PRESS RELEASE

Houston, Texas – Black Girls Do Engineer recently signed an Education Partnership Agreement (EPA) with the National Security Agency in an effort to continue playing a key role in developing science and technology talent for possible national security challenges.

The National Security Agency (NSA) partners with select universities and nonprofit organizations as part of the Agency’s Minority Serving Institution (MSI) Hacking 4 Intelligence (H4I) program. It is a program where the U.S. Government and industry partners, collaborate to solve national security problems. The program engages HBCU students and college bound students studying STEM disciplines.

Black Girls Do Engineer, a 501c3 nonprofit organization that provides access, education and resources to Black students K-12 in STEM was selected to participate because of its stellar reputation in hosting cohorts of students through various STEM subjects including co-ed HBCU and High School programs, utilizing Microsoft technology to do so.

The NSA’s collaborative H4I program is for students to have the opportunity to cultivate essential skills by deconstructing and analyzing NSA and Microsoft problem sets, all while collaborating and networking with government and industry partners. Students will form interdisciplinary teams and work to solve real-world NSA and Microsoft problem sets. At the end of a 12-week cohort, students exit the program with a minimum viable product ready for deployment.

“This partnership with NSA will allow our program to provide our cybersecurity resources and curriculum to Higher Education institutions through our developed BGDE digital infrastructure enhanced by Microsoft tools,” states Kara Branch the Founder and CEO of Black Girls Do Engineer.

Black Girls Do Engineer’s licensed STEM curriculum is committed to excellence in cyber defense education and research. Some of its programs include cybersecurity, artificial intelligence, data science and a host of technical training. Higher education programs include their design Badge A Thon event offered for college students.

“This collaboration will allow our national impact to reach new heights with higher education students,” concludes Kara Branch, Founder and CEO of Black Girls Do Engineer.

About Black Girls Do Engineer

As the fastest growing nationwide program for Black girls in STEM., BGDE has been dubbed “The Ivy League of Nonprofits.” The program is application-based and offers full-time membership-based STEM camps and workshops to Black girls in grades K through 12, with mentorship and individual workshops offered to college students up through age 21. The program currently has a 100% college acceptance rate and 100% job placement rate among its members. Since its launch in 2019, BGDE has served 4,000 girls though its program. The nonprofit has also helped secure its members $44,000 in STEM-related college scholarships.

BGDE futuristic programs of study include: A.I., Energy, Audio/Visual, Aerospace, Engineering, Medical, Robotics and Coding. Mentoring includes: College Prep, Financial Literacy, Upskilling, and Mentorship from professionals working in these fields offering real life experience.

Black Girls Do Engineer Signs Education Partnership Agreement With NSA

Red Hat Security Advisory 2024-2008-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include null pointer and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2008.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel-rt security update  
Advisory ID:        RHSA-2024:2008-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:2008  
Issue date:         2024-04-23  
Revision:           03  
CVE Names:          CVE-2021-46915  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)

* kernel: vmxnet3: NULL pointer dereference in vmxnet3_rq_cleanup() (CVE-2023-4459)

* kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)

* kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)

* kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)

* kernel: netfilter: divide error in nft_limit_init (CVE-2021-46915)

* kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-46915

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2154178  
https://bugzilla.redhat.com/show_bug.cgi?id=2219268  
https://bugzilla.redhat.com/show_bug.cgi?id=2224048  
https://bugzilla.redhat.com/show_bug.cgi?id=2256279  
https://bugzilla.redhat.com/show_bug.cgi?id=2265645  
https://bugzilla.redhat.com/show_bug.cgi?id=2266423  
https://bugzilla.redhat.com/show_bug.cgi?id=2267695

Red Hat Security Advisory 2024-2008-03

Red Hat Security Advisory 2024-2007-03 - An update for pcs is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2007.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: pcs security updateAdvisory ID:        RHSA-2024:2007-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2007Issue date:         2024-04-23Revision:           03CVE Names:          CVE-2024-25126====================================================================Summary: An update for pcs is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.Security Fix(es):* rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126)* rubygem-rack: Possible DoS Vulnerability with Range Header in Rack (CVE-2024-26141)* rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing (CVE-2024-26146)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-25126References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2265593https://bugzilla.redhat.com/show_bug.cgi?id=2265594https://bugzilla.redhat.com/show_bug.cgi?id=2265595

Red Hat Security Advisory 2024-2007-03

Red Hat Security Advisory 2024-2006-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include null pointer and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2006.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security and bug fix update  
Advisory ID:        RHSA-2024:2006-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:2006  
Issue date:         2024-04-23  
Revision:           03  
CVE Names:          CVE-2021-46915  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)

* kernel: vmxnet3: NULL pointer dereference in vmxnet3_rq_cleanup() (CVE-2023-4459)

* kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)

* kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)

* kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)

* kernel: netfilter: divide error in nft_limit_init (CVE-2021-46915)

* kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)

Bug Fix(es):

* kernel: use-after-free in smb2_is_status_io_timeout() (JIRA:RHEL-15155)

* kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (JIRA:RHEL-9225)

* kernel: vmxnet3: NULL pointer dereference in vmxnet3_rq_cleanup() (JIRA:RHEL-18083)

* dm multipath device suspend deadlocks waiting on a flush request (JIRA:RHEL-19107)

* kernel NULL pointer at RIP: 0010:kyber_has_work+0x1c/0x60 (JIRA:RHEL-21781)

* rbd: don't move requests to the running list on errors [8.x] (JIRA:RHEL-24200)

* TRIAGE CVE-2021-46915 kernel: netfilter: divide error in nft_limit_init (JIRA:RHEL-28178)

* kernel: refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20295)

* kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (JIRA:RHEL-26385)

* kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (JIRA:RHEL-29180)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-46915

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2154178  
https://bugzilla.redhat.com/show_bug.cgi?id=2219268  
https://bugzilla.redhat.com/show_bug.cgi?id=2224048  
https://bugzilla.redhat.com/show_bug.cgi?id=2256279  
https://bugzilla.redhat.com/show_bug.cgi?id=2265645  
https://bugzilla.redhat.com/show_bug.cgi?id=2266423  
https://bugzilla.redhat.com/show_bug.cgi?id=2267695

Red Hat Security Advisory 2024-2006-03

Red Hat Security Advisory 2024-2005-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include an information leakage vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2005.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: linux-firmware security updateAdvisory ID:        RHSA-2024:2005-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2005Issue date:         2024-04-23Revision:           03CVE Names:          CVE-2023-20569====================================================================Summary: An update for linux-firmware is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The linux-firmware packages contain all of the firmware files that are required by various devices to operate.Security Fix(es):* hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-20569References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2207625

Red Hat Security Advisory 2024-2005-03

Red Hat Security Advisory 2024-1982-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1982.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: thunderbird security updateAdvisory ID:        RHSA-2024:1982-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1982Issue date:         2024-04-23Revision:           03CVE Names:          CVE-2024-3302====================================================================Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 115.10.0.Security Fix(es):* Mozilla: Denial of Service using HTTP/2 CONTINUATION frames (CVE-2024-3302)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-3302References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2273383

Red Hat Security Advisory 2024-1982-03

Internal emails suggest that the company continued to provide gunshot data to police in cities where its contracts had been canceled.

When Mayor Brandon Johnson announced in February that Chicago would stop using the gunshot-detection system known as ShotSpotter by year’s end, local activists were elated.

Ever since 2021, when the police fatally shot 13-year-old Adam Toledo while responding to a ShotSpotter alert, the Stop ShotSpotter Campaign has been pressuring the city to ditch the technology. Johnson’s decision not to renew the Windy City’s contract with ShotSpotter was seen as the culmination of the campaign’s efforts.

But ending the contract may not be enough to remove the company’s more than 2,500 sensors from neighborhoods on the city’s South and West Sides, where they’re disproportionately located. Internal emails reviewed by _South Side Weekly_ and WIRED suggest that ShotSpotter keeps its sensors online and, in some instances, provides gunshot-detection alerts to police departments in cities where its contracts have expired or been canceled. The emails raise new questions about whether the more than 2,500 sensors in Chicago will be turned off and removed, regardless of Johnson’s decision.

“We continue to focus on serving the City of Chicago with our critical gunshot detection technology service during our contractual term,” a ShotSpotter spokesperson wrote in a statement. “Nothing has changed regarding our singular purpose to close the public safety gap by enabling law enforcement agencies globally to more efficiently and effectively respond to incidents of criminal gunfire … where gunshot wound victims’ lives are in the balance.”

An organizer who’s been active in the push to cancel ShotSpotter’s contract in Chicago wasn’t surprised that the company has continued to work with police behind the scenes in cities where contracts have ended.

“I think it’s exactly what cops and corporations do,” says Nathan Palmer, an organizer with the Stop ShotSpotter Campaign and Black Youth Project 100. “Especially when we’re thinking about Chicago, it would benefit ShotSpotter to keep the mics up and working so that they can also throw lobbying money at whoever’s gonna oppose Mayor Brandon Johnson in the next election.”

ShotSpotter, which rebranded as SoundThinking in 2023, has a customer base of roughly 170 cities, according to its most recent filing with the US Securities and Exchanges Commission. Chicago is not the first to deem the ShotSpotter technology not worth the cost. (By the time the city’s contract extension ends in November, ShotSpotter will have cost Chicago more than $57 million since then-mayor Rahm Emanuel inked a comprehensive deal with the company in 2018.)

San Antonio, San Diego, and Dayton, Ohio, have all joined a growing list of cities that have publicly cut ties with ShotSpotter. Confidential company emails reviewed by the _Weekly_ and WIRED, however, indicate that the company never completely pulled its technology out of some cities.

An October 2023 email sent to John Fountain, a director of field and network operations at SoundThinking who left the company in December, described how the company continued to secretly offer its help to police in cities where contracts had lapsed. The email, which addressed a shortage of sensors in a city with an active contract, apparently referred to Clark Dunson, SoundThinking’s director of systems engineering.

“I would like to imagine we can pull some \[sensors\] from an old coverage area … Maybe San Diego and Indianapolis,” wrote the sender, whose name was redacted. “Last time we looked to remove sensors from an old coverage area I know Clark flipped out since we still work with police using those sensors (which I did not know).”

A spokesperson for SoundThinking declined to answer detailed questions about what services the company has provided to police departments after contracts are up and instead emailed a statement. “SoundThinking believes this confidential information was illegally disclosed by ex-employees and is currently pursuing civil and criminal remedies against the private parties responsible,” the statement read. “Due to this ongoing litigation, we cannot comment specifically on the leaked materials; however, we will continue to object to the use of our stolen data and reinforce the safety and privacy risks of disclosing individual sensor locations.”

ShotSpotter is suing two former employees who the company alleges posted confidential company information on Twitter after one was fired in November.

In February, WIRED reported ShotSpotter sensor locations based on leaked company data showing more than 25,000 microphones arrayed across the globe. Those maps revealed active sensors remained in both San Diego and Indianapolis. The Indianapolis Metropolitan Police recently told the _Indianapolis Star_ that it does not have a contract with the company after piloting technology from three different gunshot-detection companies in 2022.

“The evaluation of whether or not gunshot detection technology system is right for Indianapolis is still ongoing,” a police spokesperson told the _Star_. The statement added that the department believed it was ShotSpotter’s responsibility to remove its sensors.

ShotSpotter doesn’t sell its sensors to cities. Instead, the company uses a software-as-service model, billing cities for the software and applications that allow police to access ShotSpotter alerts. When a contract expires, the company apparently doesn’t always retrieve its sensors.

An email from Fountain dated from December 2022 estimated that there were a “few hundred sensors still installed” in San Diego and that they are “active even if the market isn’t.”

Fountain again noted that removing any sensors from San Diego would require Clark Dunson’s approval. “Clark is really pushy and he likes to tinker around with those coverage area\[s\] but I imagine we can pull a few here and there,” he wrote.

In August 2023, Dunson sent an internal email that said ShotSpotter had been providing “test alerts” to police in San Diego and San Antonio. “As a last resort we can pull sensors away from San Diego or San Antonio if needed but Lee \[Lim, a SoundThinking tech-support engineer\] has been working with the PD in those areas giving test alerts and tracking down detections for them.”

The San Diego Police Department denied that sensors in that city are active or collecting any data. SDPD also claimed to have never asked the company for help with gunshot detections in any incidents involving homicides or shootings.

“At this time, there is no contract and there is no plan to move forward with the company,” a spokesperson for the department wrote in an email. San Diego and ShotSpotter entered into an agreement that allows the company to leave its sensors on city property. “However, as of September 2021, the equipment is deactivated, cannot collect any data, and is inoperable.”

But emails the _Weekly_ and WIRED obtained via a California Public Records Act request show that ShotSpotter stayed in touch with SDPD for more than 15 months after the city’s contract expired in September 2021. In those emails, ShotSpotter support staff routinely address SDPD as a “ShotSpotter Customer.”

These weren’t just mass marketing emails that all customers past and present are frequently subjected to. The emails we obtained show that in October 2021, after the contract had lapsed, ShotSpotter also provided an SDPD officer with an “investigative lead summary” about a shooting in San Diego, including the precise location and the number of rounds detected, upon SDPD’s request.

ShotSpotter also sent SDPD emails updating the department about routine scheduled maintenance in October 2022 and how the company planned to address the “extremely high volume of fireworks activities” around New Year’s Day in 2023.

“Despite our efforts, we may occasionally miss a gunshot in error,” wrote Dinh Nguyen, a technical support engineer at ShotSpotter, in a December 2022 email to SDPD. “You may also experience some delays in the publication of incidents.”

ShotSpotter is not on a list of surveillance technologies the SDPD is required to frequently publish as a part of a sweeping surveillance ordinance passed by the San Diego City Council in August 2022 and amended in January of this year.

A San Diego councilmember whose district includes several of the neighborhoods where ShotSpotter sensors were installed in 2016 said that their “office is aware of the ShotSpotter situation” via a spokesperson. In July 2021, the then-District Four councilmember requested the city remove sensors from his district, which helped scuttle the contract renewal.

“A request to remove such \[sensors\] has been forwarded to the San Diego Police Department and the mayor’s office,” a spokesperson for current District Four councilmember Henry L. Foster III (who was sworn in in April) wrote in an email to the _Weekly_ and WIRED. “Devices that have not been approved in accordance with the Surveillance Ordinance should not be installed and or operational by the City of San Diego or third party.”

San Diego mayor Todd Gloria’s office did not respond to requests for comment.

In 2021, San Diego’s city council pulled a scheduled vote on a four-year extension to ShotSpotter from its agenda, effectively sunsetting the city’s agreement with the company. Although Gloria’s office said in statements at the time that it would bring the extension back up in the city council, there is no indication that it did.

Based on a map of the secret locations of every ShotSpotter sensor in the country published by WIRED, there are still about 30 active sensors in San Diego, most of which are clustered near UC San Diego’s La Jolla campus and the Scripps Institution of Oceanography.

When asked to comment on whether SDPD receives and responds to ShotSpotter alerts from these active sensors, a spokesperson for the department directed questions to the UCSD police. UCSD did not respond to requests for comment.

The _Weekly_ and WIRED requested emails sent between San Antonio Police Department and ShotSpotter dated after the city’s contract with ShotSpotter expired in the fall of 2017. In March, the SAPD filed an appeal with the Texas attorney general, seeking to have the responsive records withheld under a laundry list of exemptions provided for by the state’s public records act. The police provided sealed records to the Texas AG to review. The AG is expected to decide whether to release the records by May.

SAPD said that after the contract lapsed, the department never asked ShotSpotter for assistance, and no arrests were made based on detections provided by the company.

Records produced in response to a separate public records request show that ShotSpotter sent four-term San Antonio mayor Ron Nirenbergt at least two marketing emails months after the city council voted not to include ShotSpotter in its budget for the upcoming fiscal year. The company does not appear to have communicated with his office after November 2018, however. Nirenberg’s office did not respond to requests for comment.

“To me it sounds like, on their part, another strategic business decision, and that’s what they’re doing in every city,” says Palmer, the Stop ShotSpotter organizer. “It sounds like a business decision, because they don’t actually care about public safety.”

_This story was copublished in collaboration between_ Southside Weekly _and_ WIRED.

ShotSpotter Keeps Listening for Gunfire After Contracts Expire

Red Hat Security Advisory 2024-1961-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1961.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2024:1961-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1961Issue date:         2024-04-23Revision:           03CVE Names:          CVE-2023-3812====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-3812References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2224048

Red Hat Security Advisory 2024-1961-03

It's time to start regulating LLMs to ensure they're accurately trained and ready to handle business deals that could affect the bottom line.

Kevin Bocek, Chief Innovation Officer, Venafi

April 23, 2024

5 Min Read

Source: Bakhtiar Zein via Alamy Stock Photo

COMMENTARY

OWASP recently released its top 10 list for large language model (LLM) applications, in an effort to educate the industry on potential security threats to be aware of when deploying and managing LLMs. This release is a notable step in the right direction for the security community, as developers, designers, architects, and managers now have 10 areas to clearly focus on. 

Similar to the National Institute of Standards and Technology (NIST) framework and Cybersecurity and Infrastructure Security Agency (CISA) guidelines provided for the security industry, OWSAP's list creates an opportunity for better alignment within organizations. With this knowledge, chief information security officers (CISOs) and security leaders can ensure the best security precautions are in place around the use of LLM technologies that are quickly evolving. LLMs are just code. We need to apply what we have learned about authenticating and authorizing code to prevent misuse and compromise. This is why identity provides the kill switch for AI, which is the ability to authenticate and authorize each model and their actions, and stop it when misuse, compromise, or errors occur.

**Adversaries Are Capitalizing on Gaps in Organizations**

As security practitioners, we've long talked about what adversaries are doing, such as data poisoning, supply chain vulnerabilities, excessive agency and theft, and more. This OWASP list for LLMs is proof that the industry is recognizing where risks are. To protect our organizations, we have to course correct quickly and be proactive. 

Generative artificial intelligence (GenAI) is putting a spotlight on a new wave of software risks that are rooted in the same capabilities that made it powerful in the first place. Every time a user asks an LLM a question, it crawls countless Web locations in an attempt to provide an AI-generated response or output. While every new technology comes with new risks, LLMs are especially concerning because they're so different from the tools we're used to.

Almost all of the top 10 LLM threats center around a compromise of authentication for the identities used in the models. The different attack methods run the gamut, affecting not only the identities of model inputs but also the identities of the models themselves, as well as their outputs and actions. This has a knock-on effect and calls for authentication in the code-signing and creating processes to halt the vulnerability at the source.

**Authenticating Training and Models to Prevent Poisoning and Misuse**

With more machines talking to each other than ever before, there must be training and authentication of the way that identities will be used to send information and data from one machine to another. The model needs to authenticate the code so that the model can mirror that authentication to other machines. If there's an issue with the initial input or model — because models are vulnerable and something to keep a close eye on — there will be a domino effect. Models, and their inputs, must be authenticated. If they aren't, security team members will be questioning if this is the right model they trained or if it's using the plug-ins they approved. When models can use APIs and other models' authentication, authorization must be well defined and managed. Each model must be authenticated with a unique identity.

We saw this play out recently with AT&T's breakdown, which was dubbed a "software configuration error," leaving thousands of people without cellphone service during their morning commute. The same week, Google experienced a bug that was very different but equally concerning. Google's Gemini image generator misrepresented historical images, causing diversity and bias concerns due to AI. In both cases, the data used to train GenAI models and LLMs — as well as the lack of guardrails around it — was the root of the problem. To prevent issues like this in the future, AI firms need to spend more time and money to adequately train the models and inform the data better. 

In order to design a bulletproof and secure system, CISOs and security leaders should design a system where the model works with other models. This way, an adversary stealing one model does not collapse the entire system, and allows for a kill-switch approach. You can shut off a model and keep working and protecting the company's intellectual property. This positions security teams in a much stronger way and prevents any further damages. 

**Acting on Lessons From the List **

For security leaders, I recommend taking OWASP's guidance and asking your CISO or C-level execs how the organization is scoring on these vulnerabilities overall. This framework holds us all more accountable for delivering market-level security insights and solutions. It is encouraging that we have something to show our CEO and board to illustrate how we're doing when it comes to risk preparedness. 

As we continue to see risks arise with LLMs and AI customer service tools, like we just did with Air Canada's chatbot giving a reimbursement to a traveler, companies will be held accountable for mistakes. It's time to start regulating LLMs to ensure they're accurately trained and ready to handle business deals that could affect the bottom line. 

In conclusion, this list serves as a great framework for rising Web vulnerabilities and the risks we need to pay attention to when using LLMs. While more than half of the top 10 risks are ones that are essentially mitigated and calling for the kill switch for AI, companies will need to evaluate their options when deploying new LLMs. If the right tools are in place to authenticate the inputs and models, as well as the models' actions, companies will be better equipped to leverage the AI kill-switch idea and prevent further destruction. While this may seem daunting, there are ways to protect your organization amid the infiltration of AI and LLMs in your network.

**About the Author(s)**

Chief Innovation Officer, Venafi

As Chief Innovation Officer, Kevin is leading Venafi’s growth in new innovations, and is at the forefront of Venafi’s cutting-edge machine identity management for workload identity, Kubernetes and AI. He also drives Venafi’s technology ecosystem and developer community to futureproof customer success and is responsible for the company’s Machine Identity Management Development Fund, which has sponsored innovations with more than 50 developers globally. Kevin brings more than 25 years of experience in cybersecurity with industry leaders including RSA Security, PGP Corporation, IronKey, CipherCloud, Thales, nCipher, and Xcert.

Lessons for CISOs From OWASP's LLM Top 10

The threat actor is deploying multiple connections into victim environments to maintain persistence and steal data.

Source: RooM the Agency via Alamy Stock Photo

An advanced persistent threat (APT) group known as ToddyCat is collecting data on an industrial scale from government and defense targets in the Asia-Pacific region.

Researchers from Kaspersky tracking the campaign described the threat actor this week as using multiple simultaneous connections into victim environments to maintain persistence and to steal data from them. They also discovered a set of new tools that ToddyCat (which is a common name for the Asian palm civet) is using to enable data collection from victim systems and browsers.

**Multiple Traffic Tunnels in ToddyCat Cyberattacks**

"Having several tunnels to the infected infrastructure implemented with different tools allow \[the\] attackers to maintain access to systems even if one of the tunnels is discovered and eliminated," Kaspersky security researchers said in a blog post this week. "By securing constant access to the infrastructure, \[the\] attackers are able to perform reconnaissance and connect to remote hosts."

ToddyCat is a likely Chinese-language speaking threat actor that Kaspersky has been able to link to attacks going back to at least December 2020. In its initial stages, the group appeared focused on just a small number of organizations in Taiwan and Vietnam. But the threat actor quickly ramped up attacks following the public disclosure of the so-called ProxyLogon vulnerabilities in Microsoft Exchange Server in February 2021. Kaspersky believes ToddyCat might have been among a group of threat actors that targeted the ProxyLogon vulnerabilities even prior to February 2021, but says it has not found evidence yet to back up that conjecture.  

In 2022, Kaspersky reported finding ToddyCat actors using two sophisticated new malware tools dubbed Samurai and Ninja to distribute China Chopper — a well-known commodity Web shell used in the Microsoft Exchange Server attacks — on systems belonging to victims in Asia and Europe.

**Maintaining Persistent Access, Fresh Malware**

Kaspersky's latest investigation into ToddyCat's activities showed the threat actor's tactic to maintain persistent remote access to a compromised network is to establish multiple tunnels to it using different tools. These include using a reverse SSH tunnel to gain access to remote network services; using SoftEther VPN, an open source tool that enables VPN connections via OpenVPN, L2TP/IPSec, and other protocols; and using a lightweight agent (Ngrok) to redirect command-and-control from an attacker-controlled cloud infrastructure to target hosts in the victim environment.

In addition, Kaspersky researchers found ToddyCat actors to be using a fast reverse proxy client to enable access from the Internet to servers behind a firewall or network address translation (NAT) mechanism.

Kaspersky's investigation also showed the threat actor using at least three new tools in its data-collection campaign. One of them is malware that Kaspersky had dubbed "Cuthead" that allows ToddyCat to search for files with specific extensions or words on the victim network, and to store them in an archive.

Another new tool that Kaspersky found ToddyCat using is "WAExp." The malware's task is to search for and collect browser data from the Web version of WhatsApp. 

"For users of the WhatsApp web app, their browser local storage contains their profile details, chat data, the phone numbers of users they chat with and current session data," Kaspersky researchers said. WAExp allows the attacks to gain access to this data by copying the browser's local storage files, the security vendor noted.  

The third tool meanwhile is dubbed "TomBerBil," and allows ToddyCat actors to steal passwords from Chrome and Edge browsers.

"We looked at several tools that allow the attackers to maintain access to target infrastructures and automatically search for and collect data of interest," Kaspersky said. "The attackers are actively using techniques to bypass defenses in an attempt to mask their presence in the system."

The security vendor recommends that organizations block IP addresses of cloud services that provide traffic tunneling and limit the tools that administrators can use to access hosts remotely. Organizations also need to either remove or closely monitor any unused remote access tools in the environment and encourage users not to store passwords in their browsers, Kaspersky said.

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Tag

#sap