The company says it hardened the security of its new flagship phones—and plans to release a built-in Android VPN.

When Google launched its flagship Pixel 6 and 6 Pro smartphones last year, the company touted its Tensor “system on a chip” and dedicated Titan M2 security chip as being designed to underpin a new generation of security and privacy features. Now, as it releases Pixel 7 and 7 Pro, the company said on Tuesday that it is building on that foundation with the new Tensor G2 processor, expanded independent security certifications for Titan M2, and software features like an upcoming built-in Android VPN to protect user privacy while maintaining performance.

Google spent three years subjecting Titan M2 to testing by the third-party lab SGS Brightsight. The chip now has an array of Common Criteria hardware security certifications, the same process that smartcards, SIM cards, and bank card chips go through. Titan M2 passed the highest hardware vulnerability assessment, meaning that it is highly resistant to physical attacks, an area that has been increasingly important to chip makers in recent years.

“This testing emulates the sophistication of state-sponsored attacks, someone who’s got almost unlimited resources and determination,” says Dave Kleidermacher, vice president of engineering for Android security and privacy. “At Google and for Pixel, we talk a lot about the exploit cost. Nothing is ever perfect—there are going to be vulnerabilities and exploits—but we want to always continually raise the cost to the attacker.”

With Pixel 7 and 7 Pro, Google is continuing to expand its efforts on what the company calls Protected Computing. The goal is to restrict how and when user data can be accessed, de-identify and anonymize data when it must be used, minimize the amount of identifying data that is generally produced about a user, and keep as much processing out of the cloud and on users’ devices as possible. On Pixel devices, Google has control of both hardware and software, which the company says allows it to plan strategically and maximize security and performance rather than having to make tradeoffs.

Though the privacy and security benefits of VPNs are somewhat debated for the average user, VPN by Google One will be released as a built-in service for Pixel 7 and 7 Pro by the end of this year for users who want to encrypt their network traffic and shield their IP address from mobile networks and internet providers. Google points out that, historically, users who wanted to add a VPN on mobile needed to download a third-party option instead of having an optimized and integrated service.

VPN by Google One is open source and aims to address some classic concerns about VPNs by separating authentication and key management for encryption onto distinct servers that can't access each other. In essence, the service is set up to blind itself such that even a rogue insider would not be able to determine who you are and what your browsing history is by compromising the service. Google also says that it does not log user browsing data, though the company says it does record some anonymized, aggregate metrics. In addition to publishing a breakdown of how the service works, Google also commissioned and published an independent audit from NCC Group on VPN by Google One’s security. 

“We’re investing quite a lot in making sure we have extensive first-party and third-party audits, reviews, certification, and analysis to see that we really are providing verifiable security and privacy guarantees,” says Jesse Seed, Google’s product manager lead for silicon security.

Just as Pixel 7 and 7 Pro have logged mostly incremental improvements in their feature sets, the security and privacy changes aren’t revolutionary. But Kleidermacher and Seed emphasize that the changes this year are hard-won—and with so many digital threats to contend with, both for high-risk targets and regular users, every little bit counts.

Google’s Pixel 7 and Pixel 7 Pro Pack New Android VPN and Tensor G2, Titan M2 Chips

Attackers could exploit the "Sandbreak" security bug, which has earned a 10 out of 10 on the CVSS scale, to execute a sandbox escape, achieve RCE, and run shell commands on a hosting machine.

A remote code execution (RCE) vulnerability in a widely used JavaScript sandbox has earned a top rating of 10 on the CVSS vulnerability risk scale; it allows threat actors to execute a sandbox escape and run shell commands on the hosting machine.  

Researchers from cloud security firm Oxeye discovered the dangerous flaw, which they dubbed "Sandbreak" in vm2, a JavaScript sandbox that has more than 16 million monthly downloads, according to its NPM package manager.

"The fact that this vulnerability has the maximum CVSS score of 10 and is extremely popular means its potential impact is widespread and critical," Oxeye architect Yuval Ostrovsky and security researcher Gal Goldshtein wrote in a blog post published Oct. 10.

Oxeye found the flaw on Aug. 16 and informed the project owners two days later. On Aug. 28, GitHub issued CVE-2022-36067 and gave the vulnerability the highest risk rating possible.

The project's maintainers reacted swiftly to issue a patch for Sandbreak in vm2 version 3.9.11, which should be applied by anyone using the sandbox because of the heightened risk of vulnerability, the researchers said.

**Sandboxes: Historically Trustworthy**

Like all sandboxes, vm2 offers an isolated environment where applications can run trusted code, serving a vital purposes in modern applications because developers or network administrators can use them to run programs or open files without affecting the app, system, or platform in which they run.  

Software developers often use sandboxes to test new programming code, and they are well known as an important tool in cybersecurity research, allowing researchers to test potentially malicious software without harming other parts of a network or app environment.

Indeed, the fact that a sandbox is so universally trusted is what makes the Sandbreak flaw so critical and should sound an alarm across all sandbox users to shore up their implementations, the researchers said.

"By their very definition, sandboxes are considered safe places and trusted as mechanisms that isolate potentially dangerous code from our applications," they wrote in the post. "But what would happen if this trust was compromised?"

**Technical Analysis**

Researchers explored just that in their investigation of Sandbreak, which they discovered while analyzing previous security lapses disclosed to the team maintaining vm2.

The bug exists in the vm2 bug reporter, which would allow cyberattackers to abuse the error mechanism in Node.js. They could customize the call stack of an error that occurred in the app to escape the sandbox, the researchers disclosed.

"Customizing the call stack can achieve this by implementing the 'prepareStacktrace' method under the global 'Error' object,'" the researchers explained in the post. "This means that when an error occurs and the 'stack' property of the thrown error object is accessed, Node.js will call this method while providing it with a string representation of the error alongside an array of 'CallSite' objects as arguments."

One of the methods exposed by the CallSite objects because of the issue is "getThis," which is responsible for returning the “this” object that was available in the related stack frame, the researchers found.

This behavior can lead to sandbox escapes because some of the "CallSite" objects "may return objects created outside the sandbox when invoking the 'getThis' method," they wrote. If an attackers could gain hold of a "CallSite" object created outside of the sandbox, they could access Node's global objects and execute arbitrary system commands from there.

**Bypassing the Mitigation**

The maintainers of vm2 were aware that overriding "prepareStackTrace" could indeed lead to a sandbox escape. They tried to mitigate the escape path by wrapping the Error object and the "prepareStackTrace" method with their own implementation, which succeeded in preventing anyone from overriding the method and performing the escape, they said.

However, Oxeye researchers found they could bypass this, because vm2 missed wrapping specific methods related to the "WeakMap" JavaScript built-in type, they said. "This allowed the attacker to provide their own implementation of 'prepareStackTrace,' then trigger an error, and escape the sandbox," the researchers wrote.

Knowing that the prepareStackTrace function of the Error object is the function they needed to override to escape the sandbox, Oxeye researchers went even further and decided to try to override the global Error object with their own object.

Doing this implemented the prepareStackTrace function, which allowed them to escape the sandbox. A few simple steps later and they had access to the currently executing process and could execute commands on the system running the sandbox, they said.

**Using Sandboxes Safely**

Although sandboxes by their very nature are meant to safely run untrusted code within an app or system, enterprises shouldn't automatically assume they are without risk, the researchers warned.

However, if using a sandbox in an environment is unavoidable, Oxeye recommends reducing risk by separating the logical, sensitive part of an application from the microservice that runs the sandbox code.

This will ensure that "if a threat actor successfully breaks out from the sandbox, the attack surface is limited to the isolated microservice," the researchers wrote.

Enterprises also should avoid using a sandbox that relies on a dynamic programming language such as JavaScript when possible, they said.

"The dynamic nature of the language widens the attack surface for a potential attacker, making defending against such attacks much harder," researchers observed in their post.

Critical Open Source vm2 Sandbox Escape Bug Affects Millions

How data-driven security can best safeguard your unique cloud operations.

The cloud is made up of extremely dynamic environments that undergo constant expansion, updating, and change. As such, securing these cloud environments requires an equally dynamic solution, uniquely differentiated from that of traditional, on-premises computing environments. Yet a recent study suggests that 32% of organizations use the same rules, processes, and tools for both on-premises and cloud security.

Using the same rules-based security approaches for the cloud is like trying to force a square peg into a round hole — it won't fit no matter how you spin it, yet far too many enterprises still try. Given their disappointing track record in securing corporate computing, rules-based systems cannot be expected to be effective in the cloud, which is both different and more challenging. The dynamic and vulnerable nature of the cloud requires enterprises to take a new approach: one that views security as a data problem whose solution provides both safety and agility.

**Accept Cloud Security for What It Is: Never the Same Day as Before**

Unprecedented data growth is forcing enterprises around the world to reconsider their data storage infrastructure, forgoing legacy architecture and migrating to cloud platforms. While the cloud promises new levels of efficiency and scale, one of its defining characteristics is constant change. The pace of software iteration is supercharged, with open source building blocks constantly churning, underlying platforms rapidly evolving, and operations horizontally scaling out and vertically tailing. As more computing moves to the cloud, the faster the potential attack surface increases, resulting in more risks and vulnerabilities. Long story short: running an operation in the cloud is an exercise in frantic change management.

The world of traditional business computing no longer exists. The cloud environment is far removed from on-premise's closed-off walls (and soft squishy center) guarded by multiple layers of defense. According to O'Reilly, 90% of organizations use the cloud, and Gartner estimates that over 95% of new digital workloads will be deployed on cloud-native platforms by 2025. Security professionals are facing a completely new landscape. And outdated rules-based approaches to security are only guaranteed to flood operations teams with contextless alerts, leading to poor visibility, guesswork, and fear of the unknown.

Protecting operations in the cloud is fundamentally different from protecting traditional, on-premises computing. The security industry needs to accept this fact and prioritize providing visibility and stability to its customers. By understanding the unique construction of each customer's cloud operations, the defining characteristics of their workload, and the specifics of their computing environment, security professionals can provide the foundation for customers to operate with confidence and agility as they adapt safely to each change. But such a foundation can only be achieved by data-driven techniques and comprehensive analysis.

**Monitoring and Analyzing Anomalies, Not Rules

Traditional monitoring relies on rules that trigger alerts based on known security-related issues, whether or not those issues are relevant to an organization's operations or workload. It's a somewhat backward paradigm: Rather than working to comprehend the organization's operations and maintaining their health, the rule-based paradigm focuses on understanding potential threats, based on general-purpose knowledge of the threat ecosystem. Not only does this approach require security expertise (which can be hard to find), but it also fails to make the security team an enabler that helps corporations be agile by maintaining stability in the face of changes.

When a doctor prescribes medication, a treatment that works for one patient might not work for another. Just as every patient is unique, so is every cloud environment. An organization's cloud operations are not a cookie-cutter concern, but rather a conglomeration of configurations, technologies, tools, and processes that have evolved over time, often with many detours and dusty corners. Therefore, there can be no one-size-fits-all solution to cloud security: What should be permitted, and what should be flagged as a threat or high-risk anomaly, must be based on what constitutes normal behavior in each unique cloud environment.

Fortunately, using modern data processing and machine learning techniques makes it possible to learn the salient, stable aspects of each customer's operations. These techniques mine the torrent of data about customers' cloud activities and separate out the irrelevant, ephemeral noise caused by the cloud's constant churn. From that foundation, the customer can understand the normal, healthy behavior of their operations and highlight any anomalies that might pose a threat, whether to the security or to the stability of their operations.

In particular, this approach can be highly effective in uncovering new threats before they become known, or identifying new threat variants as they appear — since exploit attempts will trigger anomalies, whether successful or not. This last benefit is of critical use in cases such as last year's Log4j vulnerability, where, over weeks and months, a succession of rapidly evolving exploits were reported by 44% of worldwide networks, as corporations struggled to remedy the vulnerability.

Taking a different approach to security in the cloud is not only a technical necessity but also a requirement from a personnel standpoint. Security teams are strapped, with alert fatigue and burnout running rampant. For even the most prepared teams, the operational and maintenance effort can be overwhelming, especially since the results are often dishearteningly lackluster. Any approach that significantly reduces the number of daily alerts can greatly improve morale and productivity. The benefits are even greater if the alerts comprise a handful of security-critical issues and data-driven anomalies, presented in an easy-to-understand context of normal operations.

It's time to let go of the past. Organizations need to say goodbye to traditional, manual rules-based security approaches and adjust for the cloud. Security should be a key concern throughout all stages of cloud software development, from build time to runtime. But cloud security should also not be a barrier that blocks agility. Rather, cloud security should be a foundation that helps maintain stability in the face of change. The best way to ensure this is via a data-driven approach to cloud security that fully accounts for the unique characteristics, structure, and dynamic behavior of each cloud environment.

**

It's Time to Make Security an Innovation Enabler

The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks.
The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week.
Primary targets of the latest

The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks.

The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week.

Primary targets of the latest attack waves include the U.S., Canada, China, India, Japan, Taiwan, the Philippines, and the U.K.

BazaCall, also called BazarCall, first gained popularity in 2020 for its novel approach of distributing the BazarBackdoor (aka BazarLoader) malware by manipulating potential victims into calling a phone number specified in decoy email messages.

These email baits aim to create a false sense of urgency, informing the recipients about renewal of a trial subscription for, say, an antivirus service. The messages also urge them to contact their support desk to cancel the plan, or risk getting automatically charged for the premium version of the software.

The ultimate goal of the attacks is to enable remote access to the endpoint under the guise of terminating the supposed subscription or installing a security solution to rid the machine of malware, effectively paving the way for follow-on activities.

Another tactic embraced by the operators involves masquerading as incident responders in PayPal-themed campaigns to deceive the caller into thinking that their accounts were accessed from eight or more devices spread across random locations across the world.

Regardless of the scenario employed, the victim is prompted to launch a specific URL – a specially crafted website designed to download and execute a malicious executable that, among other files, also drops the legitimate ScreenConnect remote desktop software.

A successful persistent access is followed by the attacker opening fake cancellation forms that ask the victims to fill out personal details and sign in to their bank accounts to complete the refund, but in reality are fooled into sending the money to the scammer.

The development comes as at least three different spinoff groups from the Conti ransomware cartel have embraced the call back phishing technique as an initial intrusion vector to breach enterprise networks.

The ties to Conti don't end there. BazarBackdoor, for its part, is the creation of a cybercrime group known as TrickBot, which was taken over by Conti earlier this year before the latter's shutdown in May-June 2022 over its allegiance to Russia in its assault on Ukraine.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics

Red Hat Security Advisory 2022-6872-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security update  
Advisory ID:       RHSA-2022:6872-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6872  
Issue date:        2022-10-11  
CVE Names:         CVE-2022-2588 CVE-2022-21123 CVE-2022-21125  
                   CVE-2022-21166  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* a use-after-free in cls_route filter implementation may lead to privilege  
escalation (CVE-2022-2588)

* Incomplete cleanup of multi-core shared buffers (aka SBDR)  
(CVE-2022-21123)

* Incomplete cleanup of microarchitectural fill buffers (aka SBDS)  
(CVE-2022-21125)

* Incomplete cleanup in specific special register write operations (aka  
DRPW) (CVE-2022-21166)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)  
2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)  
2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)  
2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
kernel-4.18.0-147.76.1.el8_1.src.rpm

aarch64:  
bpftool-4.18.0-147.76.1.el8_1.aarch64.rpm  
bpftool-debuginfo-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-core-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-cross-headers-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-debug-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-debug-core-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-debug-devel-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-debug-modules-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-debuginfo-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-devel-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-headers-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-modules-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-modules-extra-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-tools-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-147.76.1.el8_1.aarch64.rpm  
kernel-tools-libs-4.18.0-147.76.1.el8_1.aarch64.rpm  
perf-4.18.0-147.76.1.el8_1.aarch64.rpm  
perf-debuginfo-4.18.0-147.76.1.el8_1.aarch64.rpm  
python3-perf-4.18.0-147.76.1.el8_1.aarch64.rpm  
python3-perf-debuginfo-4.18.0-147.76.1.el8_1.aarch64.rpm

noarch:  
kernel-abi-whitelists-4.18.0-147.76.1.el8_1.noarch.rpm  
kernel-doc-4.18.0-147.76.1.el8_1.noarch.rpm

ppc64le:  
bpftool-4.18.0-147.76.1.el8_1.ppc64le.rpm  
bpftool-debuginfo-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-core-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-cross-headers-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-debug-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-debug-core-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-debug-devel-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-debug-modules-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-debuginfo-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-devel-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-headers-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-modules-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-modules-extra-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-tools-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-147.76.1.el8_1.ppc64le.rpm  
kernel-tools-libs-4.18.0-147.76.1.el8_1.ppc64le.rpm  
perf-4.18.0-147.76.1.el8_1.ppc64le.rpm  
perf-debuginfo-4.18.0-147.76.1.el8_1.ppc64le.rpm  
python3-perf-4.18.0-147.76.1.el8_1.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-147.76.1.el8_1.ppc64le.rpm

s390x:  
bpftool-4.18.0-147.76.1.el8_1.s390x.rpm  
bpftool-debuginfo-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-core-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-cross-headers-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-debug-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-debug-core-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-debug-debuginfo-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-debug-devel-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-debug-modules-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-debug-modules-extra-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-debuginfo-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-devel-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-headers-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-modules-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-modules-extra-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-tools-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-tools-debuginfo-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-zfcpdump-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-zfcpdump-core-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-147.76.1.el8_1.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-147.76.1.el8_1.s390x.rpm  
perf-4.18.0-147.76.1.el8_1.s390x.rpm  
perf-debuginfo-4.18.0-147.76.1.el8_1.s390x.rpm  
python3-perf-4.18.0-147.76.1.el8_1.s390x.rpm  
python3-perf-debuginfo-4.18.0-147.76.1.el8_1.s390x.rpm

x86_64:  
bpftool-4.18.0-147.76.1.el8_1.x86_64.rpm  
bpftool-debuginfo-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-core-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-cross-headers-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-debug-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-debug-core-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-debug-devel-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-debug-modules-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-debuginfo-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-devel-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-headers-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-modules-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-modules-extra-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-tools-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-147.76.1.el8_1.x86_64.rpm  
kernel-tools-libs-4.18.0-147.76.1.el8_1.x86_64.rpm  
perf-4.18.0-147.76.1.el8_1.x86_64.rpm  
perf-debuginfo-4.18.0-147.76.1.el8_1.x86_64.rpm  
python3-perf-4.18.0-147.76.1.el8_1.x86_64.rpm  
python3-perf-debuginfo-4.18.0-147.76.1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/cve/CVE-2022-21123  
https://access.redhat.com/security/cve/CVE-2022-21125  
https://access.redhat.com/security/cve/CVE-2022-21166  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY0WERNzjgjWX9erEAQgEOhAAhRwli72izUtw1NCNeyho3O/WlU/Ez624  
MqdZvTinehtq+kmAc2KCsiZJoGr923AVyY/EYIUj8rX7UNKbTm04fC2fFa4vkH+n  
o1GSymcmCcUmJuwNeDThrQln8qprjpNFlk4tMUR9hfBHpyR2M3TsL5v3+MoB3npN  
tMOk/Jcd+/dBznDPgF3vBpE88+8eGkHLoAaB9NHBLsZAESd2YixBzsw+sG3eVOBf  
+KgrgspiLGE9ukzTZ2cIN7BGWGBZwR7KPATVMqPGqTo/2ucNGzJ7gwgKCfuiZO2P  
x83liRMwZ8TA37BhTqDas+Sju86m8Mu4OZHLwRLnMo6rTEzo0anlQSg1POsAqyf7  
jg9BhTx21L1cPUfddgJJHV7NOLftx4uzmCM8AkCHHhTd77B8ppr0ilq/igDZuJbL  
5gYiCQcS6qUp22AMuY2O7ViiD+iwTdKetZ/W16yf75922RpeCqM850LdW9OM35NI  
fJwqmjWPn0Onbgiqoq/n8aT7YQ2pSba9FEvlpTBh+Pd2uJfShAfw0MffSGSkBK2/  
PZdgEwe5doJoMRZQ36Ue9TMRMvN9QRepDr2H1xgDbusvbYKOifW/fFyCFXMLwyRl  
GLsM/wqBVB/u3fTuV5lWzSyq4KcBapAgJvFLGUWS+57iCkeNvmQMo3sVgwRO+MVf  
nHgwFm+Wlr8=enhr  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6872-01

Ubuntu Security Notice 5666-1 - It was discovered that OpenSSH incorrectly handled certain helper programs. An attacker could possibly use this issue to arbitrary code execution.

    =========================================================================Ubuntu Security Notice USN-5666-1October 10, 2022openssh vulnerability=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:OpenSSH could be made to run arbitrary code if it somenon-default configuration are in use.Software Description:- openssh: secure shell (SSH) for secure access to remote machinesDetails:It was discovered that OpenSSH incorrectly handled certain helper programs.An attacker could possibly use this issue to arbitrary code execution.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM:  openssh-server                  1:7.2p2-4ubuntu2.10+esm2In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-5666-1  CVE-2021-41617

Ubuntu Security Notice USN-5666-1

Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2022-1798: kubeVirt: Arbitrary file read on the host from KubeVirt VMs


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Virtualization
*   Red Hat Identity Management
*   Red Hat Directory Server
*   Red Hat Certificate System
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Update Infrastructure
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat CloudForms
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Online
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Thorntail
*   Red Hat build of Eclipse Vert.x
*   Red Hat build of OpenJDK
*   Red Hat build of Quarkus

**Integration and Automation**

*   Red Hat Process Automation
*   Red Hat Process Automation Manager
*   Red Hat Decision Manager

All Products

Issued:

2022-10-11

Updated:

2022-10-11

**RHSA-2022:6890 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Important: OpenShift Virtualization 4.8.7 Images bug fixes and security update

**Type/Severity**

Security Advisory: Important

**Topic**

Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

This advisory contains the following OpenShift Virtualization 4.8.7 images:  

RHEL-8-CNV-4.8  

\==============  

vm-import-controller-container-v4.8.7-4  
ovs-cni-marker-container-v4.8.7-6  
virt-cdi-apiserver-container-v4.8.7-4  
virt-cdi-uploadserver-container-v4.8.7-4  
virt-cdi-uploadproxy-container-v4.8.7-4  
vm-import-virtv2v-container-v4.8.7-4  
hostpath-provisioner-container-v4.8.7-4  
ovs-cni-plugin-container-v4.8.7-5  
bridge-marker-container-v4.8.7-5  
virt-cdi-controller-container-v4.8.7-4  
node-maintenance-operator-container-v4.8.7-4  
cluster-network-addons-operator-container-v4.8.7-5  
cnv-containernetworking-plugins-container-v4.8.7-5  
virt-cdi-importer-container-v4.8.7-4  
vm-import-operator-container-v4.8.7-4  
kubemacpool-container-v4.8.7-5  
kubevirt-vmware-container-v4.8.7-4  
kubevirt-v2v-conversion-container-v4.8.7-4  
kubernetes-nmstate-handler-container-v4.8.7-5  
virtio-win-container-v4.8.7-4  
kubevirt-ssp-operator-container-v4.8.7-3  
virt-cdi-operator-container-v4.8.7-4  
cnv-must-gather-container-v4.8.7-4  
hyperconverged-cluster-operator-container-v4.8.7-4  
virt-cdi-cloner-container-v4.8.7-4  
hostpath-provisioner-operator-container-v4.8.7-4  
hyperconverged-cluster-webhook-container-v4.8.7-4  
kubevirt-template-validator-container-v4.8.7-4  
virt-handler-container-v4.8.7-5  
virt-api-container-v4.8.7-5  
virt-operator-container-v4.8.7-5  
virt-launcher-container-v4.8.7-5  
virt-controller-container-v4.8.7-5  
hco-bundle-registry-container-v4.8.7-28  

Security Fix(es):  

*   kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Affected Products**

*   Red Hat Container Native Virtualization 4.8 for RHEL 8 x86\_64
*   Red Hat Container Native Virtualization 4.8 for RHEL 7 x86\_64

**Fixes**

*   BZ - 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs

**CVEs**

*   CVE-2018-25032
*   CVE-2022-0494
*   CVE-2022-1271
*   CVE-2022-1353
*   CVE-2022-1798
*   CVE-2022-2526
*   CVE-2022-23852
*   CVE-2022-29154

**Red Hat Container Native Virtualization 4.8 for RHEL 8**

SRPM

x86\_64

**Red Hat Container Native Virtualization 4.8 for RHEL 7**

SRPM

x86\_64

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2022:6890: Red Hat Security Advisory: OpenShift Virtualization 4.8.7 Images bug fixes and security update

REDWOOD CITY, Calif., Oct. 11, 2022 /PRNewswire/ — Delinea, a leading provider of Privileged Access Management (PAM) solutions for seamless security, today released _Cloud Server Privilege Management for Dummies_, a new eBook immediately available in print and digital editions. The complimentary resource puts best practices for cloud server security front and center to simplify complexities around securing access to business-critical resources.

According to the 2022 Thales Cloud Security Report, 45% of businesses have experienced a cloud-based data breach or failed audit in the past twelve months, suggesting that almost half of organizations are highly vulnerable to cloud server security breaches. Server security is critically tied to securing accounts and their associated entitlements for logging into machines and running privileged commands and applications.

"While the pandemic was a call to action for many organizations to expedite their cloud initiatives, most were already moving towards multi-cloud and hybrid infrastructure," said Tony Goulding, Senior Director, Technical Product Marketing at Delinea and co-author of the new Dummies book. "What many had not been focusing on as part of their efforts was shifting from a reactive to proactive security posture when it comes to privileged access management of cloud resources. This book helps any organization protect distributed IT server infrastructure in hybrid- or multi-cloud environments to reduce risk."

As with other editions in the popular Dummies books series, _Cloud Server Privilege Management for Dummies_ helps guide IT professionals in clear language and with examples to help them tackle some of their biggest cloud server security challenges, including:

*   Getting visibility into assets and permissions to facilitate proactive risk mitigation with granular controls
*   Reducing lateral movement between cloud resources to minimize the possibilities of data exfiltration or encryption for ransom in case of breach
*   Enforcing least privilege with a zero trust approach to ensure authenticated, legitimate users only have access to what they need, when they need it

"Time and again we see that the biggest risks to organizations are typically related to over-privileged users, standing privileges on resources, and not understanding the shared responsibility model when it comes to cloud," said Chris Smith, Chief Marketing Officer at Delinea. "This Dummies book clearly lays out how to address all of those areas of concern in one free resource."

Delinea offers a range of complimentary informative resources to further help organizations secure their on-premises, multi-cloud, and hybrid infrastructure, including six additional Dummies books, educational publications, whitepapers, tools, blogs, and more.

Visit delinea.com/resources to download _Cloud Server Privilege Management for Dummies_ and more.

**About Delinea  
**Delinea is a leading provider of privileged access management (PAM) solutions that make security seamless for the modern, hybrid enterprise. Our solutions empower organizations to secure critical data, devices, code, and cloud infrastructure to help reduce risk, ensure compliance, and simplify security. Delinea removes complexity and defines the boundaries of access for thousands of customers worldwide. Our customers range from small businesses to the world's largest financial institutions, intelligence agencies, and critical infrastructure companies. Learn more about Delinea on LinkedIn, Twitter, and YouTube.

Delinea Releases 'Cloud Server Privilege Management for Dummies' eBook

Investment led by Section 32 will be used to scale the product and team.

MOUNTAIN VIEW, Calif., Oct. 11, 2022 — Stairwell, a company that empowers security teams to outsmart any attacker, today announced a $45M Series B capitalization. The funding round was led by Section 32, with additional investments from Sequoia Capital, Accel, Lux Capital, Gradient Ventures, and angel investors Eric Schmidt and Michael Ovitz. This brings Stairwell’s total funding to date to $69.5 million as it looks to scale its flagship product, Inception, to become the most powerful continuous intelligence, detection, and response solution available.

“New vulnerabilities are discovered daily, and continuous monitoring, threat hunting, and response are needed for around-the-clock efforts to secure the enterprise. Our goal is to plug these gaps, while simultaneously strengthening organizations’ overall security stack via capturing, storing, and analyzing all executable files across their environment,” said Mike Wiacek, CEO and Founder of Stairwell. “This Series B reflects the confidence investors feel in Inception and Stairwell’s mission to enable security teams to take back control of their data and stay one step ahead of even the most advanced attackers.”

Following deals with key customers and MSSP partner Cyderes earlier this year, this Series B will enable Stairwell to meet increased demand for new Inception features as malware attacks continue to rise. By scaling the Inception platform, Stairwell will create a more intuitive and integrated experience for increased customer success in securing their organizations against any emerging malware threats, including supply chain attacks.

“The platform Stairwell has built is making a huge impact for security teams, and the company is led by some of the sharpest minds in cybersecurity,” said Andy Harrison, Managing Partner at Section 32. “The power and advanced capabilities of the Inception platform are clear to customers and partners, and it's rare to find a company with such a strong combination of product, engineering, customer focus, and executive leadership.”

This funding will also play a critical role in the expansion of Stairwell’s team. Since the Series B round closed, Stairwell has increased headcount by 100%, with plans to add significantly more employees this year. These hires will include specialized engineers to bring more functionality to Inception as a whole. Notable recent appointments within the company include Brian Lee as Vice President of Marketing and Eric Byrd as Head of Enterprise Sales.

Lee has spent the last decade at Ogilvy working with some of the most famous technology brands in the world, from large Fortune 500 companies (Google, Samsung, Qualcomm, Cummins) to exciting, high-growth start-ups. His vision for Stairwell’s marketing arm is to drive holistic growth for the company, building an enduring brand complemented with a robust marketing machine to drive awareness using the latest technology, data, and techniques.

“As a marketer, the best asset you can have is a good company and product. That’s what initially drew me to Stairwell,” said Lee. “We have a differentiated, innovative product in a category growing in importance. Add to that the incredible pedigree of our team, top investors, and positive business momentum. I knew from my first conversation with Mike Wiacek that I had to be a part of this company’s trajectory as Vice President of Marketing.”

Byrd comes from Red Canary, where he led a team of Senior Enterprise Account Executives across the Northeast and Southeast regions of the United States in securing new customers for security solutions. At Stairwell, Byrd will lead the sales team in identifying Stairwell’s next customers who will make significant strides in their security goals by partnering with the company.

“I've been really lucky to work with many incredible teams, so I've learned what it takes to build a strong security business that continues to improve its capabilities for customers as you grow,” said Byrd. “Understanding what leading security teams expect from their partners has prepared me to deliver exceptional service for Stairwell’s customers so they can take their security teams to new heights.”

For more information on the roles Stairwell is currently hiring for, please visit www.stairwell.com/careers.

**About Stairwell  
**Stairwell helps organizations with security solutions that attackers can't evade. Its Inception platform empowers security teams to outsmart any attacker by providing continuous intelligence, detection, and response. The Inception platform is used by a number of Fortune 500 companies. Stairwell is comprised of security industry leaders and engineers from Google and is backed by Sequoia Capital, Accel, Section 32, Lux Capital, and Gradient Ventures. For more information, visit www.stairwell.com or connect with us on Twitter or LinkedIn.

Stairwell Announces $45M Series B Funding Round

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability.
Cisco Talos recently discovered an exploitable data deserialization vulnerability in the VMware vCenter server platform.
VMware is one of the most popular virtual machine solutions currently available, and its vCenter software allows users to manage an entire environment of

Tuesday, October 11, 2022 10:10

_Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability._

Cisco Talos recently discovered an exploitable data deserialization vulnerability in the VMware vCenter server platform.

VMware is one of the most popular virtual machine solutions currently available, and its vCenter software allows users to manage an entire environment of VMs. The vulnerability Talos discovered is a post-authentication Java deserialization issue that could corrupt the software in a way that could allow an attacker to exploit arbitrary code on the target machine.

TALOS-2022-1587 (CVE-2022-31680) is triggered if an adversary sends a specially crafted HTTP request to a targeted machine. The attacker would first have to log in with legitimate credentials to vCenter to be successful.

Cisco Talos worked with VMware to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update these affected products as soon as possible: VMware vCenter Server, version 6.5, update 3t. Talos tested and confirmed this version of vCenter could be exploited by this vulnerability.

The following Snort rules will detect exploitation attempts against this vulnerability: 60433. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Tag

#mac