforcement agencies should pursue the many other tools and techniques at their disposal and that are compliant with the rule of law and human rights, rather than resorting to the use of technologies that have been widely condemned by civil society, human rights lawyers, and even UN human rights authorities,” says Jakubowska.

“Once these tools are out there, governments will argue that they should be used widely,” she summarizes. “It’s a gateway to mass surveillance.”

Soccer Fans, You're Being Watched

The operators of RomCom RAT are continuing to evolve their campaigns with rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro.
Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K.
"Given the geography of the targets and the current geopolitical situation, it's unlikely that

The operators of RomCom RAT are continuing to evolve their campaigns with rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro.

Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K.

"Given the geography of the targets and the current geopolitical situation, it's unlikely that the RomCom RAT threat actor is cybercrime-motivated," the BlackBerry Threat Research and Intelligence Team said in a new analysis.

The latest findings come a week after the Canadian cybersecurity company disclosed a spear-phishing campaign aimed at Ukrainian entities to deploy a remote access trojan called RomCom RAT.

The unknown threat actor has also been observed leveraging trojanized variants of Advanced IP Scanner and pdfFiller as droppers to distribute the implant.

The latest iteration of the campaign entails setting up decoy lookalike websites with a similar domain name, followed by uploading a malware-laced installer bundle of the malicious software, and then sending phishing emails to targeted victims.

Fake Keypass website

Fake SolarWinds website

"While downloading a free trial from the spoofed SolarWinds site, a legitimate registration form appears," the researchers explained.

"If filled out, real SolarWinds sales personnel might contact the victim to follow up on the product trial. That technique misleads the victim into believing that the recently downloaded and installed application is completely legitimate."

It's not just SolarWinds software. Other impersonated versions involve the popular password manager KeePass and PDF Reader Pro, including in the Ukrainian language.

The use of RomCom RAT has also been linked to threat actors associated with the Cuba ransomware and Industrial Spy, according to Palo Alto Networks Unit 42, which is tracking the ransomware group under the constellation-themed moniker Tropical Scorpius.

Given the interconnected nature of the cybercriminal ecosystem, it's not immediately evident if the two sets of activities share any connections or if the malware is offered for sale as a service to other threat actors.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#intel