As the conflict in the Middle East rages, malicious actors look to exploit the situation with bogus charity sites encouraging donations.

Researchers have uncovered hundreds of cyber scams leveraging the Israeli-Hamas conflict, including more than 500 scam emails and fraudulent websites capitalizing on people's willingness to aid those affected by the war.

Many of these emails contain links to scam websites that provide information about the ongoing situation and encourage individuals to make contributions, with the added convenience of various cryptocurrency payment options, according to Kaspersky researchers.

By tracking the wallet addresses used, security experts found additional fraudulent Web pages claiming to collect aid for various groups within the conflict area.

Andrey Kovtun, security expert at Kaspersky, says attackers often attempt to intimidate recipients by threatening severe consequences, such as financial losses, account suspensions, or even legal action, if the potential victims fail to click links, open attachments, or call specified phone numbers.

"Urgency often compels recipients to act swiftly," he adds. "In some instances, such as the recent campaign exploiting the Israeli-Hamas conflict, scammers try to appeal to sympathy, soliciting funds while presenting their actions as noble endeavors."

Callie Guenther, senior manager of cyber threat research at Critical Start, says threat actors have an uncanny ability to adapt their tactics based on current events and societal concerns. This emotional appeal, rooted in compassion and moral responsibility, often overshadows rational decision-making, rendering potential victims more susceptible.

**A Multitude of Tactics**

Fake charity scams often emerge during real disasters, with scammers posing as charitable organizations and using emotional language to lure users in. Tactics include the common methods of multiple text variations to evade spam filters or altered links and sender addresses.

"During conflicts or emergencies, situations can change rapidly, and news travels quickly," Kovtun says. "Fraudulent pages may adapt to the latest developments, such as incorporating current facts or photos to appear more credible."

They can also evolve with more sophisticated designs, aiming to resemble legitimate organizations — for example, they may replicate the visual layout of other well known charities or humanitarian organizations. "Additionally, scammers could add content to the fraudulent websites, for example, news updates, and more, to diversify it with pages other than a money transfer one," Kovtun adds.

**Ferreting Out the Fraud**

To protect against such scams, users are urged to thoroughly scrutinize websites before donating, as fake sites often lack essential information about the organizers, recipients, legitimacy, or transparency regarding fund usage.

"Apart from the simple use of a search engine to find reports of an organization being a scam, look up the provenance of the domain names involved using whois.com or another domain registrar's records," Hamilton advises. "If domains were recently registered it is less likely that the organizations are legitimate."

He also recommends looking for the owner of the IP address space used by the Web properties involved and the country where the hosting service originates.

"Legitimate charity organizations' websites rarely consist of a single page," Kovtun points outs. "Encountering such a landing page should prompt a search for the organization's name to explore the search results."

Upon discovering additional information in the search results, it is advisable to cross-reference the recipient's details on the website received in the email with the information on the official site from search results.

"Spelling or grammar errors often serve as indicators of fraudulent pages," Kovtun says. "If there is still uncertainty about the organizations you have checked, it is better to donate to well-known humanitarian support organizations."

Guenther says it's also beneficial to remember that while the guise may change — be it the Israeli-Hamas conflict, the Haiti earthquake, or the Syrian Refugee Crisis — the underlying strategies remain consistent. "Being informed and maintaining a healthy skepticism can be our strongest defenses against these opportunistic scams," she notes.

Israeli-Hamas Conflict Spells Opportunity for Online Scammers

Ubuntu Security Notice 6439-2 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6439-2  
October 23, 2023

linux-aws vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems

Details:

It was discovered that the IPv6 implementation in the Linux kernel  
contained a high rate of hash collisions in connection lookup table. A  
remote attacker could use this to cause a denial of service (excessive CPU  
consumption). (CVE-2023-1206)

Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in  
the Linux kernel contained a race condition, leading to a null pointer  
dereference vulnerability. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2023-31083)

Ross Lagerwall discovered that the Xen netback backend driver in the Linux  
kernel did not properly handle certain unusual packets from a  
paravirtualized network frontend, leading to a buffer overflow. An attacker  
in a guest VM could use this to cause a denial of service (host system  
crash) or possibly execute arbitrary code. (CVE-2023-34319)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the  
Linux kernel contained a null pointer dereference vulnerability in some  
situations. A local privileged attacker could use this to cause a denial of  
service (system crash). (CVE-2023-3772)

Kyle Zeng discovered that the networking stack implementation in the Linux  
kernel did not properly validate skb object size in certain conditions. An  
attacker could use this cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-42752)

Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did  
not properly calculate array offsets, leading to a out-of-bounds write  
vulnerability. A local user could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-42753)

Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP)  
classifier implementation in the Linux kernel contained an out-of-bounds  
read vulnerability. A local attacker could use this to cause a denial of  
service (system crash). Please note that kernel packet classifier support  
for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755)

Bing-Jhong Billy Jheng discovered that the Unix domain socket  
implementation in the Linux kernel contained a race condition in certain  
situations, leading to a use-after-free vulnerability. A local attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-4622)

Budimir Markovic discovered that the qdisc implementation in the Linux  
kernel did not properly validate inner classes, leading to a use-after-free  
vulnerability. A local user could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-4623)

Alex Birnberg discovered that the netfilter subsystem in the Linux kernel  
did not properly validate register length, leading to an out-of- bounds  
write vulnerability. A local attacker could possibly use this to cause a  
denial of service (system crash). (CVE-2023-4881)

It was discovered that the Quick Fair Queueing scheduler implementation in  
the Linux kernel did not properly handle network packets in certain  
conditions, leading to a use after free vulnerability. A local attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-4921)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
   linux-image-4.4.0-1124-aws      4.4.0-1124.130  
   linux-image-aws                 4.4.0.1124.121

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6439-2  
   https://ubuntu.com/security/notices/USN-6439-1  
   CVE-2023-1206, CVE-2023-31083, CVE-2023-34319, CVE-2023-3772,  
   CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-4622,  
   CVE-2023-4623, CVE-2023-4881, CVE-2023-4921

Ubuntu Security Notice USN-6439-2

Red Hat Security Advisory 2023-6080-01 - Red Hat Integration Camel for Spring Boot 4.0.1 release and security update is now available. Issues addressed include a denial of service vulnerability.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6080.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat Integration Camel for Spring Boot 4.0.1 release security update  
Advisory ID:        RHSA-2023:6080-01  
Product:            Red Hat Integration  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6080  
Issue date:         2023-10-24  
Revision:           01  
CVE Names:          CVE-2023-44487  
====================================================================

Summary: 

Red Hat Integration Camel for Spring Boot 4.0.1 release and security update is now available.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Integration Camel for Spring Boot 4.0.1 release and security update is now available.

The purpose of this text-only errata is to inform you about the security issues fixed.

Security Fix(es):

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-44487

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q4

Red Hat Security Advisory 2023-6080-01

Red Hat Security Advisory 2023-6079-01 - Red Hat Integration Camel for Spring Boot 3.20.3 release and security update is now available. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6079.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat Integration Camel for Spring Boot 3.20.3 release and security updateAdvisory ID:        RHSA-2023:6079-01Product:            Red Hat IntegrationAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6079Issue date:         2023-10-24Revision:           01CVE Names:          CVE-2023-44487====================================================================Summary: Red Hat Integration Camel for Spring Boot 3.20.3 release and security update is now available.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:A security update for 3.20.3 is now available.The purpose of this text-only errata is to inform you about the security issues fixed.Security Fix(es):* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2023-44487References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q4

Red Hat Security Advisory 2023-6079-01

Red Hat Security Advisory 2023-6071-01 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. Issues addressed include a denial of service vulnerability.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6071.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: RHACS 4.0 enhancement and security update  
Advisory ID:        RHSA-2023:6071-01  
Product:            Red Hat Advanced Cluster Security for Kubernetes  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6071  
Issue date:         2023-10-24  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

This release of RHACS 4.0.5 includes fixes for the following security  
vulnerabilities:

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work  
(CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack  
(Rapid Reset Attack) (CVE-2023-44487)

* Various CVEs in containers for glibc security issues

A Red Hat Security Bulletin which addresses further details about this flaw is  
available in the References section.

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE page(s)  
listed in the References section.

RHACS 4.0.5 includes a new default policy called \"Rapid Reset: Denial of Service  
Vulnerability in HTTP/2 Protocol\". This policy alerts on deployments with images  
containing components that are susceptible to a Denial of Service (DoS)  
vulnerability for HTTP/2 servers, based on CVE-2023-44487 and CVE-2023-39325.  
This policy applies to the build or deploy life cycle stage.

Solution:

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/acs/4.0/release_notes/40-release-notes.html

Red Hat Security Advisory 2023-6071-01

Red Hat Security Advisory 2023-6061-01 - Red Hat OpenShift Pipelines 1.12.1 has been released. Issues addressed include a denial of service vulnerability.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6061.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat OpenShift Pipelines 1.12.1 release and security update  
Advisory ID:        RHSA-2023:6061-01  
Product:            Red Hat OpenShift Pipelines  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6061  
Issue date:         2023-10-23  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Red Hat OpenShift Pipelines 1.12.1 has been released.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Pipelines is a cloud-native continuous integration and delivery (CI/CD) solution for building pipelines using Tekton. Tekton is a flexible, Kubernetes-native, open-source CI/CD framework which enables automating deployments across multiple platforms such as Kubernetes, Serverless, and VMs by abstracting away the underlying details.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat OpenShift Pipelines consists of:

- Tekton Pipelines 0.50.x  
- Tekton Triggers 0.25.x  
- ClusterTasks based on Tekton Catalog  
- Tekton tkn CLI 0.32.x  
- Tekton Operator 0.68.x  
- Tekton Chains 0.17.x (GA)  
- Tekton Hub 1.14.x (TP)  
- Tekton Result 0.8.x (TP)  
- Pipelines-as-Code 0.21.x (GA)

For more information, see the Release Notes on any one of the following platforms:

- Customer Portal: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/cicd/pipelines#op-release-notes-1-12_op-release-notes

- OpenShift documentation: https://docs.openshift.com/container-platform/4.13/cicd/pipelines/op-release-notes.html#op-release-notes-1-12_op-release-notes

Solution:

https://docs.openshift.com/container-platform/4.10/operators/admin/olm-upgrading-operators.html#olm-approving-pending-up[…]e_olm-upgrading-operators

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://docs.openshift.com/pipelines/1.12/about/understanding-openshift-pipelines.html

Red Hat Security Advisory 2023-6061-01

Red Hat Security Advisory 2023-6059-01 - Red Hat OpenShift Pipelines Client tkn for 1.12.1 has been released. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6059.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat OpenShift Pipelines Client tkn for 1.12.1 release and security updateAdvisory ID:        RHSA-2023:6059-01Product:            Red Hat OpenShift PipelinesAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6059Issue date:         2023-10-23Revision:           01CVE Names:          CVE-2023-39325====================================================================Summary: Red Hat OpenShift Pipelines Client tkn for 1.12.1 has been released.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat OpenShift Pipelines Client, tkn for the 1.12.1 release, provides a CLI  tool to interact with the Pipelines and Triggers components provided by Red Hat OpenShift Pipelines 1.12.1The tkn CLI tool is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.Security Fix(es):* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39325References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003https://docs.openshift.com/container-platform/4.13/cli_reference/tkn_cli/installing-tkn.html

Red Hat Security Advisory 2023-6059-01

Red Hat Security Advisory 2023-6057-01 - An update for toolbox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6057.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: toolbox security updateAdvisory ID:        RHSA-2023:6057-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6057Issue date:         2023-10-23Revision:           01CVE Names:          CVE-2023-39325====================================================================Summary: An update for toolbox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.Security Fix(es):* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39325References:https://access.redhat.com/security/updates/classification/#criticalhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-6057-01

Red Hat Security Advisory 2023-6048-01 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. Issues addressed include a denial of service vulnerability.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6048.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: ACS 4.2 enhancement and security update  
Advisory ID:        RHSA-2023:6048-01  
Product:            Red Hat Advanced Cluster Security for Kubernetes  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6048  
Issue date:         2023-10-23  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

This release of RHACS 4.2.2 includes fixes for the following security  
vulnerabilities:

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

It contains the following bug fixes and changes:

* Previously, Red Hat OpenShift Container Platform customers using the downloaded manifest bundle with automatic upgrades enabled found that Sensor did not automatically upgrade, and failed with a `PRE_FLIGHT_CHECKS_FAILED` error. This issue has been fixed. (ROX-19955)

* RHACS 4.2.2 includes a new default policy called \"Rapid Reset: Denial of  
Service Vulnerability in HTTP/2 Protocol\". This policy alerts on  
deployments with images containing components that are susceptible to a  
Denial of Service (DoS) vulnerability for HTTP/2 servers, based on  
CVE-2023-44487 and CVE-2023-39325. This policy applies to the build or  
deploy life cycle stage.

Solution:

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_security_for_kubernetes/4.2/html/release_notes/release-notes-42  
https://access.redhat.com/security/cve/CVE-2023-39325  
https://access.redhat.com/security/cve/CVE-2023-44487  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-6048-01

By Waqas
This incident is a perfect example of the phrase "one thing leading to another.
This is a post from HackRead.com Read the original post: 1Password Discloses Security Incident Linked to Okta Breach

On October 23, 2023, 1Password’s CTO, Pedro Canahuati, disclosed the incident, stating that threat actors were unable to access or steal user data during the attack.

On October 24, 2023, 1Password disclosed (PDF) a security incident that was linked to the recent breach of Okta’s support system. The incident occurred when a threat actor gained access to an IT employee’s Okta session token by leveraging access to a stolen credential and used it to access 1Password’s Okta administrative portal.

While 1Password says that no user data was accessed during the incident, the incident highlights the importance of strong security practices for both Okta customers and password managers.

The latest security breach at Okta serves as the second cyberattack on the company. In March 2022, LAPSUS$ hackers claimed to have breached Okta and Microsoft after leaking a trove of their data on Telegram.

****How the Okta Breach Impacted 1Password****

Okta is a popular identity and access management (IAM) platform that helps organizations manage user access to their applications. On October 20, 2023, Okta disclosed that threat actors had gained access to its support systems and stolen authentication data for some of its customers.

1Password is one of the customers that was impacted by the Okta breach. On September 29, 1Password detected suspicious activity on its Okta instance. After a thorough investigation, 1Password concluded that a threat actor had used a stolen session token to access 1Password’s Okta administrative portal

> _“Based on our initial assessment, we have no evidence that proves the actor accessed any systems outside of Okta. The activity that we saw suggested they conducted initial reconnaissance with the intent to remain undetected for the purpose of gathering information for a more sophisticated attack.”_
> 
> Pedro Canahuati – CTO 1Password’s

****What 1Password Is Doing to Mitigate the Impact of the Incident****

1Password has taken a number of steps to mitigate the impact of the incident, including:

*   Launching an investigation into the incident.
*   Terminating the threat actor’s session immediately.
*   Implementing stricter access controls for Okta users.

****What 1Password Users Can Do to Protect Their Accounts****

1Password users can take the following steps to protect their accounts:

*   Keep their 1Password app up to date.
*   Change their 1Password password regularly.
*   Use a strong, unique password for their 1Password account.
*   Enable two-factor authentication for their 1Password account.
*   Be careful about clicking on links in emails or messages from unknown senders.

****What This Incident Means for IAM and Password Management Security****

The 1Password incident highlights the importance of strong security practices for both IAM and password management platforms. IAM platforms like Okta need to implement robust security controls to protect their customers’ data. All Password managers need to implement multi-factor authentication and other security measures to protect their users’ passwords.

Organizations that use Okta or other IAM platforms should review their security policies and procedures to ensure that they are taking all necessary precautions to protect their data. Organizations that use password managers should also review their security settings and enable multi-factor authentication for all users.

****_RELATED ARTICLES_****

1.  GoTo’s LastPass Breach: Encrypted Customer Data Taken
2.  Fake Bitwarden Password Manager Website Drops Windows ZenRAT
3.  PasswordState password manager’s update hijacked to drop malware
4.  LastPass Employee PC Hacked with Keylogger to Access Password Vault
5.  Passwords by Kaspersky Password Manager exposed to brute-force attack

Tag

#web