Red Hat Security Advisory 2024-7855-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include bypass and denial of service vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7855.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:7855-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7855  
Issue date:         2024-10-09  
Revision:           03  
CVE Names:          CVE-2024-9392  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* thunderbird: 115.16/128.3 ()

* firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service (CVE-2024-9399)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 131 and Thunderbird 131 (CVE-2024-9403)

* firefox: thunderbird: Potential directory upload bypass via clickjacking (CVE-2024-9397)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9401)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9402)

* firefox: thunderbird: External protocol handlers could be enumerated via popups (CVE-2024-9398)

* firefox: thunderbird: Potential memory corruption during JIT compilation (CVE-2024-9400)

* firefox: thunderbird: Potential memory corruption may occur when cloning certain objects (CVE-2024-9396)

* firefox: thunderbird: Cross-origin access to PDF contents through multipart responses (CVE-2024-9393)

* firefox: thunderbird: Cross-origin access to JSON contents through multipart responses (CVE-2024-9394)

* firefox: thunderbird: Compromised content process can bypass site isolation (CVE-2024-9392)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-9392

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2314431  
https://bugzilla.redhat.com/show_bug.cgi?id=2315945  
https://bugzilla.redhat.com/show_bug.cgi?id=2315947  
https://bugzilla.redhat.com/show_bug.cgi?id=2315949  
https://bugzilla.redhat.com/show_bug.cgi?id=2315950  
https://bugzilla.redhat.com/show_bug.cgi?id=2315951  
https://bugzilla.redhat.com/show_bug.cgi?id=2315952  
https://bugzilla.redhat.com/show_bug.cgi?id=2315953  
https://bugzilla.redhat.com/show_bug.cgi?id=2315954  
https://bugzilla.redhat.com/show_bug.cgi?id=2315956  
https://bugzilla.redhat.com/show_bug.cgi?id=2315957  
https://bugzilla.redhat.com/show_bug.cgi?id=2315959

Red Hat Security Advisory 2024-7855-03

Red Hat Security Advisory 2024-7853-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include bypass and denial of service vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7853.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:7853-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7853  
Issue date:         2024-10-09  
Revision:           03  
CVE Names:          CVE-2024-9392  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* thunderbird: 115.16/128.3 ()

* firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service (CVE-2024-9399)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 131 and Thunderbird 131 (CVE-2024-9403)

* firefox: thunderbird: Potential directory upload bypass via clickjacking (CVE-2024-9397)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9401)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9402)

* firefox: thunderbird: External protocol handlers could be enumerated via popups (CVE-2024-9398)

* firefox: thunderbird: Potential memory corruption during JIT compilation (CVE-2024-9400)

* firefox: thunderbird: Potential memory corruption may occur when cloning certain objects (CVE-2024-9396)

* firefox: thunderbird: Cross-origin access to PDF contents through multipart responses (CVE-2024-9393)

* firefox: thunderbird: Cross-origin access to JSON contents through multipart responses (CVE-2024-9394)

* firefox: thunderbird: Compromised content process can bypass site isolation (CVE-2024-9392)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-9392

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2314431  
https://bugzilla.redhat.com/show_bug.cgi?id=2315945  
https://bugzilla.redhat.com/show_bug.cgi?id=2315947  
https://bugzilla.redhat.com/show_bug.cgi?id=2315949  
https://bugzilla.redhat.com/show_bug.cgi?id=2315950  
https://bugzilla.redhat.com/show_bug.cgi?id=2315951  
https://bugzilla.redhat.com/show_bug.cgi?id=2315952  
https://bugzilla.redhat.com/show_bug.cgi?id=2315953  
https://bugzilla.redhat.com/show_bug.cgi?id=2315954  
https://bugzilla.redhat.com/show_bug.cgi?id=2315956  
https://bugzilla.redhat.com/show_bug.cgi?id=2315957  
https://bugzilla.redhat.com/show_bug.cgi?id=2315959

Red Hat Security Advisory 2024-7853-03

Red Hat Security Advisory 2024-7842-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include bypass and denial of service vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7842.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:7842-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7842  
Issue date:         2024-10-09  
Revision:           03  
CVE Names:          CVE-2024-8900  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service (CVE-2024-9399)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 131 and Thunderbird 131 (CVE-2024-9403)

* firefox: thunderbird: Potential directory upload bypass via clickjacking (CVE-2024-9397)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9401)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9402)

* firefox: thunderbird: External protocol handlers could be enumerated via popups (CVE-2024-9398)

* firefox: thunderbird: Potential memory corruption during JIT compilation (CVE-2024-9400)

* firefox: thunderbird: Potential memory corruption may occur when cloning certain objects (CVE-2024-9396)

* firefox: thunderbird: Cross-origin access to PDF contents through multipart responses (CVE-2024-9393)

* firefox: thunderbird: Cross-origin access to JSON contents through multipart responses (CVE-2024-9394)

* firefox: thunderbird: Compromised content process can bypass site isolation (CVE-2024-9392)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-8900

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2315945  
https://bugzilla.redhat.com/show_bug.cgi?id=2315947  
https://bugzilla.redhat.com/show_bug.cgi?id=2315949  
https://bugzilla.redhat.com/show_bug.cgi?id=2315950  
https://bugzilla.redhat.com/show_bug.cgi?id=2315951  
https://bugzilla.redhat.com/show_bug.cgi?id=2315952  
https://bugzilla.redhat.com/show_bug.cgi?id=2315953  
https://bugzilla.redhat.com/show_bug.cgi?id=2315954  
https://bugzilla.redhat.com/show_bug.cgi?id=2315956  
https://bugzilla.redhat.com/show_bug.cgi?id=2315957  
https://bugzilla.redhat.com/show_bug.cgi?id=2315959

Red Hat Security Advisory 2024-7842-03

Abu Dhabi, UAE, October 9, 2024 – Dragonz Lab, a Web3 gaming studio originating from the UK, today…

**Abu Dhabi, UAE, October 9, 2024** – Dragonz Lab, a Web3 gaming studio originating from the UK, today announced a $9 million funding round led by Syndicate Capital Limited Partnership Fund (LPF), a venture fund specializing in Web3, Blockchain, and AI investments, playing a role as a community builder to foster the development of digital economy.

This strategic equity investment aims to enhance the development of Dragonz Land, a utility-driven Play-2-Earn game, promoting digital property rights and the Web3 ecosystem.

Through Syndicate Capital LPFs support, Dragonz Lab plans to use the funds to further develop _Dragonz Land’s_ ecosystem, which already boasts a base of over 5.3 million monthly active users, to enhance the game’s features such as PvP tournaments, strategic guild collaborations and customer loyalty program. 

_Dragonz Land_ combines unique NFT cards with dynamic gameplay and community engagement. Players can buy, collect, level up, and trade cards across 16 distinct factions while earning in-game tokens through tapping and completing various tasks.

“Partnering with Syndicate Capital LPF represents a huge leap forward for the Dragonz ecosystem,” said Andy Chen, Representative of Co-General Partner of Syndicate Capital LPF and Board Member of Dragonz Lab.

“Being the frontier and market leader in the Web3 spaces, our expertise in building ecosystems around loyalty programs aligns with our vision to create a sustainable and engaging gaming environment. This strategic investment and synergy will bolster our game development while providing our users with innovative  digital assets and digital property rights to increase user acquisition and retention in the Web3 spaces.”

The game, available on both mobile and desktop via Telegram, utilizes blockchain for secure transactions and true ownership of digital assets. Syndicate Capital LPF is targeting the burgeoning tap game market, as many titles have struggled to retain traction.

The move marks the frontier Asian VC fund from the Web2 space to invest in a Web3 Play-2-Earn game. _Dragonz Land_ stands out for its engaging gameplay combined with a successful revenue model, including in-game purchases and upgrades for ultimate users or digital property owners. 

“Dragonz Land represents the future of gaming and Web3 more broadly, combining our success in customer loyalty programs as well as the excitement of GameFi, innovative blockchain technology, and a successful revenue model” said Dr. Albert Yip, Chairman of Syndicate Capital Group.

“As a Web3 builder, we are thrilled to support this project, providing our expertise to boost the Dragonz ecosystem and produce synergy with our other digital loyalty programs such as Asia Top, which is one of our flagship portfolio companies of Syndicate Capital LPF .”

The project is set to deliver its tokenomics and additional features in the coming months, reinforcing its commitment to continually growing its user base and community engagement.

****About Dragonz Land****

Dragonz Land is a Trading Card Game where players buy, collect, merge, and evolve NFT cards to increase their power, rarity, and value. The cutting edge Web3 MTG style trading card game is implemented into a tap-to-earn using features like claiming Game Cards and NFTs, KOL/Heroes guilds.

****About Syndicate Capital Group****

Syndicate Capital Group is the Investor Champion and Corporate Champion of Global Fast Track, aiming to support the fintech and CBDC initiatives globally. It is the Co-General Partner of Syndicate Capital LPF which is a Web3 venture fund with a special focus for investments in the digital economy. Syndicate Capital Group is a Web3 investor of the investors network at Cyberport that is positioned as the Web3 Hub in Hong Kong.

****Media Contact****

*   Franky Kas
*   PR Manager
*   \[email protected\]

1.  What is Blockchain Gaming and its Play-to-Earn Model?
2.  The Rise of Blockchain Gaming and Secure Marketplaces
3.  Atari Asteroids Hack Sparks Blockchain Gaming Transparency Debate

Dragonz Lab Secures $9M from Syndicate Capital to Boost ‘Dragonz Land’ Ecosystem

Red Hat Security Advisory 2024-7599-03 - Red Hat OpenShift Container Platform release 4.16.16 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution, denial of service, integer overflow, and out of bounds write vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7599.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.16.16 bug fix and security update  
Advisory ID:        RHSA-2024:7599-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7599  
Issue date:         2024-10-09  
Revision:           03  
CVE Names:          CVE-2023-3462  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.16.16 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.16.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.16.16. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:7602

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.16/release_notes/ocp-4-16-release-notes.html

Security Fix(es):

* glibc: Out of bounds write in iconv may lead to remote code execution  
(CVE-2024-2961)  
* Hashicorp/vault: Vault’s LDAP Auth Method Allows for User Enumeration  
(CVE-2023-3462)  
* openssl: Possible denial of service in X.509 name checks (CVE-2024-6119)  
* path-to-regexp: Backtracking regular expressions cause ReDoS  
(CVE-2024-45296)  
* libexpat: Negative Length Parsing Vulnerability in libexpat  
(CVE-2024-45490)  
* libexpat: Integer Overflow or Wraparound (CVE-2024-45491)  
* libexpat: integer overflow (CVE-2024-45492)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.16/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-3462

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2228020  
https://bugzilla.redhat.com/show_bug.cgi?id=2273404  
https://bugzilla.redhat.com/show_bug.cgi?id=2306158  
https://bugzilla.redhat.com/show_bug.cgi?id=2308615  
https://bugzilla.redhat.com/show_bug.cgi?id=2308616  
https://bugzilla.redhat.com/show_bug.cgi?id=2308617  
https://bugzilla.redhat.com/show_bug.cgi?id=2310908  
https://issues.redhat.com/browse/OCPBUGS-31878  
https://issues.redhat.com/browse/OCPBUGS-35850  
https://issues.redhat.com/browse/OCPBUGS-36816  
https://issues.redhat.com/browse/OCPBUGS-37654  
https://issues.redhat.com/browse/OCPBUGS-37689  
https://issues.redhat.com/browse/OCPBUGS-38687  
https://issues.redhat.com/browse/OCPBUGS-38797  
https://issues.redhat.com/browse/OCPBUGS-39377  
https://issues.redhat.com/browse/OCPBUGS-41709  
https://issues.redhat.com/browse/OCPBUGS-41905  
https://issues.redhat.com/browse/OCPBUGS-42012  
https://issues.redhat.com/browse/OCPBUGS-42015  
https://issues.redhat.com/browse/OCPBUGS-42057  
https://issues.redhat.com/browse/OCPBUGS-42113  
https://issues.redhat.com/browse/OCPBUGS-42382

Red Hat Security Advisory 2024-7599-03

Red Hat Security Advisory 2024-7590-03 - Red Hat OpenShift Container Platform release 4.12.67 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution, open redirection, and out of bounds write vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7590.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.12.67 bug fix and security update  
Advisory ID:        RHSA-2024:7590-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7590  
Issue date:         2024-10-09  
Revision:           03  
CVE Names:          CVE-2024-2961  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.12.67 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.67. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:7592

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Security Fix(es):

* glibc: Out of bounds write in iconv may lead to remote code execution  
(CVE-2024-2961)  
* webob: WebOb's location header normalization during redirect leads to  
open redirect (CVE-2024-42353)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2024-2961

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2273404  
https://issues.redhat.com/browse/OCPBUGS-38610  
https://issues.redhat.com/browse/OCPBUGS-41585  
https://issues.redhat.com/browse/OCPBUGS-41600  
https://issues.redhat.com/browse/OCPBUGS-41854  
https://issues.redhat.com/browse/OCPBUGS-41881  
https://issues.redhat.com/browse/OCPBUGS-42161  
https://issues.redhat.com/browse/OCPBUGS-42166

Red Hat Security Advisory 2024-7590-03

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.

This issue affects Apache XML Graphics FOP: 2.9.

Users are recommended to upgrade to version 2.10, which fixes the issue.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-jqfv-jrvq-95jm: Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability

Cybercriminals exploit disaster relief efforts to target vulnerable individuals and organizations in Florida, compromising the integrity of relief…

Cybercriminals exploit disaster relief efforts to target vulnerable individuals and organizations in Florida, compromising the integrity of relief efforts. Learn more about FEMA claim scams, phishing attacks, and malicious files disguised as FEMA documents.

As Florida recovers from Hurricane Helene and braces for Hurricane Milton, a Category 5 storm expected to hit Tampa on October 9, 2024, a new challenge emerges in the online world: Cybercriminals are taking advantage of the disaster victims and relief organizations, exploiting the confusion and urgency of the moment for financial gain.

Veriti, a cybersecurity research firm, recently uncovered three disturbing cybersecurity threats that have surfaced amid the disastrous situation. These scams, which target both individuals and organizations, involve fraudulent Federal Emergency Management Agency (**FEMA**) claims, phishing campaigns, and malware disguised as legitimate FEMA documents.

****Phishing Using FEMA****

While FEMA claims scamming is a direct attack on disaster victims, phishing campaigns are another method cybercriminals are using to exploit the hurricane’s aftermath. Veriti researchers have reported a spike in newly registered domains that appear to be linked to hurricane relief efforts.

These websites, with names like **hurricane-helene-relief(.)com** and **hurricanehelenerelief(.)com**, are designed to trick users into providing sensitive data such as Social Security numbers and financial information.

These fake websites often create a sense of urgency, offering immediate relief or grant opportunities, which makes victims more likely to fall for the scam. The phishing campaigns are typically carried out via email, where recipients are directed to these **fraudulent sites** under the guise of applying for aid. Once victims enter their personal information, the attackers either sell the data or use it for financial fraud.

****Fake FEMA Assistance Providers****

According to Veriti’s **blog post** shared with Hackread.com ahead of publishing on Tuesday, October 8, cybercriminals are posing as FEMA assistance providers and creating fake FEMA claims to steal personal information and disaster relief funds from vulnerable storm survivors.

One such cybercrime forum is BlackBones, where scammers have openly shared strategies for tricking victims, with one user going by the alias “brokedegenerate” even posting detailed instructions on how to submit fraudulent FEMA claims.

****Malware in FEMA Documents****

Cybercriminals are also disguising malware as legitimate FEMA documents, adding an extra layer of danger for those seeking aid. In one instance, a file called fema\_grants\_manager\_user\_manual.pdf was uploaded to **VirusTotal**, a virus-scanning service. While it appeared to be a legitimate FEMA document related to disaster recovery, Veriti researchers discovered that it contained malicious code.

The file, which referenced official FEMA grant systems like the Grants Manager and Grants Portal, aimed to lure users into trusting it. However, hidden within the document was a malicious payload that would redirect users to a suspicious website, infecting their systems with malware. Although no active infections have been reported yet, the existence of such files indicates that cybercriminals are ready to strike whenever disaster relief efforts are in full swing.

Nevertheless, as Florida residents work to rebuild their homes and lives after Hurricane Helene, cybercriminals are grabbing the opportunity to take advantage of the situation. Staying aware of these threats and taking steps to protect yourself can help keep these scams from making an already tough situation worse.

1.  Hackers Dropping Malware in Fake “terror alert” Emails
2.  FEMA leaks sensitive details of 2.3 million disaster survivors
3.  Online Scam Alert Associated with the Nepal Earthquake Disaster
4.  Hackers Sending Fake Ebola Virus reports in emails with Malware
5.  Fancy Bears Hacked MH17 crash investigators with phishing attack

Scammers Hit Florida Hurricane Victims with Fake FEMA Claims, Malware Files

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild.
Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild.

Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based Edge browser over the past month.

Five of the vulnerabilities are listed as publicly known at the time of release, with two of them coming under active exploitation as a zero-day -

*   **CVE-2024-43572** (CVSS score: 7.8) - Microsoft Management Console Remote Code Execution Vulnerability (Exploitation detected)
*   **CVE-2024-43573** (CVSS score: 6.5) - Windows MSHTML Platform Spoofing Vulnerability (Exploitation Detected)
*   **CVE-2024-43583** (CVSS score: 7.8) - Winlogon Elevation of Privilege Vulnerability
*   **CVE-2024-20659** (CVSS score: 7.1) - Windows Hyper-V Security Feature Bypass Vulnerability
*   **CVE-2024-6197** (CVSS score: 8.8) - Open Source Curl Remote Code Execution Vulnerability (non-Microsoft CVE)

It's worth noting that CVE-2024-43573 is similar to CVE-2024-38112 and CVE-2024-43461, two other MSHTML spoofing flaws that have been exploited prior to July 2024 by the Void Banshee threat actor to deliver the Atlantida Stealer malware.

Microsoft makes no mention of how the two vulnerabilities are exploited in the wild, and by whom, or how widespread they are. It credited researchers Andres and Shady for reporting CVE-2024-43572, but no acknowledgment has been given for CVE-2024-43573, raising the possibility that it could be a case of patch bypass.

"Since the discovery of CVE-2024-43572, Microsoft now prevents untrusted MSC files from being opened on a system," Satnam Narang, senior staff research engineer at Tenable, said in a statement shared with The Hacker News.

The active exploitation of CVE-2024-43572 and CVE-2024-43573 has also been noted by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which added them to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the fixes by October 29, 2024.

Among all the flaws disclosed by Redmond on Tuesday, the most severe concerns a remote execution flaw in Microsoft Configuration Manager (CVE-2024-43468, CVSS score: 9.8) that could allow unauthenticated actors to run arbitrary commands.

"An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database," it said.

Two other Critical-rated severity flaws also relate to remote code execution in Visual Studio Code extension for Arduino (CVE-2024-43488, CVSS score: 8.8) and Remote Desktop Protocol (RDP) Server (CVE-2024-43582, CVSS score: 8.1).

"Exploitation requires an attacker to send deliberately-malformed packets to a Windows RPC host, and leads to code execution in the context of the RPC service, although what this means in practice may depend on factors including RPC Interface Restriction configuration on the target asset," Adam Barnett, lead software engineer at Rapid7, told about CVE-2024-43582.

"One silver lining: attack complexity is high, since the attacker must win a race condition to access memory improperly."

**Software Patches from Other Vendors**

Outside of Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including —

*   Adobe
*   Amazon Web Services
*   Apache Avro
*   Apple
*   AutomationDirect
*   Bosch
*   Broadcom (including VMware)
*   Cisco (including Splunk)
*   Citrix
*   CODESYS
*   Dell
*   Draytek
*   Drupal
*   F5
*   Fortinet
*   GitLab
*   Google Android
*   Google Chrome
*   Google Cloud
*   Hitachi Energy
*   HP
*   HP Enterprise (including Aruba Networks)
*   IBM
*   Intel
*   Ivanti
*   Jenkins
*   Juniper Networks
*   Lenovo
*   Linux distributions Amazon Linux, Debian, Oracle Linux, Red Hat, Rocky Linux, SUSE, and Ubuntu
*   MediaTek
*   Mitsubishi Electric
*   MongoDB
*   Mozilla Firefox, Firefox ESR, and Thunderbird
*   NVIDIA
*   Okta
*   Palo Alto Networks
*   Progress Software
*   QNAP
*   Qualcomm
*   Rockwell Automation
*   Salesforce Tableau
*   Samsung
*   SAP
*   Schneider Electric
*   Siemens
*   Sophos
*   Synology
*   Trend Micro
*   Veritas
*   Zoom, and
*   Zyxel

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Pro-Ukrainian hacktivists from DumpForums claim to have breached Russian cybersecurity giant Dr.Web, stealing over 10 TB of sensitive…

Pro-Ukrainian hacktivists from DumpForums claim to have breached Russian cybersecurity giant Dr.Web, stealing over 10 TB of sensitive data, including internal projects, client databases, and critical infrastructure access.

DumpForums, a pro-Ukrainian hacktivist forum, claims to have breached Dr.Web, a Russian cybersecurity company and antivirus solutions provider. As a result, hackers have announced stealing over 10 TB of internal, customer/client data, Hackread.com can exclusively confirm.

The attack dates back to Saturday, September 14th, when Dr.Web (also known as Doctor Web, Doctor Web Ltd., and Company Doctor Web) identified that it had suffered a cyberattack. After investigating, the Russian cybersecurity giant published a brief blog post on September 17, 2024, revealing that the company was targeted in a cyberattack aimed at its “resources.” At that time, Doctor Web claimed that it had “prevented the attack in a timely manner” and that no user data was accessed or stolen.

However, as Hackread.com’s research team discovered, on the morning of October 8th, 2024, DumpForums hacktivists used their Telegram account to announce and claim responsibility for the September attack. The hacktivists’ Telegram post contradicted what Doctor Web had stated about the hack in September.

The screenshot shows Dr.Web’s Telegram post (left) and DumpForums’ post on the right. The original Russian-language screenshots have been translated into English using Yandex AI Image Translator (Credit: Hackread.com).

****DumpForums Hacktivists Claim Dr.Web’s Infrastructure Hack****

According to the post, the hacktivists stated they had hacked the infrastructure of Dr.Web, adding that they infiltrated the company’s local network after planning everything in advance. After that, they systematically hacked more servers and resources “within just a few days.”

Additionally, the hackers claimed to have hacked and extracted data from Dr.Web’s corporate GitLab server, where internal developments and projects were stored, including the corporate email server, Confluence, Redmine, Jenkins, Mantis, and RocketChat.

The hackers also claimed to have accessed and downloaded the entire client/user database, which they had already leaked on their official forum.

To further authenticate their claims, the hackers provided several dumps of databases from internal resources such as ldap.dev.drweb.com, vxcube.drweb.com, bugs.drweb.com, antitheft.drweb.com, and rt.drweb.com, among others.

****Accessing Dr.Web’s domain controller?****

What’s even more concerning are the claims from the hacktivists that they gained control of Dr.Web’s domain controller, a critical part of the company’s infrastructure. The domain controller manages authentication and access to all systems within a network. By compromising it, the attackers would have had unlimited access to the entire network, allowing them to continuously extract massive amounts of sensitive data.

This level of control reportedly enabled them to remain undetected for a month while siphoning off around 10 terabytes of data. The group also pointed out Dr.Web’s alleged poor security, stating that they spent an “entire month” in the system while the company continued selling products to secure others.

It is important to note that Hackread.com has reached out to Dr.Web regarding the claims made by DumpForums hacktivists, and this article will be updated accordingly.

****Ukraine and Russia Cyberwarfare****

It is also worth noting that DumpForums is known for attacking critical Russian infrastructure. In June 2022, the same group was behind the hack and defacement of the Russian Ministry of Construction, Housing, and Utilities. The hackers also stole the ministry’s entire database and demanded 0.5 BTC as ransom to prevent the data from being leaked online.

Nevertheless, the cyber warfare between Russia and Ukraine is gaining new momentum. Hackers from both countries have been targeting each other’s critical infrastructure since the conflict began on February 24, 2022.

According to Ukraine’s State Service of Special Communications and Information Protection (SSSCIP), there has been a significant shift in Russian cyber operations against Ukraine in the first half of 2024. The new strategy marks a departure from previous broad-spectrum attacks to a more targeted approach focusing on Ukraine’s military and defence sectors.

On the other hand, Ukrainian hackers have been quite active over the past few months. Some of their claimed cyberattacks include targeting banks and shutting down ATMs in Russia, targeting the government sector and damaging petabytes of data, crippling the country’s tax system, and other actions.

1.  Ukrainian Hacktivists Trick Russian Military Wives for Personal Info
2.  Protestware Uses npm Packages to Call for Peace in Gaza, Ukraine
3.  Ukraine Hacks Russia’s Aviation Agency, Claims “Aviation Cannibalism”
4.  57,000 Kaspersky Fan Club Forum User Data Leaked in Hosting Breach
5.  Ukrainian Hackers Breach Email of APT28 Leader, Who’s Wanted by FBI

Tag

#web