The Call For Papers for nullcon Goa 2025 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place March 1st through the 2nd, 2025.

Do you wish to become a speaker at Nullcon Goa 2025? The opportunities are endless. The time to think is long gone - Take the only leap to share your research with our infosec community.

Call For Papers - Nullcon Goa 2025 (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0g3gVDYW7lCdLW6lZ3krW5sVJnn2b1pGgW4VfGFw4gSKwKW7T9v298lCB3rW3MyVZN4QZdRZVmt5bS5SZh7_W1gd6mX1JJnTgW3T-ygY70DWZQN8BqbRky-cK7N78QdcBNhhTdW4S5D_934wdgsW5g4QSF1XLcrBW3xm9qY5Fq0K7W29YBzm5FFJZqW1DbVDt8_D4C-W32Tv4x5mwwtFW3G8VF11yBc2DW2_C3z-89wwR2W44r2CW30gPzPW1LCpQB3TC7rDN2_4JXml3TQNW2sxvNm5d4LyqW91kdFY8BF16dW6B3Ycm8XSXV4W7G9dPx4GkwKZf8kv1DK04 )

OPEN...Call For Papers (CFP) for Nullcon Goa 2025

Do you wish to become a speaker at Nullcon Goa 2025? The opportunities are endless. The time to think is long gone - Take the only leap to share your research with our infosec community.

CFP Closes: 15th November 2024

Conference: 1st-2nd March 2025

Venue: BITS, Goa

Submission Topics (but not limited to):

- IoT/Embedded Security/OT  
- Web Applications / AI Security  
- Browser Security  
- Fuzzing & Exploit Development  
- Bug Hunting and Vulnerability Research  
- Forensic  
- Malware & Incident Response  
- Cloud and Infrastructure Security

Know More About Speaker Benefits / Submission Guidelines  
(https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0g3gVDYW7lCdLW6lZ3krW5sVJnn2b1pGgW4VfGFw4gSKwKW7T9v298lCB3rW3MyVZN4QZdRZVmt5bS5SZh7_W1gd6mX1JJnTgW3T-ygY70DWZQN8BqbRky-cK7N78QdcBNhhTdW4S5D_934wdgsW5g4QSF1XLcrBW3xm9qY5Fq0K7W29YBzm5FFJZqW1DbVDt8_D4C-W32Tv4x5mwwtFW3G8VF11yBc2DW2_C3z-89wwR2W44r2CW30gPzPW1LCpQB3TC7rDN2_4JXml3TQNW2sxvNm5d4LyqW91kdFY8BF16dW6B3Ycm8XSXV4W7G9dPx4GkwKZf8kv1DK04 )

Nullcon Bangalore 2024

Learn Via Experiences, Not Just Books

Do you know what today’s cutting-edge tech jobs at major companies truly require?

It’s all about the hands-on expertise you’ve developed—through the projects you’ve undertaken and the practical knowledge needed to address real-world business challenges.

Dates: 7th-9th November 2024 | Venue: Hotel Royal Orchid, Bangalore

Hacking Modern Web Apps: Master the Future of Attack Vectors

By Anirudh Anand & Abraham Aranguren

Malware Analysis 0x65: Dissecting & Demystifying Attackers Mindset

By Abhinav Thakur & Niraj Shivtarkar

Practical IoT Hacking

By Hemant Sonkar, Ranit Pradhan, Pugal Selvan & Rupesh Surve

StealthOps: Red Team Operations 24 Edition

By Manish Gupta & Yash Bharadwaj

Sold Out! AI Security: Terminating The Terminator

By Nikhil Joshi

Register with Early Bird Discount!  
(https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0z3gVDYW7Y8-PT6lZ3pcW5Z_6zg6bPGw2N6gYMkp15jT0W94QVDk5P5PGyW3BDWFv8GSrP3W72QF1V8zzkJNW72brp-6RfrTGW7F0XXD8X5WVcVQfWd_4HT-BxW1m36Rn7gDN4zW47VSWV8yk5TPN667G5NY2gy8W68yBjv4PZ9THW8rPGRk5k34v2W2KnQWS8y9qwDVPwXGw95657DW8xQm9N1LRLCMN3-7DJW3WTcGW4cdvMh89YnKQW6yx1R52qBcnPW10Yff22vQrxhW7x0pkw35WfrrN7tnpf5GJMDfW9dmylv4bzq_6W16R0NG98-VTfW3mXFMM77D_mNW8HbkFz30psD8f7kC9fg04 )

Job Openings 💼

Evernorth Health Services is looking for a Cyber Security Senior Advisor (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0z3lcq-W7Y8-PT6lZ3mKVxYnF46myHbmVmLD9799wBlpW3V-q831YL_kjW6mZcrB1_s4MmVddB_T60XB9QW7tCfZ13Rd87YW6yYyk-4rqZrqW7XZc046p4cynW1HYc_Q788LnWW60HDdD3VJq12W4CJys-8r4d8dW6YjvF25hsLpmW8xPbw63Z14grW51l1tj3NRGpqW4t6HCC8wl_JdW87p0H610_QYZW2nYpRK88rGG8W2Tvq145BNTtYW7t0Hqr1lmbz3W7Gp8Yt3w6F4qW1xPB-28bMCxqVJm8ZP6Zs0mqW5gP7mz9dl99XN1N1pB2ftxQ3W7c_Hg75vtHfYVXdncG5_P77pf2LHb7g04 ) and a Cyber Security Associate Principal (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0z3lcq-W7Y8-PT6lZ3q7W69Cbdx3b0ZPmN1txRLMr9jfGW8YlfXJ1t2SZbW7jqJs02dS2jYW3lB4Tf2H7CdyW8cKyQr2xJjkdW4ssmfL7d5VzZW1jCqVN3sT8STN3ggNMXxz7CyW1QMJl43BNt8_W6wds4T8BTMsVVtkX2812bpl_W5TGFq43tyJ14W5QN2MZ8gWVPfW6RGlK55JkqxgW3zBXk38Yh9JFW1B4LC76pT6GvW4Gg4YR7Ht5yVW7SsDDh2Cf737My2j9mKT9PfW8sj_1-4cpFbXW1_R_5y3nmwcBN2flG7Qs29d0W3DHv8f6018g2W47lJ1m5NB8dfW78qmSX3lK69Hd5c1WH04 ) in Hyderabad, India

Google is looking for a Security Engineer, Android Security Assurance (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyk_H5jMY8W69t95C6lZ3pgW7CTQgt6mr-qhW6jgM7f1-TYgNW37sGhY6Fw_MhW3W5hJT3q8xHNW7Dshmj63jCQfMBf7qFzVDkGV1Nwnq1GnCRDW53kp827KkSHjW4kSz1b8DYx2KW33j2fs8ZVDgVW6Ksb1-8_BL3XW4p38gd23RL8lW8Rxnqg1x39n4W8grlTQ89hWP9W7BMh8L22G3RGW72X6Xh7glvrQW1GrZn127P4BlW6ldgZ72C4z86W6f-mJf4sGn7BW84VW45328XTZW7mHvgT82H0HvW7fg1jB43mhcLW6-Vfwl28QHmsW3x1pKc88p20dW3XT4xj1yH5f5W37d9Cp2lWLKgW9612FS8_SBfpW5RwJSL7xH16WW4kzq758RwLFSW5S-KcT7J59fNN9kkyZKPF3VfW7T37gM6tYfQDW3bCHmt4S12ZtV6zTbL4L3yr5W3J9mvh4pvbFmW4gVFgc8BwKzFf7w0CsC04 ) in Bangalore, India

InfoSec Connect 👥

null - The Open Security Community is preparing for its upcoming elections! Submit your questions for potential candidates via GitHub: https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyk_45jMY8W50kH_H6lZ3nvN6Xjl9sXkG90W2YkM_32MTqcxW1GZ2sN4wrQnSW2MGhLx1HYpzyW3gNZtH6T485gVknDzC25Sd7qN6b5t28nrKr4W3gpbhd3nwn5WV96_Nm3wmknhVMX33f2FSw14W5Dq1c75rZTHrW1BKqQT226pSDW2c8B5x16ZcJlW3Kbsyq7g5h-nW8cxfDh1Z1skqW1-QxmT2TkctBW4lCMsm1JCJKmW2MqFJL6V9f0cW5pTyB58RPzhqVRSzQw4g7L1CW4r5ZPQ86cV4wW1rJR6-59ZLWtW6VbG5L6-nMrwW2mNc4H8mM6mQW4GGGP131VbgPW3yWQRh7nTz3DW6QBMq33CSHM7W1dSpvK4tR352W8G30__4P4bgyW6s00nG1lcZyZW69VQJr1j0W5WW1bz5KK62QJstf29fj5P04 (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyk_45jMY8W50kH_H6lZ3nvN6Xjl9sXkG90W2YkM_32MTqcxW1GZ2sN4wrQnSW2MGhLx1HYpzyW3gNZtH6T485gVknDzC25Sd7qN6b5t28nrKr4W3gpbhd3nwn5WV96_Nm3wmknhVMX33f2FSw14W5Dq1c75rZTHrW1BKqQT226pSDW2c8B5x16ZcJlW3Kbsyq7g5h-nW8cxfDh1Z1skqW1-QxmT2TkctBW4lCMsm1JCJKmW2MqFJL6V9f0cW5pTyB58RPzhqVRSzQw4g7L1CW4r5ZPQ86cV4wW1rJR6-59ZLWtW6VbG5L6-nMrwW2mNc4H8mM6mQW4GGGP131VbgPW3yWQRh7nTz3DW6QBMq33CSHM7W1dSpvK4tR352W8G30__4P4bgyW6s00nG1lcZyZW69VQJr1j0W5WW1bz5KK62QJstf29fj5P04 ) . Your feedback will help shape the future leadership of null.

Join our Discord Server 👋

Stay updated on the latest job announcements and opportunities in our community: https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0g3lcq-W7lCdLW6lZ3mSN1rYPzdwB9mRW8bnZP19gYljkW61XSF-5lbBSDW9kRgZ5783hndW7SQScW9dHfnWW24cg8-7g1k4tW5MTCDT39Z25lW6B9t5D3bQFsyW8DLY3H62sFsJN6H1_wpzsHKwW1y0WS-2wXgQTW2HQqNr6nlrmQW7HTlkS2blydMN8G5hm1QFTtVN1_hWxtMsgwfW3T9hgM6W-77GW7F6HKs2_y5v6W52Pvs334vlqGW7R9pjv3hSK7RW5jH-pH6bx5tJW7JzvfR3pTj-vW8MP7m21-hdg5W8j5w9p3Hp3HcW3k67C68Fjz63f5xvHfF04 (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0g3lcq-W7lCdLW6lZ3mSN1rYPzdwB9mRW8bnZP19gYljkW61XSF-5lbBSDW9kRgZ5783hndW7SQScW9dHfnWW24cg8-7g1k4tW5MTCDT39Z25lW6B9t5D3bQFsyW8DLY3H62sFsJN6H1_wpzsHKwW1y0WS-2wXgQTW2HQqNr6nlrmQW7HTlkS2blydMN8G5hm1QFTtVN1_hWxtMsgwfW3T9hgM6W-77GW7F6HKs2_y5v6W52Pvs334vlqGW7R9pjv3hSK7RW5jH-pH6bx5tJW7JzvfR3pTj-vW8MP7m21-hdg5W8j5w9p3Hp3HcW3k67C68Fjz63f5xvHfF04 )

Payatu Technologies Pvt Ltd., Office No. 502, Tej House, 5th Floor, 5 M.G. Road, Camp, Pune, Maharashtra 411001

Unsubscribe (https://hs-7328024.s.hubspotstarter.net/preferences/en/unsubscribe?data=W2nXS-N30h-BrW3LHlhC34rt-5W2qSxDn2q_nGsW2nTBZy1-XBPFW3DXWqr3Z-_tCW2WqQ3730GyvSW1S2hF03835hXW2YyfNm3JSNdZW2zYXgc24WzKdW2Pvm-h4fsmRdW43F1K13M62zMW2RrG9Z2Wy8kHW4mbnlg3dsp0fW4pyH862313-zW1Bczj53T5WDMW4mytFw45XcXLW3jdkps3_YkSJW32xGwS1ZqWrgW4pB1tk4rvDxMW3QRD2L4tFmCcW3z2X5n4cKGJ8W1_jPkL3DYJ5pW1L7shZ3yXrT1W3gs6ks2HFWFSW4mGpm92TMWDSW32rKK32sVklYW2zPb-71Lmv6XW2CqPVY3T47WMW2sT7Py49TPG1W2RJTzl4mtnMjW1Zgz8l4ftc1FW3XyTv52KSvkzW30c2cn2-g8DjW2sFqnF3Vz5zYW2Ry1N61Ljfl0W3K6FDF1BDJp3W2KZkNq3bcfRYW41tWSP1L3Gn_W49tXYY3ggbJZW2TjQnn3f-nvYW4mrF_s4fnXVLW1ZljCP2qVBl7W3W2mYG4fr5PdW2TzZDB36Fsy4W4cPR5w2PsLMfW3dppWB4mstSlW47wtPz1_nZN9W3H6XWj3C89-df1ZvBy304&_hsenc=p2ANqtz-_4kDnRpYLE-TWAHbI6iNAV0yfG-pGLSCVy_UhGcPYKKegnkWd5NrsrumPiy2SzOiKwRWd8iI3lUz1brTj75EqS1ofT1uSnLYe5ip-U8gHYAz8qiaI&_hsmi=325820415 )  
Manage preferences (https://hs-7328024.s.hubspotstarter.net/preferences/en/manage?data=W2nXS-N30h-BrW3LHlhC34rt-5W2qSxDn2q_nGsW2nTBZy1-XBPFW3DXWqr3Z-_tCW2WqQ3730GyvSW1S2hF03835hXW2YyfNm3JSNdZW2zYXgc24WzKdW2Pvm-h4fsmRdW43F1K13M62zMW2RrG9Z2Wy8kHW4mbnlg3dsp0fW4pyH862313-zW1Bczj53T5WDMW4mytFw45XcXLW3jdkps3_YkSJW32xGwS1ZqWrgW4pB1tk4rvDxMW3QRD2L4tFmCcW3z2X5n4cKGJ8W1_jPkL3DYJ5pW1L7shZ3yXrT1W3gs6ks2HFWFSW4mGpm92TMWDSW32rKK32sVklYW2zPb-71Lmv6XW2CqPVY3T47WMW2sT7Py49TPG1W2RJTzl4mtnMjW1Zgz8l4ftc1FW3XyTv52KSvkzW30c2cn2-g8DjW2sFqnF3Vz5zYW2Ry1N61Ljfl0W3K6FDF1BDJp3W2KZkNq3bcfRYW41tWSP1L3Gn_W49tXYY3ggbJZW2TjQnn3f-nvYW4mrF_s4fnXVLW1ZljCP2qVBl7W3W2mYG4fr5PdW2TzZDB36Fsy4W4cPR5w2PsLMfW3dppWB4mstSlW47wtPz1_nZN9W3H6XWj3C89-df1ZvBy304&_hsenc=p2ANqtz-_4kDnRpYLE-TWAHbI6iNAV0yfG-pGLSCVy_UhGcPYKKegnkWd5NrsrumPiy2SzOiKwRWd8iI3lUz1brTj75EqS1ofT1uSnLYe5ip-U8gHYAz8qiaI&_hsmi=325820415 )

nullcon Goa 2025 Call For Papers

Hackers stole $243M from a single victim by posing as Google and Gemini support, resetting 2FA to access…

Hackers stole $243M from a single victim by posing as Google and Gemini support, resetting 2FA to access crypto. Investigator ZachXBT helped trace the thieves, leading to arrests and the recovery of millions.

A major breakthrough in cryptocurrency theft came to light on September 19, 2024, when anonymous Twitter user and crypto investigator ZachXBT (@ZachXBT) revealed his investigation into one of the largest crypto heists in history.

The theft of $243 million worth of cryptocurrency from a single Genesis creditor, was carried out through a sophisticated **social engineering attack** in August 2024. ZachXBT’s investigation played a key role in tracing the alleged culprits, which led to multiple arrests and the recovery of millions in stolen funds.

****The Heist****

On August 19, 2024, a group of cybercriminals identified as Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) allegedly conducted a phishing operation targeting a victim in Washington, D.C.

The attackers, posing as support personnel from Google and Gemini, tricked the victim into resetting two-factor authentication (**2FA**) and transferring funds to a compromised wallet. The group further exploited the victim using remote access software **AnyDesk** to reveal private keys stored in the victim’s Bitcoin core.

ZachXBT provided transaction hashes that tracked the flow of Bitcoin, confirming that 59.34 BTC and 14.88 BTC were stolen during the attack, followed by the transfer of a massive 4,064 BTC, worth $243 million at the time, which was quickly split among the attackers.

> 3/ Here is a private video recording showing the live reaction by multiple of the threat actors to receiving $238M.
> 
> Theft txn hash  
> 4064 BTC – Aug 19 at 4:05 am UTC  
> 4b277ba298830ea538086114803b9487558bb093b5083e383e94db687fbe9090 pic.twitter.com/djSxBTkOF8
> 
> — ZachXBT (@zachxbt) September 19, 2024

**Criminals’ Identities Unveiled**

According to ZachXBT’s in-depth investigation, the details of which he shared in a _must read_ **detailed Twitter thread**, revealed the identities of the thieves. Allegedly, Wiz (Veer Chetal) made a critical error during a screenshare session, where his real name was exposed.

Furthermore, he and his friend Aakaash (Light/Dark) allegedly attempted to launder the stolen funds through exchanges such as eXch and Thorswap. Despite efforts to cover their tracks, they linked laundered funds to the stolen assets by reusing addresses.

Greavys, a key figure in the scam, flaunted his newfound wealth by purchasing luxury items, including over 10 cars and expensive nights out in Los Angeles and Miami. His flashy lifestyle, documented on social media, helped investigators track his location.

Box (Jeandiel Serrano), who impersonated a Gemini representative during the heist, also left traces linking him to the stolen funds. A shared profile picture across multiple platforms and a series of missteps in cryptocurrency transactions allowed investigators to trace $18 million back to him.

Screenshot credit: ZachXBT

**Arrests and Asset Recovery**

ZachXBT’s collaboration with **@CFInvestigators**, **@zeroshadow\_io**, and the Binance Security Team resulted in the freezing of over $9 million in assets, with $500,000 already returned to the victim. His findings also led to the arrest of Greavys and Box, who were taken into custody in Miami and Los Angeles, respectively, on September 18, 2024.

**Legal Proceedings**

The Department of Justice (DOJ) confirmed the arrests in a **press release**, announcing charges of conspiracy to steal and launder cryptocurrency against Malone Lam (aka “Anne Hathaway” and “$$$”) and Jeandiel Serrano (aka “VersaceGod” and “@SkidStar”).

The indictment outlines how the pair, alongside other conspirators, executed a series of crypto thefts, using complex laundering techniques to conceal the funds. Both individuals appeared in U.S. District Court following their arrests.

ZachXBT’s investigative work played a crucial role in cracking one of the largest cryptocurrency theft cases of the year. As law enforcement continues to crack the network behind the crime, ZachXBT has stated that updates will follow as the legal proceedings unfold.

1.  **6 of the Best Crypto Bug Bounty Programs**
2.  **Pink Drainer Posed as Journalists, Stole $3M from Twitter Users**
3.  **Hackers Stole $59 Million of Crypto Via Malicious Google, X Ads**
4.  **Crypto Scammer Returns $9.27 Million Out of $24M Crypto Theft**
5.  **Crypto losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed**

Hackers Posed as Google Support to Steal $243 Million in Crypto

Debian Linux Security Advisory 5773-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5773-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonSeptember 19, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-8904 CVE-2024-8905 CVE-2024-8906 CVE-2024-8907                  CVE-2024-8908 CVE-2024-8909Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 129.0.6668.58-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmbsT+kACgkQZF0CR8NudjcBZxAAr/rpFak7qXGy0AqnX3BLhQEpL3h/hsb4sa4OvOVnsENKrGNgg6+3FNDH8kVjz/IPo6BNKoPa0WFZoq5ENwm9ZkpjToEWM5tRWwqxQyhuZ6n8WzNljc4p5d17k2e0VtPbBR6Z8ICoNhu8iEaX1r2rqqfUciMd6G42+sUPEUkj+We9YWrjt00+nPA9ZGdG9AYml5Zu5+jG5OJJtT9x2I9l1NPbPb8RB5VlGVSyn2lgbr5moLc4t7dbK8LZPQmtjvFpCtkAmcj+bedAGXBio03vJTQJpfednmAOzpZbl1oWoO4opDhRJxPc7MUG/1wWKK+k7e2NR/7TYwSMrKm7fM9tlNTx0Zvzi86Nlrqhx6y6PCdXB1RjaSqtAk732bSIAD/eULqRw0ZeJfUruzUAOmreX1E6JeLbsRUbc6R5pjn9GauVNKcfIxVqXqhf/XcrpUpEqrZ9K71zc2SFQUCC5qxW5rANdZhYm3FV4r9NfTPurEcdDSSr6wZTOfc1Rw1GN6VdX3YLPHEfRvX10RmipzaoMleeHAsSQUF9SpQ9O+m8Ckd1ReZAoJyGXU6wtEQ67sNKNYzkxHL4/H6CE6Fg/i610vXhydqd8Y6b7Sg0CiKjwD+UdaqggoiqMMg+32woZxugNYGC1FqYqoHmA/V2QCZq/pYqUS6x5qHjSUkmPvwLJrU==vXjE-----END PGP SIGNATURE-----

Debian Security Advisory 5773-1

Red Hat Security Advisory 2024-6893-03 - Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6893.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat AMQ Broker 7.12.0 release and security updateAdvisory ID:        RHSA-2024:6893-03Product:            Red Hat JBoss AMQAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6893Issue date:         2024-09-20Revision:           03CVE Names:          CVE-2023-34455====================================================================Summary: Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.This release of Red Hat AMQ Broker 7.12.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.Security Fix(es):* (CVE-2023-34455) snappy-java: Unchecked chunk length leads to DoS* (CVE-2023-35116) jackson-databind: denial of service via cylic dependenciesFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2023-34455References:https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.12.0https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.12https://bugzilla.redhat.com/show_bug.cgi?id=2215214https://bugzilla.redhat.com/show_bug.cgi?id=2215445

Red Hat Security Advisory 2024-6893-03

Red Hat Security Advisory 2024-6892-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6892.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox  updateAdvisory ID:        RHSA-2024:6892-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6892Issue date:         2024-09-19Revision:           03CVE Names:          CVE-2024-7652====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-7652References:https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-6892-03

Red Hat Security Advisory 2024-6891-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6891.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox  updateAdvisory ID:        RHSA-2024:6891-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6891Issue date:         2024-09-19Revision:           03CVE Names:          CVE-2024-7652====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-7652References:https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-6891-03

Red Hat Security Advisory 2024-6890-03 - New Red Hat build of Keycloak 24.0.8 packages with security impact Important are available from the Customer Portal. Issues addressed include a privilege escalation vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6890.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat build of Keycloak 24.0.8 UpdateAdvisory ID:        RHSA-2024:6890-03Product:            Red Hat build of KeycloakAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6890Issue date:         2024-09-19Revision:           03CVE Names:          CVE-2024-8698====================================================================Summary: New Red Hat build of Keycloak 24.0.8 packages with security impact Important are available from the Customer PortalDescription:Red Hat build of Keycloak 24.0.8 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.Security fixes:* Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak (CVE-2024-8698)* Vulnerable Redirect URI Validation Results in Open Redirec (CVE-2024-8883)Solution:CVEs:CVE-2024-8698References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2311641https://bugzilla.redhat.com/show_bug.cgi?id=2312511

Red Hat Security Advisory 2024-6890-03

Red Hat Security Advisory 2024-6889-03 - New images with security impact Important are available for Red Hat build of Keycloak 24.0.8 and Red Hat build of Keycloak 24.0.8 Operator, running on OpenShift Container Platform. Issues addressed include a privilege escalation vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6889.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat build of Keycloak 24.0.8 Images UpdateAdvisory ID:        RHSA-2024:6889-03Product:            Red Hat build of KeycloakAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6889Issue date:         2024-09-19Revision:           03CVE Names:          CVE-2024-8698====================================================================Summary: New images with security impact Important are available for Red Hat build of Keycloak 24.0.8 and Red Hat build of Keycloak 24.0.8 Operator, running on OpenShift Container Platform.Description:Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.Red Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 24.0.8 clusters.This erratum releases new images for Red Hat build of Keycloak 24.0.8 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.Security fixes:* Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak (CVE-2024-8698)* Vulnerable Redirect URI Validation Results in Open Redirec (CVE-2024-8883)Solution:CVEs:CVE-2024-8698References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2311641https://bugzilla.redhat.com/show_bug.cgi?id=2312511

Red Hat Security Advisory 2024-6889-03

Red Hat Security Advisory 2024-6888-03 - New Red Hat build of Keycloak 22.0.13 packages with security impact Important are available from the Customer Portal. Issues addressed include a privilege escalation vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6888.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat build of Keycloak 22.0.13 UpdateAdvisory ID:        RHSA-2024:6888-03Product:            Red Hat build of KeycloakAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6888Issue date:         2024-09-19Revision:           03CVE Names:          CVE-2024-8698====================================================================Summary: New Red Hat build of Keycloak 22.0.13 packages with security impact Important are available from the Customer PortalDescription:Red Hat build of Keycloak 22.0.13 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat build of Keycloak 22.0.13 serves as a replacement for Red Hat Single Sign-On 7.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security fixes:* Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak (CVE-2024-8698)* Vulnerable Redirect URI Validation Results in Open Redirec (CVE-2024-8883)Solution:CVEs:CVE-2024-8698References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2311641https://bugzilla.redhat.com/show_bug.cgi?id=2312511

Red Hat Security Advisory 2024-6888-03

Red Hat Security Advisory 2024-6887-03 - New images with security impact Important are available for Red Hat build of Keycloak 22.0.13 and Red Hat build of Keycloak 22.0.13 Operator, running on OpenShift Container Platform. Issues addressed include a privilege escalation vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6887.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat build of Keycloak 22.0.13 Images UpdateAdvisory ID:        RHSA-2024:6887-03Product:            Red Hat build of KeycloakAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6887Issue date:         2024-09-19Revision:           03CVE Names:          CVE-2024-8698====================================================================Summary: New images with security impact Important are available for Red Hat build of Keycloak 22.0.13 and Red Hat build of Keycloak 22.0.13 Operator, running on OpenShift Container PlatformDescription:Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.Red Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 22.0.13 clusters.This erratum releases new images for Red Hat build of Keycloak 22.0.13 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.Security fixes:* Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak (CVE-2024-8698)* Vulnerable Redirect URI Validation Results in Open Redirec (CVE-2024-8883)Solution:CVEs:CVE-2024-8698References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2311641https://bugzilla.redhat.com/show_bug.cgi?id=2312511

Tag

#js