Red Hat Security Advisory 2024-2039-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2039.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: tigervnc security updateAdvisory ID:        RHSA-2024:2039-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2039Issue date:         2024-04-24Revision:           03CVE Names:          CVE-2024-31080====================================================================Summary: An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.Security Fix(es):* xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)* xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081)* xorg-x11-server: User-after-free in ProcRenderAddGlyphs (CVE-2024-31083)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-31080References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2271997https://bugzilla.redhat.com/show_bug.cgi?id=2271998https://bugzilla.redhat.com/show_bug.cgi?id=2272000

Red Hat Security Advisory 2024-2039-03

Red Hat Security Advisory 2024-2038-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2038.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: tigervnc security updateAdvisory ID:        RHSA-2024:2038-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2038Issue date:         2024-04-24Revision:           03CVE Names:          CVE-2024-31080====================================================================Summary: An update for tigervnc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.Security Fix(es):* xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)* xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081)* xorg-x11-server: User-after-free in ProcRenderAddGlyphs (CVE-2024-31083)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-31080References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2271997https://bugzilla.redhat.com/show_bug.cgi?id=2271998https://bugzilla.redhat.com/show_bug.cgi?id=2272000

Red Hat Security Advisory 2024-2038-03

Red Hat Security Advisory 2024-2037-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2037.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: tigervnc security updateAdvisory ID:        RHSA-2024:2037-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2037Issue date:         2024-04-24Revision:           03CVE Names:          CVE-2024-31080====================================================================Summary: An update for tigervnc is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.Security Fix(es):* xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)* xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081)* xorg-x11-server: User-after-free in ProcRenderAddGlyphs (CVE-2024-31083)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-31080References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2271997https://bugzilla.redhat.com/show_bug.cgi?id=2271998https://bugzilla.redhat.com/show_bug.cgi?id=2272000

Red Hat Security Advisory 2024-2037-03

Red Hat Security Advisory 2024-2036-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2036.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: tigervnc security updateAdvisory ID:        RHSA-2024:2036-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2036Issue date:         2024-04-24Revision:           03CVE Names:          CVE-2024-31080====================================================================Summary: An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.Security Fix(es):* xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)* xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081)* xorg-x11-server: User-after-free in ProcRenderAddGlyphs (CVE-2024-31083)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-31080References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2271997https://bugzilla.redhat.com/show_bug.cgi?id=2271998https://bugzilla.redhat.com/show_bug.cgi?id=2272000

Red Hat Security Advisory 2024-2036-03

By Uzair Amir
The role of Network Detection and Response (NDR) in cybersecurity. Learn how NDR tools empower organizations to tackle evolving threats effectively.
This is a post from HackRead.com Read the original post: NDR in the Modern Cybersecurity Landscape

In today’s information age, businesses are increasingly reliant on interconnected networks and cloud infrastructures, and **protecting digital assets against cyber threats** has become a paramount concern.

Network Detection and Response (NDR) is a critical component in the arsenal of cybersecurity tools, offering advanced capabilities to monitor, analyze, and respond to threats traversing network environments.

As organizations confront the complexities of modern cyber threats, understanding the role and significance of NDR is essential for bolstering their cybersecurity posture.

****Understanding NDR in Cybersecurity****

Modern cybersecurity uses the concept of Network Detection and Response (NDR) as an active approach to fortifying network defences against threats. But what exactly is NDR in cybersecurity, and how does it function within the broader security landscape?

**What is NDR in cyber security?** NDR, also known as network detection and response, covers a set of cybersecurity techniques designed to monitor and analyze network traffic for potential security threats.

Unlike traditional security measures that focus primarily on endpoint protection or perimeter defence, NDR operates within the network infrastructure, using advanced detection techniques such as artificial intelligence and machine learning to identify anomalous behaviour and potential indicators of compromise (IOCs).

NDR serves as an active defence mechanism, providing organizations with real-time visibility into their network traffic and enabling rapid response to threats. By continuously monitoring network activity and analyzing patterns, NDR solutions empower security teams to detect and neutralize potential threats before they can cause huge harm or compromise sensitive data.

****The Purpose of NDR****

The primary objective of NDR is to enhance network visibility and security by providing organizations with the means to detect and respond to security incidents in a timely and effective manner. But what specific purposes does NDR serve within cybersecurity, and how does it contribute to threat mitigation?

****Early Threat Detection****

By optimizing network visibility, NDR enables organizations to identify malicious activity and **indicators of compromise (IOCs)** at an early stage. Through the analysis of network traffic data, security teams can detect unauthorized activity, unusual communication patterns, and anomalous behaviours, allowing them to take proactive measures to neutralize threats before they escalate.

****Rapid Incident Response****

Enhanced network visibility facilitated by NDR enables real-time monitoring and analysis of network traffic, empowering organizations to respond swiftly to security incidents as they occur. By tracking the source, extent, and impact of an event, security teams can implement prompt remediation measures to mitigate its effects and minimize potential damage.

****Comprehensive Threat Analysis****

Increased network visibility provided by NDR facilitates in-depth examination of network data, enabling organizations to gain insights into potential threat proliferation. By analyzing network communication patterns, traffic flows, and data transfers, security teams can identify malicious behaviour, detect malware infections, and uncover hidden threats, thereby enhancing their understanding of attacker tactics, techniques, and procedures (TTPs).

For organizations seeking to strengthen their defences against emerging threats, selecting the right NDR solution is important. While several vendors offer NDR capabilities, a few stand out for their innovative features and comprehensive security offerings.

****Arctic Wolf****

As a managed NDR provider, Arctic Wolf offers a suite of security solutions aimed at identifying, tracking, and mitigating cyber threats. With its Security Operations Center-as-a-Service (SOC-as-a-Service), Arctic Wolf helps organizations detect security flaws, proactively mitigate risks, and prioritize remediation efforts.

****Attivo Networks****

Leveraging deception methods, Attivo Networks’ threat defence platform detects and neutralizes post-compromise threats, including in-network threat activity and lateral movement by attackers. Through its ThreatDirect and BOTsink components, Attivo Networks extends network deception tactics to cloud, remote distributed, and micro-segmented systems, providing organizations with enhanced threat detection capabilities.

****Stellar Cyber** **

Stellar Cyber is an NDR solution that enables organizations to safeguard their data and maximize the effectiveness of their security investments. By aggregating and analyzing log data, it helps organizations prioritize security alerts for investigation, providing knowledge to enhance their security posture.

****Darktrace****

Built on self-learning cyber-AI, Darktrace’s Enterprise Immune System employs advanced AI and machine-learning techniques to detect attacks and insider threats. Without relying on rules or signatures, Darktrace identifies subtle indicators of sophisticated attacks, providing organizations with comprehensive threat detection capabilities.

****Emerging Trends in NDR****

Several new trends are shaping the future of network detection and response. These trends reflect the nature of cyber threats and the need for innovative approaches to combating them effectively.

****AI-Powered Threat Detection****

As cyber threats become more sophisticated and difficult to detect, NDR solutions are increasingly using artificial intelligence (AI) and machine learning (ML) algorithms to enhance threat detection capabilities. By analyzing vast amounts of network data and identifying patterns indicative of malicious activity, AI-powered NDR solutions can detect and respond to threats in real-time, even as attackers evolve their tactics.

****Behavioral Analytics****

Traditional signature-based detection methods are often ineffective against zero-day attacks. To address this challenge, NDR solutions are incorporating behavioural analytics techniques to identify anomalous behaviour and deviations from normal network patterns. By establishing baselines of “normal” network behaviour, NDR solutions can detect and alert suspicious activities that may indicate a security threat.

****Cloud-Native NDR****

With the widespread adoption of cloud computing and hybrid infrastructures, NDR solutions are evolving to provide native support for cloud environments. Cloud-native NDR solutions offer easy integration with cloud platforms, enabling organizations to monitor and protect their cloud-based assets effectively. By extending visibility and threat detection capabilities to the cloud, these solutions help organizations maintain a consistent security posture across their entire infrastructure.

****Threat Intelligence Integration****

Integrating threat intelligence feeds into NDR solutions enhances their ability to identify and respond to threats. By using up-to-date threat intelligence data from reputable sources, NDR solutions can prioritize alerts and provide insights to security teams. This approach enables organizations to stay ahead of new threats and mitigate potential risks before they escalate.

****Automation and Orchestration****

The growing cyber threats and limited security resources, as well as automation and orchestration, are becoming essential components of NDR solutions. By automating repetitive tasks and orchestrating incident response processes, NDR solutions enable security teams to streamline operations and respond to threats more effectively. This allows organizations to maximize the efficiency of their security operations and focus their resources on high-priority tasks.

****Market Dynamics and Future Trends****

The network detection and response market continues to change rapidly, driven by new technologies and new threats. Reports from Quadrant Knowledge Solutions offer insights into market dynamics and future trends, enabling organizations to scale through the NDR security landscape and select the most suitable platform for their needs.

By harnessing the insights and capabilities offered by NDR solutions, organizations can strengthen their cybersecurity posture and ensure protection for their digital assets. Integrating NDR into their security stack empowers organizations to detect, analyze, and respond to threats effectively, mitigating potential risks and safeguarding against cyber attacks.

****Conclusion****

Network Detection and Response (NDR) plays a vital role in the modern cybersecurity space, offering organizations the ability to actively identify, analyze, and mitigate security threats in real-time. By providing enhanced network visibility and threat detection capabilities, NDR solutions empower security teams to detect and respond to the latest threats swiftly and effectively.

As organizations continue to confront the complexities of modern cyber threats, understanding the need for NDR and selecting the right solution is **essential for boosting their cybersecurity defences**. By using the insights and capabilities offered by NDR solutions, organizations can enhance their resilience against cyber attacks and safeguard their digital assets.

NDR in the Modern Cybersecurity Landscape

By Waqas
Using Google Chrome? Update your browser to the latest version right now!
This is a post from HackRead.com Read the original post: Google Patches Critical Chrome Vulnerability and Additional Flaws

Google Chrome users beware! A critical vulnerability (CVE-2024-4058) has been patched in the latest update (version 124). This flaw could allow attackers to take control of your system.

Google addressed a critical vulnerability (CVE-2024-4058) in its Chrome web browser on Wednesday, April 24th, 2024. This flaw resides within the ANGLE graphics layer engine and carries a “critical” severity rating, indicating its potential for severe exploitation.

While the critical CVE-2024-4058 garnered the most attention, Google’s Chrome update (version 124) also patched two additional high-severity vulnerabilities:

*   **CVE-2024-4059:** This vulnerability is classified as an out-of-bounds read within the V8 JavaScript engine. An out-of-bounds read allows attackers to access memory locations they shouldn’t, potentially revealing sensitive information.
*   **CVE-2024-4060:** This vulnerability is a use-after-free issue in the Dawn component. Use-after-free vulnerabilities can lead to crashes or potentially code execution depending on how they are exploited.

****The Importance of Updating****

While the specific details and exploitability of CVE-2024-4059 and CVE-2024-4060 are not yet fully public, it’s important to update Chrome regardless. A high-severity rating suggests these vulnerabilities could also be weaponized by attackers, so patching promptly remains the best course of action.

Jason Soroko, Senior Vice President of Product at Sectigo commented on the update stating, _“_CVE-2024-4058, a Type Confusion in ANGLE, is a vulnerability categorized as critical because it could allow remote code execution (RCE), enabling attackers to put malware onto the victim’s device. This latest vulnerability is a bad one for sure, and therefore it would be critical to patch this immediately._”_

****How to Protect Yourself****

The safest course of action is to update your Google Chrome browser immediately. Google has released Chrome version 124 which addresses this vulnerability alongside other security fixes. Here’s how to update Chrome:

*   **Windows & Mac:** Open Chrome, click the three vertical dots in the top right corner, go to “Help” and then “About Chrome.” Chrome will automatically check for updates and install them if available.
*   **Linux:** The update process for Linux may vary depending on your distribution. Consult your distribution’s documentation for specific update instructions.

Updating to Chrome version 124 protects you from these critical, high-severity, and potentially dangerous vulnerabilities. For additional technical details and a full list of changes in this build visit the Log section.

1.  Critical Chrome Update Counters Spyware Vendor’s Exploits
2.  Google Chrome to Mask User IP Addresses to Protect Privacy
3.  Fake Chrome Browser Update Installs NetSupport Manager RAT
4.  CISA Warns of Chrome and Excel Parsing LibraryExploitable Flaws
5.  Fantom Foundation Suffers Wallet Hack Via Google Chrome 0-Day

Google Patches Critical Chrome Vulnerability and Additional Flaws

View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.9
ATTENTION: Exploitable remotely
Vendor: Hitachi Energy
Equipment: MACH SCM
Vulnerabilities: Improper Control of Generation of Code, Improper Neutralization of Directives in Dynamically Evaluated Code
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in an execution of arbitrary code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of MACH SCM, are affected:
MACH SCM: Versions 4.0 to 4.5.x
MACH SCM: Versions 4.6 to 4.38
3.2 Vulnerability Overview
3.2.1 IMPROPER CONTROL OF GENERATION OF CODE CWE-94
SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) on the SCM Server remotely. Malicious clients can execute any command by using this RCE vulnerability.
CVE-2024-0400 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-0400. A base score of 8.9 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L).
3.2.2 IMPROPER NEUTRILIZATION OF DIRECTIVES IN DYNAMICALLY EVALUATED CODE CWE-95
Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker otherwise does not have authorization to do.
CVE-2024-2097 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H ).
A CVSS v4 score has also been calculated for CVE-2024-2097. A base score of 8.8 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:H/SA:L).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Switzerland
3.4 RESEARCHER
Hitachi Energy reported these vulnerabilities to CISA.
4. MITIGATIONS
Hitachi Energy has released the following mitigation for CVE-2024-2097:
MACH SCM: Versions 4.6 to 4.38: Upgrade to MACH SCM Version 4.38.1
Until the updates are made available, Hitachi Energy recommends the following general mitigation factors/workarounds for the products with MACH SCM Versions 4.0 to 4.5.x to address the vulnerability CVE-2024-0400:
Recommended security practices and firewall configurations can help protect a process control network from attacks originating from outside the network including:
Physically protect process control systems from direct access by unauthorized personnel.
Do not allow process control systems direct connections to the Internet.
Separate process control systems from other networks by means of a firewall system that has a minimal number of ports exposed.
Process control systems should not be used for Internet surfing, instant messaging, or receiving emails.
Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.
For more information, see Hitachi Energy's Security Advisories:
RCE Vulnerabilities in Hitachi Energy's MACH SCM Product
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities have a high attack complexity.
5. PUBLICATION HISTORY
April 25, 2024: Initial Publication

Hitachi Energy MACH SCM

PRESS RELEASE

Tampa Bay, FL (April 24, 2024) – KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced it has entered into a definitive agreement to acquire Egress, a leader in adaptive and integrated cloud email security. Egress’ Intelligent Email Security suite provides a set of scaled, AI-enabled security tools with adaptive learning capabilities to help prevent, protect and defend organizations against sophisticated email cybersecurity threats. Further terms of the transaction were not disclosed.

Organizations globally struggle to contain behavioral-based data breaches, with 74 percent of incidents involving the human element according to Verizon’s Data Breach Investigations Report. By acquiring Egress, KnowBe4 plans to deliver a single platform that aggregates threat intelligence dynamically, offering AI-based email security and training that is automatically tailored relative to risk. 

“The future of security is personalized AI-driven controls and real-time coaching. By providing a single platform from KnowBe4 and Egress, our customers will benefit from differentiated aggregate threat detection to stay ahead of evolving cyber threats and foster a strong security culture,” said Stu Sjouwerman, CEO, KnowBe4. “As integration partners for over a year with strong philosophical and cultural alignment, this acquisition is a natural progression for both companies to take human risk management and cloud email security to the next level.”

“KnowBe4 and Egress have a shared vision of delivering tailored and relevant security to each employee,” said Tony Pepper, CEO, Egress. “One of the biggest challenges organizations face is accurately identifying who the next source of compromise is – and why. By combining intelligence and analytics from integrated applications, companies can gain valuable insights across their entire cyber ecosystem, allowing them to focus on the risks that matter most.”

The announcement comes on the heels of significant achievements for both companies thus far in 2024. KnowBe4 recently announced its AI-native platform, Artificial Intelligence Defense Agents (AIDA), which incorporates advanced AI agents to power efficacy and speed. Recent notable awards include being recognized as a Top Software Winner by G2 and a winner of Energage’s Top Workplaces USA for 2024. Meanwhile, Egress launched its AI-powered Automated Abuse Mailbox in early April and received several award recognitions, including Security Innovation of the Year (Computing Security Excellence Awards), Best Email Security Solution, Best Data Leak Prevention Solution (SC Awards Europe) and Best Place to Work in the UK (Great Places to Work 2024).

The transaction is expected to close in the coming months subject to customary closing conditions and regulatory approvals.

Egress is backed by FTV Capital and AlbionVC. Citi served as exclusive financial advisor to Egress and Orrick, Herrington & Sutcliffe LLP served as legal counsel to Egress.

For more information on KnowBe4, visit www.knowbe4.com. For more information on Egress, visit www.egress.com. 

About KnowBe4   
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 65,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. The late Kevin Mitnick, who was an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Organizations rely on KnowBe4 to mobilize their end users as their last line of defense and trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

About Egress

As advanced persistent threats continue to evolve, we recognize that people are the biggest risk to organizations’ security and are most vulnerable when using email. 

Egress is the only cloud email security platform to continuously assess human risk and dynamically adapt policy controls, preparing customers to defend against advanced phishing attacks and outbound data breaches before they happen. Leveraging contextual machine learning and neural networks, with seamless integration using cloud-native API architecture, Egress provides enhanced email protection, deep visibility into human risk, and instant time to value.

KnowBe4 to Acquire Egress

A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any file on the system where the VMI is running. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2020-14316

**Privilege Escalation in kubevirt**

Critical severity GitHub Reviewed Published Apr 24, 2024 to the GitHub Advisory Database • Updated Apr 24, 2024

**Package**

gomod kubevirt.io/kubevirt (Go)

**Affected versions**

< 0.30.0

**Description**

Published to the GitHub Advisory Database

Apr 24, 2024

Last updated

Apr 24, 2024

GHSA-828r-r2c8-rfw3: Privilege Escalation in kubevirt

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.7 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2020-8559

**Privilege Escalation in Kubernetes**

Moderate severity GitHub Reviewed Published Apr 24, 2024 to the GitHub Advisory Database • Updated Apr 24, 2024

**Package**

gomod k8s.io/apimachinery (Go)

**Affected versions**

< 1.16.13

\>= 1.17.0, < 1.17.9

\>= 1.18.0, < 1.18.7

**Patched versions**

1.16.13

1.17.9

1.18.7

**Description**

Published to the GitHub Advisory Database

Apr 24, 2024

Last updated

Apr 24, 2024

Tag

#mac