Red Hat Security Advisory 2024-4457-03 - An update for openssh is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4457.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: openssh security updateAdvisory ID:        RHSA-2024:4457-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4457Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2024-6409====================================================================Summary: An update for openssh is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.Security Fix(es):* openssh: Possible remote code execution due to a race condition in signal handling affecting Red Hat Enterprise Linux 9 (CVE-2024-6409)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6409References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2295085

Red Hat Security Advisory 2024-4457-03

Red Hat Security Advisory 2024-4456-03 - An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a traversal vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4456.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python3 security updateAdvisory ID:        RHSA-2024:4456-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4456Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2023-6597====================================================================Summary: An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6597References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2276518

Red Hat Security Advisory 2024-4456-03

Red Hat Security Advisory 2024-4455-03 - Red Hat OpenShift Virtualization release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4455.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Virtualization 4.16.0 Images security update  
Advisory ID:        RHSA-2024:4455-03  
Product:            OpenShift Virtualization  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4455  
Issue date:         2024-07-10  
Revision:           03  
CVE Names:          CVE-2023-45857  
====================================================================

Summary: 

Red Hat OpenShift Virtualization release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.16.0 images.

Security Fix(es):

* axios: exposure of confidential data stored in cookies (CVE-2023-45857)

* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

* jose-go: improper handling of highly compressed data (CVE-2024-28180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-45857

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2248979  
https://bugzilla.redhat.com/show_bug.cgi?id=2268046  
https://bugzilla.redhat.com/show_bug.cgi?id=2268854  
https://issues.redhat.com/browse/CNV-18671  
https://issues.redhat.com/browse/CNV-23541  
https://issues.redhat.com/browse/CNV-23927  
https://issues.redhat.com/browse/CNV-28040  
https://issues.redhat.com/browse/CNV-29298  
https://issues.redhat.com/browse/CNV-29431  
https://issues.redhat.com/browse/CNV-29476  
https://issues.redhat.com/browse/CNV-29869  
https://issues.redhat.com/browse/CNV-30877  
https://issues.redhat.com/browse/CNV-31319  
https://issues.redhat.com/browse/CNV-31828  
https://issues.redhat.com/browse/CNV-32664  
https://issues.redhat.com/browse/CNV-32812  
https://issues.redhat.com/browse/CNV-32997  
https://issues.redhat.com/browse/CNV-33184  
https://issues.redhat.com/browse/CNV-33527  
https://issues.redhat.com/browse/CNV-33529  
https://issues.redhat.com/browse/CNV-33701  
https://issues.redhat.com/browse/CNV-33836  
https://issues.redhat.com/browse/CNV-34072  
https://issues.redhat.com/browse/CNV-34180  
https://issues.redhat.com/browse/CNV-34488  
https://issues.redhat.com/browse/CNV-34884  
https://issues.redhat.com/browse/CNV-35213  
https://issues.redhat.com/browse/CNV-35452  
https://issues.redhat.com/browse/CNV-35728  
https://issues.redhat.com/browse/CNV-35729  
https://issues.redhat.com/browse/CNV-35763  
https://issues.redhat.com/browse/CNV-35782  
https://issues.redhat.com/browse/CNV-35859  
https://issues.redhat.com/browse/CNV-36130  
https://issues.redhat.com/browse/CNV-36208  
https://issues.redhat.com/browse/CNV-36209  
https://issues.redhat.com/browse/CNV-36210  
https://issues.redhat.com/browse/CNV-36211  
https://issues.redhat.com/browse/CNV-36271  
https://issues.redhat.com/browse/CNV-36299  
https://issues.redhat.com/browse/CNV-36837  
https://issues.redhat.com/browse/CNV-37111  
https://issues.redhat.com/browse/CNV-37373  
https://issues.redhat.com/browse/CNV-37376  
https://issues.redhat.com/browse/CNV-37377  
https://issues.redhat.com/browse/CNV-37378  
https://issues.redhat.com/browse/CNV-37382  
https://issues.redhat.com/browse/CNV-37383  
https://issues.redhat.com/browse/CNV-37412  
https://issues.redhat.com/browse/CNV-37462  
https://issues.redhat.com/browse/CNV-37501  
https://issues.redhat.com/browse/CNV-37629  
https://issues.redhat.com/browse/CNV-37667  
https://issues.redhat.com/browse/CNV-37685  
https://issues.redhat.com/browse/CNV-37788  
https://issues.redhat.com/browse/CNV-37857  
https://issues.redhat.com/browse/CNV-37859  
https://issues.redhat.com/browse/CNV-38129  
https://issues.redhat.com/browse/CNV-38270  
https://issues.redhat.com/browse/CNV-38375  
https://issues.redhat.com/browse/CNV-38404  
https://issues.redhat.com/browse/CNV-38450  
https://issues.redhat.com/browse/CNV-38568  
https://issues.redhat.com/browse/CNV-38596  
https://issues.redhat.com/browse/CNV-38608  
https://issues.redhat.com/browse/CNV-38609  
https://issues.redhat.com/browse/CNV-38655  
https://issues.redhat.com/browse/CNV-38700  
https://issues.redhat.com/browse/CNV-38707  
https://issues.redhat.com/browse/CNV-38724  
https://issues.redhat.com/browse/CNV-38883  
https://issues.redhat.com/browse/CNV-38887  
https://issues.redhat.com/browse/CNV-38902  
https://issues.redhat.com/browse/CNV-39028  
https://issues.redhat.com/browse/CNV-39030  
https://issues.redhat.com/browse/CNV-39034  
https://issues.redhat.com/browse/CNV-39056  
https://issues.redhat.com/browse/CNV-39101  
https://issues.redhat.com/browse/CNV-39371  
https://issues.redhat.com/browse/CNV-39418  
https://issues.redhat.com/browse/CNV-39421  
https://issues.redhat.com/browse/CNV-39425  
https://issues.redhat.com/browse/CNV-39469  
https://issues.redhat.com/browse/CNV-39558  
https://issues.redhat.com/browse/CNV-39618  
https://issues.redhat.com/browse/CNV-39659  
https://issues.redhat.com/browse/CNV-39682  
https://issues.redhat.com/browse/CNV-39685  
https://issues.redhat.com/browse/CNV-39722  
https://issues.redhat.com/browse/CNV-39727  
https://issues.redhat.com/browse/CNV-39752  
https://issues.redhat.com/browse/CNV-39753  
https://issues.redhat.com/browse/CNV-39878  
https://issues.redhat.com/browse/CNV-39880  
https://issues.redhat.com/browse/CNV-39893  
https://issues.redhat.com/browse/CNV-39940  
https://issues.redhat.com/browse/CNV-39941  
https://issues.redhat.com/browse/CNV-39946  
https://issues.redhat.com/browse/CNV-39978  
https://issues.redhat.com/browse/CNV-39995  
https://issues.redhat.com/browse/CNV-40006  
https://issues.redhat.com/browse/CNV-40120  
https://issues.redhat.com/browse/CNV-40136  
https://issues.redhat.com/browse/CNV-40161  
https://issues.redhat.com/browse/CNV-40162  
https://issues.redhat.com/browse/CNV-40164  
https://issues.redhat.com/browse/CNV-40196  
https://issues.redhat.com/browse/CNV-40200  
https://issues.redhat.com/browse/CNV-40242  
https://issues.redhat.com/browse/CNV-40258  
https://issues.redhat.com/browse/CNV-40334  
https://issues.redhat.com/browse/CNV-40335  
https://issues.redhat.com/browse/CNV-40336  
https://issues.redhat.com/browse/CNV-40341  
https://issues.redhat.com/browse/CNV-40344  
https://issues.redhat.com/browse/CNV-40419  
https://issues.redhat.com/browse/CNV-40445  
https://issues.redhat.com/browse/CNV-40455  
https://issues.redhat.com/browse/CNV-40457  
https://issues.redhat.com/browse/CNV-40598  
https://issues.redhat.com/browse/CNV-40682  
https://issues.redhat.com/browse/CNV-40776  
https://issues.redhat.com/browse/CNV-40846  
https://issues.redhat.com/browse/CNV-40886  
https://issues.redhat.com/browse/CNV-40903  
https://issues.redhat.com/browse/CNV-41084  
https://issues.redhat.com/browse/CNV-41139  
https://issues.redhat.com/browse/CNV-41195  
https://issues.redhat.com/browse/CNV-41199  
https://issues.redhat.com/browse/CNV-41200  
https://issues.redhat.com/browse/CNV-41203  
https://issues.redhat.com/browse/CNV-41206  
https://issues.redhat.com/browse/CNV-41209  
https://issues.redhat.com/browse/CNV-41210  
https://issues.redhat.com/browse/CNV-41224  
https://issues.redhat.com/browse/CNV-41286  
https://issues.redhat.com/browse/CNV-41355  
https://issues.redhat.com/browse/CNV-41385  
https://issues.redhat.com/browse/CNV-41386  
https://issues.redhat.com/browse/CNV-41402  
https://issues.redhat.com/browse/CNV-41474  
https://issues.redhat.com/browse/CNV-41494  
https://issues.redhat.com/browse/CNV-41495  
https://issues.redhat.com/browse/CNV-41503  
https://issues.redhat.com/browse/CNV-41507  
https://issues.redhat.com/browse/CNV-41522  
https://issues.redhat.com/browse/CNV-41526  
https://issues.redhat.com/browse/CNV-41550  
https://issues.redhat.com/browse/CNV-41579  
https://issues.redhat.com/browse/CNV-41590  
https://issues.redhat.com/browse/CNV-41600  
https://issues.redhat.com/browse/CNV-41604  
https://issues.redhat.com/browse/CNV-41632  
https://issues.redhat.com/browse/CNV-41640  
https://issues.redhat.com/browse/CNV-41772  
https://issues.redhat.com/browse/CNV-41804  
https://issues.redhat.com/browse/CNV-41844  
https://issues.redhat.com/browse/CNV-41846  
https://issues.redhat.com/browse/CNV-41959  
https://issues.redhat.com/browse/CNV-42015  
https://issues.redhat.com/browse/CNV-42052  
https://issues.redhat.com/browse/CNV-42087  
https://issues.redhat.com/browse/CNV-42363  
https://issues.redhat.com/browse/CNV-42622  
https://issues.redhat.com/browse/CNV-42786  
https://issues.redhat.com/browse/CNV-42844  
https://issues.redhat.com/browse/CNV-42853  
https://issues.redhat.com/browse/CNV-42884  
https://issues.redhat.com/browse/CNV-43024  
https://issues.redhat.com/browse/CNV-43027  
https://issues.redhat.com/browse/CNV-43033  
https://issues.redhat.com/browse/CNV-43039  
https://issues.redhat.com/browse/CNV-43041  
https://issues.redhat.com/browse/CNV-43069  
https://issues.redhat.com/browse/CNV-43194  
https://issues.redhat.com/browse/CNV-43205

Red Hat Security Advisory 2024-4455-03

Red Hat Security Advisory 2024-4321-03 - Red Hat OpenShift Container Platform release 4.15.21 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4321.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.15.21 bug fix and security update  
Advisory ID:        RHSA-2024:4321-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4321  
Issue date:         2024-07-10  
Revision:           03  
CVE Names:          CVE-2024-6104  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.21 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.21. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:4324

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

Security Fix(es):

* go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2024-6104

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2294000  
https://issues.redhat.com/browse/OCPBUGS-27221  
https://issues.redhat.com/browse/OCPBUGS-33619  
https://issues.redhat.com/browse/OCPBUGS-34156  
https://issues.redhat.com/browse/OCPBUGS-34665  
https://issues.redhat.com/browse/OCPBUGS-34912  
https://issues.redhat.com/browse/OCPBUGS-34949  
https://issues.redhat.com/browse/OCPBUGS-35552  
https://issues.redhat.com/browse/OCPBUGS-35736  
https://issues.redhat.com/browse/OCPBUGS-35749  
https://issues.redhat.com/browse/OCPBUGS-35935  
https://issues.redhat.com/browse/OCPBUGS-35988  
https://issues.redhat.com/browse/OCPBUGS-36150  
https://issues.redhat.com/browse/OCPBUGS-36151  
https://issues.redhat.com/browse/OCPBUGS-36225  
https://issues.redhat.com/browse/OCPBUGS-36258  
https://issues.redhat.com/browse/OCPBUGS-36279  
https://issues.redhat.com/browse/OCPBUGS-36287  
https://issues.redhat.com/browse/OCPBUGS-36306  
https://issues.redhat.com/browse/OCPBUGS-36312  
https://issues.redhat.com/browse/OCPBUGS-36374  
https://issues.redhat.com/browse/OCPBUGS-36377

Red Hat Security Advisory 2024-4321-03

Red Hat Security Advisory 2024-2096-03 - Moderate: Logging for Red Hat OpenShift - 5.9.1.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2096.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: security update Logging for Red Hat OpenShift - 5.9.1  
Advisory ID:        RHSA-2024:2096-03  
Product:            logging for Red Hat OpenShift  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:2096  
Issue date:         2024-07-10  
Revision:           03  
CVE Names:          CVE-2023-45289  
====================================================================

Summary: 

Moderate: Logging for Red Hat OpenShift - 5.9.1

Description:

Logging for Red Hat OpenShift - 5.9.1

Solution:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

https://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html

CVEs:

CVE-2023-45289

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://issues.redhat.com/browse/LOG-4672  
https://issues.redhat.com/browse/LOG-5062  
https://issues.redhat.com/browse/LOG-5268  
https://issues.redhat.com/browse/LOG-5278  
https://issues.redhat.com/browse/LOG-5307  
https://issues.redhat.com/browse/LOG-5309  
https://issues.redhat.com/browse/LOG-5322  
https://issues.redhat.com/browse/LOG-5323  
https://issues.redhat.com/browse/LOG-5395  
https://issues.redhat.com/browse/LOG-5397  
https://issues.redhat.com/browse/LOG-5401

Red Hat Security Advisory 2024-2096-03

The Russia-based cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 -- setting up thousands of websites mimicking a range of media and technology companies -- with the help of Stark Industries Solutions, a sprawling hosting provider is a persistent source of cyberattacks against enemies of Russia.

The Russia-based cybercrime group dubbed “**Fin7**,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 — setting up thousands of websites mimicking a range of media and technology companies — with the help of **Stark Industries Solutions**, a sprawling hosting provider that is a persistent source of cyberattacks against enemies of Russia.

In May 2023, the U.S. attorney for Washington state declared “Fin7 is an entity no more,” after prosecutors secured convictions and prison sentences against three men found to be high-level Fin7 hackers or managers. This was a bold declaration against a group that the U.S. Department of Justice described as a criminal enterprise with more than 70 people organized into distinct business units and teams.

The first signs of Fin7’s revival came in April 2024, when **Blackberry** wrote about an intrusion at a large automotive firm that began with malware served by a typosquatting attack targeting people searching for a popular free network scanning tool.

Now, researchers at security firm **Silent Push** say they have devised a way to map out Fin7’s rapidly regrowing cybercrime infrastructure, which includes more than 4,000 hosts that employ a range of exploits, from typosquatting and booby-trapped ads to malicious browser extensions and spearphishing domains.

Silent Push said it found Fin7 domains targeting or spoofing brands including **American Express**, **Affinity Energy**, **Airtable**, **Alliant**, **Android Developer**, **Asana**, **Bitwarden**, **Bloomberg**, **Cisco (Webex)**, **CNN**, **Costco**, **Dropbox**, **Grammarly**, **Google,** **Goto.com**, **Harvard**, **Lexis Nexis**, **Meta**, **Microsoft 365**, **Midjourney**, **Netflix**, **Paycor**, **Quickbooks**, **Quicken**, **Reuters**, **Regions Bank Onepass**, **RuPay**, **SAP (Ariba)**, **Trezor**, **Twitter/X**, **Wall Street Journal**, **Westlaw**, and **Zoom**, among others.

**Zach Edwards**, senior threat analyst at Silent Push, said many of the Fin7 domains are innocuous-looking websites for generic businesses that sometimes include text from default website templates (the content on these sites often has nothing to do with the entity’s stated business or mission).

Edwards said Fin7 does this to “age” the domains and to give them a positive or at least benign reputation before they’re eventually converted for use in hosting brand-specific phishing pages.

“It took them six to nine months to ramp up, but ever since January of this year they have been humming, building a giant phishing infrastructure and aging domains,” Edwards said of the cybercrime group.

In typosquatting attacks, Fin7 registers domains that are similar to those for popular free software tools. Those look-alike domains are then advertised on Google so that sponsored links to them show up prominently in search results, which is usually above the legitimate source of the software in question.

A malicious site spoofing FreeCAD showed up prominently as a sponsored result in Google search results earlier this year.

According to Silent Push, the software currently being targeted by Fin7 includes **7-zip**, **PuTTY**, **ProtectedPDFViewer**, **AIMP**, **Notepad++**, **Advanced IP Scanner**, **AnyDesk**, **pgAdmin**, **AutoDesk**, **Bitwarden**, **Rest Proxy**, **Python**, **Sublime Text**, and **Node.js**.

In May 2024, security firm **eSentire** warned that Fin7 was spotted using sponsored Google ads to serve pop-ups prompting people to download phony browser extensions that install malware. **Malwarebytes** blogged about a similar campaign in April, but did not attribute the activity to any particular group.

A pop-up at a Thomson Reuters typosquatting domain telling visitors they need to install a browser extension to view the news content.

Edwards said Silent Push discovered the new Fin7 domains after a hearing from an organization that was targeted by Fin7 in years past and suspected the group was once again active. Searching for hosts that matched Fin7’s known profile revealed just one active site. But Edwards said that one site pointed to many other Fin7 properties at Stark Industries Solutions, a large hosting provider that materialized just two weeks before Russia invaded Ukraine.

As KrebsOnSecurity wrote in May, Stark Industries Solutions is being used as a staging ground for wave after wave of cyberattacks against Ukraine that have been tied to Russian military and intelligence agencies.

“FIN7 rents a large amount of dedicated IP on Stark Industries,” Edwards said. “Our analysts have discovered numerous Stark Industries IPs that are solely dedicated to hosting FIN7 infrastructure.”

Fin7 once famously operated behind fake cybersecurity companies — with names like **Combi Security** and **Bastion Secure** — which they used for hiring security experts to aid in ransomware attacks. One of the new Fin7 domains identified by Silent Push is **cybercloudsec\[.\]com**, which promises to “grow your business with our IT, cyber security and cloud solutions.”

The fake Fin7 security firm Cybercloudsec.

Like other phishing groups, Fin7 seizes on current events, and at the moment it is targeting tourists visiting France for the Summer Olympics later this month. Among the new Fin7 domains Silent Push found are several sites phishing people seeking tickets at the Louvre.

“We believe this research makes it clear that Fin7 is back and scaling up quickly,” Edwards said. “It’s our hope that the law enforcement community takes notice of this and puts Fin7 back on their radar for additional enforcement actions, and that quite a few of our competitors will be able to take this pool and expand into all or a good chunk of their infrastructure.”

Further reading:

Stark Industries Solutions: An Iron Hammer in the Cloud.

A 2022 deep dive on Fin7 from the Swiss threat intelligence firm Prodaft (PDF).

The Stark Truth Behind the Resurgence of Russia’s Fin7

Red Hat Security Advisory 2024-4451-03 - An update for dotnet8.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4451.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: dotnet8.0 security updateAdvisory ID:        RHSA-2024:4451-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4451Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2024-30105====================================================================Summary: An update for dotnet8.0 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK  8.0.107 and Runtime 8.0.7.Security Fix(es):* dotnet: DoS in System.Text.Json (CVE-2024-30105)* dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264)* dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-30105References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2295320https://bugzilla.redhat.com/show_bug.cgi?id=2295321https://bugzilla.redhat.com/show_bug.cgi?id=2295323

Red Hat Security Advisory 2024-4451-03

Red Hat Security Advisory 2024-4450-03 - An update for dotnet8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4450.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: dotnet8.0 security updateAdvisory ID:        RHSA-2024:4450-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4450Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2024-30105====================================================================Summary: An update for dotnet8.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.107 and Runtime 8.0.7.Security Fix(es):* dotnet: DoS in System.Text.Json (CVE-2024-30105)* dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264)* dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-30105References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2295320https://bugzilla.redhat.com/show_bug.cgi?id=2295321https://bugzilla.redhat.com/show_bug.cgi?id=2295323

Red Hat Security Advisory 2024-4450-03

Red Hat Security Advisory 2024-4447-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, null pointer, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4447.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security update  
Advisory ID:        RHSA-2024:4447-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4447  
Issue date:         2024-07-10  
Revision:           03  
CVE Names:          CVE-2021-47293  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)

* kernel: net/sched: act_skbmod: Skip non-Ethernet packets (CVE-2021-47293)

* kernel: net: ti: fix UAF in tlan_remove_one (CVE-2021-47310)

* kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789)

* kernel: tls: race between async notify and socket close (CVE-2024-26583)

* kernel: tls: race between tx work scheduling and socket close (CVE-2024-26585)

* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)

* kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset (CVE-2024-26801)

* kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

* kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958)

* kernel: ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (CVE-2024-35969)

* kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (CVE-2024-36952)

* kernel: tls: handle backlogging of crypto requests (CVE-2024-26584)

* kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path (CVE-2024-36005)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47293

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2090723  
https://bugzilla.redhat.com/show_bug.cgi?id=2265517  
https://bugzilla.redhat.com/show_bug.cgi?id=2265519  
https://bugzilla.redhat.com/show_bug.cgi?id=2265520  
https://bugzilla.redhat.com/show_bug.cgi?id=2273278  
https://bugzilla.redhat.com/show_bug.cgi?id=2273423  
https://bugzilla.redhat.com/show_bug.cgi?id=2273429  
https://bugzilla.redhat.com/show_bug.cgi?id=2277238  
https://bugzilla.redhat.com/show_bug.cgi?id=2280434  
https://bugzilla.redhat.com/show_bug.cgi?id=2281900  
https://bugzilla.redhat.com/show_bug.cgi?id=2281925  
https://bugzilla.redhat.com/show_bug.cgi?id=2281949  
https://bugzilla.redhat.com/show_bug.cgi?id=2282472  
https://bugzilla.redhat.com/show_bug.cgi?id=2282504  
https://bugzilla.redhat.com/show_bug.cgi?id=2284598

Red Hat Security Advisory 2024-4447-03

Red Hat Security Advisory 2024-4443-03 - An update for toolbox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4443.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: toolbox security updateAdvisory ID:        RHSA-2024:4443-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4443Issue date:         2024-07-09Revision:           03CVE Names:          CVE-2022-3064====================================================================Summary: An update for toolbox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.Security Fix(es):* go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents (CVE-2022-3064)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-3064References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2163037

Tag

#js