Hamas May Be Threat to 8chan, QAnon Online

In October 2020, KrebsOnSecurity looked at how a web of sites connected to conspiracy theory movements QAnon and 8chan were being kept online by DDoS-Guard, a dodgy Russian firm that also hosts the official site for the terrorist group Hamas. New research shows DDoS-Guard relies on data centers provided by a U.S.-based publicly traded company, which experts say could be exposed to civil and criminal liabilities as a result of DDoS-Guard’s business with Hamas.

Many of the IP address ranges in in this map of QAnon and 8Chan-related sites — are assigned to VanwaTech. Source: twitter.com/Redrum_of_Crows

Last year’s story examined how a phone call to Oregon-based CNServers was all it took to briefly sideline multiple websites related to 8chan/8kun — a controversial online image board linked to several mass shootings — and QAnon, the far-right conspiracy theory which holds that a cabal of Satanic pedophiles is running a global child sex-trafficking ring and plotting against President Donald Trump.

From that piece:

A large number of 8kun and QAnon-related sites (see map above) are connected to the Web via a single Internet provider in Vancouver, Wash. called VanwaTech (a.k.a. “OrcaTech“). Previous appeals to VanwaTech to disconnect these sites have fallen on deaf ears, as the company’s owner Nick Lim reportedly has been working with 8kun’s administrators to keep the sites online in the name of protecting free speech.

After that story, CNServers and a U.K.-based hosting firm called SpartanHost both cut ties with VanwaTech. Following a brief disconnection, the sites came back online with the help of DDoS-Guard, an Internet company based in Russia. DDoS-Guard is now VanwaTech’s sole connection to the larger Internet.

A review of the several thousand websites hosted by DDoS-Guard is revelatory, as it includes a vast number of phishing sites and domains tied to cybercrime services or forums online.

Replying to requests for comment from a CBSNews reporter following up on my Oct. 2020 story, DDoS-Guard issued a statement saying, “We observe network neutrality and are convinced that any activity not prohibited by law in our country has the right to exist.”

But experts say DDoS-Guard’s business arrangement with a Denver-based publicly traded data center firm could create legal headaches for the latter thanks to the Russian company’s support of Hamas.

In a press release issued in late 2019, DDoS-Guard said its services rely in part on a traffic-scrubbing facility in Los Angeles owned by CoreSite [NYSE:COR], a real estate investment trust which invests in “carrier-neutral data centers and provides colocation and peering services.”

This facilities map published by DDoS-Guard suggests the company’s network actually has at least two points of presence in the United States.

Hamas has long been named by the U.S. Treasury and State departments as a Specially Designated Global Terrorist (SDGT) organization. Under such a designation, any U.S. person or organization that provides money, goods or services to an SDGT entity could face civil and/or criminal prosecution and hefty fines ranging from $250,000 to $1 million per violation.

Sean Buckley, a former Justice Department prosecutor with the law firm Kobre & Kim, said U.S. persons and companies within the United States “are prohibited from any transaction or dealing in property or interests in property blocked pursuant to an entity’s designation as a SDGT, including but not limited to the making or receiving of any contribution of funds, goods, or services to or for the benefit of individuals or entities so designated.”

CoreSite did not respond to multiple requests for comment. But Buckley said companies can incur fines and prosecution for violating SDGT sanctions even when they don’t know that they are doing so.

In 2019, for example, a U.S. based cosmetics company was fined $1 million after investigators determined its eyelash kits were sourcing materials from North Korea, even though the supplier in that case told the cosmetics firm the materials had come from China.

“U.S. persons or companies found to willfully violate these regulations can be subject to criminal penalties under the International Emergency Economic Powers Act,” Buckley said. “However, even in the case that they are unaware they’re violating these regulations, or if the transaction isn’t directly with the sanctioned entity, these companies still run a risk of facing substantial civil and monetary penalties by the Department of Treasury’s Office of Foreign Asset Control if the sanctioned entity stands to benefit from such a transaction.”

DDoS-Guard said its partnership with CoreSite will help its stable of websites load more quickly and reliably for people visiting them from the United States. It is possible that when and if CoreSite decides it’s too risky to continue doing business with DDoS-Guard, sites like those affiliated with Hamas, QAnon and 8Chan may become more difficult to reach.

Meanwhile, DDoS-Guard customer VanwaTech continues to host a slew of sites promoting the conspiracy theory that the U.S. 2020 presidential election was stolen from President Donald Trump via widespread voting fraud and hacked voting machines, including maga[.]host, donaldsarmy[.]us, and donaldwon[.]com.

These sites are being used to help coordinate a protest rally in Washington, D.C. on January 6, 2021, the same day the U.S. Congress is slated to count electoral votes certified by the Electoral College, which in December elected Joseph R. Biden as the 46th president of The United States.

In a tweet late last year, President Trump urged his supporters to attend the Jan. 6 protest, saying the event “will be wild.”

8chan, which has rebranded as 8kun, has been linked to white supremacism, neo-Nazism, antisemitism, multiple mass shootings, and child pornography. The FBI in 2019 identified QAnon as a potential domestic terror threat, noting that some of its followers have been linked to violent incidents motivated by fringe beliefs.

Read More

The post Hamas May Be Threat to 8chan, QAnon Online appeared first on Malware Devil.

https://malwaredevil.com/2021/01/05/hamas-may-be-threat-to-8chan-qanon-online/?utm_source=rss&utm_medium=rss&utm_campaign=hamas-may-be-threat-to-8chan-qanon-online

Financial Data Security: Deep Dive on SOC Reports

In today’s public cloud, data security and privacy are challenging to protect. Many organizations are storing a significant amount of data in the public cloud and even unmanaged environments, increasing challenges for regulatory compliance. At the same time, there are privacy mandates, such as GDPR, which can add to the complexities of governing data. Without a proper data governance program; however, organizations may face difficulties in meeting these privacy compliance mandates.

The post Financial Data Security: Deep Dive on SOC Reports appeared first on Sonrai Security.

The post Financial Data Security: Deep Dive on SOC Reports appeared first on Security Boulevard.

Read More

The post Financial Data Security: Deep Dive on SOC Reports appeared first on Malware Devil.

https://malwaredevil.com/2021/01/05/financial-data-security-deep-dive-on-soc-reports/?utm_source=rss&utm_medium=rss&utm_campaign=financial-data-security-deep-dive-on-soc-reports

DEF CON 28 Safe Mode Sunday – Christopher Wade’s ‘Beyond Root’

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Permalink

The post DEF CON 28 Safe Mode Sunday – Christopher Wade’s ‘Beyond Root’ appeared first on Security Boulevard.

Read More

The post DEF CON 28 Safe Mode Sunday – Christopher Wade’s ‘Beyond Root’ appeared first on Malware Devil.

https://malwaredevil.com/2021/01/05/def-con-28-safe-mode-sunday-christopher-wades-beyond-root/?utm_source=rss&utm_medium=rss&utm_campaign=def-con-28-safe-mode-sunday-christopher-wades-beyond-root

Tree-Tracker – Auditing a Log Harvest using IOT Edge Connect and node-red

At long last, Blue Water Farm is generating revenue! Around 20 acres of our land consists of dense, mature hardwood of oak, maple, and beech, and we were able to contract to sell 65 maple and 25 oak trees to a logging company. I won’t be retiring from Akamai any time soon from our logging windfall, but it’s nice to see some revenue from our land, and clearing mature trees is a part of good responsible forest management.

The post Tree-Tracker – Auditing a Log Harvest using IOT Edge Connect and node-red appeared first on Security Boulevard.

Read More

The post Tree-Tracker – Auditing a Log Harvest using IOT Edge Connect and node-red appeared first on Malware Devil.

https://malwaredevil.com/2021/01/05/tree-tracker-auditing-a-log-harvest-using-iot-edge-connect-and-node-red/?utm_source=rss&utm_medium=rss&utm_campaign=tree-tracker-auditing-a-log-harvest-using-iot-edge-connect-and-node-red

Nature vs. Nurture Tip 3: Employ SCA With SAST

For this year???s State of Software Security v11 (SOSS) report, we examined how both the ???nature??? of applications and how we ???nurture??? them contribute to the time it takes to close out a security flaw. We found that the ???nature??? of applications ??? like size or age ??? can have a negative effect on how long it takes to remediate a security flaw. But, taking steps to ???nurture??? the security of applications ??? like using multiple application security (AppSec) testing types ??? can have a positive effect on how long it takes to remediate security flaws.

In our first blog, Nature vs. Nurture Tip 1: Use DAST With SAST, we explored how organizations that combine DAST with SAST address 50 percent of their open security findings almost 25 days faster than organizations that only use SAST. In our second blog, Nature vs. Nurture Tip 2: Scan Frequently and Consistently, we addressed the benefits of frequent and consistent scanning by highlighting the SOSS finding that organization that scan their applications at least daily reduced time to remediation by more than a third, closing 50 percent of security flaws in 2 months.

For our third tip, we will explore the importance of software composition analysis (SCA) and how ??? when used in conjunction with static application security testing (SAST) ??? it can shorten the time it takes to address security flaws.

What is SCA and why is it important?

SCA inspects open source code for vulnerabilities. Some assume that open source code is more secure than first-party code because there are ???more eyes on it,??? but that is often not the case. In fact, according to our SOSS report, almost one-third of applications have more security findings in their third-party libraries than in primary code. Given that a typical Java application is 97 percent third-party code, this is a concerning statistic.

Since SCA is the only AppSec testing type that can identify vulnerabilities in open source code, if you don???t employ SCA, you could find yourself victim of a costly breach. In fact, in 2017, Equifax suffered a massive data breach from Apache Struts that compromised the data ??? including Social Security numbers ??? of more than 143 million Americans. Following the breach, Equifax’s stock fell over 13 percent.

How can SCA with SAST shorten time to remediation?

If you are only using static analysis to assess the security of your code, your attack surface is likely bigger than you think. You need to consider third-party code as part of your attack surface, which is only uncovered by using SCA.

By incorporating software composition analysis into your security testing mix, you can find and address more flaws. According to SOSS, organizations that employ ???good??? scanning practices (like SCA with SAST), tend to be more mature and further along in their AppSec journey. And organizations with mature AppSec programs tend to remediate flaws faster. For example, employing SCA with SAST cuts time to remediate 50 percent of security flaws by six days.

For more information on using SCA with SAST, or for additional tips on nurturing your applications, check out our recent State of Software Security report.

ﾂ?

The post Nature vs. Nurture Tip 3: Employ SCA With SAST appeared first on Security Boulevard.

Read More

The post Nature vs. Nurture Tip 3: Employ SCA With SAST appeared first on Malware Devil.

https://malwaredevil.com/2021/01/05/nature-vs-nurture-tip-3-employ-sca-with-sast/?utm_source=rss&utm_medium=rss&utm_campaign=nature-vs-nurture-tip-3-employ-sca-with-sast

VPN usage is increasing, says survey

I won’t reveal my mom’s exact age, but she’s in her late 60s. Other than her phone, my mom doesn’t own or use a computer–but she knows what Zoom is. Not since “Kleenex” has a brand become so pervasive that people use the brand name as a generic term for the product. For my mom, any kind of video call is now a “Zoom.” A FaceTime call, for example, is Zoom. I’ve stopped trying to correct her.

As the world returns to work and school from the unhappiest holiday season of our lifetimes, the majority of us continue to do so remotely. Whether you’re using Zoom, Google Hangouts, or Microsoft Teams, technologies like these will continue to play a central role in the way we get things done for the foreseeable future. As we spend more and more time online, it stands to reason that we will all be exposed to a greater number of online threats (and we are, by the way).

So, what about VPNs?

Here’s why VPNs matter more than ever. A VPN, shorthand for a virtual private network, is a handy tool that allows users to send and receive data as if they were on the same network, for example, someone working from home or taking classes from home as so many of us are at the moment.

For the latest Malwarebytes Labs reader survey we asked “Do you use a VPN?” 2,330 responded and an impressive 36 percent said they now used a VPN. For perspective, ten years ago, only 1.5 percent of Americans used VPNs.

Of those who do not use a VPN, 58 percent said they at least knew what one was. That’s a long way from being the next Zoom, but VPN awareness is starting to change thanks to COVID.

Google Trends shows that searches for “VPN” and “virtual private networks” hit an all time high in March of 2020, just as stay-at-home orders were issued for the majority of the world.

With interest in VPNs rising, what’s preventing some people from actually using one?

Taking a deeper dive into the survey results, most of the people who said they didn’t use a VPN cited cost as the main reason for not using one:

“Peace of mind is important; but, on a limited income, it is difficult to pay out additional funds–especially during this pandemic.”

Some said they didn’t think they needed a VPN, while others still said they didn’t like how VPNs they had tried in the past slowed down their Internet speeds. This may be a legacy thing, as newer technology–like the WireGuard VPN protocol used by Malwarebytes Privacy–tends to deliver speeds faster than traditional VPNs.

Of those who used a VPN, half said they used it all the time. The top five activities for using a VPN were: making purchases online, online banking, sending email or chatting, protecting personal information from hackers, and stopping businesses or advertisers from tracking online activity.

When asked why they used a VPN, the majority of users liked the additional layer of security:

“I value my security and privacy. Having a VPN is essential for doing anything online.”

One respondent provided a useful analogy, likening VPNs to the fence around your house:

“Good fences make for good neighbors.”

As we head into 2021, will my mom casually drop “VPN” into a sentence before year’s end? That remains to be seen, but the results of our latest Malwarebytes Labs reader survey suggests VPNs might get their moment in the sun very soon.

The post VPN usage is increasing, says survey appeared first on Malware Devil.

https://malwaredevil.com/2021/01/05/vpn-usage-is-increasing-says-survey-7/?utm_source=rss&utm_medium=rss&utm_campaign=vpn-usage-is-increasing-says-survey-7

XKCD ‘Depth And Breadth’

via the comic delivery system monikered Randall Munroe resident at XKCD!

Permalink

The post XKCD ‘Depth And Breadth’ appeared first on Security Boulevard.

Read More

The post XKCD ‘Depth And Breadth’ appeared first on Malware Devil.

https://malwaredevil.com/2021/01/05/xkcd-depth-and-breadth/?utm_source=rss&utm_medium=rss&utm_campaign=xkcd-depth-and-breadth

VPN usage is increasing, says survey

I won’t reveal my mom’s exact age, but she’s in her late 60s. Other than her phone, my mom doesn’t own or use a computer–but she knows what Zoom is. Not since “Kleenex” has a brand become so pervasive that people use the brand name as a generic term for the product. For my mom, any kind of video call is now a “Zoom.” A FaceTime call, for example, is Zoom. I’ve stopped trying to correct her.

As the world returns to work and school from the unhappiest holiday season of our lifetimes, the majority of us continue to do so remotely. Whether you’re using Zoom, Google Hangouts, or Microsoft Teams, technologies like these will continue to play a central role in the way we get things done for the foreseeable future. As we spend more and more time online, it stands to reason that we will all be exposed to a greater number of online threats (and we are, by the way).

So, what about VPNs?

Here’s why VPNs matter more than ever. A VPN, shorthand for a virtual private network, is a handy tool that allows users to send and receive data as if they were on the same network, for example, someone working from home or taking classes from home as so many of us are at the moment.

For the latest Malwarebytes Labs reader survey we asked “Do you use a VPN?” 2,330 responded and an impressive 36 percent said they now used a VPN. For perspective, ten years ago, only 1.5 percent of Americans used VPNs.

Of those who do not use a VPN, 58 percent said they at least knew what one was. That’s a long way from being the next Zoom, but VPN awareness is starting to change thanks to COVID.

Google Trends shows that searches for “VPN” and “virtual private networks” hit an all time high in March of 2020, just as stay-at-home orders were issued for the majority of the world.

With interest in VPNs rising, what’s preventing some people from actually using one?

Taking a deeper dive into the survey results, most of the people who said they didn’t use a VPN cited cost as the main reason for not using one:

“Peace of mind is important; but, on a limited income, it is difficult to pay out additional funds–especially during this pandemic.”

Some said they didn’t think they needed a VPN, while others still said they didn’t like how VPNs they had tried in the past slowed down their Internet speeds. This may be a legacy thing, as newer technology–like the WireGuard VPN protocol used by Malwarebytes Privacy–tends to deliver speeds faster than traditional VPNs.

Of those who used a VPN, half said they used it all the time. The top five activities for using a VPN were: making purchases online, online banking, sending email or chatting, protecting personal information from hackers, and stopping businesses or advertisers from tracking online activity.

When asked why they used a VPN, the majority of users liked the additional layer of security:

“I value my security and privacy. Having a VPN is essential for doing anything online.”

One respondent provided a useful analogy, likening VPNs to the fence around your house:

“Good fences make for good neighbors.”

As we head into 2021, will my mom casually drop “VPN” into a sentence before year’s end? That remains to be seen, but the results of our latest Malwarebytes Labs reader survey suggests VPNs might get their moment in the sun very soon.

The post VPN usage is increasing, says survey appeared first on Malware Devil.

https://malwaredevil.com/2021/01/05/vpn-usage-is-increasing-says-survey-6/?utm_source=rss&utm_medium=rss&utm_campaign=vpn-usage-is-increasing-says-survey-6

ESB-2021.0034 – [RedHat] Red Hat: Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0034
                   kernel-rt security and bug fix update
                              5 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel-rt
                   kernel
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Denial of Service -- Existing Account
                   Reduced Security  -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25211  

Reference:         ESB-2020.3775
                   ESB-2020.3710
                   ESB-2020.3592

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:0003
   https://access.redhat.com/errata/RHSA-2021:0004

Comment: This bulletin contains two (2) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update
Advisory ID:       RHSA-2021:0004-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0004
Issue date:        2021-01-04
CVE Names:         CVE-2020-25211 
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time (v. 8) - x86_64
Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in
net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update RT source tree to the RHEL-8.3.z source tree
(BZ#1906140)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1877571 - CVE-2020-25211 kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c
1906140 - kernel-rt: update RT source tree to the RHEL-8.3.z source tree

6. Package List:

Red Hat Enterprise Linux Real Time for NFV (v. 8):

Source:
kernel-rt-4.18.0-240.10.1.rt7.64.el8_3.src.rpm

x86_64:
kernel-rt-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-core-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debug-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debug-core-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debug-devel-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debug-modules-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debuginfo-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-devel-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-kvm-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-modules-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-modules-extra-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm

Red Hat Enterprise Linux Real Time (v. 8):

Source:
kernel-rt-4.18.0-240.10.1.rt7.64.el8_3.src.rpm

x86_64:
kernel-rt-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-core-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debug-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debug-core-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debug-devel-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debug-modules-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debuginfo-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-devel-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-modules-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm
kernel-rt-modules-extra-4.18.0-240.10.1.rt7.64.el8_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25211
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX/Lbe9zjgjWX9erEAQisBw/9EBsQKcPO0wrhUV+0YPtjVebpIKdbhVIo
wh+6CDzokaTYEw4ITKSgAGcWcs65FrFRzJ0ayyc1OJffqE5oQKV305hgVDOX9gq7
kweTcLWvuhUo6tE+58ZFDDZ5EwCaU4LUM/stzn8KKqoLzj1FZrZbZ/3DN90TcPHI
bQ0DX0LIY39q0NGs/RHgoGGbzLpMyTBvrn2shRHpCG31PgPmzuCOhcddOOmE2LtX
L8dDv/rvFKzOrY40BcNpBy2m8Zv8VzBmlTLAa6Hx/d1n3e1zT7bwO9e40xigzJTe
uHx8H73HTtVecltbTa0KG1ruuUN/wkbPDz+U9/jRhlF+f5qbUYwceW/e6I4tRB2X
lyfe4B0v94LzRASw7FWklrrlX6JlH2Kjl1AdsNX4GJxmwKzGODhPrbAsg89IMvA6
Jmi15mIOvrXMvXmHFAHEIO2weAzBMNlmXvvIHV6hajlXC6EecSzpYDsEU0SNcGag
b+4sg+DiwvbUrT8J7cN8iX1IgjtOXFjF+Qf/7VIPYX8Is7Xutw6fWyCP5L2B2v83
oaWs1VNU5mihog6jF+TYiL5KgMBzdNV96dQH8c9imPNdk3wFZ9mxIFR1qmxAZob/
0R3uLE7TWyba5g9cHg+a+BA4UGqJfBh3YJeq+17Aidwrn/shXBIsZaxZk9PpGrrB
Z6xbn7SHlrU=
=KbQw
- -----END PGP SIGNATURE-----

- ------------------------------------------------------------------------------------------------------------
=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2021:0003-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0003
Issue date:        2021-01-04
CVE Names:         CVE-2020-25211 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in
net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* avoid flush_backlog IPI for isolated CPUs by configuring RPS cpumask
(BZ#1883314)

* rngd consumes 100% cpu on rhel-8.3 system in fips mode (BZ#1886192)

* RHEL8.1 - Random memory corruption may occur due to incorrect tlbflush
(BZ#1899208)

* fips mode boot is broken after adding extrng (BZ#1899584)

* pmtu of 1280 for vxlan as bridge port won't work (BZ#1902082)

* rpc task loop with kworker spinning at 100% CPU for 10 minutes when
umount an NFS 4.x share with sec=krb5 triggered by unmount of the NFS share
(BZ#1907667)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1877571 - CVE-2020-25211 kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
kernel-4.18.0-240.10.1.el8_3.src.rpm

aarch64:
bpftool-4.18.0-240.10.1.el8_3.aarch64.rpm
bpftool-debuginfo-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-core-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-cross-headers-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-debug-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-debug-core-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-debug-debuginfo-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-debug-devel-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-debug-modules-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-debug-modules-extra-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-debuginfo-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-devel-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-headers-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-modules-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-modules-extra-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-tools-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-tools-debuginfo-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-tools-libs-4.18.0-240.10.1.el8_3.aarch64.rpm
perf-4.18.0-240.10.1.el8_3.aarch64.rpm
perf-debuginfo-4.18.0-240.10.1.el8_3.aarch64.rpm
python3-perf-4.18.0-240.10.1.el8_3.aarch64.rpm
python3-perf-debuginfo-4.18.0-240.10.1.el8_3.aarch64.rpm

noarch:
kernel-abi-whitelists-4.18.0-240.10.1.el8_3.noarch.rpm
kernel-doc-4.18.0-240.10.1.el8_3.noarch.rpm

ppc64le:
bpftool-4.18.0-240.10.1.el8_3.ppc64le.rpm
bpftool-debuginfo-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-core-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-cross-headers-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-debug-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-debug-core-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-debug-devel-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-debug-modules-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-debuginfo-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-devel-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-headers-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-modules-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-modules-extra-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-tools-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-tools-libs-4.18.0-240.10.1.el8_3.ppc64le.rpm
perf-4.18.0-240.10.1.el8_3.ppc64le.rpm
perf-debuginfo-4.18.0-240.10.1.el8_3.ppc64le.rpm
python3-perf-4.18.0-240.10.1.el8_3.ppc64le.rpm
python3-perf-debuginfo-4.18.0-240.10.1.el8_3.ppc64le.rpm

s390x:
bpftool-4.18.0-240.10.1.el8_3.s390x.rpm
bpftool-debuginfo-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-core-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-cross-headers-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-debug-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-debug-core-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-debug-debuginfo-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-debug-devel-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-debug-modules-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-debug-modules-extra-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-debuginfo-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-devel-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-headers-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-modules-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-modules-extra-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-tools-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-tools-debuginfo-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-zfcpdump-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-zfcpdump-core-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-zfcpdump-devel-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-zfcpdump-modules-4.18.0-240.10.1.el8_3.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-240.10.1.el8_3.s390x.rpm
perf-4.18.0-240.10.1.el8_3.s390x.rpm
perf-debuginfo-4.18.0-240.10.1.el8_3.s390x.rpm
python3-perf-4.18.0-240.10.1.el8_3.s390x.rpm
python3-perf-debuginfo-4.18.0-240.10.1.el8_3.s390x.rpm

x86_64:
bpftool-4.18.0-240.10.1.el8_3.x86_64.rpm
bpftool-debuginfo-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-core-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-cross-headers-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-debug-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-debug-core-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-debug-debuginfo-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-debug-devel-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-debug-modules-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-debug-modules-extra-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-debuginfo-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-devel-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-headers-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-modules-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-modules-extra-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-tools-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-tools-debuginfo-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-tools-libs-4.18.0-240.10.1.el8_3.x86_64.rpm
perf-4.18.0-240.10.1.el8_3.x86_64.rpm
perf-debuginfo-4.18.0-240.10.1.el8_3.x86_64.rpm
python3-perf-4.18.0-240.10.1.el8_3.x86_64.rpm
python3-perf-debuginfo-4.18.0-240.10.1.el8_3.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:
bpftool-debuginfo-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-debug-debuginfo-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-debuginfo-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-tools-debuginfo-4.18.0-240.10.1.el8_3.aarch64.rpm
kernel-tools-libs-devel-4.18.0-240.10.1.el8_3.aarch64.rpm
perf-debuginfo-4.18.0-240.10.1.el8_3.aarch64.rpm
python3-perf-debuginfo-4.18.0-240.10.1.el8_3.aarch64.rpm

ppc64le:
bpftool-debuginfo-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-debuginfo-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-240.10.1.el8_3.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-240.10.1.el8_3.ppc64le.rpm
perf-debuginfo-4.18.0-240.10.1.el8_3.ppc64le.rpm
python3-perf-debuginfo-4.18.0-240.10.1.el8_3.ppc64le.rpm

x86_64:
bpftool-debuginfo-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-debug-debuginfo-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-debuginfo-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-tools-debuginfo-4.18.0-240.10.1.el8_3.x86_64.rpm
kernel-tools-libs-devel-4.18.0-240.10.1.el8_3.x86_64.rpm
perf-debuginfo-4.18.0-240.10.1.el8_3.x86_64.rpm
python3-perf-debuginfo-4.18.0-240.10.1.el8_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25211
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX/LeDtzjgjWX9erEAQjzWA/8CCQwJRJRvQzpR2PwPYgTvGCTedM23DVv
xm9yarI6JfvYZn5b83Z1j5+VvYW5jDfKiHCY+NAsolSYlZXYqOcw2t8HRoKuzSua
XHshH8vReO1RMrWz2ubWY3CTJlVA5g59BzYid/8jWN+WskB98+AIW32x04DxOu9U
UKVl4AyqW7zq3BVOYQjuG/IGLOzX9D/qAqXewj/cgAHCURwq6U2MjtRoGP7njyQ4
xbNGZ2r12sS0iLu4To2P4pqdu/OwxemGnHG+JphUdHYilC+2ePXPxXCaj1h1z/aO
GG4EiEsz/QMyFPf4ESegWpBoaBOFGYuDLp0RbSaGgNt9ZVyKCCrnT6IbvgwUL0+r
WrU7CcsAPrQW3ICFFMwscrYvaYryEasoL+ZJ7WuRZU0WrqhiKdSUIESGVy6kNOPI
7rj3XJY/BILwvHEYGGd6VoAkaQyxVaZZv/V3qvdu8+gEAOEnXCkid8rxKPqyG/U5
GipbqyahQypk8m7EGXCgE7BlJbAoiU2zAAGsCxFD3snYxzS8qW4wCJnCID1iAq4K
5GEzrvWuzovkNBiEn+hfQTDz0yhDl8R3j8RmQgGtoKDQl/w3IWtD1D6bR1uJxwOq
xGgmmdQX+FlaPYkPJas1DmigcXBQnDaS47hGsbK3UGjNKe31ht7Niw35C6/Q3QnZ
RrOHPCHT/NE=
=Ua82
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX/PPNeNLKJtyKPYoAQjqRxAAiQ7pAds4F14nlRB/XG9WUJ0L7YRyyIQn
FSY6qipA0iyuX7bJo0IaFghd6tXysHH97CsIzOO4+6RNPhqJQotcc3MFtW56621D
FN/iNu+H++Pysk0pad0/KPB/0lPh9FwrtQqYjL2ykH2fZfy143MxBkUmO2CbJ8GJ
876Y0Hl6vMevF6BcRSr7lhkBHX+/e/jx4oXhYRNBQQSUJP+Kpx9LpboyNKLGV1E/
bsM7WioIF4eyKKrbs/KOlI1zFYJ1xlUjgO8GLLgKHBJqZZqcUA2zcRYI+ItF+AoB
Xcuu7j87i85/yBPg0jksDUVEOtYDfOlAGAh67OXtFuq0Uw6zKLFGlgmsbWbfDpY0
Ls8orzWqmIQMPbllxwJkLRuRPGih1eLw65H/nIpeqF85kTADZpdQoVHAyFwseo29
gamOyr2l+x8qHEh06+iJqQulkUC9CoZWLha/E/UVP0mceNOh36H8PBvvP3J5wNRe
gpMyzqJdb8rKI5cEU9o5wOFvPfwwXx6kMYFctIoWbH6UZcyEsQIGBIzAk9sTjLPB
IHYJRAXLo+8kIMTsgPrNxjwYJeTcKKUKMNuMHXetEJ11lTRiGK0q09SbVlPYhOxf
vUSadHKvosWn4MnUePdJoOxvHOPOGH8aw3j3kUwXd/mp0tENRWjROudTp2ZDZThK
FFm5uTM/gRo=
=QHcV
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0034 – [RedHat] Red Hat: Multiple Vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/01/05/esb-2021-0034-redhat-red-hat-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0034-redhat-red-hat-multiple-vulnerabilities

ESB-2021.0033 – [Ubuntu] libproxy: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0033
                    USN-4673-1: libproxy vulnerability
                              5 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libproxy
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-26154  

Reference:         ESB-2020.4220
                   ESB-2020.4054
                   ESB-2020.3524

Original Bulletin: 
   https://ubuntu.com/security/notices/USN-4673-1

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4673-1: libproxy vulnerability
04 January 2021

libproxy could be made to crash or execute arbitrary code if it received a specially
crafted file.
Releases

  o Ubuntu 20.10
  o Ubuntu 20.04 LTS
  o Ubuntu 18.04 LTS
  o Ubuntu 16.04 LTS

Packages

  o libproxy - automatic proxy configuration management library

Details

Li Fei discovered that libproxy incorrectly handled certain PAC files.
An attacker could possibly use this issue to cause a crash or execute arbitrary
code.

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 20.10

  o libproxy1v5 - 0.4.15-13ubuntu1.1

Ubuntu 20.04

  o libproxy1v5 - 0.4.15-10ubuntu1.2

Ubuntu 18.04

  o libproxy1v5 - 0.4.15-1ubuntu0.2

Ubuntu 16.04

  o libproxy1v5 - 0.4.11-5ubuntu1.2

In general, a standard system update will make all the necessary changes.

References

  o CVE-2020-26154

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX/PBD+NLKJtyKPYoAQg9SA/+P732HuFKZdwBnu1Hxup+jRfdbeisZzaU
Wt7YK5gf3TFTeJAhy/1GtKvbcjdaquqnSHjOfUTC/WxmapS/+eXiiMfcSM511NbE
u7v26YarsZPqtM9iiInxOaDnEn/DlkowIhQUVFJ0gjlnk6vCRxw7BMd8IcHZiyGO
Tc5iILVG7E9RJEDlBPv/3PtaDTiT8fn4h2/pd5xoVZIIQ8G7ikeCRD7X5mHdsg3A
ZuLFg/W5zi00hEEBJG6JBeZqgOfalDcuXwFRUbRQ0LhSHrQCtClg7nZK2dqCsbTC
WQ3gIx8o+mV1VydeWHJxM33hXKaJiVlaa8anCsuABxAf5U3c1KQRWPWcTHr7V3G7
Iytco4v3uNhZ4MVvwFcyERMSyj0XQq+b7/W8b7PE1ttUi7Mf5ynf0i2qGQXwrky6
3W9uwnqVP2AnCrFoOI4SWiuPi3ies7mqGhGLwDAMTtPcfKA6jWdEiqRzf3kIwnG+
FuyxzNcxhaIPUZdcdvbihAqHwYWm8HJ1HE5sm/AuF78LsKfuyGdW303nOQ4PtHih
gyMW88OA6mN5jxTAum5uvBG0VwLoSyoWWNLVS3EnQFcmFE08yYoVtNxV1EwhBPk4
ga/QvBlL7diydiZ8sMNf1en+LG19oYu+s/cnBzCk+zqCT5mQf5VMnA+JfYOUT5vX
lQSdNAwKq3w=
=UQnf
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0033 – [Ubuntu] libproxy: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/01/05/esb-2021-0033-ubuntu-libproxy-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0033-ubuntu-libproxy-multiple-vulnerabilities

ESB-2021.0032 – [Debian] p11-kit: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0032
                          p11-kit security update
                              5 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           p11-kit
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-29362 CVE-2020-29361 

Reference:         ESB-2021.0015

Original Bulletin: 
   https://www.debian.org/lts/security/2020/dla-2513

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2513-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
January 04, 2021                              https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : p11-kit
Version        : 0.23.3-2+deb9u1
CVE ID         : CVE-2020-29361 CVE-2020-29362

Several memory safety issues affecting the RPC protocol were fixed in 
p11-kit, a library providing a way to load and enumerate PKCS#11 
modules.

CVE-2020-29361

    Multiple integer overflows

CVE-2020-29362

    Heap-based buffer over-read

For Debian 9 stretch, these problems have been fixed in version
0.23.3-2+deb9u1.

We recommend that you upgrade your p11-kit packages.

For the detailed security status of p11-kit please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/p11-kit

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl/yvcAACgkQiNJCh6LY
mLHQXQ//YDgTayEeMTasveCEOlR8dV4EougKZjLYohWCDGlFUVIWPVSqtumYfRUy
DtpHbpKRaKYTv8Kd2+hKzYAvRCWoMM5zx6Bqam8w/LaOT140zeRqI1gAo4XTn9zk
vyXczZaXnGbuaMbyIe4h3kZNfuyJDg3OGwOH3Ygb3UxKJIbsN1EiqD+/DfrtQws0
LakKLTwPjI6oO8ZxM9SCAUAB3QS/eKSnDxGrcElnzU3Mq7dRhiilIuD6DVWRlHmz
7ZWizhF0nCvr8agUnrygJwaBblckA9PghmTm0B7dP8GIK7nC2X/FofM1NWGJTnvG
ORcKFqd4GInSuJ59KKs32FTN9GzhMPmEUWkv22bQkquktRBxi4b/5D0CoqRPJmfp
m11nyzQhXQWe0fgpLCRhM2PFOT6g0esaMkSGXRYvEf0TF3zhbp3zC7XReg6oXUkd
eX5393su0tURg2xIHTxtxv6B8xv1ins27mCLxkGL9a6BHQtleSvYV/80fFjU2Q6j
izp3olcPBjJfyCUTxm90YujVo8xfB0AkXJHu3IQ23E9GmdLmKOtu3osZeYbNgvip
99WcxgmyYv1iuo8u7dj3TvZdKEuga4MWTufd+HVuuYtCLpvzOc7q1sZxBsjq8O9D
dtoLFzZ4T2J0e08rWVk8lQeZSj45/Knp2oIkYJChgCAOYNiW/kI=
=BZW4
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX/PAgeNLKJtyKPYoAQgT4A//YF9lb81NUlsXfcljZUxIGw3OYpWmTtev
/ZSfXkrx6m3bAoxvOKx5fFT2fA6Jd8sV9yUWOn4bTi/fHQ/3GTdaU3sHw9XUvyz0
eEWafoRIxv2xzKZQrV/kp5wCFAQwZQohz/c62fIGTxqmKfsMA5GSh22Q2XHQQpgT
lcnSPp8PVoQYcc7VThfCCact7UHKMLKbQlrNDIdEtElIFC0r0Zmxdrpr6apdZ8JP
fOfxu/IXLEifi8SOwJ5Bh4el3o5F/3GsnsE+CJhiHlA9oZjfHvFsQiPXO96GFHGx
mL0dKwgzI1kZZhb7n/Fqk8cwWOQmu9AUpq8UzMgw1s1Pa81uTPAyHFf95RWJKJn8
0almTG2ma++tQ/ToZsxEmoQ/rmGGRXdzl2sAYUOHp9k488aEzUZKbtCr9M2yFUgG
eFF5S4JAIJThUf8gE0uvxLi9eljUNiFFWUXGAwAwK3C+ObVUikCxRSz5lQ4wlbZs
wPz7wFTtuxdW/sREWUn/thJybhKDkyT7S6atS35SnmXejSA5mcp39zukV2N6QYaS
eBYrqKy7fTu7rueG3X+6PtPHf14fWAuBJf4se0p7lNUrEn1a8rdwVerhJBtuXDbv
bizZZ3QLpb5M3gSaxOFzs/DqkoRvx1PFhrMQ47xHcBC81WEOlNPjXlz4p2/90hCm
jTmT2vbIHCs=
=vxto
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0032 – [Debian] p11-kit: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/01/05/esb-2021-0032-debian-p11-kit-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0032-debian-p11-kit-multiple-vulnerabilities

ESB-2021.0030 – [Win][UNIX/Linux][Debian] csync2: Reduced security – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0030
                          csync2 security update
                              5 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           csync2
Publisher:         Debian
Operating System:  Debian GNU/Linux
                   UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Reduced Security -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-15523  

Original Bulletin: 
   https://www.debian.org/lts/security/2020/dla-2515

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running csync2 check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2515-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
January 04, 2021                              https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : csync2
Version        : 2.0-8-g175a01c-4+deb9u2
CVE ID         : CVE-2019-15523

It was discovered that csync2, a cluster synchronization tool, did
not correctly check for the return value from GnuTLS security
routines. It neglected to repeatedly call this function as required
by the design of the API.

For Debian 9 "Stretch", this problem has been fixed in version
2.0-8-g175a01c-4+deb9u2.

We recommend that you upgrade your csync2 packages.

For the detailed security status of csync2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/csync2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl/zRVEACgkQHpU+J9Qx
HlgKxhAAgVkarFBVRGnaSoe4HsPNoxOjvCRiOc7x29++SNu/9GOApkWeJ/Py4e14
OP4MI/dm0NYKUHZCkLJ74ZxBjXgOAhfPgOHsveGSR60KCjxE2e13ui10s2pQucBG
kUse5bpKPFqW4r1nm5RK1dXj0D16dy+LnMBjWSY4F3xd+wZwQlqiFKETh8IHRgDP
FT8pLD5bPP0sogscUEZbWLjNW6Ia8D+UED/EcpuWIPivdnRNi2p5+aGxcqzd5c6d
Bi6Hr9zAzDGBYEISPTqTzEbvxlehdBWI6iegHCCRIOmj8/mf24lbK6R+ArWvRh7u
4suU9iRDm8DMGX99j0KqwUyyE1W47ERbuBof15/2VIA8Jgl9eOCT+iW2vzMH4xu/
OzSKbvWg/BpZl3wrGgDLz9hKWJob5iYW03KdEy7Q/V3DkSi4YhozLJpGRCwa82D/
KbbVbtStYnU6HuszQcGGphfadtyFxet0YvpYrK3bNF4HEqtIK4ojf4/jmfB5mLOX
C2wc87meV6dNhLJ7o/RKXvhVW0kCKJpXqdOiEE+gJAl1RJeMeZrqB0v5hM0SDyhy
f/fNfDGUusy2tp+XmXwfiNZ6gGLfgp+G107G6C0dW3zowA4psq+Rt+uxXERtkNdN
EM0J3rVySlrIHBN5/aHnL6wBETWbq7sp/54z6NdP9qSFhY5pp1M=
=A5Ec
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX/O/g+NLKJtyKPYoAQigOw/+JWAzh+Ta+Sv4yVHN6KIfrEzjdrtR0Fkz
pwKwlDH9/eaQ/oY7hxIdOq+XX3x6e2SXSOygO5qlY91uYFSsp97O+t8We78S6fx/
nQxAzDGcvtZVeaRveZN6tZoDe6Z25rUYmXACQKXx1mCIDYaArISBZmd55kyJcQIA
dAWK7hZjRuCFhqwsKUB4vOcXiUMt2pyl15MVZsYvfEKZEz08dUwQPYa+/PfiKwIs
6Ypq9nz5uGqGmENrT1GMU84OJHhAYWId0LAhJxyJO1SgAvI4PaIEeuC2+nJbLbYV
MVsP5N6r/siRIGu0QqNkSuEE8i6vWYsqCAxqeGH0hNfC+BA2e6NfhHDBehIiPIGn
BGUxAj+3zrnx3L/OymBgZXI4IZeYydeYxDXMx6T2yOkHak/seJF7S6MOTYf1UzF5
Qp6nC3QhtGRfs3YEWKrGFcAmK6SC9Td4dlTws7iZHxbghlnBxqoQSFEDo1qrm2NB
fKI16nZfjgW9hK0xXKxkuuAaRv34iy35vKnWhATN/bTN4FNsHSD1IY13N2F7s+NW
aBObBat0hNKmE7Njwojtp4sqr3nAafvDEVtWYQ9aSV2CZSNTjx0nu1aLbl7wJXv9
HB7oo0D49YK08VrTyNC98oeoNkkD5Ddrin2nVBvN7Qehx/jOFa2rNd1cEZpEFmUc
tI2V5bCOZB4=
=o83M
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0030 – [Win][UNIX/Linux][Debian] csync2: Reduced security – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/01/05/esb-2021-0030-winunix-linuxdebian-csync2-reduced-security-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0030-winunix-linuxdebian-csync2-reduced-security-remote-unauthenticated

ESB-2021.0031 – [Linux][Debian] gssproxy: Reduced security – Unknown/unspecified

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0031
                         gssproxy security update
                              5 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           gssproxy
Publisher:         Debian
Operating System:  Debian GNU/Linux
                   Linux variants
Impact/Access:     Reduced Security -- Unknown/Unspecified
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-12658  

Original Bulletin: 
   https://www.debian.org/lts/security/2020/dla-2516

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running gssproxy check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2516-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
January 04, 2021                              https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : gssproxy
Version        : 0.5.1-2+deb9u1
CVE ID         : CVE-2020-12658
Debian Bug     : #978931

It was discovered that there was an issue in the gssproxy privilege
separation caused by gssproxy not unlocking cond_mutex prior to
calling pthread_exit.

For Debian 9 "Stretch", this problem has been fixed in version
0.5.1-2+deb9u1.

We recommend that you upgrade your gssproxy packages.

For the detailed security status of gssproxy please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gssproxy

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl/zSxgACgkQHpU+J9Qx
Hlh23Q//eT5ogQbs5KnJAXnQ78XNapJY0cNNjNmZBfWKMKy5EAwGvOgNxuRN/uoj
/Dey1NNJrkaIeTGf3+6mCa2p28/KBSrMvBUFZLc/O42+xe7/LdgMbw2Cp3/5e8gf
iDasUeAfb0ERLE2gHNeSYKmnjDzDM2SU9opKrI03DLEP4TD+OmJzuKDDD/tUZaEI
2QRGz/FpW4rK82InWSjuNx2aBD2LO7o8nbKa7YG169w+OAxw0W2H+yn2jjSUUKrQ
r8I1RSeFcpMmw0vpBEpppJ3qqzsfqtQVWR27vidACrcRoQyyrBgZhqOcQ+FzyIz4
k1Ku5Sbi54rDCqrd0eBpXXNWTE7QT3GakJ1GynzMitStQsKTUb47Ngsujcq99UI0
fk+mlivROGk8m8Bz5f6hMG4k56ythxhhqC+r88WvlV+AfObyaS4jBMDIQTitpEKo
FFH7ATsFX05343j5j7l2Rp3MdeENZrkCZSvNkUNdkouP3rjRZcdmZoNYu3XjAhC7
5lKOVN5Ekp6TAuu8sFh/ICVidhlUH1eI8k1sfJny25tVCEmX/xJn3mC0flSQ5Gvk
y6hh3o+du3Wpm0XXGYFfZd6nuMi9ZLt3W8vXG8BTDAhuM3Ly7+5gsABvWJiFulu/
20GnmRcVP5R08WQVBod7tKptAQ8dhQFN/hbD0c2gol8/TIaejog=
=uaqV
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX/PABuNLKJtyKPYoAQhYCxAAqFlC4s2N2Ar/HsBwjgpii4Lh2FcYOcJF
NKyezYsOUHZ3AC6xdHZpGGCT4b+YtaFVXSxOh4MF59ZrRmx6Ndbs3lMgzp2Sra8O
Op+uFSzk8cLuhzmg6R6nmCiX67+QZWCa9zPE2oXW+gsEEM5Q0tww1dWDyCASOJON
al7GaAiJTBOoBjlahBPP3cvaayk/iUHmw8tKhWa1jO24IDEr4k30YLaS2LE1LJtv
KtpigyBO9zhJ0eVaNyLnhxu46/IHQrBmvvyV7fzZe0KM3PmOTmlS86FMwC9mW6rB
u5Dcz++1Ckq1Ba5lIe3s4aHTn39cMyXFgOln7q9eOvHpFHsfdckag1qgBBBrJyls
kjuwgp3A639GIObyQA3R25xG6gOzJR0NZdX1+3V3beQup4qCcaelV9x8eTU0To9+
k3s11NFfgmq+uZNzIM3RPicNP09ekBlstREWJlEgtHttfN05loGmr7Jb1k6ujU17
Kz87TgSYyXdfDkmepEBkJH8UzCwGKAf3eoyDoPwXDm9bkq+SdH4K0pLvAMrlYPdz
IoKTinYpMGDuK1ipvMQRWPmZBRp4OTgx+uhLpsbwtcHsFSfz9SX5bb5bP3jDvUFN
iEluM05/MrsdppaxJw2vztgNvRTDZyY8fqfNYF/PmuHLL4yERbL7PCTvF7USmfKm
uaHrdG7sfmo=
=mGxj
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0031 – [Linux][Debian] gssproxy: Reduced security – Unknown/unspecified appeared first on Malware Devil.

https://malwaredevil.com/2021/01/05/esb-2021-0031-linuxdebian-gssproxy-reduced-security-unknown-unspecified/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0031-linuxdebian-gssproxy-reduced-security-unknown-unspecified

Network Security News Summary for Tuesday January 5 2021

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

The post Network Security News Summary for Tuesday January 5 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/01/05/network-security-news-summary-for-tuesday-january-5-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-tuesday-january-5-2021

Zyxel Hardcoded Backdoor Account Vulnerability

The post Zyxel Hardcoded Backdoor Account Vulnerability appeared first on Digital Defense, Inc..

The post Zyxel Hardcoded Backdoor Account Vulnerability appeared first on Security Boulevard.

Read More

The post Zyxel Hardcoded Backdoor Account Vulnerability appeared first on Malware Devil.

https://malwaredevil.com/2021/01/05/zyxel-hardcoded-backdoor-account-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=zyxel-hardcoded-backdoor-account-vulnerability

Ransomware Gang Collects Data from Blood Testing Lab

Apex Laboratory patient data was lifted and posted on a leak site.
Read More

The post Ransomware Gang Collects Data from Blood Testing Lab appeared first on Malware Devil.

https://malwaredevil.com/2021/01/04/ransomware-gang-collects-data-from-blood-testing-lab/?utm_source=rss&utm_medium=rss&utm_campaign=ransomware-gang-collects-data-from-blood-testing-lab

Researcher Breaks reCAPTCHA With Google’s Speech-to-Text API

Researcher uses an old unCAPTCHA trick against latest the audio version of reCAPTCHA, with a 97 percent success rate.
Read More

The post Researcher Breaks reCAPTCHA With Google’s Speech-to-Text API appeared first on Malware Devil.

https://malwaredevil.com/2021/01/04/researcher-breaks-recaptcha-with-googles-speech-to-text-api/?utm_source=rss&utm_medium=rss&utm_campaign=researcher-breaks-recaptcha-with-googles-speech-to-text-api

Microsoft Source Code Exposed: What We Know & What It Means

Microsoft says there is no increase in security risk; however, experts say access to source code could make some steps easier for attackers.

Microsoft confirmed last week that attackers were able to view some of its source code, which it found during an ongoing investigation of the SolarWinds breach. While its threat-modeling approach mitigates the risk of viewing code, many questions remain that could determine the severity of this attack.

In a blog post published on Dec. 31, 2020, officials said Microsoft has not found evidence of access to production services or customer data, nor has it discovered that its systems were used to attack other companies. The company has not found indications of common tactics, techniques, and procedures (TTPs) linked to abuse of forged SAML tokens against its corporate domains.

It did find an internal account had been used to view source code in “a number of code repositories,” according to the blog post, from the Microsoft Security Response Center (MSRC). This activity was unearthed when investigators noticed unusual activity with a small number of internal accounts, the post explains, and the affected account didn’t have permissions to change any code or engineering systems. The accounts were investigated and remediated, officials noted.

The news began to generate attention in the security community, and with good reason: Microsoft’s software is among the most widely deployed in the world, and organizations of all sizes rely on the company’s products and services. It’s an appealing target, in particular among advanced attackers like those behind the SolarWinds incident.

“It’s something they can’t access themselves, and there’s a lot of assumption that there’s super-secret things there that are going to compromise [their] security,” says Jake Williams, founder and president of Rendition Infosec, regarding why businesses might understandably panic at the news.

While it’s certainly concerning, and we don’t know the full extent of what attackers could see, Microsoft’s threat-modeling strategy assumes attackers already have some knowledge of its source code. This “inner source” approach adopts practices from open source software development and culture, and it doesn’t rely on the secrecy of source code for product security.

“There are a lot of software vendors, and security vendors, that rely on the secrecy of their code to ensure security of applications,” Williams explains. Microsoft made a big push for secure software development in Windows Vista. It didn’t make the decision to open source the code but designed it with the assumption that could possibly happen someday. Source code is viewable within Microsoft, and viewing the source code isn’t tied to heightened security risk.

“If the code is all publicly released, there should not be new vulnerabilities discovered purely because that occurs,” Williams adds.

Microsoft’s practice isn’t common; for most organizations, the process of adopting the same approach and revamping their existing code base is too much work. However, Microsoft is a big enough target, with people regularly reverse engineering its code, that it makes sense.

While attackers were only able to view the source code, and not edit or change it, this level of access could prove helpful with some things — for example, writing rootkits. Microsoft, which did not provide additional detail for this story beyond its blog post, has not confirmed which source code was accessed and how that particular source code could prove helpful to an attacker.

It’s one of many questions that remain following Microsoft’s update. What have the attackers already seen? Where was the affected code? Were the attackers able to access an account that allowed them to alter source code? There is still much we don’t know regarding this intrusion.

This “inner source” approach still creates risk, writes Andrew Fife, vice president of marketing at Cycode, in a blog post on the news. Modern applications include microservices, libraries, APIs, and SDKs that often require authentication to deliver a core service. It’s common for developers to write this data into source code with the assumption only insiders can see them.

“While Microsoft claims their ‘threat models assume that attackers have knowledge of source code,’ it would be far more reassuring if they directly addressed whether or not the breached code contained secrets,” he writes. In the same way source code is a software company’s IP, Fife adds, it can also be used to help reverse engineer and exploit an application.

This is an ongoing investigation, and we will continue to provide updates as they are known. In the meantime, Williams advises organizations to continue applying security patches as usual and stick with the infosec basics: review trust relationships, check your logging posture, and adopt the principles of least privilege and zero trust.

“Supply chain attacks are really difficult to defend against, and it really comes back to infosec foundations,” he says. “If your model of protecting against an attack is ‘give me an indicator of compromise and I will block that indicator,’ that’s ’90s thinking.”

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Achieve Continuous Testing with Intelligent Test Automation, Powered by AI

More Webcasts

White Papers

Simplify Your Application Security

Cloud Security Blind Spots: How to Detect and Fix Cloud Misconfigurations

More White Papers

Reports

The Malware Threat Landscape

2020 State of DevOps Report

More Reports

The post Microsoft Source Code Exposed: What We Know & What It Means appeared first on Malware Devil.

https://malwaredevil.com/2021/01/04/microsoft-source-code-exposed-what-we-know-what-it-means/?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-source-code-exposed-what-we-know-what-it-means

6 Security Concerns, 3 Steps, & 10 Skills – BSW #201

In the leadership and communications section, 6 board of directors security concerns every CISO should be prepared to address, Four ways to improve the relationship between security and IT, CISO playbook: 3 steps to breaking in a new boss, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw201

The post 6 Security Concerns, 3 Steps, & 10 Skills – BSW #201 appeared first on Malware Devil.

https://malwaredevil.com/2021/01/04/6-security-concerns-3-steps-10-skills-bsw-201/?utm_source=rss&utm_medium=rss&utm_campaign=6-security-concerns-3-steps-10-skills-bsw-201

CISO Stories – Cybersecurity Leadership 2021 – Todd Fitzgerald – BSW #201

Up Your game with the CISO STORIES Podcast! If anything this past year has taught us is that we can not go on our own, and leveraging the experiences from other CISOs is critical to our success. Join Todd as he introduces a new Podcast featuring actionable lessons from top-notch CISOs and Cybersecurity Leaders.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw201

The post CISO Stories – Cybersecurity Leadership 2021 – Todd Fitzgerald – BSW #201 appeared first on Malware Devil.

https://malwaredevil.com/2021/01/04/ciso-stories-cybersecurity-leadership-2021-todd-fitzgerald-bsw-201/?utm_source=rss&utm_medium=rss&utm_campaign=ciso-stories-cybersecurity-leadership-2021-todd-fitzgerald-bsw-201