IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands.  IBM X-Force ID:  248421.

CVE-2023-26286

**CAMBRIDGE, Mass.****,** **April 25, 2023** **/PRNewswire/ --** Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today announced the launch of its Prolexic Network Cloud Firewall. This new capability of Akamai Prolexic allows customers to define and manage their own access control lists (ACLs) while enabling greater flexibility to secure their own network edge.

Prolexic is Akamai's cloud-based DDoS protection platform that stops attacks before they reach applications, data centers and internet-facing infrastructure.

DDoS threats are on the rise again, a trend that is being accelerated by the growing number of businesses and organizations that rely on online services to operate. An increasing availability of DDoS tools and services on the dark web makes it easier for attackers to launch these types of attacks. The growing number of internet-connected devices and the rise of the Internet of Things (IoT) has created a larger attack surface for cybercriminals to exploit. DDoS attacks are now increasingly being used as one of multiple threat vectors in triple extortion attacks, typically in combination with ransomware and data exfiltration.

Increasingly, nation state threat actors, hacktivists, and similar highly organized collectives are currently using DDoS as part of their attack portfolio against a growing number of very diverse targets. In all of these scenarios, DDoS is often used as a distraction to divert attention away from other types of attacks, such as data exfiltration or network infiltration. Victims that have no sufficient DDoS protection in place will typically spend all their resources fencing off that one attack while not having the attention span or bandwidth to fight other threats that were launched in parallel.

Akamai Prolexic provides DDoS protection services to a wide range of organizations, including businesses, governments, and non-profit organizations. With a growing mitigation capacity of currently 20 Tbps, Prolexic can fight off even the largest, most complex threats, like recently record-breaking DDoS attacks in 

The Prolexic network cloud firewall allows more efficient and flexible defense against DDoS attacks and even expands Prolexic's protection capabilities beyond DDoS.

While Prolexic's overall service and mitigation stacks are not changing, the new offering allows customers to define and adjust their own access control rules and provides analytics of existing ones. Improvements include the ability to define proactive defenses to block malicious traffic instantly, alleviate local infrastructure by moving rules to the edge and to quickly adapt to network changes via a new user interface.

"The feature most requested by our Prolexic customers is the network cloud firewall," said Sean Lyons, Senior Vice President and General Manager of Infrastructure Security at Akamai. "We are expanding Prolexic's leading DDoS protection capabilities and empowering customers to define access control and firewall rules centrally and quickly, for their entire networks advertised through the Prolexic global footprint. This is a powerful tool in emergency situations, not just DDoS attacks, but also in scenarios like zero day vulnerabilities, where access can be shut down in an immediate, yet targeted way. As we enforce rules at the edge of our customers' networks, they don't have to worry about getting all internal firewalls configured – which might just take too long."

Akamai Prolexic stops attacks with a cloud-based DDoS scrubbing platform to protect applications wherever they are deployed, whether in a data center, the public cloud, or a colocation facility. It provides comprehensive protection against the broadest range of DDoS attack types and defends against high-bandwidth sustained attacks, as well as today's complex multi-vector attacks that jump from application to application. Prolexic includes proactive mitigation controls tailored to network traffic to stop attacks instantly, backed by active mitigation performed by Akamai's 24/7 global Security Operations Command Center (SOCC), and provides customers a unique 100% uptime Service Level Agreement (SLA).

**About Akamai**

Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. With the world's most distributed compute platform — from cloud to edge — we make it easy for customers to develop and run applications, while we keep experiences closer to users and threats farther away. Learn more about Akamai's security, compute, and delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on Twitter and LinkedIn.

Akamai Introduces Prolexic Network Cloud Firewall

Integration of AI can lead to reduction of up to 90% in meantime to resolve security incidents.

**TAMPA, Fla. – April 24, 2023 –** ReliaQuest, a force multiplier of security operations, today announced the introduction of powerful artificial intelligence (AI) capabilities to its GreyMatter Intelligent Analysis solution, delivering meaningful insights on emerging security incidents within seconds. With this feature, security teams can easily make sense of threats and take action, enhancing their efficiency.  

ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints. On average, GreyMatter customers see up to a 70% reduction in alert noise in the first year.  

GreyMatter Intelligent Analysis was introduced in July 2022 as part of the security operations platform. The new AI features enable security analysts to automate security operations and workflows. Updates to the solution include: 

*   Augment investigations – get answers faster: Pairs automation with generative AI capabilities to help analysts gain clarity quicker. Capabilities that augment investigations include dynamic and automated enrichment of alerts, deeper context from historical incident data and external sources such as threat and vulnerability feeds and recommend action prompts.  

*   Assist analysts – focus on investigations, not documentation: GreyMatter Intelligent Analysis takes the pain of low-brain, high-time tasks out of security operations. The solution assists with key tasks including automated ticket summaries, interactive AI assistants for quicker search and threat hunting hypothesis.  

*   Automate actions – smarter and faster response actions: With the continued training of the generative AI and Machine Learning models with real-world cyber security data and fine-tuning by analysts and customers, GreyMatter Intelligent Analysis can automate investigations, response actions and alert escalations.  

“Generative AI is a genuine game changer and important step to help ReliaQuest’s, mission to Make Security Possible. Since inception, ReliaQuest GreyMatter has been using AI/ML to automate tasks across the detection, investigation, and response workflow, helping customers realize better and faster security outcomes. With updates to GreyMatter Intelligent Analysis, our 700+ global customers will have automation capabilities with generative AI to further reduce response time by up to 90% in multiple scenarios and help security analysts get answers faster than ever before,” said Brian Murphy, Founder and CEO at ReliaQuest.   

“We work with ReliaQuest as our security partner because of their innovative and unique approach to solving challenges faced by security teams around the world. Generative AI has the potential to disrupt security operations and we’re thrilled to be working with ReliaQuest to bring AI to the SOC. Their practical approach, based on years of managing security operations, places them in a unique position and we’re glad to be partnering with them on this journey,” said Dannie Combs, Senior Vice President and Chief Information Security Officer at Donnelley Financial Solutions. 

ReliaQuest has over 15 years of curated security incident response data with trillions of signals from across some of the world’s leading organizations. Pairing this with its team of over 400 security professionals gives ReliaQuest the unique opportunity to train its AI/ML models with real-world data and fine-tune them with human expertise. GreyMatter is used by some of the leading Fortune 500 companies.  

Currently in early release with select customers, generative AI with GreyMatter Intelligent Analysis will reach general availability in the second half of 2023. For more information about ReliaQuest, please visit www.reliaquest.com  

**About ReliaQuest** 

ReliaQuest is the force multiplier of security operations. Our security operations platform, GreyMatter, automates detection, investigation and response across cloud, endpoint, and on-premises tools and applications. GreyMatter is cloud native, built on an open XDR architecture and delivered as a service any time of the day, anywhere in the world. With over 700 customers worldwide and 1,200 teammates working across six global operating centers, ReliaQuest is driving outcomes for the most trusted enterprise brands in the world. ReliaQuest is a private company headquartered in Tampa, Fla., with multiple global locations. For more information, visit www.reliaquest.com.

ReliaQuest Adds AI Capabilities to GreyMatter Intelligent Analysis

You can now sync sign-in codes across devices—but they aren’t end-to-end encrypted.

One of the most effective ways to stop your online accounts from being hacked is to turn on two-factor authentication. The security measure, often known as 2FA or multifactor authentication, requires you to enter a numerical code in addition to your username and password. So even if someone gets your password, they can’t break into your account without having your sign-in code too.

For years, security experts have recommended using authentication apps to generate these codes. All you have to do is scan a QR code for the service you want to turn 2FA on for, and the app will generate a new log-in code around every 30 seconds. This week, Google has given its 2FA app, Google Authenticator, a much-needed overhaul.

Google redesigned Authenticator, making it less clunky, and in the process added one potentially handy new tool: the ability to sync your sign-in codes to your Google account and to different phones and tablets. This essentially means your Instagram, Gmail, or Reddit 2FA codes—plus, all the other accounts you have it turned on for—will be backed up. The tweak makes it far less burdensome to switch devices if your phone with 2FA codes stored on it is lost or stolen—and it can even save you from being locked out of some accounts entirely.

“Since one-time codes in Authenticator were only stored on a single device, a loss of that device meant that users lost their ability to sign in to any service on which they’d set up 2FA using Authenticator,” Christiaan Brand, a group product manager at Google, wrote in a blog post announcing the change. Brand says the sync feature has been one of the most requested since the Authenticator app was released in 2010. “This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security.”

Syncing your Google Authenticator codes now happens through your Google account—the feature is available on the latest iOS and Android versions of Google’s app. Authenticator gives you the option to use the app with your Google login, and if you select this option, your Google profile will show in the top right corner of the app, next to a sync icon. When I downloaded Authenticator on my iPad after setting up sync on my phone, the codes appeared once I had logged in. There is also the option to keep using Google Authenticator without logging in to a Google account.

Jake Moore, global security advisor at security firm ESET, says he has previously been locked out of an authenticator app and knows the frustrations that come with trying to log back in to all your accounts when you don’t have access to your sign-in codes. “Upgrading a phone has been made easier over the years with cloud storage, but authenticating apps have been slow to the party and held back reservedly on security,” Moore says.

Google isn’t the only firm offering 2FA sign-in codes to provide backups. Since 2019, Microsoft has allowed people to use a “backup and restore” tool for its Microsoft Authenticator app. Other third-party apps, such as Authy, also sync across people’s devices. (Apple’s all-in-one password manager allows you to generate and store sign-in codes on iPhones and Macs but doesn’t have a stand-alone app.)

While Google’s Brand paints 2FA code backups as a win for users, Moore says there are always tradeoffs when balancing user security and convenience. Sure, backed-up codes might make it easier to gain access to your accounts if your phone is lost or stolen. But the more places your codes are stored, the greater the risk that a bad actor can access them.

For instance, if someone gains access to your Google account, they may also be able to access your 2FA codes for your other online accounts. Google spokesperson Kimberly Samra says “that risk is much smaller than that you lose your device, no longer have your OTPs, and then the service has to use a much weaker mechanism for allowing you to log in.”

Tommy Mysk, an app developer and security researcher who runs the software company Mysk, has tested multiple 2FA apps and found rogue apps available to download. Mysk says that there are security and privacy limitations to the major 2FA apps. For example, Microsoft’s sync doesn’t work between iOS and Android devices, making it harder to switch operating systems and take your 2FA codes with you.

In terms of data the apps collect, Mysk says Google’s Authenticator performs “very well” and doesn’t share details of QR codes with Google. “Most apps, including Microsoft Authenticator, send behavioral analytics—that is, how users use the apps and where they tap,” Mysk says. “Google Authenticator doesn’t send this sort of data.”

Despite adding more convenience, it doesn’t appear that either Google or Microsoft’s authentication apps back up people’s 2FA sign-in codes using end-to-end encryption when they are synced. The encryption method ensures the companies can’t see the contents of your sign-in codes. “Since 2FA apps deal with secrets, the only secure way to sync data across devices is by using end-to-end encryption,” Mysk says. “The app developer should not be able to read the content of the data.”

Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices

Red Hat Security Advisory 2023-1903-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: OpenJDK 8u372 Security Update for Portable Linux Builds  
Advisory ID:       RHSA-2023:1903-01  
Product:           OpenJDK  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1903  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938  
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967  
                   CVE-2023-21968  
====================================================================  
1. Summary:

An update is now available for OpenJDK.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and  
the OpenJDK 8 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 8 (8u372) for portable Linux  
serves as a replacement for Red Hat build of OpenJDK 8 (8u362) and includes  
security and bug fixes as well as enhancements. For further information,  
refer to the release notes linked to in the References section.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

5. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/QNzjgjWX9erEAQjhqQ//fn2oAyTO2vPd1JbEFzyCR2dXjqK1Acat  
r/QtWEYtHn77cZE83dOrDtu5PqNq4NT3j8hXU7nM5Z+uBzbx3Ywf5rmFr7XJSlm5  
Ia5yuGtArrnBDCg3MvXQL8ARIWX7ljrJFcWBBsPrqxVf28SHfU+wYttK1RDy3ww8  
nZE7R0VlWyA1Y+GqASvZ9O4jh2/J0kBEykX4TDYqRcCJVwh+mtGJ8H3YMQ0PO3aC  
VMmTv34dtgtSV9axLu2+v9Cb77oXdxwE22bT/8mhjWvCa6M6K+BLn2qsv7E4XyJm  
6/ExKZTq5tqkiV8gZafM8X+DJS0o+IZvPy+AP/hiN0MT4a20uQQ41w7uOMGqFrkc  
8cc+u0o4qutPqQVV/mboJAhFM/NHD3wvq8KaT9EJMqcibNP7dfJ9jPch+BuIoSC2  
CwCnoS6ZyDAMa+vpevzz9730K47XLLaMkXz+4gz+SyhNnIWeBRc0g33yfmTJBkI5  
UsXwBbGQzKxq9myNJ1m3iUEYb90hUi1u0MYKQYLW6VOqrMvl/b7zTXXRTB27f2mO  
IJoP7OdqEc9WridWuUYEiH/C6CfGIkR4UrnPHYgXbHYQGrj2cqXLLriFw9jpGqvT  
yFVEFVc90I4GtdUPlHGdcFMD8i8IseE6Lcznk2vjlRNiyuYVtU16w4ypUhQdRUKQ  
pEJ8agQnqqwÍLk  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1903-01

Red Hat Security Advisory 2023-1978-01 - The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: haproxy security update  
Advisory ID:       RHSA-2023:1978-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1978  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-0056 CVE-2023-25725  
====================================================================  
1. Summary:

An update for haproxy is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

The haproxy packages provide a reliable, high-performance network load  
balancer for TCP and HTTP-based applications.

Security Fix(es):

* haproxy: segfault DoS (CVE-2023-0056)

* haproxy: request smuggling attack in HTTP/1 header parsing  
(CVE-2023-25725)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2160808 - CVE-2023-0056 haproxy: segfault DoS  
2169089 - CVE-2023-25725 haproxy: request smuggling attack in HTTP/1 header parsing

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
haproxy-2.4.7-2.el9_0.2.src.rpm

aarch64:  
haproxy-2.4.7-2.el9_0.2.aarch64.rpm  
haproxy-debuginfo-2.4.7-2.el9_0.2.aarch64.rpm  
haproxy-debugsource-2.4.7-2.el9_0.2.aarch64.rpm

ppc64le:  
haproxy-2.4.7-2.el9_0.2.ppc64le.rpm  
haproxy-debuginfo-2.4.7-2.el9_0.2.ppc64le.rpm  
haproxy-debugsource-2.4.7-2.el9_0.2.ppc64le.rpm

s390x:  
haproxy-2.4.7-2.el9_0.2.s390x.rpm  
haproxy-debuginfo-2.4.7-2.el9_0.2.s390x.rpm  
haproxy-debugsource-2.4.7-2.el9_0.2.s390x.rpm

x86_64:  
haproxy-2.4.7-2.el9_0.2.x86_64.rpm  
haproxy-debuginfo-2.4.7-2.el9_0.2.x86_64.rpm  
haproxy-debugsource-2.4.7-2.el9_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0056  
https://access.redhat.com/security/cve/CVE-2023-25725  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/MdzjgjWX9erEAQifOw//Qhb7JBxHnqBrEeY88/Cs6dyXrd2Flhlf  
oh/W+10FQnxpUldkVovcXK2/hq2GkQ6LT0UN8fbDXaxfEpDSumpGWLRyrlARbfUA  
s7eBMr7QALnuHQ+UyXlSUrqgWkNIKUGH4UA8CvE3GLR+QOO/PSOf57viYWbsA5qT  
p9MBKB0C/8eoh6YIW6wOcptbIeAiv8E+RlktO16ECgmbZhELFZwMmezRba8uNH/P  
xDspWRWDzzjsRMttwRozVjqAxl/WVd0TDlhQ94DmjarH1+R8JzTTF0KIzONlIU1L  
M/HS7/T9yVmWjs4VAnRxNU8zWqYv9HaTWAcIQj4cwjiOSn7+hzlxp6mhK8Fkg1k7  
F2IuXFzOusylfknhadkDnX6F+Zh4lPRvVCVk2rmxNpI0Dm2M9YQV3lJ3NnNCWYfL  
ax7hCl3Dc0rVe8ntMfMSfAc8EGYG/G3U4IH9ZBZEoLkca37EZLX59SDp3Ur3jP82  
CLz24wLCT2z6fAbQI13s2bJ0DoHavwblpre2Cj7cfpNDOn689YRyTm+Moe0DlqUI  
P265iPiAxSabd82DWoOeNJYib2L/q/OKwxfejppq58t/f/GGHex5Xn2KjwUdV2CR  
LCI5irxUV2ASpa5ttf9fksOE2vlgS0NHBJXJ2OUb4Z9dqVUCjhraFzvuabt4Q5FK  
5JGOznhvAo0=0YyQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1978-01

Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud.
"This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security,"

Password Security / Authentication

Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud.

"This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security," Google's Christiaan Brand said.

The update, which also brings a new icon to the two-factor authenticator (2FA) app, finally brings it in line with Apple's iCloud Keychain and addresses a long-standing complaint that it's tied to the device on which it's installed, making it a hassle when switching between phones.

Even worse, as Google puts it, users who lose access to their devices completely "lost their ability to sign in to any service on which they'd set up 2FA using Authenticator."

The cloud sync feature is optional, meaning users can opt to use the Authenticator app without linking it to a Google account. That said, it's always worth keeping in mind the pitfalls associated with cloud backups, as a malicious actor with access to a Google account could leverage it to break into other online services.

The development comes days after Swiss privacy-focused company Proton, which surpassed 100 million active accounts last week, unveiled an end-to-end encrypted password manager solution called Proton Pass.

UPCOMING WEBINAR

Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

The open source and publicly auditable tool, which makes use of the bcrypt password hashing function and a hardened version of the Secure Remote Password (SRP) protocol for authentication, also comes with 2FA integration.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Google Authenticator App Gets Cloud Backup Feature for TOTP Codes

Integrated platform enables enterprises to seamlessly execute their mobile-first security strategy.

**SAN FRANCISCO, Calif., RSAC 2023 - April 24, 2023** \-- Zimperium, the leading mobile security solution for endpoints and apps, today announced the launch of the Zimperium Mobile-First Security Platform™. This single platform unifies Zimperium Mobile Threat Defense (MTD)\-_formerly known as zIPS_\- and Mobile Application Protection Suite (MAPS), unleashing powerful new features designed for teams who bear security responsibility across the entire mobile security spectrum. Through a ‘single pane of glass’, customers now have centralized access to and management of both Zimperium’s mobile application security and endpoint security solutions, providing them full mobile coverage to dynamically adapt to emerging threats.

“Today’s CISOs need to prioritize a mobile-first security strategy to stay ahead of attacks. There are a host of point solutions on the market for securing devices and applications, but none come together to provide an end-to-end platform to unlock the power of a mobile-powered business strategy,” said Shridhar Mittal, Chief Executive Officer at Zimperium. “The Zimperium Mobile-First Security Platform uniquely provides the most comprehensive mobile capabilities for risk reduction, global visibility, threat detection and response for both endpoints and apps.”

The launch of the platform comes at a time when attacks against mobile devices and apps are increasing exponentially. As an example, recent changes in the forthcoming iOS 17 will purportedly allow for the sideloading of third party apps, putting mobile devices at even greater risk. Our world is becoming increasingly mobile, and the Bring Your Own Device (BYOD) trend that exploded during the pandemic has become a staple of business operations. At the same time, mobile applications are being used for everything from banking to managing medical devices and have become a critical part of many enterprise's business models. Unfortunately, this has opened the door to new attack vectors across devices and apps and has created an expanded, distributed attack surface for enterprises to manage and secure. According to recent research, half of organizations suffered a mobile-related compromise in 2022. 

The Zimperium Mobile-First Security Platform uniquely combines capabilities across mobile threat defense (MTD) and mobile app security (MAPS) such as:

*   **Centralized management and access** to device and app security through a single interface on any cloud and on-premises.
*   **Protection for all devices** against critical mobile threats such as phishing, spyware, and rogue networks.
*   **Privacy-by-design** to protect employee privacy on both corporate and BYOD devices as they work from anywhere, anytime.
*   **Pervasive risk management for apps** to find risks in apps you develop and third-party apps used by employees. 
*   **Advanced in-app protection** to prevent reverse engineering, protect cryptographic keys, and create self-defending apps.
*   **An enhanced mobile ecosystem** with enterprise integrations including SIEMS, IAM**,**XDR**,**DevOps workflows, ticketing systems, GitHub action and, fraud systems.
*   **Deep forensics** and enhanced search capabilities to enable advanced threat hunting.

All of this is made possible by the unification of the platform and its key security solutions:

*   Zimperium Mobile Application Protection Suite (MAPS) helps enterprises build secure and compliant mobile applications. It's the only unified solution that offers comprehensive in-app protection and threat visibility across the entire lifecycle of an application.

*   Zimperium Mobile Threat Defense (MTD), with its unique, dynamically adapting, on- device protection is the only MTD solution that can protect users against known and unknown threats. Zimperium MTD offers zero-touch activation and privacy-first design, providing users with a trustworthy and seamless experience. In addition, MTD now offers new customizable branding for a company’s logo and color scheme, enabling trust and improved end-user adoption.

"The Zimperium Mobile-First Security Platform protects mobile applications and devices for today’s mobile-powered business. Its real-time threat visibility and response uniquely provides continuous protection against known and unknown threats," said Ayush Patidar, Analyst, Quadrant Knowledge Solutions. "With on-device protection and real-time app security including app scanning, app shielding, runtime protection, and protection of cryptographic keys, the platform provides protection against phishing, spyware, rogue networks, and malicious app attacks. Owing to these capabilities, Zimperium has scored strong overall ratings across the performance parameters of the technology excellence and the customer impact in SPARK MatrixTM for Mobile Threat Management (MTM) and In-App Protection market and has been placed as a technology leader in 2022."

To learn more about how the Zimperium Mobile-First Security Platform can solve your enterprise’s biggest mobile and application security challenges, click here. To access Zimperium MTD on the App Store, click here. To access Zimperium MTD on Google Play, click here.

Zimperium will also be onsite at the upcoming RSA Conference in San Francisco from April 24–27, please visit our booth #1727 South Hall.

**About Zimperium**

Zimperium provides the only mobile-first security platform purpose-built for enterprise environments. With machine learning-based protection and a single platform that secures everything from endpoints to applications, Zimperium provides on-device mobile threat defense and in-app protection to address today’s growing and evolving mobile security threats. environments. Zimperium is headquartered in Dallas, Texas and backed by Liberty Strategic Capital and SoftBank. For more information, follow Zimperium on Twitter (@Zimperium) and LinkedIn (https://www.linkedin.com/company/zimperium), or visit www.Zimperium.com.

Zimperium Launches Unified Mobile Security Platform for Threat Detection, Visibility, and Response

An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur.

From: Yu Hao <yhao016@ucr.edu>
To: marcel@holtmann.org, johan.hedberg@gmail.com,
	luiz.dentz@gmail.com, linux-bluetooth@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: BUG: general protection fault in hci\_uart\_tty\_ioctl
Date: Mon, 17 Apr 2023 21:59:12 -0700	\[thread overview\]
Message-ID: <CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com> (raw)

Hello,

We found the following issue using syzkaller on Linux v6.2.0.

In function \`hci\_uart\_tty\_ioctl\`, there is a race condition
between HCIUARTSETPROTO and HCIUARTGETPROTO.
HCI\_UART\_PROTO\_SET is set before \`hu->proto\` is set.
Thus it may dereference a null pointer.

The full report including the Syzkaller reproducer & C reproducer:
https://gist.github.com/ZHYfeng/a3e3ff2bdfea5ed5de5475f0b54d55cb

The brief report is below:

Syzkaller hit 'general protection fault in hci\_uart\_tty\_ioctl' bug.

general protection fault, probably for non-canonical address
0xdffffc0000000000: 0000 \[#1\] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range \[0x0000000000000000-0x0000000000000007\]
CPU: 0 PID: 8770 Comm: syz-executor.0 Not tainted 6.2.0 #4
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:hci\_uart\_tty\_ioctl+0x244/0xc20 drivers/bluetooth/hci\_ldisc.c:774
Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 cf 08 00 00 48 8b 9b
b8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <0f> b6
04 02 84 c0 74 08 3c 03 0f 8e 5f 08 00 00 44 8b 23 e9 14 ff
RSP: 0018:ffffc900022a7d10 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8710057c
RDX: 0000000000000000 RSI: ffff888046df8000 RDI: ffff88801cf510b8
RBP: 0000000000000001 R08: 0000000000000001 R09: ffffed10039ea204
R10: ffff88801cf5101f R11: ffffed10039ea203 R12: ffff8880204eb000
R13: 0000000000000000 R14: ffffffffffffffe7 R15: 00000000800401c0
FS:  00007f203e7dd700(0000) GS:ffff88802ca00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005587ec7f32d8 CR3: 000000004629e000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 tty\_ioctl+0xac0/0x1420 drivers/tty/tty\_io.c:2784
 vfs\_ioctl fs/ioctl.c:51 \[inline\]
 \_\_do\_sys\_ioctl fs/ioctl.c:870 \[inline\]
 \_\_se\_sys\_ioctl fs/ioctl.c:856 \[inline\]
 \_\_x64\_sys\_ioctl+0x198/0x210 fs/ioctl.c:856
 do\_syscall\_x64 arch/x86/entry/common.c:50 \[inline\]
 do\_syscall\_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd
RIP: 0033:0x7f203f0902fd
Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48
89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d
01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f203e7dcc58 EFLAGS: 00000246 ORIG\_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f203f1bc020 RCX: 00007f203f0902fd
RDX: 0000000000000000 RSI: 00000000800455c9 RDI: 0000000000000003
RBP: 00007f203f0fec89 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffee4615aef R14: 00007ffee4615ca0 R15: 00007f203e7dcdc0
 </TASK>

                 reply	other threads:\[~2023-04-18  5:00 UTC|newest\]

**Thread overview:** \[no followups\] expand\[flat|nested\]  mbox.gz  Atom feed

**Reply instructions:**

You may reply publicly to this message via plain-text email
using any one of the following methods:

\* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting\_style#Interleaved\_style

\* Reply using the **\--to**, **\--cc**, and **\--in-reply-to**
  switches of git-send-email(1):

  git send-email \\
    --in-reply-to=CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com \\
    --to=yhao016@ucr.edu \\
    --cc=johan.hedberg@gmail.com \\
    --cc=linux-bluetooth@vger.kernel.org \\
    --cc=linux-kernel@vger.kernel.org \\
    --cc=luiz.dentz@gmail.com \\
    --cc=marcel@holtmann.org \\
    /path/to/YOUR\_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

\* If your mail client supports setting the **In-Reply-To** header
  via mailto: links, try the mailto: link

Be sure your reply has a **Subject:** header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

CVE-2023-31083: BUG: general protection fault in hci_uart_tty_ioctl

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.

From: Yu Hao <yhao016@ucr.edu>
To: mchehab@kernel.org, linux-media@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: BUG: WARNING in dvb\_frontend\_get\_event
Date: Mon, 17 Apr 2023 21:50:07 -0700	\[thread overview\]
Message-ID: <CA+UBctCu7fXn4q41O\_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com> (raw)

Hello,

We found the following issue using syzkaller on Linux v6.2.0.

In the function \`dvb\_frontend\_get\_event\`, function
\`wait\_event\_interruptible\` is called
and the condition is \`dvb\_frontend\_test\_event(fepriv, events)\`.
In the function \`dvb\_frontend\_test\_event\`, function
\`down(&fepriv->sem);\` is called.
However, function \`wait\_event\_interruptible\` would put the process to sleep.
And function \`down(&fepriv->sem);\` may block the process.
So there is the issue with "do not call blocking ops when !TASK\_RUNNING".

The full report including the Syzkaller reproducer & C reproducer:
https://gist.github.com/ZHYfeng/4c5f8be6adc63b73dba68230d15ece2c

The brief report is below:

Syzkaller hit 'WARNING in dvb\_frontend\_get\_event' bug.

------------\[ cut here \]------------
do not call blocking ops when !TASK\_RUNNING; state=1 set at
\[<ffffffff8161186d>\] prepare\_to\_wait\_event+0x6d/0x690
kernel/sched/wait.c:333
WARNING: CPU: 0 PID: 8017 at kernel/sched/core.c:9968
\_\_might\_sleep+0x10a/0x160 kernel/sched/core.c:9968
Modules linked in:
CPU: 0 PID: 8017 Comm: syz-executor303 Not tainted 6.2.0 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:\_\_might\_sleep+0x10a/0x160 kernel/sched/core.c:9968
Code: 9d 03 00 48 8d bb d8 16 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00
75 34 48 8b 93 d8 16 00 00 48 c7 c7 e0 68 4c 8a e8 38 55 72 08 <0f> 0b
e9 75 ff ff ff e8 1a 7b 7f 00 e9 26 ff ff ff 89 34 24 e8 1d
RSP: 0018:ffffc9000e537ac8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff888018bdba80 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff888018bdba80 RDI: fffff52001ca6f4b
RBP: ffffffff8a4cd200 R08: 0000000000000000 R09: ffffed1005944f32
R10: ffff88802ca2798b R11: ffffed1005944f31 R12: 000000000000003a
R13: 0000000000000000 R14: 0000000000000000 R15: ffff888044057260
FS:  0000555555995880(0000) GS:ffff88802ca00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd34db66000 CR3: 000000001f479000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 down+0x1e/0xa0 kernel/locking/semaphore.c:58
 dvb\_frontend\_test\_event drivers/media/dvb-core/dvb\_frontend.c:277 \[inline\]
 dvb\_frontend\_get\_event.isra.0+0x528/0x670
drivers/media/dvb-core/dvb\_frontend.c:301
 dvb\_frontend\_handle\_ioctl+0x1953/0x2ea0
drivers/media/dvb-core/dvb\_frontend.c:2726
 dvb\_frontend\_do\_ioctl+0x1c5/0x2f0 drivers/media/dvb-core/dvb\_frontend.c:2097
 dvb\_usercopy+0xbe/0x280 drivers/media/dvb-core/dvbdev.c:961
 dvb\_frontend\_ioctl+0x5a/0x80 drivers/media/dvb-core/dvb\_frontend.c:2111
 vfs\_ioctl fs/ioctl.c:51 \[inline\]
 \_\_do\_sys\_ioctl fs/ioctl.c:870 \[inline\]
 \_\_se\_sys\_ioctl fs/ioctl.c:856 \[inline\]
 \_\_x64\_sys\_ioctl+0x198/0x210 fs/ioctl.c:856
 do\_syscall\_x64 arch/x86/entry/common.c:50 \[inline\]
 do\_syscall\_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd
RIP: 0033:0x7f569e9f4a7d
Code: 28 c3 e8 36 29 00 00 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48
89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d
01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff77694948 EFLAGS: 00000246 ORIG\_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f569e9f4a7d
RDX: 0000000020000000 RSI: 0000000080286f4e RDI: 0000000000000003
RBP: 00007f569e9ae440 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f569e9ae4e0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>

                 reply	other threads:\[~2023-04-18  4:50 UTC|newest\]

**Thread overview:** \[no followups\] expand\[flat|nested\]  mbox.gz  Atom feed

**Reply instructions:**

You may reply publicly to this message via plain-text email
using any one of the following methods:

\* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting\_style#Interleaved\_style

\* Reply using the **\--to**, **\--cc**, and **\--in-reply-to**
  switches of git-send-email(1):

  git send-email \\
    --in-reply-to='CA+UBctCu7fXn4q41O\_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com' \\
    --to=yhao016@ucr.edu \\
    --cc=linux-kernel@vger.kernel.org \\
    --cc=linux-media@vger.kernel.org \\
    --cc=mchehab@kernel.org \\
    /path/to/YOUR\_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

\* If your mail client supports setting the **In-Reply-To** header
  via mailto: links, try the mailto: link

Be sure your reply has a **Subject:** header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

Tag

#ios