Red Hat Security Advisory 2024-0253-03 - An update for sqlite is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0253.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: sqlite security updateAdvisory ID:        RHSA-2024:0253-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0253Issue date:         2024-01-15Revision:           03CVE Names:          CVE-2023-7104====================================================================Summary: An update for sqlite is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.Security Fix(es):* sqlite: heap-buffer-overflow at sessionfuzz (CVE-2023-7104)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-7104References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2256194

Red Hat Security Advisory 2024-0253-03

Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE).
“The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern,” Jon Williams, a senior security

Vulnerability / Network Security

Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE).

"The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern," Jon Williams, a senior security engineer at Bishop Fox, said in a technical analysis shared with The Hacker News.

The vulnerabilities in question are listed below -

*   **CVE-2022-22274** (CVSS score: 9.4) - A stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote, unauthenticated attacker to cause DoS or potentially result in code execution in the firewall.

*   **CVE-2023-0656** (CVSS score: 7.5) - A stack-based buffer overflow vulnerability in the SonicOS allows a remote, unauthenticated attacker to cause DoS, which could result in a crash.

While there are no reports of exploitation of the flaws in the wild, a proof-of-concept (PoC) for CVE-2023-0656 was published by the SSD Secure Disclosure team April 2023.

The cybersecurity firm revealed that the issues could be weaponized by bad actors to trigger repeated crashes and force the appliance to get into maintenance mode, requiring administrative action to restore normal functionality.

"Perhaps most astonishing was the discovery that over 146,000 publicly-accessible devices are vulnerable to a bug that was published almost two years ago," Williams said.

The development comes as watchTowr Labs uncovered multiple stack-based buffer overflow flaws in the SonicOS management web interface and SSL VPN portal that could lead to a firewall crash.

To safeguard against possible threats, it's recommended to update to the last version and ensure that the management interface isn't exposed to the internet.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now

By Owais Sultan
In the rapidly evolving digital world, data management has become a vital component of success for small businesses.…
This is a post from HackRead.com Read the original post: Data Management for Small Businesses

In the rapidly evolving digital world, data management has become a vital component of success for small businesses. As these entities strive to compete in a data-driven world, the challenges they face in effectively managing their data are unique and multifaceted.

This article aims to shed light on the significance of data management for small businesses, emphasizing the role of data in enhancing decision-making, operational efficiency, and customer relationships.

By understanding and leveraging the right data management tools, small businesses can unlock potential, streamline processes, and gain a competitive edge. Here, we learn more about the essentials of data management tailored specifically for the needs and constraints of small enterprises.

****Understanding Data Management****

Data management, at its core, is the systematic process of collecting, storing, processing, and analyzing data to derive meaningful information. For small businesses, this encompasses a range of activities from tracking customer interactions to managing inventory levels.

The essence of data management lies in its ability to transform raw data into actionable insights, facilitating informed decision-making. In a small business setting, effective data management can be the difference between missing opportunities and capitalizing on them.

Key concepts in data management include the efficient collection of accurate data, secure storage that protects against data breaches, and the ability to process and analyze this data to draw valuable conclusions. Each step is critical, as poor data collection practices can lead to unreliable insights, while inadequate storage can compromise data security.

Moreover, the processed data should be easily accessible to decision-makers, ensuring that insights are readily available to guide business strategies. In essence, data management for small businesses isn’t just about handling data; it’s about turning data into a strategic asset that drives growth and enhances customer satisfaction.

****The Importance of Choosing the Right Data Management Tools****

For small businesses, the selection of appropriate data management tools is not just a technological decision; it’s a strategic one. The right tools can significantly enhance a company’s ability to make informed decisions, respond to market changes swiftly, and maintain operational efficiency. When choosing these tools, small businesses must consider several key factors.

Scalability is crucial. The chosen data management solution should grow with the business, accommodating increased data volumes without compromising performance. Cost is another important consideration.

Small businesses need affordable solutions that offer good value for money without unnecessary features that inflate costs. Ease of use is essential; the tools should be user-friendly, requiring minimal technical expertise to operate. This ensures that all team members can utilize them effectively.

Lastly, integration capabilities are vital. The tools should seamlessly integrate with existing systems and software, facilitating a unified approach to data management. By carefully selecting data management tools that align with these criteria, small businesses can harness the power of their data more effectively.

****Data Integration and ETL Processes****

Data integration and ETL (Extract, Transform, Load) processes form the backbone of efficient data management, especially for small businesses dealing with diverse data sources. ETL is a critical procedure where data is extracted from various sources, transformed into a consistent format, and then loaded into a central repository. This process ensures data uniformity and accessibility, key factors in making data-driven decisions.

For small businesses, integrating data from different sources, like sales platforms, customer feedback, and internal databases, provides a comprehensive view of the business operations. This integrated approach allows for more accurate analysis, leading to informed strategic decisions. The transformation phase in ETL is particularly important as it standardizes data, making it more usable and meaningful.

Effective data integration through ETL results in several benefits for small businesses. It enhances data quality by eliminating inconsistencies, saves time by automating data collection and processing, and supports better decision-making by providing a holistic view of business data. By prioritizing efficient data integration and ETL processes, small businesses can leverage their data to its full potential, driving growth and success.

****Leveraging Big Data and Analytics****

Big data and analytics are not just the domain of large corporations. Small businesses, too, can harness these powerful tools to glean insights that drive strategic decisions and operational improvements.

Big data refers to the vast volumes of data generated every minute from various sources like social media, transaction records, and online interactions. For small businesses, leveraging this data through analytics can unveil patterns, trends, and customer preferences that were previously hidden.

The key for small businesses is to start small with big data. They can use affordable and accessible analytics tools to analyze customer data, track sales trends, or monitor online engagement. These insights help in optimizing marketing strategies, improving customer service, and streamlining operations.

The use of analytics in processing big data enables small businesses to make predictions about future trends and customer behaviours, thus allowing them to be proactive rather than reactive. This approach leads to smarter business decisions, tailored marketing campaigns, and ultimately, a significant competitive advantage in the marketplace. By embracing big data and analytics, small businesses can unlock a wealth of information that helps them grow and thrive in today’s data-driven world.

****Best Practices in Data Management** **

For small businesses, adopting best practices in data management is crucial for maximizing the value of their data assets. Firstly, maintaining high data quality is essential. This involves regular cleaning and validation to ensure accuracy and reliability.

Secondly, data security must be a top priority. Implementing robust security measures like encryption and access controls protects sensitive information from breaches. Additionally, conducting regular data audits helps in identifying areas for improvement in data handling processes.

Small businesses should also focus on training staff in data management best practices. This ensures that all team members understand the importance of data accuracy, security, and privacy. By adhering to these best practices, small businesses can not only enhance their operational efficiency but also build trust with their customers by responsibly managing their data.

****Final Word****

Effective data management is pivotal for the growth and success of small businesses. By understanding the basics of data management, choosing the right tools, integrating data effectively, leveraging big data and analytics, and adhering to best practices, small businesses can turn their data into a strategic asset. These efforts lead to better decision-making, enhanced efficiency, and stronger customer relationships.

While the challenges in managing data are significant, the opportunities it presents are even greater. Small businesses that invest in proper data management tools and techniques are well-positioned to thrive in today’s data-centric business environment, staying ahead in the competitive market.

****_RELATED ARTICLES_****

1.  **What Is Incident Management Software?**
2.  **Data Fabric: The Intricate Shield Against Evolving Cyber Threats**
3.  **5 Common Database Management Challenges & How to Solve Them**
4.  **Elevating Data Security: Considerations When Transferring Digital Workspace**
5.  **PCI DSS Compliance for E-commerce: Ensuring the Security of Cardholder Data**

Data Management for Small Businesses

The FTC forced a data broker to stop selling “sensitive location data.” But most companies can avoid such scrutiny by doing the bare minimum, exposing the lack of protections Americans truly have.

The US Federal Trade Commission (FTC) reached a settlement last week with an American data broker known to sell location data gathered from hundreds of phone apps to the US government, among others. According to the agency, the company ignored in some cases the requests of consumers not to do so, and more broadly failed to ensure that users were notified of how their harvested data would be used.

News that the settlement requires the company, formerly known as X-Mode, to stop selling people's “sensitive location data” was met with praise from politicians calling the outcome “historic” and reporters who deemed the settlement a “landmark” win for the American consumer. This “major privacy win,” as one outlet put it, will further require the company, rebranded as Outlogic after its activities were exposed, to delete all of the data it has illicitly gathered so far.

Outlogic, for its part, offered a drastically different take, denying any wrongdoing and vowing that the FTC order would “not require any significant changes” to its practices or products. While the company is potentially downplaying the cost to its business, it is certainly true that any ripples from the settlement will be imperceptible to consumers and Outlogic's industry at large—one which profits by selling Americans' secrets to spy agencies, police, and the US military, helping the government to dodge the supervision of the courts and all its pesky warrant requirements.

The FTC's crackdown on X-Mode's activities may indeed be historic, but from a consumer standpoint, it’s for all the wrong reasons. First, it's important to understand that the order concerns what the FTC is calling “sensitive location data,” a term of art impressively deluding and redundant at the same time. Any data that exhaustively chronicles a person’s physical presence—every moment of every day—is inherently sensitive.

There is no question that persistently tracking people’s whereabouts reveals political, religious, and even sexual associations. The act of collecting this data is a sweeping form of surveillance no matter the target. While it is easier, perhaps, to imagine how guests of “medical and reproductive health clinics, places of religious worship and domestic abuse shelters” are especially vulnerable to commercial forms of stalking, there are myriad ways in which people's whereabouts, once exposed, can endanger or ruin their lives.

Location data is inherently sensitive—so says society, an overwhelming consensus of privacy experts, and the highest court in the land.

One need only look to Congress to understand the level of fear that this precise form of surveillance inspires in those who’ve never been battered, stalked, or unhoused. Members of the House Intelligence Committee—most of whom lack an internal reproductive system—are vying at this very moment to shield federal lawmakers alone from this invasive and omnipresent tracking.

Given the current political climate, it’s not hard to imagine why politicians are afraid of surrendering their location data, leaving it accessible to virtually anyone on the cheap. But they are relatively few in number, and hardly any of them fall into the category of “most at-risk” for violence or discrimination. Unlike those who do, members of Congress have the unique power to change the law and protect themselves. Given the opportunity, that’s precisely what many have opted to do—just as they did a year earlier for federal judges.

Protection against persistent tracking is something we can definitively say is being sought after by a privileged few. But citing law enforcement needs and nebulous national security concerns, protecting anyone other than themselves is a matter that apparently demands more discussion, more caution, and more delay.

If America is creating a new protected class to shield federal lawmakers alone from surveillance, then it must accept that, unlike the vast majority of citizens who’ve never been accused of a crime, this class would be historically replete with criminals. US lawmakers have faced charges and convictions for bribery, perjury, and felony theft, not to mention obstruction of justice, withholding evidence of secret arms sales, and the possession of child sexual abuse material.

The FTC's victory in the Outlogic case is even more piddling in light of the commission today being led by one of the most vocal privacy protection advocates it has ever had, chairperson Lina Khan. That the company is still in business and touting how little the settlement matters underscores how truly underpowered and ill-equipped the FTC is for the job it's been asked to perform. It is not actually armed to protect Americans from being relentlessly surveilled, nor is that even technically its mission. Under the current regime, the agency is permitted at best to hold surveillants to a standard of “notice and choice,” one both illusory and enabling corporations (and the US government by proxy) to right now track Americans’ whereabouts at any time, all of the time, with no real legal concern.

The FTC’s principle regulatory weapon in privacy cases is known as Section Five, and it largely targets companies in privacy cases for lying. The case against Outlogic, for example, is based in part on its failure to disclose how people’s location data would ultimately be used. It did not, the FTC says, notify users that their data might be sold to government agencies for “national security purposes.” Here, the FTC's job is to ensure consumers receive “notice” of how their data is being used. But the job is a sham, and everyone who's ever clicked “I agree” on a privacy policy knows it.

Before the Outlogic case, only a small number of Americans even knew the company existed. An even smaller number had ever glanced at its terms of service, and even fewer—we’re now approaching zero—could be said to have actually read and understood what it said. Commissioners at the agency have long acknowledged as much.

“It is no wonder,” Commissioner Rebecca Slaughter said in 2019, that “98 percent” of people in one study clicked “I agree” to privacy policies that “disclosed sharing with the NSA and paying for the service by signing away your first-born child.”

The same study, out of York University, labeled the “notice” aspect of privacy regulation “the biggest lie on the internet,” detailing how research showed over 75 percent of users opted to skip reading privacy policies altogether. Those who didn’t, on average, spent roughly a minute skimming policies that would’ve taken an ordinary person 15-17 minutes to actually read, let alone comprehend.

Famously, a decade ago, researchers out of Carnegie Mellon determined that it would take an average person roughly 76 working days to consume all of the privacy policies they encounter in a year. The use of “gotcha clauses” has also been repeatedly used to demonstrate that people _do not read_ the terms of service. To wit, in July 2010, it was reported that more than 7,500 people had unknowingly sold their souls to a video game company.

These facts demonstrate unequivocally that the crime for which Outlogic is accused—failing to give consumers notice of how their data would be used—is not one of greed or opportunity, but sheer stupidity. The law is all but performative, so companies have nothing to lose by complying. Users can be counted on to agree to basically anything (up to and including being enslaved for all eternity).

People cannot “consent” to something they do not understand, just as consent cannot really be called “consent” when it involves a metaphorical gun to the head.

The truth is that even if users were strapped to a chair and forced to spend the 600 hours a year it would take to devour all of the purposely dense legal terms they agree to, many of those agreements are patently coerced, as the Supreme Court has said. So ubiquitous now is the technology tracking our movements, in “no meaningful sense” are people voluntarily accepting the risks of allowing companies to access and share that information. It is a matter of participating in society or not; of being employed or not.

It is also the FTC’s job to protect consumers from harm. But the definition of “harm”—like “notify” and “consent”—is watered down to the point of creating a serious gap between what it means and how most people actually use it. Companies are effectively free to harm people anyway, so long as it’s deemed "reasonably" avoidable by the agency and beneficial to competition on the whole.

Should the FTC fail to act, consumers have little recourse but to sit and suffer. It is nearly impossible for an individual to obtain standing in federal court to sue a corporation after their privacy is violated, assuming they can even afford to try. Merely exposing personal information is not enough. A test created by two recent Supreme Court rulings requires victims to demonstrate “concrete harm” to bring a case, even if tying any one company to an act of identity theft, harassment, or financial loss is, in nearly every instance, a fantastical objective.

Congress's last big push to pass a comprehensive privacy bill—the American Data Privacy and Protection Act of 2022—ironically would have exempted Outlogic’s activities altogether. Fearful of fighting a war on two fronts, its authors choose to purposefully avoid going after companies contracting with intelligence and law enforcement agencies. But there is one bill floating in Congress right now aimed at ending the government’s ongoing practice of buying location data from Outlogic-like companies and circumventing the courts.

The Fourth Amendment Is Not For Sale Act was introduced and passed by the House Judiciary Committee last month as part of a bigger package aiming to reauthorize and reform the problematic US intelligence program known as Section 702. The bill is slated to be taken up again this year, likely in February, sparking one of the fiercest fights over US privacy law Americans have seen in years.

Outlawing a pervasive practice that helped transform domestic surveillance into a windfall industry is a move that would be actually historic—for all the right reasons.

The Sad Truth of the FTC's Location Data Privacy Settlement

By Uzair Amir
In the labyrinth of financial scams, one of the most insidious is the retirement banking scam. Imagine a…
This is a post from HackRead.com Read the original post: Unravelling Retirement Banking Scams and How To Protect Yourself

In the labyrinth of financial scams, one of the most insidious is the retirement banking scam. Imagine a lifetime of diligence and effort, only to be robbed in your golden years. According to the FBI, in 2020 alone, financial scams targeting seniors netted more than $1 billion. This grim reality affects countless unsuspecting retirees, demonstrating the urgency to learn how to protect ourselves.

It’s a quiet crisis that we need to address, and understanding these scams is the first step toward safeguarding our financial future. Let’s begin this journey to empowerment, where knowledge is our most potent defence.

****Anatomy of Retirement Banking Scams**  **

Retirement crypto and banking scams are not random acts but carefully crafted strategies that exploit vulnerabilities. Typically, these scams involve manipulating trust, inciting fear, or promising high investment returns. As we delve deeper, we’ll explore the common tactics scammers utilize, the red flags to watch out for, and the preventive measures you can take.

****What are retirement banking scams?****

Retirement banking scams refer to fraudulent acts that aim to deceive retirees, leading to the loss of their hard-earned savings. Scammers prey on retirees, exploiting their lack of familiarity with the intricate financial landscape or utilizing their trust in seemingly legitimate institutions.

These scams may materialize in various forms, such as bogus investment opportunities, fake lottery winnings, or even imposter relatives in need.

Awareness and vigilance are critical to debunk these deceptions. As we proceed, let’s examine the most common types of these scams, spot their tell-tale signs, and delve into practical preventive measures.

****Common techniques used by scammers****

Here are some common techniques scammers may use against you:

****Phishing: The digital predator****

Phishing is a common scamming technique prevalent in the digital sphere. It’s characterized by deceptive emails or text messages sent by scammers masquerading as trustworthy entities.

The primary purpose is to trick unsuspecting victims into disclosing sensitive information like passwords, credit card numbers, or Social Security numbers. These messages often contain seemingly urgent requests or threats, compelling the recipient to act immediately.

It’s essential to stay vigilant against such attempts by not clicking on suspicious links or sharing personal information via unsecured platforms.

****The Pension Advance Scam****

The pension advance scam is a deceptive scheme where retirees are offered an immediate cash advance in exchange for future pension payments.

This proposal may seem attractive to those in financial need but often includes exorbitant interest rates and fees.

Consequently, retirees pay significantly more than the initial advance, depleting their retirement funds prematurely. Awareness and caution are vital when dealing with offers that seem too good to be true.

****Bogus investment opportunities****

Bogus investment opportunities represent fraudulent schemes designed to dupe people into separating them from their hard-earned money. Scammers craft convincing narratives around high-return, low-risk investment opportunities. They use persuasive language and seemingly credible documentation to appear legitimate.

However, these investments are non-existent or grossly misrepresented, leaving the investors with significant financial losses once the scam is revealed. The best defence is scepticism and due diligence before investing.

****Fake charity scams targeting retirees****

Fake charity scams targeting retirees exploit the kind-heartedness of senior citizens. Scammers pose as charity workers, requesting donations for fabricated causes. They employ emotional narratives to elicit sympathy and manipulate their targets into giving money. Often, these scams occur during disaster relief scenarios, where the urgency and desire to help are high. The best protection is thorough research before donating to any charity.

****How to protect yourself from these scams****

Protecting oneself from scams requires vigilance and proactive measures. Here are straightforward and effective ways you can protect yourself:

*   **Firstly**, always verify the legitimacy of financial offers and investment opportunities through credible sources when you want to open a retirement account. Be wary of promises that sound too good to be true.
*   **Secondly**, consult a trusted financial advisor or family member before committing to any financial agreement.
*   **Thirdly**, adopt scepticism towards unsolicited charitable requests. Research the charity thoroughly before donating.
*   **Fourthly**, a cyber insurance policy can protect you from cyber threats and scams. This policy covers financial losses from cyber fraud, identity theft, and other online crimes.
*   **Lastly**, stay informed about current scams and fraud tactics through reliable sources such as government websites or trusted news outlets.

****Identifying Vulnerable Targets****

Scammers incessantly devise cunning strategies to exploit the vulnerability of others, particularly retirees. Understanding their tactics is paramount for self-protection.

The following sections delve into how scammers identify their targets, the psychological ploys they use, and practical strategies to safeguard themselves. Stay vigilant, stay informed, and maintain a healthy level of scepticism.

****Who falls prey to retirement banking scams?****

Typically, retirement banking scams ensnare individuals who are less tech-savvy or unfamiliar with the tactics used by fraudsters. Often, these are retirees who have accumulated substantial savings over their lifetime. They might be more trusting, isolated, or lack the knowledge of modern digital safety measures. Scammers exploit these vulnerabilities, crafting clever ruses to deceive them.

****Psychological tactics used on retirees****

Scammers employ specific psychological tactics to connive retirees. They wield fear, intimidation, and urgency to pressure their victims into impulsive decisions. They may impersonate authority figures, instilling a sense of obligation in the retiree.

Alternatively, they may feign distress, appealing to the retiree’s empathy. Flattery or promises of high returns can also lure unsuspecting individuals into their snare, making them easy prey for fraudulent schemes.

****The role of technology in targeting seniors****

Technology plays a crucial role in scams targeting seniors. Scammers leverage digital platforms like email, social media, and online banking to reach their victims. These platforms allow for anonymity, making it easier to impersonate trusted entities. Additionally, advanced technologies enable scammers to execute sophisticated schemes, seizing substantial sums from unsuspecting retirees who may lack digital literacy skills.

****Empowering Your Golden Years: Concluding Strategies to Outsmart Scammers****

The fight against scams starts with awareness and education. Knowledge is the best defence. Understanding how these scams operate and identifying their red flags allows you to avoid falling into these well-laid traps.

In conclusion, vigilance and awareness are vital in protecting your financial well-being. A moment’s precaution can save you the heartache of financial loss. Safeguard your golden years—they are the reward for a lifetime of perseverance and hard work.

1.  **Hackers used fake job website to scam jobless US veterans**
2.  **US military personnel defrauded into losing $822m via scams**
3.  **Chinese Scammers Use Fake Loan Apps for Money Laundering**
4.  **New Phishing Scam Targets Digital Payment and Online Banking Users**
5.  **“Wire bank transfer” malware phishing scam hits SWIFT banking system**

Unravelling Retirement Banking Scams and How To Protect Yourself

Red Hat Security Advisory 2024-0208-03 - An update for openssl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0208.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Low: openssl security update  
Advisory ID:        RHSA-2024:0208-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0208  
Issue date:         2024-01-12  
Revision:           03  
CVE Names:          CVE-2023-3446  
====================================================================

Summary: 

An update for openssl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

* openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)

* OpenSSL: Excessive time spent checking DH q parameter value (CVE-2023-3817)

* openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* openssl: Excessive time spent checking DH q parameter value (JIRA:RHEL-14237)

* openssl: Excessive time spent checking DH keys and parameters (JIRA:RHEL-14243)

* openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (JIRA:RHEL-16536)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-3446

References:

https://access.redhat.com/security/updates/classification/#low  
https://bugzilla.redhat.com/show_bug.cgi?id=2224962  
https://bugzilla.redhat.com/show_bug.cgi?id=2227852  
https://bugzilla.redhat.com/show_bug.cgi?id=2248616

Red Hat Security Advisory 2024-0208-03

Linux versions 4.20 and above have an issue where ktls writes into spliced readonly pages.

Linux 4.20 KTLS Read-Only Write

Ubuntu Security Notice 6548-5 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6548-5  
January 10, 2024

linux-iot vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-iot: Linux kernel for IoT platforms

Details:

It was discovered that Spectre-BHB mitigations were missing for Ampere  
processors. A local attacker could potentially use this to expose sensitive  
information. (CVE-2023-3006)

It was discovered that the USB subsystem in the Linux kernel contained a  
race condition while handling device descriptors in certain situations,  
leading to a out-of-bounds read vulnerability. A local attacker could  
possibly use this to cause a denial of service (system crash).  
(CVE-2023-37453)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did  
not properly validate some attributes passed from userspace. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly expose sensitive information (kernel memory). (CVE-2023-39189)

Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did  
not properly validate u32 packets content, leading to an out-of-bounds read  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-39192)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did  
not properly validate SCTP data, leading to an out-of-bounds read  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-39193)

Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in  
the Linux kernel did not properly handle state filters, leading to an out-  
of-bounds read vulnerability. A privileged local attacker could use this to  
cause a denial of service (system crash) or possibly expose sensitive  
information. (CVE-2023-39194)

Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did  
not properly handle socket buffers (skb) when performing IP routing in  
certain circumstances, leading to a null pointer dereference vulnerability.  
A privileged attacker could use this to cause a denial of service (system  
crash). (CVE-2023-42754)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel  
did not properly handle queue initialization failures in certain  
situations, leading to a use-after-free vulnerability. A remote attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-5178)

Budimir Markovic discovered that the perf subsystem in the Linux kernel did  
not properly handle event groups, leading to an out-of-bounds write  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-5717)

It was discovered that the TLS subsystem in the Linux kernel did not  
properly perform cryptographic operations in some situations, leading to a  
null pointer dereference vulnerability. A local attacker could use this to  
cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2023-6176)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   linux-image-5.4.0-1028-iot      5.4.0-1028.29

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6548-5  
   https://ubuntu.com/security/notices/USN-6548-1  
   CVE-2023-3006, CVE-2023-37453, CVE-2023-39189, CVE-2023-39192,  
   CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-5178,  
   CVE-2023-5717, CVE-2023-6176

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1028.29

Ubuntu Security Notice USN-6548-5

A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers.
Cybersecurity firm Volexity, which identified the activity on the network of one of its customers in the second week of December 2023, attributed it to a hacking group it tracks under the name UTA0178

A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers.

Cybersecurity firm Volexity, which identified the activity on the network of one of its customers in the second week of December 2023, attributed it to a hacking group it tracks under the name **UTA0178**. There is evidence to suggest that the VPN appliance may have been compromised as early as December 3, 2023.

The two vulnerabilities that have been exploited in the wild to achieve unauthenticated command execution on the ICS device are as follows -

*   **CVE-2023-46805** (CVSS score: 8.2) - An authentication bypass vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

*   **CVE-2024-21887** (CVSS score: 9.1) - A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

The vulnerabilities can be fashioned into an exploit chain to take over susceptible instances over the internet.

"If CVE-2024-21887 is used in conjunction with CVE-2023-46805, exploitation does not require authentication and enables a threat actor to craft malicious requests and execute arbitrary commands on the system," Ivanti said in an advisory.

The company said it has observed attempts on the part of the threat actors to manipulate Ivanti's internal integrity checker (ICT), which offers a snapshot of the current state of the appliance.

Patches are expected to be released in a staggered manner starting from the week of January 22, 2024. In the interim, users have been recommended to apply a workaround to safeguard against potential threats.

In the incident analyzed by Volexity, the twin flaws are said to have been employed to "steal configuration data, modify existing files, download remote files, and reverse tunnel from the ICS VPN appliance."

The attacker further modified a legitimate CGI file (compcheck.cgi) on the ICS VPN appliance to allow command execution. In addition, a JavaScript file loaded by the Web SSL VPN login page was altered to log keystrokes and exfiltrate credentials associated with users logging into the device.

"The information and credentials collected by the attacker allowed them to pivot to a handful of systems internally, and ultimately gain unfettered access to systems on the network," Volexity researchers Matthew Meltzer, Robert Jan Mora, Sean Koessel, Steven Adair, and Thomas Lancaster said.

The attacks are also characterized by reconnaissance efforts, lateral movement, and the deployment of a custom web shell dubbed GLASSTOKEN via the backdoored CGI file to maintain persistent remote access to the external-facing web servers.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in an alert of its own, said it has added the two shortcomings to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to apply the fixes by January 31, 2024.

"Internet-accessible systems, especially critical devices like VPN appliances and firewalls, have once again become a favorite target of attackers," Volexity said.

"These systems often sit on critical parts of the network, cannot run traditional security software, and typically sit at the perfect place for an attacker to operate. Organizations need to make sure they have a strategy in place to be able to monitor activity from these devices and quickly respond if something unexpected occurs."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure

By Waqas
In the world of emerging cybersecurity threats, understanding the significance of threat intelligence is crucial and can not…
This is a post from HackRead.com Read the original post: Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats

In the world of emerging cybersecurity threats, understanding the significance of threat intelligence is crucial and can not be ignored. Threat intelligence involves the systematic collection, analysis, and application of data to understand potential cybersecurity threats, enabling organizations to proactively defend against malicious activities.

Python, renowned for its readability and ease of use, emerges as a key tool in the domain of threat intelligence. This article digs into the critical role of Python in threat intelligence, explaining how it facilitates the efficient analysis and mitigation of cybersecurity threats.

****Understanding Threat Intelligence****

Threat intelligence is a strategic initiative containing the comprehensive gathering, analysis, and utilization of information to discern potential cyber threats. This information spans indicators of compromise (IoCs), tactics, techniques, and procedures (TTPs) employed by threat actors, as well as contextual insights into the prevailing threat landscape. Effective threat intelligence empowers organizations to anticipate and counteract cyber threats before they can manifest.

In cybersecurity, the demand for experienced Python developers has become paramount. For those actively seeking highly skilled Python developers to enhance their team and strengthen defences against growing threats, consider exploring potential hires at Lemon.io.

****Python’s Role in Threat Intelligence****

Python’s dominance in threat intelligence is backed by its readability, user-friendly syntax, and expansive library ecosystem conducive to data manipulation, analysis, and visualization. The following delineates key areas where Python is instrumental in threat intelligence:

1.  **Data Collection:**

Python’s adeptness in web scraping, API interactions, and data extraction is harnessed by analysts to collect information from diverse sources, including open-source intelligence (OSINT), dark web forums, and social media platforms. Tools like BeautifulSoup and requests streamline the process of retrieving and parsing data.

2.  **Data Analysis:**

Leveraging libraries such as Pandas and NumPy, Python empowers analysts to process and analyze substantial datasets efficiently. This capability is paramount in threat intelligence, where discerning patterns and anomalies within extensive data sets is imperative.

3.  **Machine Learning for Threat Detection:**

Python’s rich machine-learning libraries, including Scikit-learn and TensorFlow, empower analysts to develop models for identifying patterns associated with cyber threats. Machine learning algorithms enhance the precision of detecting malicious activities by determining deviations from normal behaviour.

4.  **Integration with Security Information and Event Management (SIEM) Systems:**

Python scripts seamlessly integrate threat intelligence feeds into SIEM systems, ensuring that analysts are equipped with real-time, up-to-date information for making informed decisions.

5.  **Threat Indicators Analysis:**

Python plays a crucial role in analyzing Indicators of Compromise (IoCs) like IP addresses, domains, and hashes. Analysts use Python scripts to connect and enhance this data, offering a detailed insight into the threat environment.

6.  **Visualization:**

Python’s visualization libraries, including Matplotlib and Seaborn, facilitate the creation of meaningful visual representations of data. Visualization is indispensable for presenting intricate threat intelligence data comprehensibly to both technical and non-technical stakeholders.

****Python Scripts for Threat Intelligence****

Consider a hypothetical scenario to elucidate the utilization of Python scripts in threat intelligence:

****Scenario: Detecting Phishing Domains****

Phishing remains a persistent threat, prompting threat intelligence analysts to focus on identifying and thwarting phishing domains. Python’s automation capabilities are harnessed for this purpose:

1.  **Data Collection:**

Python scripts systematically collect data from various sources, including domain registration databases, blacklists, and WHOIS information. This information forms the foundation for constructing a comprehensive list of potential phishing domains.

2.  **Data Analysis:**

Analysts employ Pandas to filter and analyze the collected data, identifying patterns and characteristics common to phishing domains. This analysis encompasses factors such as the age of the domain, the registrar’s reputation, and the presence of specific keywords.

3.  **Machine Learning Model:**

A machine learning model, trained on historical data, predicts the likelihood of a domain being utilized for phishing. Scikit-learn facilitates the implementation and deployment of such models.

4.  **Integration with SIEM:**

Python scripts seamlessly integrate the results into the organization’s SIEM system, ensuring that security teams have real-time insights into potential phishing threats.

5.  **Visualization:**

Utilizing Matplotlib or Seaborn, analysts craft visual reports highlighting identified phishing domains and associated risk factors. This aids in effectively communicating the threat landscape to decision-makers.

****Mitigating Cyber Threats Proactively****

Python not only facilitates the analysis of cyber threats but also enables proactive defence measures. The following outlines ways in which Python contributes to the mitigation of cyber threats:

1.  **Automated Response:**

Python scripts can be tailored to trigger automated responses based on identified threats. For instance, upon detecting a specific IoC, an automated script can promptly update firewall rules to impede communication with the associated IP address.

2.  **Threat Hunting:**

Analysts leverage Python to develop tools aiding in threat-hunting activities. These tools continuously monitor the network, detect anomalies, and deliver real-time alerts for suspicious activities.

3.  **Incident Response Automation:**

Python scripts prove invaluable in automating incident response procedures. From isolating compromised systems to collecting forensic data, automation accelerates response times, minimizing the impact of a cyber incident.

4.  **Continuous Monitoring:**

Python’s proficiency in working with APIs and interfacing with diverse security tools facilitates the development of continuous monitoring solutions. This ensures that threat intelligence is seamlessly integrated into an organization’s security posture.

****Challenges and Considerations****

While Python is a potent tool in threat intelligence, analysts must navigate challenges and considerations:

1.  **Accuracy of Machine Learning Models:**

The accuracy of machine learning models is contingent on the quality of the data they are trained on. Analysts must continually update and refine these models to ensure precise threat detection.

2.  **Privacy Concerns:**

When collecting and analyzing threat intelligence, analysts must navigate privacy concerns and ensure compliance with regulations. Python scripts should be crafted with privacy considerations at the forefront.

3.  **Resource Intensiveness:**

Certain threat intelligence processes, particularly those involving extensive datasets or complex machine learning models, can be resource-intensive. Analysts must consider computational requirements and optimize scripts accordingly.

4.  **Integration Challenges:**

Integrating threat intelligence into existing security infrastructure can pose challenges. Python scripts must be compatible with diverse systems and APIs, necessitating ongoing maintenance and updates.

****Conclusion****

The integration of Python in threat intelligence will persist as a strategic player for organizations seeking to strengthen their cybersecurity and protect sensitive information from malicious actors.

****_RELATED ARTICLES_****

1.  **Tools for Testing Your Proxy Servers**
2.  **What is an OSINT Tool – Best OSINT Tools**
3.  **What Programming Languages Do Ethical Hackers Use?**
4.  **CISA Publishes List of Free Cybersecurity Tools and Services**
5.  **Using GenAI in Your Business? Here Is What You Need To Know**

Tag

#ssl