The Microsoft Windows kernel suffers from a containerized registry escape through integer overflows in VrpBuildKeyPath and other weaknesses.

Windows Kernel Containerized Registry Escape

By Waqas
Abrax666 AI Chatbot is being boasted by its developer as a malicious alternative to ChatGPT, claiming it's a perfect multitasking tool for both ethical and unethical activities.
This is a post from HackRead.com Read the original post: Malicious Abrax666 AI Chatbot Exposed as Potential Scam

As of now, based on the information regarding the sale of the Abrax666 AI Chatbot, cybersecurity researchers are of the opinion that the chatbot is most likely a scam.

As of late October 2023, cybercriminals have been advertising a new malicious AI chatbot called Abrax666 on the **dark web** and underground hacking forums. The developer of the Abrax666 AI chatbot has been boasting about the chatbot claiming it to be a perfect multitasking tool for ethical and unethical activities.

Currently, the pricing structure of the Abrax666 AI chatbot is €299 per month, and €2499 per year, while its source code is available for sale for €4999, however, according to cybersecurity researchers at SlashNext, the Abrax666 chatbot is likely to be fake, and could be an attempt to scam buyers.

Abrax666 Chatbot’s listing (Screenshot credit: Hackread.com)

It is worth noting that after the launch of OpenAI’s ChatGPT chatbot, cybercriminals attempted to exploit it for malicious purposes. In particular, Russian hackers **tried** to leverage the chatbot to create malware and phishing pages. While there was **some success**, to escalate their efforts, cybercriminals launched their own malicious chatbots, including **WormGPT** and **FraudGPT**.

In the latest report, SlashNext’s cybersecurity researcher Daniel Kelley highlighted several red flags indicating how the Abrax666 AI chatbot could be a scam despite the big claims. The chatbot is being sold by a threat actor using the alias Abrax on a notorious Russian-language forum where the rule of sale includes sellers depositing some amount of money to initiate the sales process.

However, Abrax not only did not deposit the funds but also refused to allow interested parties to review the chatbot before making a purchase. One potential buyer using the alias ‘SocketSilence’ stated that Abrax failed to provide any evidence of whether they have sold the chatbot previously or if it actually works.

(Screenshot credit: Hackread.com)

Despite video demonstrations shared by the seller, the authenticity of the chatbot’s capabilities remains in question. The videos, according to Kelley, do not exhibit standard AI chatbot behaviour and appear more like a standard tool.

“The only potentially credible evidence that has caused us to slightly defer our verdict here, are videos being circulated by ‘Abrax’ that allegedly show the AI chatbot in use,” Daniel explained in a **blog post**.

“However, even these videos do not appear to showcase the standard output one would expect from an AI chatbot of this nature. The output appears to look more like a standard tool that is not capable of real-time communication and does not accept prompts but arguments and flags instead,” the researcher added.

Abrax’s attempt to sell the chatbot on other cybercrime forums resulted in the removal of the threat, possibly due to administrators detecting malicious intent. Furthermore, the topic initiated by Abrax was locked by forum administrators at the time of writing.

One of the admins cautioned Abrax about their claims (Screenshot credit: Hackread.com).

Overall, the SlashNext report casts doubt on the legitimacy of the Abrax666 AI chatbot, cautioning potential buyers against its advertised capabilities. However, if the seller provides evidence that their product is legitimate and aligns with the claims they have made, it could likely change the minds of researchers.

****_RELATED ARTICLES_****

1.  **DarkBERT: Enhancing Cybersecurity Efforts on the Dark Web**
2.  **Chinese Scammers Use Fake Loan Apps for Money Laundering**
3.  **Fake Ledger App on Microsoft Store to Stole $800,000 in Crypto**

Malicious Abrax666 AI Chatbot Exposed as Potential Scam

Ubuntu Security Notice 6465-1 - Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6465-1October 31, 2023linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15,linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15,linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia,linux-oracle, linux-oracle-5.15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-lowlatency: Linux low latency kernel- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-ibm-5.15: Linux kernel for IBM cloud systems- linux-lowlatency-hwe-5.15: Linux low latency kernel- linux-oracle-5.15: Linux kernel for Oracle Cloud systemsDetails:Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver inthe Linux kernel contained a race condition, leading to a null pointerdereference vulnerability. A local attacker could use this to cause adenial of service (system crash). (CVE-2023-31083)Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in theLinux kernel contained a null pointer dereference vulnerability in somesituations. A local privileged attacker could use this to cause a denial ofservice (system crash). (CVE-2023-3772)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-5.15.0-1032-gkeop   5.15.0-1032.38   linux-image-5.15.0-1040-nvidia  5.15.0-1040.40   linux-image-5.15.0-1040-nvidia-lowlatency  5.15.0-1040.40   linux-image-5.15.0-1042-ibm     5.15.0-1042.45   linux-image-5.15.0-1046-gcp     5.15.0-1046.54   linux-image-5.15.0-1046-kvm     5.15.0-1046.51   linux-image-5.15.0-1047-oracle  5.15.0-1047.53   linux-image-5.15.0-1049-aws     5.15.0-1049.54   linux-image-5.15.0-1051-azure   5.15.0-1051.59   linux-image-5.15.0-1051-azure-fde  5.15.0-1051.59.1   linux-image-5.15.0-88-generic   5.15.0-88.98   linux-image-5.15.0-88-generic-64k  5.15.0-88.98   linux-image-5.15.0-88-generic-lpae  5.15.0-88.98   linux-image-5.15.0-88-lowlatency  5.15.0-88.98   linux-image-5.15.0-88-lowlatency-64k  5.15.0-88.98   linux-image-aws-lts-22.04       5.15.0.1049.48   linux-image-azure-fde-lts-22.04  5.15.0.1051.59.29   linux-image-azure-lts-22.04     5.15.0.1051.47   linux-image-gcp-lts-22.04       5.15.0.1046.42   linux-image-generic             5.15.0.88.85   linux-image-generic-64k         5.15.0.88.85   linux-image-generic-lpae        5.15.0.88.85   linux-image-gkeop               5.15.0.1032.31   linux-image-gkeop-5.15          5.15.0.1032.31   linux-image-ibm                 5.15.0.1042.38   linux-image-kvm                 5.15.0.1046.42   linux-image-lowlatency          5.15.0.88.90   linux-image-lowlatency-64k      5.15.0.88.90   linux-image-nvidia              5.15.0.1040.40   linux-image-nvidia-lowlatency   5.15.0.1040.40   linux-image-oracle              5.15.0.1047.42   linux-image-oracle-lts-22.04    5.15.0.1047.42   linux-image-virtual             5.15.0.88.85Ubuntu 20.04 LTS:   linux-image-5.15.0-1032-gkeop   5.15.0-1032.38~20.04.1   linux-image-5.15.0-1042-ibm     5.15.0-1042.45~20.04.1   linux-image-5.15.0-1046-gcp     5.15.0-1046.54~20.04.1   linux-image-5.15.0-1047-oracle  5.15.0-1047.53~20.04.1   linux-image-5.15.0-1049-aws     5.15.0-1049.54~20.04.1   linux-image-5.15.0-1051-azure   5.15.0-1051.59~20.04.1   linux-image-5.15.0-1051-azure-fde  5.15.0-1051.59~20.04.1.1   linux-image-5.15.0-88-generic   5.15.0-88.98~20.04.1   linux-image-5.15.0-88-generic-64k  5.15.0-88.98~20.04.1   linux-image-5.15.0-88-generic-lpae  5.15.0-88.98~20.04.1   linux-image-5.15.0-88-lowlatency  5.15.0-88.98~20.04.1   linux-image-5.15.0-88-lowlatency-64k  5.15.0-88.98~20.04.1   linux-image-aws                 5.15.0.1049.54~20.04.37   linux-image-azure               5.15.0.1051.59~20.04.40   linux-image-azure-cvm           5.15.0.1051.59~20.04.40   linux-image-azure-fde           5.15.0.1051.59~20.04.1.29   linux-image-gcp                 5.15.0.1046.54~20.04.1   linux-image-generic-64k-hwe-20.04  5.15.0.88.98~20.04.46   linux-image-generic-hwe-20.04   5.15.0.88.98~20.04.46   linux-image-generic-lpae-hwe-20.04  5.15.0.88.98~20.04.46   linux-image-gkeop-5.15          5.15.0.1032.38~20.04.28   linux-image-ibm                 5.15.0.1042.45~20.04.14   linux-image-lowlatency-64k-hwe-20.04  5.15.0.88.98~20.04.43   linux-image-lowlatency-hwe-20.04  5.15.0.88.98~20.04.43   linux-image-oem-20.04           5.15.0.88.98~20.04.46   linux-image-oem-20.04b          5.15.0.88.98~20.04.46   linux-image-oem-20.04c          5.15.0.88.98~20.04.46   linux-image-oem-20.04d          5.15.0.88.98~20.04.46   linux-image-oracle              5.15.0.1047.53~20.04.1   linux-image-virtual-hwe-20.04   5.15.0.88.98~20.04.46After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6465-1   CVE-2023-31083, CVE-2023-3772Package Information:   https://launchpad.net/ubuntu/+source/linux/5.15.0-88.98   https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1049.54   https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1051.59   https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1051.59.1   https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1046.54   https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1032.38   https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1042.45   https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1046.51   https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-88.98   https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1040.40   https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1047.53   https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1049.54~20.04.1   https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1051.59~20.04.1 https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1051.59~20.04.1.1   https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1046.54~20.04.1   https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1032.38~20.04.1   https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-88.98~20.04.1   https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15.0-1042.45~20.04.1 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-88.98~20.04.1 https://launchpad.net/ubuntu/+source/linux-oracle-5.15/5.15.0-1047.53~20.04.1

Ubuntu Security Notice USN-6465-1

By Deeba Ahmed
The global operation also led to the arrest of eight individuals, including the alleged mastermind.
This is a post from HackRead.com Read the original post: Police Dismantle Phishing-as-a-Service Platform BulletProftLink

BulletProftLink, a prolific phishing-as-a-service (PhaaS) and initial access broker (IAB) operation was operating since 2015.

In a significant blow to the cybercrime community, Malaysian police have dismantled BulletProftLink, a prolific phishing-as-a-service (PhaaS) and initial access broker (IAB) operation.

The seizure was a result of a collaborative effort between the Royal Malaysian Police, the Australian Federal Police, and the FBI. The authorities arrested eight individuals on 6 November, 2023 including the platform’s alleged mastermind and a software engineer.

Additionally, security agencies also seized cryptocurrency wallets containing approx. $213,000, apart from jewellery, servers, payment cards, and computers.

BulletProftLink, a prolific **phishing-as-a-service** (PhaaS) and initial access broker (IAB) operation was operating since 2015. It served thousands of threat actors with tools and resources to conduct phishing attacks through its extensive collection of phishing templates (over 300), including login pages for prominent services like DHL, Microsoft Office, Naver, and financial institutions.

Some of these pages were hosted on legit cloud services such as Google Cloud and Microsoft Azure. It also aided attackers in **bypassing MFA** (multi-factor authentication) protections by offering the **Evilginx2** reverse-proxying tool that could lead to Adversary-in-the-Middle phishing attacks.

**According to** Malaysian police, the platform had become intensely active since 2018, and that’s when it came to their radar. Since its inception, BulletProftLink has attracted over 8000 clients, many of whom paid up to $2,000/month for accessing credential logs regularly. Malicious actors preferred it for buying stolen accounts to conduct frauds and cyberattacks.

“From our investigations, not only the syndicate has compromised websites those of financial and education institutions, and official government sites in Australia, but they are also involved with the selling of stolen credentials,” stated Royal Malaysian Police’s inspector general, Sri Razarudin Husain.

This platform remained a key source for cybercriminals to infiltrate corporate networks, conduct reconnaissance, and laterally move towards valuable targets. Intel471, a threat intelligence platform, was monitoring the platform’s activities, and the following screenshot has been captured from their **coverage** of the event.

The screenshot reveals phishing templates for various platforms that were previously accessible on the BulletProofLink website.

The authorities haven’t yet disclosed the identities of the **arrested individuals**. As per cyber threat intelligence professionals, a threat actor, AnthraxBP, could be linked to the platform, and certain operational mistakes from BulletProftLink could have led to its dismantling.

The authorities have taken down multiple domains of the platform. Its closure is certainly a huge victory against cybercriminals because BulletProftink had remained a crucial source of stolen credentials for threat actors. Now that it is out of the picture, cybercriminals will need to look for alternative sources to gain initial access to corporate networks.

1.  **NetWire Malware Site and Server Seized, Admin Arrested**
2.  **Ragnar Locker Ransomware Gang Dismantled, Key Suspect Arrested**
3.  **SSNDOB Cybercrime Marketplace Seized in Intl. Coordinated Operation**
4.  **INTERPOL Dismantles Infamous ’16shop’ Phishing-as-a-Service Platform**
5.  **EvilProxy Phishing Kit Targets Microsoft Users via Indeed.com Vulnerability**

Police Dismantle Phishing-as-a-Service Platform BulletProftLink

Red Hat Security Advisory 2023-6249-01 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6249.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 6.0 security, bug fix, and enhancement updateAdvisory ID:        RHSA-2023:6249-01Product:            .NET Core on Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6249Issue date:         2023-11-01Revision:           01CVE Names:          CVE-2023-36799====================================================================Summary: An update for .NET  6.0 is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The CVE-2023-36799 was previously fixed in .NET  6.0 packages in Red Hat Enterprise Linux 7 via erratum RHSA-2023:5142, which updated .NET to SDK 6.0.122 and Runtime 6.0.22. However, the fix was not included in the upstream SDK 6.0.123 and Runtime 6.0.23, which was added to Red Hat Enterprise Linux 7 via erratum RHSA-2023:5705, introducing a security regression. This erratum re-adds the fix for CVE-2023-36799 to .NET 6.0 packages.For more details about the regression, refer to the upstream release notes linked to the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.124 and .NET Runtime 6.0.24.Security Fix(es):* dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-36799References:https://access.redhat.com/security/updates/classification/#moderatehttps://support.microsoft.com/en-gb/topic/-net-6-0-update-october-24-2023-kb5032874-c7206ee0-8768-496c-a122-eac43b8b85c9https://access.redhat.com/errata/RHSA-2023:5142

Red Hat Security Advisory 2023-6249-01

Red Hat Security Advisory 2023-6247-01 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6247.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 7.0 security updateAdvisory ID:        RHSA-2023:6247-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6247Issue date:         2023-11-01Revision:           01CVE Names:          CVE-2023-36799====================================================================Summary: An update for .NET 7.0 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The CVE-2023-36799 was previously fixed in .NET 7.0 packages in Red Hat Enterprise Linux 8 via erratum RHSA-2023:5145, which updated .NET to SDK 7.0.111 and Runtime 7.0.11. However, the fix was not included in the upstream SDK 7.0.112 and Runtime 7.0.12, which was added to Red Hat Enterprise Linux 8 via erratum RHSA-2023:5709, introducing a security regression. This erratum re-adds the fix for CVE-2023-36799 to .NET 7.0 packages.For more details about the regression, refer to the upstream release notes linked to the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.113 and .NET Runtime 7.0.13.Security Fix(es):* dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-36799References:https://access.redhat.com/security/updates/classification/#moderatehttps://support.microsoft.com/en-gb/topic/-net-7-0-update-october-24-2023-kb5032875-1c20c4da-3b7e-414f-b7e7-5947358c33d9https://access.redhat.com/errata/RHSA-2023:5145

Red Hat Security Advisory 2023-6247-01

Red Hat Security Advisory 2023-6246-02 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6246.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 7.0 security updateAdvisory ID:        RHSA-2023:6246-02Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6246Issue date:         2023-11-02Revision:           02CVE Names:          CVE-2023-36799====================================================================Summary: An update for .NET 7.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The CVE-2023-36799 was previously fixed in .NET 7.0 packages in Red Hat Enterprise Linux 9 via erratum RHSA-2023:5146, which updated .NET to SDK 7.0.111 and Runtime 7.0.11. However, the fix was not included in the upstream SDK 7.0.112 and Runtime 7.0.12, which was added to Red Hat Enterprise Linux 9 via erratum RHSA-2023:5749, introducing a security regression. This erratum re-adds the fix for CVE-2023-36799 to .NET 7.0 packages.For more details about the regression, refer to the upstream release notes linked to the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.113 and .NET Runtime 7.0.13.Security Fix(es):* dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-36799References:https://access.redhat.com/security/updates/classification/#moderatehttps://support.microsoft.com/en-gb/topic/-net-7-0-update-october-24-2023-kb5032875-1c20c4da-3b7e-414f-b7e7-5947358c33d9https://access.redhat.com/errata/RHSA-2023:5146

Red Hat Security Advisory 2023-6246-02

Red Hat Security Advisory 2023-6245-01 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6245.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 6.0 security updateAdvisory ID:        RHSA-2023:6245-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6245Issue date:         2023-11-01Revision:           01CVE Names:          CVE-2023-36799====================================================================Summary: An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The CVE-2023-36799 was previously fixed in .NET 6.0 packages in Red Hat Enterprise Linux 8 via erratum RHSA-2023:5144, which updated .NET to SDK 6.0.122 and Runtime 6.0.22. However, the fix was not included in the upstream SDK 6.0.123 and Runtime 6.0.23, which was added to Red Hat Enterprise Linux 8 via erratum RHSA-2023:5710, introducing a security regression. This erratum re-adds the fix for CVE-2023-36799 to .NET 6.0 packages.For more details about the regression, refer to the upstream release notes linked to the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.124 and .NET Runtime 6.0.24.Security Fix(es):* dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-36799References:https://access.redhat.com/security/updates/classification/#moderatehttps://support.microsoft.com/en-gb/topic/-net-6-0-update-october-24-2023-kb5032874-c7206ee0-8768-496c-a122-eac43b8b85c9https://access.redhat.com/errata/RHSA-2023:5144

Red Hat Security Advisory 2023-6245-01

Red Hat Security Advisory 2023-6242-01 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6242.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 6.0 security updateAdvisory ID:        RHSA-2023:6242-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6242Issue date:         2023-11-01Revision:           01CVE Names:          CVE-2023-36799====================================================================Summary: An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The CVE-2023-36799 was previously fixed in .NET 6.0 packages in Red Hat Enterprise Linux 9 via erratum RHSA-2023:5143, which updated .NET to SDK 6.0.122 and Runtime 6.0.22. However, the fix was not included in the upstream SDK 6.0.123 and Runtime 6.0.23, which was added to Red Hat Enterprise Linux 9 via erratum RHSA-2023:5708, introducing a security regression. This erratum re-adds the fix for CVE-2023-36799 to .NET 6.0 packages.For more details about the regression, refer to the upstream release notes linked to the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.124 and .NET Runtime 6.0.24.Security Fix(es):* dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-36799References:https://access.redhat.com/security/updates/classification/#moderatehttps://support.microsoft.com/en-gb/topic/-net-6-0-update-october-24-2023-kb5032874-c7206ee0-8768-496c-a122-eac43b8b85c9https://access.redhat.com/errata/RHSA-2023:5143

Red Hat Security Advisory 2023-6242-01

Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations.
"This activity is believed to be part of a long-term espionage campaign," Palo Alto Networks Unit 42 researchers said in a report last week.
"The observed activity aligns with geopolitical goals of

National Security / Cyber Attack

Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations.

"This activity is believed to be part of a long-term espionage campaign," Palo Alto Networks Unit 42 researchers said in a report last week.

"The observed activity aligns with geopolitical goals of the Chinese government as it seeks to leverage their strong relations with Cambodia to project their power and expand their naval operations in the region."

Targeted organizations include defense, election oversight, human rights, national treasury and finance, commerce, politics, natural resources, and telecommunications.

The assessment stems from the persistent nature of inbound network connections originating from these entities to a China-linked adversarial infrastructure that masquerades as cloud backup and storage services over a "period of several months."

Some of the command-and-control (C2) domain names are listed below -

*   api.infinitycloud\[.\]info
*   connect.infinitycloud\[.\]info
*   connect.infinitybackup\[.\]net
*   file.wonderbackup\[.\]com
*   login.wonderbackup\[.\]com
*   update.wonderbackup\[.\]com

The tactic is likely an attempt on the part of the attackers to fly under the radar and blend in with legitimate network traffic.

What's more, the links to China are based on the fact that the threat actor's activity has been observed primarily during regular business hours in China, with a drop recorded in late September and early October 2023, coinciding with the Golden Week national holidays, before resuming to regular levels on October 9.

China-nexus hacking groups such as Emissary Panda, Gelsemium, Granite Typhoon, Mustang Panda, RedHotel, ToddyCat, and UNC4191 have launched an array of espionage campaigns targeting public- and private sectors across Asia in recent months.

Last month, Elastic Security Labs detailed an intrusion set codenamed REF5961 that was found leveraging custom backdoors such as EAGERBEE, RUDEBIRD, DOWNTOWN, and BLOODALCHEMY in its attacks directed against the Association of Southeast Asian Nations (ASEAN) countries.

The malware families "were discovered to be co-residents with a previously reported intrusion set, REF2924," the latter of which is assessed to be a China-aligned group owing to its use of ShadowPad and tactical overlaps with Winnti and ChamelGang.

The disclosures also follow a report from Recorded Future highlighting the shift in Chinese cyber espionage activity, describing it as more mature and coordinated, and with a strong focus on exploiting known and zero-day flaws in public-facing email servers, security, and network appliances.

Since the beginning of 2021, Chinese state-sponsored groups have been attributed to the exploitation of 23 zero-day vulnerabilities, including those identified in Microsoft Exchange Server, Solarwinds Serv-U, Sophos Firewall, Fortinet FortiOS, Barracuda Email Security Gateway, and Atlassian Confluence Data Center and Server.

The state-sponsored cyber operations have evolved "from broad intellectual property theft to a more targeted approach supporting specific strategic, economic, and geopolitical goals, such as those related to the Belt and Road Initiative and critical technologies," the company said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#microsoft