Red Hat Security Advisory 2024-7703-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include bypass and denial of service vulnerabilities.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7703.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox security updateAdvisory ID:        RHSA-2024:7703-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7703Issue date:         2024-10-07Revision:           03CVE Names:          CVE-2024-8900====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.Security Fix(es):* firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service (CVE-2024-9399)* firefox: thunderbird: Memory safety bugs fixed in Firefox 131 and Thunderbird 131 (CVE-2024-9403)* firefox: thunderbird: Potential directory upload bypass via clickjacking (CVE-2024-9397)* firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9401)* firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9402)* firefox: thunderbird: External protocol handlers could be enumerated via popups (CVE-2024-9398)* firefox: thunderbird: Potential memory corruption during JIT compilation (CVE-2024-9400)* firefox: thunderbird: Potential memory corruption may occur when cloning certain objects (CVE-2024-9396)* firefox: thunderbird: Cross-origin access to PDF contents through multipart responses (CVE-2024-9393)* firefox: thunderbird: Cross-origin access to JSON contents through multipart responses (CVE-2024-9394)* firefox: thunderbird: Compromised content process can bypass site isolation (CVE-2024-9392)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-8900References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2315945https://bugzilla.redhat.com/show_bug.cgi?id=2315947https://bugzilla.redhat.com/show_bug.cgi?id=2315949https://bugzilla.redhat.com/show_bug.cgi?id=2315950https://bugzilla.redhat.com/show_bug.cgi?id=2315951https://bugzilla.redhat.com/show_bug.cgi?id=2315952https://bugzilla.redhat.com/show_bug.cgi?id=2315953https://bugzilla.redhat.com/show_bug.cgi?id=2315954https://bugzilla.redhat.com/show_bug.cgi?id=2315956https://bugzilla.redhat.com/show_bug.cgi?id=2315957https://bugzilla.redhat.com/show_bug.cgi?id=2315959

Red Hat Security Advisory 2024-7703-03

Red Hat Security Advisory 2024-7702-03 - An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include bypass and denial of service vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7702.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:7702-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7702  
Issue date:         2024-10-07  
Revision:           03  
CVE Names:          CVE-2024-8900  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service (CVE-2024-9399)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 131 and Thunderbird 131 (CVE-2024-9403)

* firefox: thunderbird: Potential directory upload bypass via clickjacking (CVE-2024-9397)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9401)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9402)

* firefox: thunderbird: External protocol handlers could be enumerated via popups (CVE-2024-9398)

* firefox: thunderbird: Potential memory corruption during JIT compilation (CVE-2024-9400)

* firefox: thunderbird: Potential memory corruption may occur when cloning certain objects (CVE-2024-9396)

* firefox: thunderbird: Cross-origin access to PDF contents through multipart responses (CVE-2024-9393)

* firefox: thunderbird: Cross-origin access to JSON contents through multipart responses (CVE-2024-9394)

* firefox: thunderbird: Compromised content process can bypass site isolation (CVE-2024-9392)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-8900

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2315945  
https://bugzilla.redhat.com/show_bug.cgi?id=2315947  
https://bugzilla.redhat.com/show_bug.cgi?id=2315949  
https://bugzilla.redhat.com/show_bug.cgi?id=2315950  
https://bugzilla.redhat.com/show_bug.cgi?id=2315951  
https://bugzilla.redhat.com/show_bug.cgi?id=2315952  
https://bugzilla.redhat.com/show_bug.cgi?id=2315953  
https://bugzilla.redhat.com/show_bug.cgi?id=2315954  
https://bugzilla.redhat.com/show_bug.cgi?id=2315956  
https://bugzilla.redhat.com/show_bug.cgi?id=2315957  
https://bugzilla.redhat.com/show_bug.cgi?id=2315959  
https://issues.redhat.com/browse/RHEL-13327

Red Hat Security Advisory 2024-7702-03

Red Hat Security Advisory 2024-7701-03 - An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7701.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: git security updateAdvisory ID:        RHSA-2024:7701-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7701Issue date:         2024-10-07Revision:           03CVE Names:          CVE-2024-32004====================================================================Summary: An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.Security Fix(es):* git: RCE while cloning local repos (CVE-2024-32004)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-32004References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2280428

Red Hat Security Advisory 2024-7701-03

San Francisco, CA, 8th October 2024, CyberNewsWire

**San Francisco, CA, October 8th, 2024, CyberNewsWire**

Partnership aims to help businesses eliminate vulnerable attack surfaces and provide a more streamlined user experience.

**Badge Inc****.**, the award-winning privacy company enabling Identity without Secrets™, today announced a partnership with CyberArk and the public release of its integration in the CyberArk Marketplace.

According to the CyberArk website: The Badge CyberArk Identity integration allows specified users to authenticate into CyberArk Identity and its downstream apps and services, using Badge. This enables user-centric privacy, allowing users to issue and revoke digital identity and keys on-demand using biometrics and/or other factors.

The blog post mentions that privileged users hold highly sensitive access credentials and face an ever-increasing threat surface. This has made these users and their credentials prime targets for cyber-attacks. By leveraging Badge’s technology to eliminate the storage of user credentials, organizations benefit unprecedented security, while maintaining a great user experience.

> Archit Lohokare, CyberArk’s GM for Workforce Solutions, “CyberArk is excited to partner with Badge and offer this new integration. It is an important step forward in our mission to deliver comprehensive identity security solutions across all identities and all environments. Badge’s expertise in eliminating stored secrets and removing friction in difficult use cases complements our identity security platform.”

**Integration to CyberArk Marketplace**

Badge and CyberArk are launching a new integration that: 

1.  Enables unprecedented multi-factor authentication experience across all channels, including new and shared devices,
2.  Offers next-generation privacy technology and a more streamlined user experience to customers
3.  Brings phishing-resistant authentication to account recovery workflows.

> “We’re proud to partner with CyberArk. This integration represents a pivotal step forward in the quest to defeat cyber threats targeting privileged accounts. Stored privileged credentials are a high-target vulnerability, and eliminating this weak point is a big step forward. It also underscores the importance of innovative cybersecurity solutions and demonstrates how advancements in technology can be leveraged to enhance security measures across the board,” said Dr. Tina P. Srivastava, Badge Co-founder. “By addressing the vulnerabilities associated with traditional authentication methods like passwords, organizations can protect their most critical assets more effectively, ensuring that their ‘keys to the kingdom’ remain out of reach from cyber adversaries.”

As cyber threats evolve, so are the approaches to cybersecurity. Together, Badge and CyberArk are helping businesses eliminate vulnerable attack surfaces and provide a more streamlined user experience.

**About CyberArk** 

CyberArk is the global leader in identity security. Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud environments and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets.

**About Badge**

Badge enables privacy-preserving authentication to every application, on any device, without storing user secrets or PII. Badge’s patented technology allows users to derive private keys on the fly using their biometrics and factors of choice without the need for hardware tokens or secrets. Badge was founded by field-tested cryptography PhDs from MIT and is venture-backed by tier 1 investors. Customers and partners include top Fortune companies across healthcare, banking, retail, and services. To learn more: **www.badgeinc.com****.**

**Contact**

**Media Contact**  
**John O’Brien**  
**SBS Comms**  
**\[email protected\]**

Badge and CyberArk Announce Partnership to Redefine Privacy in PAM and Secrets Management

Company leadership needs to ensure technology teams are managing continuous monitoring, automated testing, and alignment with business needs across their enterprise.

Source: Stu Gray via Alamy Stock Photo

COMMENTARY

This summer, a cyberattack disrupted the normal operations of thousands of auto dealerships across the United States, affecting everything from records to scheduling, causing no end to annoyances and leaving hordes of exasperated salespeople and customers at their wits' end.

The most recent and dramatic example of hacker success illustrates that IT security must become the first priority at the highest levels of an organization. This modern-day plague shows no sign of subsiding. With each successful attack, hackers become even more emboldened. 

It's an all-out assault, requiring the corporate equivalent of an all-points bulletin. In short, cybersecurity is not just an IT issue; it's a critical business risk that requires active involvement from the entire C-suite, in particular, the CEO. This is one area of the enterprise that may benefit from micromanagement in an effort to display the importance of the pursuit.

My colleagues and I regularly advise our clients that they should be asking three questions of their team: What are we doing? Is it enough? How do we know?

Effective cybersecurity requires the right balance of spending and technology value, continuous assessment, and the adoption of advanced technologies such as automation and artificial intelligence. Few regret wise investments in cybersecurity defenses.

The increasing frequency and sophistication of cyberattacks underscore the seriousness for executive-level engagement in cybersecurity. Recent incidents, such as the SEC's $10 million fine on the New York Stock Exchange's parent company and the notorious SolarWinds action, illustrate the severe impact on business operations and regulatory compliance. These events highlight the necessity for CEOs to recognize their critical role in cybersecurity. 

Ascension Healthcare's ransomware attack, among other prime examples, serves as an object lesson in the urgency of the matter, especially in healthcare. Doctors and pharmacies struggled with order and prescription issues, leading to lost revenue as patients sought services elsewhere, and virtually bringing the massive hospital system to its figurative knees, causing tremendous frustration among staff and patients. This situation underscored the need for technologists to understand business operations and implement security measures that support the business. 

CEOs must understand that cybersecurity is central to their management duties and not just "tech stuff" to be delegated. They need to receive business-outcome-focused reporting with the same level of rigor as financial and safety reporting. This reporting should answer the above three questions using system-generated metrics and integrate results into business decisions to stay ahead of the increasingly destructive capabilities of adversaries conspiring to do them harm.

CEOs set the organizational tone and ultimately are responsible for cybersecurity. Their endorsement of security measures can drive home their importance, ensure alignment with business goals across the senior leadership team, and communicate capabilities to their boards. The following steps are essential for CEOs to prioritize cybersecurity:

*   Engage in cybersecurity planning and response: CEOs and executive leaders must be actively involved in cybersecurity planning and response. Their endorsement and understanding of cybersecurity's importance can fuel organizational commitment and set the right tone. Deciding how to handle hypothetical ransom, extortion, and fraud events accelerates response when an event occurs.
    

*   Conduct business analysis for cyber spending: Utilize business analysis to determine the appropriate cybersecurity investments. Focus on preventive technologies that provide greater risk reduction and ensure that the spending aligns with business priorities.
    

*   Implement multifactor authentication: Ensure that multifactor authentication is in place and effective. Avoid inferior solutions that users can mindlessly click through, and prioritize strong authentication measures for password resets to enhance security.
    

*   Regularly review and assess cybersecurity measures: Frequently review assessment results and address important gaps. This includes adopting automation for continuous threat exposure management and ensuring cybersecurity is integrated into business operations.
    

*   Adopt advanced technologies and continuous testing: Embrace automation and advanced technologies for security testing and closing security gaps. Stay ahead of emerging threats by keeping up with advancements in AI and other technologies.
    

*   Seek independent advice and expertise: Business leaders will be called to answer for hiring well-qualified cybersecurity advisers and executives. Use the three questions to understand the current state of cybersecurity within the organization. Seek independent advice to keep up with current threats and defenses. Obtain board members' cybersecurity expertise combined with other essential business skills, or hire independent advisers to provide valuable insights.
    

What hasn't played out yet is the full impact of increased AI usage by both attackers and defenders. As AI technology advances, organizations must keep up to ensure their cybersecurity measures are effective. A recent survey of IT security officers revealed that increasing use of AI will lead to more security breaches, while, conversely, four in five intend to use AI to guard against those same breaches. The ongoing complexity and expanding surface area of systems likely will lead to an increase in cyberattacks through 2030. This necessitates continuous vigilance, adoption of automation for threat and vulnerability management, and regular reviews of cybersecurity measures. Companies will also have to understand and protect against new AI-enabled systems that they are developing. 

Cyber-risk is inherently a business risk, and effective cybersecurity measures are essential for protecting valuable information and maintaining system availability.

One might argue that cybersecurity can be managed solely by IT departments. However, without executive-level involvement, organizations may face significant business disruptions and regulatory penalties. CEOs must understand their role in cybersecurity to ensure comprehensive protection.

The consistent pattern of cyber incidents causing business disruptions and regulatory fines supports the conclusion that CEO involvement is crucial to ensure that companies can answer the three questions: What are we doing? Is it enough? How do we know? Determining business value at risk and the right amount of protection requires business input. As company leadership, now is the time to ensure that technology teams are managing continuous monitoring, automated testing, and alignment with business needs across the enterprise.

**About the Author**

Managing Director, BPM

Ken Frantz is a transformational IT leader and consultant with experience in global financial services, emerging technology, and top-tier health system networks. He focuses on innovative technology advancement with reduced risk and is interested in high impact/high value opportunities to improve IT operations, deliver value, and help companies grow efficiently and effectively.

Your IT Systems Are Being Attacked. Are You Prepared?

Is your store at risk? Discover how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life case study here.

The Invisible Threat in Online Shopping
When is a checkout page, not a checkout page? When it's an “evil twin”! Malicious redirects can send unsuspecting shoppers to these perfect-looking

Web Security / Payment Fraud

**Is your store at risk? Discover how an innovative web security solution saved one global online retailer and its unsuspecting customers from an "evil twin" disaster. Read the full real-life case study here.******The Invisible Threat in Online Shopping****

When is a checkout page, not a checkout page? When it's an "evil twin"! Malicious redirects can send unsuspecting shoppers to these perfect-looking fake checkout pages and steal their payment information, so could your store be at risk too? Discover how an innovative web security solution saved one global online retailer and its unsuspecting customers from an "evil twin" disaster. (You can read the full case study here)

****Anatomy of an Evil Twin Attack****

In today's fast-paced world of online shopping, convenience often trumps caution. Shoppers quickly move through product selection to checkout, rarely scrutinizing the process. This lack of attention creates an opportunity for cybercriminals to exploit.

****The Deceptive Redirect****

The attack begins on a legitimate shopping site but uses a malicious redirect to guide shoppers to a fraudulent checkout page. This "evil twin" page is meticulously designed to mimic the authentic site, making it nearly impossible for the average user to detect the deception.

****The Devil in the Details****

The only telltale sign might be a subtle change in the URL. For example:

*   Legitimate: Fabulousclothingstore.com
*   Fraudulent: Fabulousclothingstre.com/checkout

Did you spot the missing 'o'? This technique, known as typosquatting, involves registering domain names that closely resemble legitimate websites.

****The Data Heist****

Once on the fake checkout page, unsuspecting shoppers enter their sensitive financial information, which is then forwarded to the attackers. This stolen data can be used for fraudulent transactions or sold on the dark web, potentially leading to significant financial losses for the victims.

****The Infection Vector: How Websites Get Compromised****

While the specific infection method in this case study remains unclear (a common scenario in cybersecurity incidents), we can infer that the attackers likely employed a common technique such as a cross-site scripting (XSS) attack. These attacks exploit vulnerabilities in website code or third-party plugins to inject malicious scripts.

****Evading Detection: The Art of Obfuscation****

Malicious actors use code obfuscation to bypass traditional security measures. Obfuscation in programming is analogous to using unnecessarily complex language to convey a simple message. It's not encryption, which renders text unreadable, but rather a method of camouflaging the true intent of the code.

****Example of Obfuscated Code****

Developers routinely use obfuscation to protect their intellectual property, but hackers use it too, to hide their code from malware detectors. This is just part of what the Reflectiz security solution found on the victim's website:

\*note: _for obvious reasons, the client wants to stay anonymous. That's why we changed the real url name with a fictional one._

This obfuscated snippet conceals the true purpose of the code, which includes the malicious redirect and an event listener designed to activate upon specific user actions. You can read more about the details of this in the full case study.

****Unmasking the Threat: Deobfuscation and Behavioral Analysis****

Traditional signature-based malware detection often fails to identify obfuscated threats. The Reflectiz security solution employs deep behavioral analysis, monitoring millions of website events to detect suspicious changes.

Upon identifying the obfuscated code, Reflectiz's advanced deobfuscation tool reverse-engineered the malicious script, revealing its true intent. The security team promptly alerted the retailer, providing detailed evidence and a comprehensive threat analysis.

****Swift Action and Consequences Averted****

The retailer's quick response in removing the malicious code potentially saved them from:

1.  Substantial regulatory fines (GDPR, CCPA, CPRA, PCI-DSS)
2.  Class action lawsuits from affected customers
3.  Revenue loss due to reputational damage

****The Imperative of Continuous Protection****

This case study underscores the critical need for robust, continuous web security monitoring. As cyber threats evolve, so too must our defenses. By implementing advanced security solutions like Reflectiz, businesses can protect both their assets and their customers from sophisticated attacks.

For a deeper dive into how Reflectiz protected the retailer from this common yet dangerous threat, we encourage you to read the full case study here.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Case Study: The Evil Twin Checkout Page 

**According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?**

An attacker needs physical access to the target computer to plug in a malicious USB drive.

CVE-2024-43536: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?**

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Tag

#vulnerability