Ubuntu Security Notice 6819-2 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6819-2June 11, 2024linux-aws, linux-oracle vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10Summary:Several security issues were fixed in the Linux kernel.Software Description:- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-oracle: Linux kernel for Oracle Cloud systemsDetails:Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kerneldid not properly validate H2C PDU data, leading to a null pointerdereference vulnerability. A remote attacker could use this to cause adenial of service (system crash). (CVE-2023-6356, CVE-2023-6535,CVE-2023-6536)Chenyuan Yang discovered that the RDS Protocol implementation in the Linuxkernel contained an out-of-bounds read vulnerability. An attacker could usethis to possibly cause a denial of service (system crash). (CVE-2024-23849)It was discovered that a race condition existed in the Bluetooth subsystemin the Linux kernel, leading to a null pointer dereference vulnerability. Aprivileged local attacker could use this to possibly cause a denial ofservice (system crash). (CVE-2024-24860)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM64 architecture;   - PowerPC architecture;   - RISC-V architecture;   - S390 architecture;   - Core kernel;   - x86 architecture;   - Block layer subsystem;   - Cryptographic API;   - ACPI drivers;   - Android drivers;   - Drivers core;   - Power management core;   - Bus devices;   - Device frequency scaling framework;   - DMA engine subsystem;   - EDAC drivers;   - ARM SCMI message protocol;   - GPU drivers;   - IIO ADC drivers;   - InfiniBand drivers;   - IOMMU subsystem;   - Media drivers;   - Multifunction device drivers;   - MTD block device drivers;   - Network drivers;   - NVME drivers;   - Device tree and open firmware driver;   - PCI driver for MicroSemi Switchtec;   - Power supply drivers;   - RPMSG subsystem;   - SCSI drivers;   - QCOM SoC drivers;   - SPMI drivers;   - Thermal drivers;   - TTY drivers;   - VFIO drivers;   - BTRFS file system;   - Ceph distributed file system;   - EFI Variable file system;   - EROFS file system;   - Ext4 file system;   - F2FS file system;   - GFS2 file system;   - JFS file system;   - Network file systems library;   - Network file system server daemon;   - File systems infrastructure;   - Pstore file system;   - ReiserFS file system;   - SMB network file system;   - BPF subsystem;   - Memory management;   - TLS protocol;   - Ethernet bridge;   - Networking core;   - IPv4 networking;   - IPv6 networking;   - Logical Link layer;   - MAC80211 subsystem;   - Multipath TCP;   - Netfilter;   - NetLabel subsystem;   - Network traffic control;   - SMC sockets;   - Sun RPC protocol;   - AppArmor security module;   - Intel ASoC drivers;   - MediaTek ASoC drivers;   - USB sound devices;(CVE-2023-52612, CVE-2024-26808, CVE-2023-52691, CVE-2023-52618,CVE-2023-52463, CVE-2023-52447, CVE-2024-26668, CVE-2023-52454,CVE-2024-26670, CVE-2024-26646, CVE-2023-52472, CVE-2024-26586,CVE-2023-52681, CVE-2023-52453, CVE-2023-52611, CVE-2023-52622,CVE-2024-26641, CVE-2023-52616, CVE-2024-26592, CVE-2023-52606,CVE-2024-26620, CVE-2023-52692, CVE-2024-26669, CVE-2023-52623,CVE-2023-52588, CVE-2024-26616, CVE-2024-26610, CVE-2024-35839,CVE-2023-52490, CVE-2023-52672, CVE-2024-26612, CVE-2023-52617,CVE-2023-52697, CVE-2024-26644, CVE-2023-52458, CVE-2023-52598,CVE-2024-35841, CVE-2023-52664, CVE-2023-52635, CVE-2023-52676,CVE-2023-52669, CVE-2024-26632, CVE-2023-52486, CVE-2024-26625,CVE-2023-52608, CVE-2024-26634, CVE-2023-52599, CVE-2024-26618,CVE-2024-26640, CVE-2023-52489, CVE-2023-52675, CVE-2023-52678,CVE-2024-26583, CVE-2023-52693, CVE-2023-52498, CVE-2024-26649,CVE-2023-52670, CVE-2023-52473, CVE-2023-52449, CVE-2023-52667,CVE-2023-52467, CVE-2023-52686, CVE-2024-26633, CVE-2023-52666,CVE-2024-35840, CVE-2024-26629, CVE-2024-26595, CVE-2023-52593,CVE-2023-52687, CVE-2023-52465, CVE-2024-26627, CVE-2023-52493,CVE-2023-52491, CVE-2024-26636, CVE-2024-26584, CVE-2023-52587,CVE-2023-52597, CVE-2023-52462, CVE-2023-52633, CVE-2023-52696,CVE-2024-26585, CVE-2023-52589, CVE-2023-52456, CVE-2023-52470,CVE-2024-35838, CVE-2024-26645, CVE-2023-52591, CVE-2023-52464,CVE-2023-52609, CVE-2024-26608, CVE-2023-52450, CVE-2023-52584,CVE-2023-52469, CVE-2023-52583, CVE-2023-52451, CVE-2023-52495,CVE-2023-52626, CVE-2023-52595, CVE-2023-52680, CVE-2023-52632,CVE-2024-26582, CVE-2024-35837, CVE-2023-52494, CVE-2023-52614,CVE-2023-52443, CVE-2023-52698, CVE-2023-52448, CVE-2024-26615,CVE-2023-52452, CVE-2023-52492, CVE-2024-26647, CVE-2023-52468,CVE-2023-52594, CVE-2023-52621, CVE-2024-26638, CVE-2024-26594,CVE-2024-26673, CVE-2023-52457, CVE-2023-52677, CVE-2023-52607,CVE-2024-26623, CVE-2023-52488, CVE-2023-52497, CVE-2023-52445,CVE-2024-26607, CVE-2023-52610, CVE-2024-35842, CVE-2023-52690,CVE-2023-52683, CVE-2023-52444, CVE-2024-26671, CVE-2023-52455,CVE-2023-52679, CVE-2024-26598, CVE-2023-52674, CVE-2023-52627,CVE-2023-52619, CVE-2023-52487, CVE-2023-52446, CVE-2024-35835,CVE-2023-52682, CVE-2023-52685, CVE-2023-52694, CVE-2024-26631)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10   linux-image-6.5.0-1021-aws      6.5.0-1021.21   linux-image-6.5.0-1024-oracle   6.5.0-1024.24   linux-image-6.5.0-1024-oracle-64k  6.5.0-1024.24   linux-image-aws                 6.5.0.1021.21   linux-image-oracle              6.5.0.1024.26   linux-image-oracle-64k          6.5.0.1024.26After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6819-2   https://ubuntu.com/security/notices/USN-6819-1   CVE-2023-52443, CVE-2023-52444, CVE-2023-52445, CVE-2023-52446,   CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52450,   CVE-2023-52451, CVE-2023-52452, CVE-2023-52453, CVE-2023-52454,   CVE-2023-52455, CVE-2023-52456, CVE-2023-52457, CVE-2023-52458,   CVE-2023-52462, CVE-2023-52463, CVE-2023-52464, CVE-2023-52465,   CVE-2023-52467, CVE-2023-52468, CVE-2023-52469, CVE-2023-52470,   CVE-2023-52472, CVE-2023-52473, CVE-2023-52486, CVE-2023-52487,   CVE-2023-52488, CVE-2023-52489, CVE-2023-52490, CVE-2023-52491,   CVE-2023-52492, CVE-2023-52493, CVE-2023-52494, CVE-2023-52495,   CVE-2023-52497, CVE-2023-52498, CVE-2023-52583, CVE-2023-52584,   CVE-2023-52587, CVE-2023-52588, CVE-2023-52589, CVE-2023-52591,   CVE-2023-52593, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597,   CVE-2023-52598, CVE-2023-52599, CVE-2023-52606, CVE-2023-52607,   CVE-2023-52608, CVE-2023-52609, CVE-2023-52610, CVE-2023-52611,   CVE-2023-52612, CVE-2023-52614, CVE-2023-52616, CVE-2023-52617,   CVE-2023-52618, CVE-2023-52619, CVE-2023-52621, CVE-2023-52622,   CVE-2023-52623, CVE-2023-52626, CVE-2023-52627, CVE-2023-52632,   CVE-2023-52633, CVE-2023-52635, CVE-2023-52664, CVE-2023-52666,   CVE-2023-52667, CVE-2023-52669, CVE-2023-52670, CVE-2023-52672,   CVE-2023-52674, CVE-2023-52675, CVE-2023-52676, CVE-2023-52677,   CVE-2023-52678, CVE-2023-52679, CVE-2023-52680, CVE-2023-52681,   CVE-2023-52682, CVE-2023-52683, CVE-2023-52685, CVE-2023-52686,   CVE-2023-52687, CVE-2023-52690, CVE-2023-52691, CVE-2023-52692,   CVE-2023-52693, CVE-2023-52694, CVE-2023-52696, CVE-2023-52697,   CVE-2023-52698, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536,   CVE-2024-23849, CVE-2024-24860, CVE-2024-26582, CVE-2024-26583,   CVE-2024-26584, CVE-2024-26585, CVE-2024-26586, CVE-2024-26592,   CVE-2024-26594, CVE-2024-26595, CVE-2024-26598, CVE-2024-26607,   CVE-2024-26608, CVE-2024-26610, CVE-2024-26612, CVE-2024-26615,   CVE-2024-26616, CVE-2024-26618, CVE-2024-26620, CVE-2024-26623,   CVE-2024-26625, CVE-2024-26627, CVE-2024-26629, CVE-2024-26631,   CVE-2024-26632, CVE-2024-26633, CVE-2024-26634, CVE-2024-26636,   CVE-2024-26638, CVE-2024-26640, CVE-2024-26641, CVE-2024-26644,   CVE-2024-26645, CVE-2024-26646, CVE-2024-26647, CVE-2024-26649,   CVE-2024-26668, CVE-2024-26669, CVE-2024-26670, CVE-2024-26671,   CVE-2024-26673, CVE-2024-26808, CVE-2024-35835, CVE-2024-35837,   CVE-2024-35838, CVE-2024-35839, CVE-2024-35840, CVE-2024-35841,   CVE-2024-35842Package Information:   https://launchpad.net/ubuntu/+source/linux-aws/6.5.0-1021.21   https://launchpad.net/ubuntu/+source/linux-oracle/6.5.0-1024.24

Ubuntu Security Notice USN-6819-2

Ubuntu Security Notice 6821-3 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6821-3June 11, 2024linux-aws, linux-aws-5.15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systemsDetails:It was discovered that the ATA over Ethernet (AoE) driver in the Linuxkernel contained a race condition, leading to a use-after-freevulnerability. An attacker could use this to cause a denial of service orpossibly execute arbitrary code. (CVE-2023-6270)It was discovered that the Atheros 802.11ac wireless driver did notproperly validate certain data structures, leading to a NULL pointerdereference. An attacker could possibly use this to cause a denial ofservice. (CVE-2023-7042)It was discovered that the HugeTLB file system component of the LinuxKernel contained a NULL pointer dereference vulnerability. A privilegedattacker could possibly use this to to cause a denial of service.(CVE-2024-0841)Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the LinuxKernel contained a race condition, leading to a NULL pointer dereference.An attacker could possibly use this to cause a denial of service (systemcrash). (CVE-2024-22099)It was discovered that the MediaTek SoC Gigabit Ethernet driver in theLinux kernel contained a race condition when stopping the device. A localattacker could possibly use this to cause a denial of service (deviceunavailability). (CVE-2024-27432)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM32 architecture;   - RISC-V architecture;   - x86 architecture;   - ACPI drivers;   - Block layer subsystem;   - Clock framework and drivers;   - CPU frequency scaling framework;   - Cryptographic API;   - DMA engine subsystem;   - EFI core;   - GPU drivers;   - InfiniBand drivers;   - IOMMU subsystem;   - Multiple devices driver;   - Media drivers;   - MMC subsystem;   - Network drivers;   - NTB driver;   - NVME drivers;   - PCI subsystem;   - MediaTek PM domains;   - Power supply drivers;   - SPI subsystem;   - Media staging drivers;   - TCM subsystem;   - USB subsystem;   - Framebuffer layer;   - AFS file system;   - File systems infrastructure;   - BTRFS file system;   - EROFS file system;   - Ext4 file system;   - F2FS file system;   - Network file system client;   - NTFS3 file system;   - Diskquota system;   - SMB network file system;   - BPF subsystem;   - Netfilter;   - TLS protocol;   - io_uring subsystem;   - Bluetooth subsystem;   - Memory management;   - Ethernet bridge;   - Networking core;   - HSR network protocol;   - IPv4 networking;   - IPv6 networking;   - L2TP protocol;   - MAC80211 subsystem;   - Multipath TCP;   - Netlink;   - NET/ROM layer;   - Packet sockets;   - RDS protocol;   - Sun RPC protocol;   - Unix domain sockets;   - Wireless networking;   - USB sound devices;(CVE-2024-26877, CVE-2024-35829, CVE-2024-26737, CVE-2024-27075,CVE-2024-27414, CVE-2024-27053, CVE-2024-26889, CVE-2024-26792,CVE-2024-26882, CVE-2024-26906, CVE-2024-26851, CVE-2024-27037,CVE-2024-26782, CVE-2024-27388, CVE-2024-26748, CVE-2024-27419,CVE-2024-27034, CVE-2023-52662, CVE-2024-27047, CVE-2024-26874,CVE-2024-26779, CVE-2024-26872, CVE-2024-26820, CVE-2024-35811,CVE-2024-26771, CVE-2024-26733, CVE-2024-26903, CVE-2024-26736,CVE-2024-26870, CVE-2024-26883, CVE-2024-27403, CVE-2024-26878,CVE-2024-26857, CVE-2023-52645, CVE-2024-26601, CVE-2024-26891,CVE-2024-27028, CVE-2024-27054, CVE-2024-26804, CVE-2024-27405,CVE-2024-35830, CVE-2024-26898, CVE-2024-26754, CVE-2024-26793,CVE-2024-26747, CVE-2024-26901, CVE-2023-52652, CVE-2023-52650,CVE-2024-26651, CVE-2024-26816, CVE-2024-35845, CVE-2024-26862,CVE-2024-26884, CVE-2024-26752, CVE-2024-26852, CVE-2023-52656,CVE-2024-26790, CVE-2024-26603, CVE-2024-27078, CVE-2024-26802,CVE-2024-27045, CVE-2024-27024, CVE-2024-27073, CVE-2024-26585,CVE-2024-26894, CVE-2024-26583, CVE-2024-27416, CVE-2024-27431,CVE-2024-35844, CVE-2024-26838, CVE-2024-27410, CVE-2024-26915,CVE-2024-26772, CVE-2024-26897, CVE-2024-26798, CVE-2024-27415,CVE-2024-26855, CVE-2024-26833, CVE-2024-26764, CVE-2024-26659,CVE-2024-26846, CVE-2024-26895, CVE-2023-52644, CVE-2024-26751,CVE-2024-26880, CVE-2024-26863, CVE-2024-26809, CVE-2024-27052,CVE-2024-27051, CVE-2024-26907, CVE-2024-27413, CVE-2024-26801,CVE-2023-52620, CVE-2024-26749, CVE-2024-26787, CVE-2024-27046,CVE-2024-26803, CVE-2024-26744, CVE-2024-26879, CVE-2024-27432,CVE-2024-27412, CVE-2024-26791, CVE-2024-26773, CVE-2023-52640,CVE-2024-26778, CVE-2024-26859, CVE-2024-27044, CVE-2024-26788,CVE-2024-27077, CVE-2024-26750, CVE-2024-26861, CVE-2023-52434,CVE-2024-26774, CVE-2024-26795, CVE-2024-26856, CVE-2024-27043,CVE-2024-27039, CVE-2024-26777, CVE-2024-27030, CVE-2024-26584,CVE-2024-26735, CVE-2024-26805, CVE-2024-26766, CVE-2024-26763,CVE-2024-27065, CVE-2023-52641, CVE-2024-27417, CVE-2023-52497,CVE-2023-52447, CVE-2024-26769, CVE-2024-26843, CVE-2024-26881,CVE-2024-26688, CVE-2024-26743, CVE-2024-27038, CVE-2024-27390,CVE-2024-27436, CVE-2024-26839, CVE-2024-27074, CVE-2024-26840,CVE-2024-27076, CVE-2024-26835, CVE-2024-26885, CVE-2024-26776,CVE-2024-26845, CVE-2024-26875, CVE-2024-35828)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS   linux-image-5.15.0-1063-aws     5.15.0-1063.69   linux-image-aws-lts-22.04       5.15.0.1063.63Ubuntu 20.04 LTS   linux-image-5.15.0-1063-aws     5.15.0-1063.69~20.04.1   linux-image-aws                 5.15.0.1063.69~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6821-3   https://ubuntu.com/security/notices/USN-6821-1   CVE-2023-52434, CVE-2023-52447, CVE-2023-52497, CVE-2023-52620,   CVE-2023-52640, CVE-2023-52641, CVE-2023-52644, CVE-2023-52645,   CVE-2023-52650, CVE-2023-52652, CVE-2023-52656, CVE-2023-52662,   CVE-2023-6270, CVE-2023-7042, CVE-2024-0841, CVE-2024-22099,   CVE-2024-26583, CVE-2024-26584, CVE-2024-26585, CVE-2024-26601,   CVE-2024-26603, CVE-2024-26651, CVE-2024-26659, CVE-2024-26688,   CVE-2024-26733, CVE-2024-26735, CVE-2024-26736, CVE-2024-26737,   CVE-2024-26743, CVE-2024-26744, CVE-2024-26747, CVE-2024-26748,   CVE-2024-26749, CVE-2024-26750, CVE-2024-26751, CVE-2024-26752,   CVE-2024-26754, CVE-2024-26763, CVE-2024-26764, CVE-2024-26766,   CVE-2024-26769, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773,   CVE-2024-26774, CVE-2024-26776, CVE-2024-26777, CVE-2024-26778,   CVE-2024-26779, CVE-2024-26782, CVE-2024-26787, CVE-2024-26788,   CVE-2024-26790, CVE-2024-26791, CVE-2024-26792, CVE-2024-26793,   CVE-2024-26795, CVE-2024-26798, CVE-2024-26801, CVE-2024-26802,   CVE-2024-26803, CVE-2024-26804, CVE-2024-26805, CVE-2024-26809,   CVE-2024-26816, CVE-2024-26820, CVE-2024-26833, CVE-2024-26835,   CVE-2024-26838, CVE-2024-26839, CVE-2024-26840, CVE-2024-26843,   CVE-2024-26845, CVE-2024-26846, CVE-2024-26851, CVE-2024-26852,   CVE-2024-26855, CVE-2024-26856, CVE-2024-26857, CVE-2024-26859,   CVE-2024-26861, CVE-2024-26862, CVE-2024-26863, CVE-2024-26870,   CVE-2024-26872, CVE-2024-26874, CVE-2024-26875, CVE-2024-26877,   CVE-2024-26878, CVE-2024-26879, CVE-2024-26880, CVE-2024-26881,   CVE-2024-26882, CVE-2024-26883, CVE-2024-26884, CVE-2024-26885,   CVE-2024-26889, CVE-2024-26891, CVE-2024-26894, CVE-2024-26895,   CVE-2024-26897, CVE-2024-26898, CVE-2024-26901, CVE-2024-26903,   CVE-2024-26906, CVE-2024-26907, CVE-2024-26915, CVE-2024-27024,   CVE-2024-27028, CVE-2024-27030, CVE-2024-27034, CVE-2024-27037,   CVE-2024-27038, CVE-2024-27039, CVE-2024-27043, CVE-2024-27044,   CVE-2024-27045, CVE-2024-27046, CVE-2024-27047, CVE-2024-27051,   CVE-2024-27052, CVE-2024-27053, CVE-2024-27054, CVE-2024-27065,   CVE-2024-27073, CVE-2024-27074, CVE-2024-27075, CVE-2024-27076,   CVE-2024-27077, CVE-2024-27078, CVE-2024-27388, CVE-2024-27390,   CVE-2024-27403, CVE-2024-27405, CVE-2024-27410, CVE-2024-27412,   CVE-2024-27413, CVE-2024-27414, CVE-2024-27415, CVE-2024-27416,   CVE-2024-27417, CVE-2024-27419, CVE-2024-27431, CVE-2024-27432,   CVE-2024-27436, CVE-2024-35811, CVE-2024-35828, CVE-2024-35829,   CVE-2024-35830, CVE-2024-35844, CVE-2024-35845Package Information:   https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1063.69   https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1063.69~20.04.1

Ubuntu Security Notice USN-6821-3

Apple Security Advisory 06-10-2024-1 - visionOS 1.2 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds read, and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-06-10-2024-1 visionOS 1.2

visionOS 1.2 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT214108.

Apple maintains a Security Releases page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

CoreMedia  
Available for: Apple Vision Pro  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved checks.  
CVE-2024-27817: pattern-f (@pattern_F_) of Ant Security Light-Year Lab

CoreMedia  
Available for: Apple Vision Pro  
Impact: Processing a file may lead to unexpected app termination or  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2024-27831: Amir Bazine and Karsten König of CrowdStrike Counter  
Adversary Operations

Disk Images  
Available for: Apple Vision Pro  
Impact: An app may be able to elevate privileges  
Description: The issue was addressed with improved checks.  
CVE-2024-27832: an anonymous researcher

Foundation  
Available for: Apple Vision Pro  
Impact: An app may be able to elevate privileges  
Description: The issue was addressed with improved checks.  
CVE-2024-27801: CertiK SkyFall Team

ImageIO  
Available for: Apple Vision Pro  
Impact: Processing a maliciously crafted image may lead to arbitrary  
code execution  
Description: The issue was addressed with improved checks.  
CVE-2024-27836: Junsung Lee working with Trend Micro Zero Day Initiative

IOSurface  
Available for: Apple Vision Pro  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-27828: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.

Kernel  
Available for: Apple Vision Pro  
Impact: An attacker that has already achieved kernel code execution may  
be able to bypass kernel memory protections  
Description: The issue was addressed with improved memory handling.  
CVE-2024-27840: an anonymous researcher

Kernel  
Available for: Apple Vision Pro  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2024-27815: an anonymous researcher, and Joseph Ravichandran  
(@0xjprx) of MIT CSAIL

libiconv  
Available for: Apple Vision Pro  
Impact: An app may be able to elevate privileges  
Description: The issue was addressed with improved checks.  
CVE-2024-27811: Nick Wellnhofer

Messages  
Available for: Apple Vision Pro  
Impact: Processing a maliciously crafted message may lead to a denial-  
of-service  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-27800: Daniel Zajork and Joshua Zajork

Metal  
Available for: Apple Vision Pro  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination or arbitrary code execution  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2024-27802: Meysam Firouzi (@R00tkitsmm) working with Trend Micro  
Zero Day Initiative

Metal  
Available for: Apple Vision Pro  
Impact: A remote attacker may be able to cause unexpected app  
termination or arbitrary code execution  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-27857: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Safari  
Available for: Apple Vision Pro  
Impact: A website's permission dialog may persist after navigation away  
from the site  
Description: The issue was addressed with improved checks.  
CVE-2024-27844: Narendra Bhati of Suma Soft Pvt. Ltd in Pune (India),  
Shaheen Fazim

WebKit  
Available for: Apple Vision Pro  
Impact: A maliciously crafted webpage may be able to fingerprint the  
user  
Description: The issue was addressed by adding additional logic.  
WebKit Bugzilla: 262337  
CVE-2024-27838: Emilio Cobos of Mozilla

WebKit  
Available for: Apple Vision Pro  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 268221  
CVE-2024-27808: Lukas Bernhard of CISPA Helmholtz Center for Information  
Security

WebKit  
Available for: Apple Vision Pro  
Impact: Processing web content may lead to a denial-of-service  
Description: The issue was addressed with improvements to the file  
handling protocol.  
CVE-2024-27812: Ryan Pickren (ryanpickren.com)

WebKit  
Available for: Apple Vision Pro  
Impact: A maliciously crafted webpage may be able to fingerprint the  
user  
Description: This issue was addressed with improvements to the noise  
injection algorithm.  
WebKit Bugzilla: 270767  
CVE-2024-27850: an anonymous researcher

WebKit  
Available for: Apple Vision Pro  
Impact: Processing maliciously crafted web content may lead to arbitrary  
code execution  
Description: An integer overflow was addressed with improved input  
validation.  
WebKit Bugzilla: 271491  
CVE-2024-27833: Manfred Paul (@_manfp) working with Trend Micro Zero Day  
Initiative

WebKit  
Available for: Apple Vision Pro  
Impact: Processing maliciously crafted web content may lead to arbitrary  
code execution  
Description: The issue was addressed with improved bounds checks.  
WebKit Bugzilla: 272106  
CVE-2024-27851: Nan Wang (@eternalsakura13) of 360 Vulnerability  
Research Institute

WebKit Canvas  
Available for: Apple Vision Pro  
Impact: A maliciously crafted webpage may be able to fingerprint the  
user  
Description: This issue was addressed through improved state management.  
WebKit Bugzilla: 271159  
CVE-2024-27830: Joe Rutkowski (@Joe12387) of Crawless and @abrahamjuliot

WebKit Web Inspector  
Available for: Apple Vision Pro  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 270139  
CVE-2024-27820: Jeff Johnson of underpassapp.com

Additional recognition

ImageIO  
We would like to acknowledge an anonymous researcher for their  
assistance.

Transparency  
We would like to acknowledge Mickey Jin (@patch1t) for their assistance.

Instructions on how to update visionOS are available at  
https://support.apple.com/HT214009  To check the software version  
on your Apple Vision Pro, open the Settings app and choose General >  
About.  
All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZnfN8ACgkQX+5d1TXa  
IvoomBAA23557a2KB9vrRnWu5nGWe5qidODwqadX9qUbErqlx6Hm0IMcKEGlaNjc  
i1BKib0QXYgh9IVzwn0/Q6GZX9mncM1EKJfjPVHJjdMPAXue9Dec7PeuSr4mQHUD  
bVUh9TS+ejQo9w06AQRdVDOGRl3uXX1E90h4uMVUPOXLkiobYJMlEdU4OAAaJ2MV  
qJvfQsTyzRNy4ciaFpc+5opWmaFse1AueE+Sjz30ed9tEjbyHML+yoy39HqAMheT  
lECfaKGLp28XyxsKCKW8+F5j83R4Rwi7U0nLROiRSukrwzq+Gbi52n/BTBvlxTc3  
Ng/4drldksgm9Uu6M9rRQFSRFBFKulK9Zxrj3qUK4Q6HvCTB+N4/gE7Yf11TyxPl  
+HkwG/ScIw9S4bB88FhA8rYMKIGIlZfDfh8NHCx3Wc11LE+p6LzX2RxQNKaSjgnf  
c1+VHJ3SwX/2mbtBdfPJdu5Qr6ofhanpsCiczJP2FkuSVGCPVIoq8Vam75rrueLn  
SLCHqgVker14Z12Q3XYRjyQrsI8nftu0pGZdYruAfw93Od0tTuX6i7G9VopHPRor  
1Y6JevWkhAC54KGWDmB2SRc6e3AZRaiAE25QE6I3nwAwRUCo2JZEjoQWfxYry1l2  
G5lga3qFvcbyriNoJPUfcKU7EzPYurVbY5rqpnUFi+xTtz1iyEw=  
=9AfP  
-----END PGP SIGNATURE-----

Apple Security Advisory 06-10-2024-1

Red Hat Security Advisory 2024-3843-03 - An update for cockpit is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3843.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: cockpit security updateAdvisory ID:        RHSA-2024:3843-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3843Issue date:         2024-06-12Revision:           03CVE Names:          CVE-2024-2947====================================================================Summary: An update for cockpit is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more.Security Fix(es):* cockpit: command injection when deleting a sosreport with a crafted name (CVE-2024-2947)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-2947References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2271614

Red Hat Security Advisory 2024-3843-03

Cybersecurity firm Recorded Future counted 44 health-care-related incidents in the month after Change Healthcare’s payment came to light—the most it’s ever seen in a single month.

In fact, ransomware attacks on health care targets were on the rise even before the Change Healthcare attack, which crippled the United Healthcare subsidiary's ability to process insurance payments on behalf of its health care provider clients starting in February of this year. Recorded Future's Liska points out that every month of 2024 has seen more health care ransomware attacks than the same month in any previous year that he's tracked. (While this May's 32 health care attacks is lower than May 2023's 33, Liska says he expects the more recent number to rise as other incidents continue to come to light.)

Yet Liska still points to the April spike visible in Recorded Future's data in particular as a likely follow-on effect of Change's debacle—not only the outsize ransom that Change paid to AlphV, but also the highly visible disruption that the attack caused. “Because these attacks are so impactful, other ransomware groups see an opportunity,” Liska says. He also notes that health care ransomware attacks have continued to grow even compared to overall ransomware incidents, which stayed relatively flat or fell overall: The first four months of this year, for instance, saw 1,153 incidents compared to 1,179 in the same period of 2023.

When WIRED reached out to United Healthcare for comment, a spokesperson for the company pointed to the overall rise in health care ransomware attacks beginning in 2022, suggesting that the overall trend predated Change's incident. The spokesperson also quoted from testimony United Healthcare CEO Andrew Witty gave in a congressional hearing about the Change Healthcare ransomware attack last month. “As we have addressed the many challenges in responding to this attack, including dealing with the demand for ransom, I have been guided by the overriding priority to do everything possible to protect peoples’ personal health information,” Witty told the hearing. "As chief executive officer, the decision to pay a ransom was mine. This was one of the hardest decisions I’ve ever had to make. And I wouldn’t wish it on anyone.”

Change Healthcare's deeply messy ransomware situation was complicated further—and made even more attention-grabbing for the ransomware hacker underworld—by the fact that AlphV appears to have taken Change's $22 million extortion fee and jilted its hacker partners, disappearing without giving those affiliates their cut of the profits. That led to a highly unusual situation where the affiliates then offered the data to a different group, RansomHub, which demanded a second ransom from Change while threatening to leak the data on its dark web site.

That second extortion threat later inexplicably disappeared from RansomHub's site. United Healthcare has declined to answer WIRED's questions about that second incident or to answer whether it paid a second ransom.

Many ransomware hackers nonetheless widely believe that Change Healthcare actually paid two ransoms, says Jon DiMaggio, a security researcher with cybersecurity firm Analyst1 who frequently talks to members of ransomware gangs to gather intelligence. “Everyone was talking about the double ransom,” DiMaggio says. “If the people I’m talking to are excited about this, it’s not a leap to think that other hackers are as well.”

The noise that situation created, as well as the scale of disruption to health care providers from Change Healthcare's downtime and its hefty ransom, served as the perfect advertisement for the lucrative potential of hacking fragile, high-stakes health care victims, DiMaggio says. “Health care has always had so much to lose, it’s just something the adversary has realized now because of Change,” he says. “They just had so much leverage.”

As those attacks snowball—and some health care victims have likely forked over their own ransoms to control the damage to their life-saving systems—the attacks aren't likely to stop. “It’s always looked like an easy target,” DiMaggio notes. “Now it looks like an easy target that’s willing to pay.”

_Updated 6/12/24 9:35am ET: This story has been updated to reflect that ransomware incident totals comprise the fist four months of the year, not just April._

Medical-Targeted Ransomware Is Breaking Records After Change Healthcare’s $22M Payout

The threat group behind breaches at Caesars and MGM moves its business over to a different ransomware-as-a-service operation.

Source: Papilio via Alamy Stock Photo

Last spring's spectacular implosion of mainstay ransomware-as-a-service (RaaS) operation BlackCat/AlphV left its affiliates burned — gamed out of millions they were owed for past scams and left without infrastructure to support their future cybercrime aspirations. What ensued was a recruiting war for the best affiliates into the RaaS groups left standing.

The RansomHub RaaS group appears to have scored a major victory by attracting the Scattered Spider threat group into its affiliate ranks, according to new research from GuidePoint Security. A detailed analysis reveals that Scattered Spider, a notoriously aggressive threat group behind the 2023 ransomware attacks on Caesars Entertainment and MGM Resorts, has been carrying out ransomware attacks using RansomHub starting earlier this year.

**RansomHub RaaS Recruiting Campaign**

The timing jibes with ads posted on the Dark Web by RansomHub promising prospective affiliates juicy 90/10 ransom splits with the group, as well as the promise to allow the cybercriminals to get paid first and payout the group later, to avoid "exit scams" like the one BlackCat pulled last March, according to Jason Baker, senior threat consultant with GuidePoint Security.

"Scattered Spider affiliates may also have been attracted to RansomHub based on the movement of peers or positive word-of-mouth," Baker tells Dark Reading.

Since those ads began, RansomHub has seen remarkable growth, Baker adds.

"RansomHub began claiming victims publicly on its data leak site in February, and has since posted over 75 victims in an alarmingly quick rise to prominence amid its peers, who generally operate at a slower pace in early months of operations," he says. As the group continues to attract talented cybercriminals who can earn a dishonest buck with RansomHub, the RaaS outfit is likely to continue to expand its operation, Baker predicts.

"If RansomHub operations are enjoying some level of success in revenue generation, and/or if other sophisticated affiliates have begun working with RansomHub, it could make the group a more attractive destination amidst other options," Baker says.

RansomHub Brings Scattered Spider Into Its RaaS Nest

Lacework has been looking for a buyer for some time. The deal gives Fortinet a boost in the cloud security space.

Fortinet announced Monday its plans to acquire cloud security firm Lacework to enhance its secure access service edge (SASE) offerings with cloud-native security services.

Lacework integrates cloud-native application protection platform services to safeguard what's happening inside the cloud infrastructure. The data-powered cloud security platform collects and analyzes data from across cloud environments so that customers can manage and secure their cloud workflows. The platform identifies and shares details about abnormal or unexpected activities that could indicate a security problem. Lacework offers artificial intelligence and machine-learning technology, data collection capabilities, a data lake, and code security tools, wrote John Maddison, chief marketing officer at Fortinet, in a blog post announcing the acquisition.

Fortinet plans to integrate capabilities from Lacework's cloud-native application protection platform into its SASE portfolio. According to Maddison, combining Lacework with Fortinet's firewall and Web application and API protection (WAAP) capabilities will allow customers to protect what's happening inside the cloud application, as well as what's happening between the application and outside the network.

Back in 2021, Lacework was valued at $8.3 billion. Earlier this year, there were reports that Wiz was in talks with Lacework for a small fraction of the company's valuation. The terms of Fortinet's deal, expected to be completed in the second half of the year, were not disclosed.

**About the Author(s)**

Fortinet Plans to Acquire Lacework

PRESS RELEASE

PARAMUS, NJ – JUNE 11, 2024  – Checkmarx, the industry leader in cloud-native application security for the enterprise, has released Checkmarx Application Security Posture Management (ASPM) and Cloud Insights to provide organizations with unmatched visibility into their application security posture stretching from code to cloud. Available on the Checkmarx One AppSec platform, ASPM and Cloud Insights empower enterprises developing cloud-native applications to dramatically reduce application and business risk by delivering end-to-end insights into their application security posture, helping them better correlate, prioritize and triage remediation efforts.

“Developers and AppSec teams are looking to consolidate the vulnerabilities and insights they get from security scanners and tools so they can identify and work on what are truly the most important to remediate in order to prevent issues in cloud runtime.  With the increase in complexity inherent with cloud-native applications, and the various solutions required to detect vulnerabilities in every aspect of the applications, development and application security teams are simply lost,” said Kobi Tzruya, Chief Product Officer at Checkmarx. “Checkmarx Cloud Insights revolutionizes the way that teams approach application security by bringing runtime context back into the development life cycle, where Checkmarx helps them prioritize. Now developers can focus on what matters most, allowing them to make the most effective remediation efforts in less time.”

Checkmarx ASPM correlates and prioritizes security signals from every application security solution in the enterprise development environment, to improve visibility, reduce risk, and better manage overall application security posture. ASPM is built on Checkmarx’ award-winning Fusion correlation engine and Application Risk Management, which already extracted unique insights from our consolidated AppSec platform, such as identifying reachable vulnerabilities. It now adds a new capability to Bring Your Own Results (BYOR) to expand coverage beyond Checkmarx’ award-winning solutions by importing SARIF and OSCF results from any third-party solution, including those from Checkmarx partners such as Zimperium, Onapsis and others.

With Checkmarx Cloud Insights, developers and AppSec leaders benefit from:

*   Correlation and integration of Checkmarx data with data from cloud service providers (CSPs) and cloud-native application protection platforms (CNAPP).
    
*   New ways to prioritize remediation, including through open-source libraries called in the runtime environment (via integration with Sysdig) and by internet-facing network exposure when deployed in the cloud environment (through partnerships with Wiz and Amazon Web Services.) The information is integrated within Checkmarx Application Risk Management.
    
*   The ability to track remediation of a vulnerability through the software development life cycle (SDLC) by way of the attack path. For example, if a vulnerability is found in a running application, Cloud Insights:
    
    *   Identifies the repository and the developer to speed the process of remediation
        
    *   Pinpoints the container image to verify that the fix is reflected there
        
    *   Lists the running container clusters to enable verification that the running application was rebooted with fixed images and is no longer in the running environment.
        
    
*   Improved developer experience with the delivery of prioritized risk intelligence that focuses developers on remediating vulnerabilities that are most critical, are most at risk of exploitation or represent the greatest risk.
    

 “Checkmarx One is the leading enterprise application security platform. By opening it to third-party results, our joint customers can easily extend their coverage and get a unified view within Checkmarx ASPM. We’re excited to partner with Checkmarx, which brings Zimperium’s leading mobile security threat insights directly into the Checkmarx Application Security Posture Management (ASPM) platform,” said Nitin Bhatia, Chief Strategy Officer at Zimperium. “This collaboration empowers an organization to manage and secure their entire mobile application landscape more effectively, ensuring comprehensive protection against emerging threats.”

For more information on the Checkmarx One platform, ASPM and Cloud Insights, visit this page.

**About Checkmarx**

Checkmarx has been trusted by enterprises worldwide to secure their application development from code to cloud. Our consolidated platform and services balance the dynamic needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it’s not just about finding risk, but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders. We are honored to serve more than 1,800 customers, including 40 percent of all Fortune 100 companies.

Follow Checkmarx on LinkedIn, YouTube, and Twitter/X.

You May Also Like

Checkmarx Application Security Posture Management and Cloud Insights Offer Enterprises Code-to-Cloud Visibility

PRESS RELEASE

WASHINGTON, D.C. – June 6, 2024 – DNSFilter announced today that it has hired TK Keanini as Chief Technology Officer (CTO). In his new role, Keanini will lead product management, customer experience, engineering, and security intelligence toward ongoing innovation and growth, focusing on customer needs and feedback to determine product direction.

Keanini brings to his new role more than 30 years of experience in network security. Prior to joining DNSFilter, he was the Vice President of security architecture and CTO of Cisco Secure. During his time there, he led Cisco’s Encrypted Traffic Analytics security solution, where he saw revolutionary potential in the ability to gain insights through existing network telemetry. He has also held leadership roles at security startups Lancope and nCircle Network Security, as well as at Morgan Stanley Dean Witter Online. 

Keanini is driven by a goal to do right by his customers and ensure their voice is present in product decisions. He brings this passion to DNSFilter, where he will build on the company’s commitment to customer experience in everything it does. 

TK Keanini, CTO, DNSFilter, said: “Cybersecurity companies that grow and succeed long-term have a few consistent properties. First, these solutions have an inherently simple design. Second, the layer protected is one critical (not optional) to both businesses and adversaries alike. And third, these solutions intercept as early in the lifecycle as possible, often the first to detect and respond to a threat. DNSFilter has all three of these properties, and I knew I wanted to join a company where I saw the potential for scale and success.”

Ken Carnesi, CEO and co-founder, DNSFilter, said: ‘We are thrilled to welcome TK to our team. A great CTO bridges the gap between technical innovation and business strategy, ensuring technology drives success. TK brings decades of experience and a passion for his work. He views engineers and developers as creative artists and aims to harness their inventiveness to go beyond the industry standard. With TK on board, we are enhancing our focus on security and driving innovation. Together, we will deliver features that excite our customers and strengthen our position as a key player within the cybersecurity landscape.”

About the company

DNSFilter is redefining how organizations secure their largest threat vector: the Internet itself. DNSFilter is making the internet safer and workplaces more productive, by actively blocking an average of 12M threat queries every single day. With 79% of attacks using Domain Name System (DNS), DNSFilter provides the world’s fastest protective DNS powered by machine learning that uniquely identifies 61% more threats than competitors on an average of ten days earlier, including zero-day attacks.

Over 35 million monthly users trust DNSFilter to protect them from phishing, malware, and advanced cyber threats. DNSFilter’s brands include Webshrinker, its next generation web categorization software, and Guardian, a consumer app focused on privacy protection.

DNSFilter Welcomes Cisco Veteran TK Keanini As CTO

PRESS RELEASE

Darktrace, a global leader in cybersecurity AI, today announces the launch of its new service offering, Darktrace Managed Detection & Response (MDR). The service combines its best-in-class detection and response capabilities spanning across the enterprise, with the expertise of its global analyst team. This powerful combination augments internal security teams with AI-powered threat containment and expert alert management across Darktrace environments, allowing them to focus resources on more strategic security efforts, like improving cyber resilience.

Over 40% of security leaders cite enhancing and optimizing technology and processes in the security operations center (SOC) as a top priority for improving defenses against the rise of AI powered threats according to the Darktrace State of AI Cybersecurity 2024 report. As a leader in applying AI to the challenge of cybersecurity, Darktrace has transformed security operations for thousands of customers for more than a decade. Building upon this expertise Darktrace introduced its MDR service in March 2024, empowering customers to maximize the benefits of effective human-AI collaboration. The service offers customers expanded hands-on analyst support with 24/7 managed detection and response, featuring SOC investigation and action on Darktrace alerts, across network, cloud, operational technology (OT), endpoints and software-as-a-service (SaaS) applications.

With MDR, Darktrace’s SOC team will monitor customer environments for high priority alerts indicative of an attack, conduct investigations to alert customers of potentially severe incidents and begin initial triage with human engagement on the AI’s actions. The SOC will carefully review the response measures the autonomous AI has taken and subsequently take proactive steps on behalf of the customer to contain threats, which may include extending or escalating response actions. By doing so, the SOC buys valuable time for internal teams to prepare for engagement while also gathering essential context for effective remediation efforts.

Darktrace’s existing global SOC team comprised of 100+ world-class cybersecurity analysts support the service, offering a breadth of real-time knowledge, threat analysis and containment expertise, and extensive field experience. Darktrace’s SOC offers 24/7 support, utilizing a follow-the-sun model with operations headquartered in the United Kingdom, United States and Singapore, to ensure analysts are available and ready to support around-the-clock.

The service builds upon Darktrace’s leadership and expertise with best-in-class detection and response capabilities. The Darktrace ActiveAI Security Platform utilizes its unique self-learning AI engine to detect known, unknown, and novel threats in real-time and provide an autonomous response to contain active threats without disrupting business operations. However, high-priority threats often require humans to engage and make decisions following the initial containment. Darktrace Managed Detection & Response now enables the Darktrace SOC to immediately step in, conduct the initial triage, and gather context for internal teams, buying them added time to coordinate an effective response to remove the threat. Additional features and benefits of Darktrace Managed Detection & Response include:

*   Expansive coverage across network, cloud, OT, endpoints, or SaaS applications offering one of the broadest vendor MDR services available today.
    
*   Unlimited access to Darktrace’s analyst team providing 24/7 support for expert assistance during live threat investigations or even day-to-day operations.
    
*   Semi-annual operational efficiency reports featuring consultancy insight with objectives and recommendations for optimizing and tuning deployments for maximum operational efficiency, and suggestions on improving overall cybersecurity hygiene.
    
*   Quarterly analyst MDR reviews ensuring deployments are reaching their full potential, with tailored advice on streamlining workflows, model optimization and custom use cases.
    
*   Regular MDR service reports summarizing all alerts raised as well as those resolved by Darktrace’s SOC for full transparency of service.
    

> “As cyberthreats become more sophisticated and frequent, organizations are looking for ways to help improve their security outcomes without adding to their team’s existing workloads,” said Denise Walter, Chief Revenue Officer, Darktrace. “Our AI-powered MDR service gives our customers added peace of mind that a Darktrace human expert is monitoring their environment 24/7 to keep them protected. Darktrace Managed Detection & Response brings not only the power of our technology, but the power of our people directly into our customers’ environments.”

Darktrace Managed Detection & Response is available now to customers using Darktrace DETECT™ and RESPOND™, across Network, Cloud, OT, Endpoints, or SaaS applications. Darktrace partners can re-sell the service, helping to deliver added value for customers with a complementary offering for their existing portfolio.

> “At Grove, we are excited to partner with Darktrace to offer their Managed Detection & Response (MDR) service to our clients. This collaboration seamlessly integrates our services and together, Darktrace's MDR service and our dSOC service, offer unparalleled security through skilled analysis and consistent oversight," said James Vintin, CEO at Grove Group, a global partner, reseller and distributor focused on defending customers with advanced cybersecurity solutions. “Combining Darktrace's 24/7 AI-driven threat containment and immediate intervention with Grove's proactive daily analysis, Indicator of Compromise reports, and continuous customer interaction ensures that potential threats are promptly identified and addressed. Our partnership enhances our clients' overall security posture and delivers the best of both worlds: immediate and long-term protection against evolving cyber threats.”

To learn more about Darktrace Managed Detection & Response, register for the upcoming webinar on June 6th at 2pm BST, 3pm AEST, or 3pm ET. 

ABOUT DARKTRACE

Darktrace (DARK.L), a global leader in cybersecurity artificial intelligence, is on a mission to free the world from cyber disruption. Breakthrough innovations from our R&D teams in Cambridge, UK, and The Hague, Netherlands have resulted in over 175 patent applications filed. Rather than study historic attacks, Darktrace's technology continuously learns and updates its knowledge of your business data and applies that understanding to help transform security operations to a state of proactive cyber resilience. The Darktrace ActiveAI Security Platform™ provides a full lifecycle approach to cyber resilience that can autonomously spot and respond to known and unknown in progress threats within seconds across the entire organization, including cloud, apps, email, endpoint, network and operational technology (OT). Darktrace, which listed on the London Stock Exchange in 2021, employs over 2,300 people around the world and protects over 9,400 customers globally from advanced cyber threats. To learn more, visit https://darktrace.com/.

Tag

#web