ESB-2021.1250 – [Ubuntu] Linux kernel: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1250
                 USN-4907-1: Linux kernel vulnerabilities
                               14 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux kernel
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
                   Unauthorised Access             -- Existing Account
                   Reduced Security                -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-26931 CVE-2021-26930 CVE-2021-20268
                   CVE-2021-20239 CVE-2021-20194 CVE-2021-3348
                   CVE-2021-3347 CVE-2021-3178 CVE-2018-13095

Reference:         ESB-2021.1228
                   ESB-2021.1101
                   ESB-2021.0920

Original Bulletin: 
   https://ubuntu.com/security/notices/USN-4907-1
   https://ubuntu.com/security/notices/USN-4909-1
   https://ubuntu.com/security/notices/USN-4910-1

Comment: This bulletin contains three (3) Ubuntu security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4907-1: Linux kernel vulnerabilities
13 April 2021

Several security issues were fixed in the Linux kernel.
Releases

  o Ubuntu 18.04 LTS
  o Ubuntu 16.04 LTS
  o Ubuntu 14.04 ESM

Packages

  o linux - Linux kernel
  o linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  o linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems
  o linux-azure - Linux kernel for Microsoft Azure Cloud systems
  o linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems
  o linux-dell300x - Linux kernel for Dell 300x platforms
  o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  o linux-gcp-4.15 - Linux kernel for Google Cloud Platform (GCP) systems
  o linux-kvm - Linux kernel for cloud environments
  o linux-oracle - Linux kernel for Oracle Cloud systems
  o linux-raspi2 - Linux kernel for Raspberry Pi (V8) systems
  o linux-snapdragon - Linux kernel for Qualcomm Snapdragon processors

Details

Wen Xu discovered that the xfs file system implementation in the Linux
kernel did not properly validate the number of extents in an inode. An
attacker could use this to construct a malicious xfs image that, when
mounted, could cause a denial of service (system crash). ( CVE-2018-13095 )

It was discovered that the priority inheritance futex implementation in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. ( CVE-2021-3347 )

It was discovered that the network block device (nbd) driver in the Linux
kernel contained a use-after-free vulnerability during device setup. A
local attacker with access to the nbd device could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
( CVE-2021-3348 )

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 18.04

  o linux-image-powerpc-e500mc - 4.15.0.141.128
  o linux-image-4.15.0-1098-aws - 4.15.0-1098.105
  o linux-image-gcp-lts-18.04 - 4.15.0.1097.115
  o linux-image-aws-lts-18.04 - 4.15.0.1098.101
  o linux-image-oracle-lts-18.04 - 4.15.0.1069.79
  o linux-image-virtual - 4.15.0.141.128
  o linux-image-4.15.0-1089-kvm - 4.15.0-1089.91
  o linux-image-4.15.0-1100-snapdragon - 4.15.0-1100.109
  o linux-image-snapdragon - 4.15.0.1100.103
  o linux-image-4.15.0-141-lowlatency - 4.15.0-141.145
  o linux-image-powerpc64-emb - 4.15.0.141.128
  o linux-image-4.15.0-1083-raspi2 - 4.15.0-1083.88
  o linux-image-dell300x - 4.15.0.1016.18
  o linux-image-4.15.0-1069-oracle - 4.15.0-1069.77
  o linux-image-generic - 4.15.0.141.128
  o linux-image-4.15.0-1112-azure - 4.15.0-1112.125
  o linux-image-4.15.0-1016-dell300x - 4.15.0-1016.20
  o linux-image-kvm - 4.15.0.1089.85
  o linux-image-raspi2 - 4.15.0.1083.80
  o linux-image-azure-lts-18.04 - 4.15.0.1112.85
  o linux-image-powerpc-smp - 4.15.0.141.128
  o linux-image-4.15.0-141-generic-lpae - 4.15.0-141.145
  o linux-image-generic-lpae - 4.15.0.141.128
  o linux-image-4.15.0-141-generic - 4.15.0-141.145
  o linux-image-powerpc64-smp - 4.15.0.141.128
  o linux-image-4.15.0-1097-gcp - 4.15.0-1097.110
  o linux-image-lowlatency - 4.15.0.141.128

Ubuntu 16.04

  o linux-image-gke - 4.15.0.1097.98
  o linux-image-oracle - 4.15.0.1069.57
  o linux-image-4.15.0-1098-aws - 4.15.0-1098.105~16.04.1
  o linux-image-4.15.0-1069-oracle - 4.15.0-1069.77~16.04.1
  o linux-image-gcp - 4.15.0.1097.98
  o linux-image-4.15.0-1112-azure - 4.15.0-1112.124~16.04.1
  o linux-image-4.15.0-1097-gcp - 4.15.0-1097.110~16.04.1
  o linux-image-azure - 4.15.0.1112.103
  o linux-image-aws-hwe - 4.15.0.1098.91

Ubuntu 14.04

  o linux-image-azure - 4.15.0.1112.85
  o linux-image-4.15.0-1112-azure - 4.15.0-1112.124~14.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

  o CVE-2021-3347
  o CVE-2021-3348
  o CVE-2018-13095

Related notices

  o USN-4904-1 : linux-image-4.4.0-1154-snapdragon, linux-raspi2,
    linux-image-raspi2, linux-image-aws, linux-image-4.4.0-1126-aws,
    linux-image-4.4.0-208-lowlatency, linux-image-lowlatency-lts-xenial,
    linux-image-4.4.0-1150-raspi2, linux-image-4.4.0-208-powerpc64-smp,
    linux-image-generic-lpae-lts-xenial, linux-image-generic-lts-xenial,
    linux-image-snapdragon, linux-lts-xenial, linux-image-virtual-lts-xenial,
    linux-image-powerpc64-emb, linux-kvm, linux-image-virtual,
    linux-image-4.4.0-208-powerpc64-emb, linux-image-4.4.0-1090-aws, linux-aws,
    linux-image-4.4.0-208-generic, linux-image-powerpc64-smp,
    linux-image-4.4.0-208-powerpc-e500mc, linux-image-generic,
    linux-image-4.4.0-208-powerpc-smp, linux-image-powerpc-smp,
    linux-image-powerpc-e500mc, linux-snapdragon, linux,
    linux-image-lowlatency, linux-image-kvm,
    linux-image-4.4.0-208-generic-lpae, linux-image-4.4.0-1091-kvm,
    linux-image-generic-lpae
  o USN-4910-1 : linux-image-5.8.0-1025-oracle, linux-image-generic-hwe-20.04,
    linux-hwe-5.8, linux-gcp, linux-image-5.8.0-49-generic, linux-image-aws,
    linux-image-5.8.0-1020-raspi-nolpae, linux-image-5.8.0-49-generic-64k,
    linux-image-raspi-nolpae, linux-image-5.8.0-1027-azure,
    linux-image-generic-64k, linux-image-gke, linux-image-virtual-hwe-20.04,
    linux-image-5.8.0-1028-aws, linux-image-azure, linux-image-generic-lpae,
    linux-kvm, linux-image-virtual, linux-aws,
    linux-image-5.8.0-49-generic-lpae, linux-image-5.8.0-1020-raspi,
    linux-image-5.8.0-49-lowlatency, linux-image-generic, linux-oracle,
    linux-image-generic-lpae-hwe-20.04, linux-image-generic-64k-hwe-20.04,
    linux-image-5.8.0-1023-kvm, linux-raspi, linux-image-oracle,
    linux-image-gcp, linux, linux-image-lowlatency, linux-image-kvm,
    linux-image-raspi, linux-azure, linux-image-lowlatency-hwe-20.04,
    linux-image-oem-20.04, linux-image-5.8.0-1027-gcp
  o USN-4878-1 : linux-image-5.4.0-1039-oracle, linux-gcp, linux-image-raspi2,
    linux-image-aws, linux-raspi-5.4, linux-azure-5.4, linux-image-oem-osp1,
    linux-image-raspi-hwe-18.04, linux-image-snapdragon-hwe-18.04,
    linux-hwe-5.4, linux-image-azure, linux-kvm, linux-image-virtual,
    linux-image-5.4.0-1039-aws, linux-image-5.4.0-67-generic,
    linux-image-generic-lpae-hwe-18.04, linux-image-azure-edge,
    linux-image-5.4.0-1034-kvm, linux-aws, linux-image-generic, linux-oracle,
    linux-image-gcp-edge, linux-image-virtual-hwe-18.04, linux-image-gkeop,
    linux-raspi, linux-image-gke-5.4, linux-image-oracle, linux-image-aws-edge,
    linux-gcp-5.4, linux-aws-5.4, linux-image-gcp, linux, linux-gkeop-5.4,
    linux-image-5.4.0-1041-azure, linux-image-5.4.0-1037-gke,
    linux-image-5.4.0-67-generic-lpae, linux-image-lowlatency, linux-image-kvm,
    linux-image-5.4.0-1011-gkeop, linux-image-raspi,
    linux-image-5.4.0-67-lowlatency, linux-image-5.4.0-1030-raspi,
    linux-oracle-5.4, linux-azure, linux-gke-5.4,
    linux-image-generic-hwe-18.04, linux-image-5.4.0-1038-gcp,
    linux-image-gkeop-5.4, linux-image-oem, linux-gkeop,
    linux-image-lowlatency-hwe-18.04, linux-image-generic-lpae
  o USN-4909-1 : linux-gcp, linux-image-5.4.0-71-generic, linux-image-raspi2,
    linux-image-aws, linux-raspi-5.4, linux-azure-5.4, linux-image-oem-osp1,
    linux-image-5.4.0-1042-oracle, linux-image-raspi-hwe-18.04,
    linux-image-5.4.0-1040-gke, linux-image-snapdragon-hwe-18.04,
    linux-image-5.4.0-1044-azure, linux-hwe-5.4, linux-image-azure,
    linux-image-5.4.0-71-generic-lpae, linux-kvm, linux-image-5.4.0-1037-kvm,
    linux-image-virtual, linux-image-generic-lpae-hwe-18.04, linux-aws,
    linux-image-generic, linux-oracle, linux-image-5.4.0-1013-gkeop,
    linux-image-virtual-hwe-18.04, linux-image-gkeop, linux-raspi,
    linux-image-gke-5.4, linux-image-oracle, linux-image-gcp, linux-gcp-5.4,
    linux-aws-5.4, linux, linux-gkeop-5.4, linux-image-5.4.0-1041-gcp,
    linux-image-5.4.0-1043-aws, linux-image-5.4.0-1033-raspi,
    linux-image-lowlatency, linux-image-kvm, linux-oracle-5.4,
    linux-image-raspi, linux-azure, linux-gke-5.4,
    linux-image-generic-hwe-18.04, linux-image-gkeop-5.4, linux-image-oem,
    linux-gkeop, linux-image-lowlatency-hwe-18.04,
    linux-image-5.4.0-71-lowlatency, linux-image-generic-lpae
  o USN-4884-1 : linux-image-5.10.0-1017-oem, linux-oem-5.10,
    linux-image-oem-20.04b


- --------------------------------------------------------------------------------


USN-4909-1: Linux kernel vulnerabilities
13 April 2021

Several security issues were fixed in the Linux kernel.
Releases

  o Ubuntu 20.04 LTS
  o Ubuntu 18.04 LTS

Packages

  o linux - Linux kernel
  o linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  o linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems
  o linux-azure - Linux kernel for Microsoft Azure Cloud systems
  o linux-azure-5.4 - Linux kernel for Microsoft Azure cloud systems
  o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  o linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems
  o linux-gke-5.4 - Linux kernel for Google Container Engine (GKE) systems
  o linux-gkeop - Linux kernel for Google Container Engine (GKE) systems
  o linux-gkeop-5.4 - Linux kernel for Google Container Engine (GKE) systems
  o linux-hwe-5.4 - Linux hardware enablement (HWE) kernel
  o linux-kvm - Linux kernel for cloud environments
  o linux-oracle - Linux kernel for Oracle Cloud systems
  o linux-oracle-5.4 - Linux kernel for Oracle Cloud systems
  o linux-raspi - Linux kernel for Raspberry Pi (V8) systems
  o linux-raspi-5.4 - Linux kernel for Raspberry Pi (V8) systems

Details

Loris Reiff discovered that the BPF implementation in the Linux kernel did
not properly validate attributes in the getsockopt BPF hook. A local
attacker could possibly use this to cause a denial of service (system
crash). ( CVE-2021-20194 )

Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schonherr
discovered that the Xen paravirtualization backend in the Linux kernel did
not properly propagate errors to frontend drivers in some situations. An
attacker in a guest VM could possibly use this to cause a denial of service
(host domain crash). ( CVE-2021-26930 )

Jan Beulich discovered that multiple Xen backends in the Linux kernel did
not properly handle certain error conditions under paravirtualization. An
attacker in a guest VM could possibly use this to cause a denial of service
(host domain crash). ( CVE-2021-26931 )

It was discovered that the network block device (nbd) driver in the Linux
kernel contained a use-after-free vulnerability during device setup. A
local attacker with access to the nbd device could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
( CVE-2021-3348 )

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 20.04

  o linux-image-5.4.0-1037-kvm - 5.4.0-1037.38
  o linux-image-gkeop-5.4 - 5.4.0.1013.16
  o linux-image-5.4.0-1043-aws - 5.4.0-1043.45
  o linux-image-5.4.0-71-generic - 5.4.0-71.79
  o linux-image-oem-osp1 - 5.4.0.71.74
  o linux-image-oracle - 5.4.0.1042.39
  o linux-image-azure - 5.4.0.1044.42
  o linux-image-5.4.0-71-lowlatency - 5.4.0-71.79
  o linux-image-gkeop - 5.4.0.1013.16
  o linux-image-virtual - 5.4.0.71.74
  o linux-image-5.4.0-1042-oracle - 5.4.0-1042.45
  o linux-image-generic - 5.4.0.71.74
  o linux-image-raspi - 5.4.0.1033.68
  o linux-image-5.4.0-1013-gkeop - 5.4.0-1013.14
  o linux-image-5.4.0-71-generic-lpae - 5.4.0-71.79
  o linux-image-oem - 5.4.0.71.74
  o linux-image-5.4.0-1041-gcp - 5.4.0-1041.44
  o linux-image-aws - 5.4.0.1043.44
  o linux-image-kvm - 5.4.0.1037.35
  o linux-image-raspi2 - 5.4.0.1033.68
  o linux-image-5.4.0-1033-raspi - 5.4.0-1033.36
  o linux-image-generic-lpae - 5.4.0.71.74
  o linux-image-gcp - 5.4.0.1041.50
  o linux-image-5.4.0-1044-azure - 5.4.0-1044.46
  o linux-image-lowlatency - 5.4.0.71.74

Ubuntu 18.04

  o linux-image-gkeop-5.4 - 5.4.0.1013.14~18.04.14
  o linux-image-5.4.0-1043-aws - 5.4.0-1043.45~18.04.1
  o linux-image-5.4.0-1040-gke - 5.4.0-1040.42~18.04.1
  o linux-image-5.4.0-71-generic - 5.4.0-71.79~18.04.1
  o linux-image-oem-osp1 - 5.4.0.71.79~18.04.64
  o linux-image-oracle - 5.4.0.1042.45~18.04.24
  o linux-image-generic-hwe-18.04 - 5.4.0.71.79~18.04.64
  o linux-image-azure - 5.4.0.1044.24
  o linux-image-5.4.0-71-lowlatency - 5.4.0-71.79~18.04.1
  o linux-image-snapdragon-hwe-18.04 - 5.4.0.71.79~18.04.64
  o linux-image-generic-lpae-hwe-18.04 - 5.4.0.71.79~18.04.64
  o linux-image-5.4.0-1042-oracle - 5.4.0-1042.45~18.04.1
  o linux-image-5.4.0-1013-gkeop - 5.4.0-1013.14~18.04.1
  o linux-image-lowlatency-hwe-18.04 - 5.4.0.71.79~18.04.64
  o linux-image-5.4.0-71-generic-lpae - 5.4.0-71.79~18.04.1
  o linux-image-virtual-hwe-18.04 - 5.4.0.71.79~18.04.64
  o linux-image-gke-5.4 - 5.4.0.1040.42~18.04.7
  o linux-image-oem - 5.4.0.71.79~18.04.64
  o linux-image-5.4.0-1041-gcp - 5.4.0-1041.44~18.04.1
  o linux-image-aws - 5.4.0.1043.26
  o linux-image-5.4.0-1033-raspi - 5.4.0-1033.36~18.04.1
  o linux-image-raspi-hwe-18.04 - 5.4.0.1033.35
  o linux-image-gcp - 5.4.0.1041.28
  o linux-image-5.4.0-1044-azure - 5.4.0-1044.46~18.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

  o CVE-2021-26930
  o CVE-2021-20194
  o CVE-2021-3348
  o CVE-2021-26931

Related notices

  o USN-4910-1 : linux-image-oracle, linux, linux-image-gke, linux-image-aws,
    linux-image-5.8.0-49-generic, linux-image-5.8.0-49-generic-lpae,
    linux-image-azure, linux-image-generic-hwe-20.04,
    linux-image-5.8.0-1020-raspi, linux-image-gcp,
    linux-image-5.8.0-1020-raspi-nolpae, linux-image-generic-64k-hwe-20.04,
    linux-image-generic-lpae-hwe-20.04, linux-oracle,
    linux-image-5.8.0-49-generic-64k, linux-image-generic-lpae, linux-hwe-5.8,
    linux-image-5.8.0-49-lowlatency, linux-image-5.8.0-1025-oracle,
    linux-image-generic-64k, linux-image-generic, linux-image-oem-20.04,
    linux-image-raspi-nolpae, linux-raspi, linux-gcp, linux-image-raspi,
    linux-aws, linux-image-virtual-hwe-20.04, linux-image-kvm,
    linux-image-5.8.0-1028-aws, linux-image-lowlatency-hwe-20.04,
    linux-image-5.8.0-1023-kvm, linux-azure, linux-image-lowlatency, linux-kvm,
    linux-image-5.8.0-1027-gcp, linux-image-5.8.0-1027-azure,
    linux-image-virtual
  o USN-4907-1 : linux-image-powerpc-e500mc, linux-image-oracle,
    linux-azure-4.15, linux, linux-image-azure-lts-18.04, linux-image-dell300x,
    linux-image-aws-hwe, linux-image-gke, linux-image-4.15.0-141-lowlatency,
    linux-gcp-4.15, linux-aws-hwe, linux-image-4.15.0-1016-dell300x,
    linux-raspi2, linux-image-azure, linux-image-oracle-lts-18.04,
    linux-image-gcp-lts-18.04, linux-image-4.15.0-141-generic-lpae,
    linux-image-gcp, linux-image-aws-lts-18.04, linux-oracle,
    linux-image-4.15.0-141-generic, linux-image-generic-lpae,
    linux-image-powerpc-smp, linux-image-4.15.0-1069-oracle, linux-dell300x,
    linux-image-4.15.0-1083-raspi2, linux-image-generic,
    linux-image-snapdragon, linux-image-4.15.0-1089-kvm, linux-gcp, linux-aws,
    linux-image-kvm, linux-image-4.15.0-1112-azure, linux-azure,
    linux-image-raspi2, linux-snapdragon, linux-image-4.15.0-1098-aws,
    linux-image-lowlatency, linux-kvm, linux-image-powerpc64-smp,
    linux-image-powerpc64-emb, linux-image-virtual,
    linux-image-4.15.0-1097-gcp, linux-image-4.15.0-1100-snapdragon
  o USN-4884-1 : linux-oem-5.10, linux-image-5.10.0-1017-oem,
    linux-image-oem-20.04b
  o USN-4879-1 : linux-image-oracle, linux, linux-image-gke,
    linux-image-5.8.0-45-lowlatency, linux-image-5.8.0-1025-aws,
    linux-image-aws, linux-image-azure, linux-image-generic-hwe-20.04,
    linux-image-5.8.0-45-generic-lpae, linux-image-gcp,
    linux-image-generic-64k-hwe-20.04, linux-image-generic-lpae-hwe-20.04,
    linux-image-5.8.0-1017-raspi, linux-oracle, linux-image-generic-lpae,
    linux-hwe-5.8, linux-image-5.8.0-1024-azure, linux-image-oem-20.04,
    linux-image-generic-64k, linux-image-generic, linux-image-raspi-nolpae,
    linux-image-5.8.0-45-generic, linux-raspi, linux-gcp, linux-image-raspi,
    linux-aws, linux-image-virtual-hwe-20.04, linux-image-5.8.0-1020-kvm,
    linux-image-5.8.0-1022-oracle, linux-image-kvm,
    linux-image-5.8.0-45-generic-64k, linux-image-lowlatency-hwe-20.04,
    linux-azure, linux-image-5.8.0-1017-raspi-nolpae, linux-image-lowlatency,
    linux-kvm, linux-image-5.8.0-1024-gcp, linux-image-virtual
  o USN-4904-1 : linux-image-virtual, linux-image-powerpc-e500mc, linux,
    linux-image-generic-lpae-lts-xenial, linux-image-aws,
    linux-image-lowlatency-lts-xenial, linux-image-virtual-lts-xenial,
    linux-raspi2, linux-image-4.4.0-1154-snapdragon,
    linux-image-4.4.0-208-powerpc-smp, linux-image-4.4.0-208-powerpc-e500mc,
    linux-image-4.4.0-1126-aws, linux-image-4.4.0-1091-kvm,
    linux-image-4.4.0-1090-aws, linux-image-generic-lpae,
    linux-image-powerpc-smp, linux-image-4.4.0-208-powerpc64-smp,
    linux-image-snapdragon, linux-image-generic, linux-lts-xenial, linux-aws,
    linux-image-generic-lts-xenial, linux-image-kvm,
    linux-image-4.4.0-208-generic, linux-image-4.4.0-1150-raspi2,
    linux-image-raspi2, linux-snapdragon, linux-image-lowlatency, linux-kvm,
    linux-image-4.4.0-208-generic-lpae, linux-image-powerpc64-smp,
    linux-image-4.4.0-208-powerpc64-emb, linux-image-powerpc64-emb,
    linux-image-4.4.0-208-lowlatency


- --------------------------------------------------------------------------------


USN-4910-1: Linux kernel vulnerabilities
13 April 2021

Several security issues were fixed in the Linux kernel.
Releases

  o Ubuntu 20.10
  o Ubuntu 20.04 LTS

Packages

  o linux - Linux kernel
  o linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  o linux-azure - Linux kernel for Microsoft Azure Cloud systems
  o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  o linux-hwe-5.8 - Linux hardware enablement (HWE) kernel
  o linux-kvm - Linux kernel for cloud environments
  o linux-oracle - Linux kernel for Oracle Cloud systems
  o linux-raspi - Linux kernel for Raspberry Pi (V8) systems

Details

Ryota Shiga discovered that the sockopt BPF hooks in the Linux kernel could
allow a user space program to probe for valid kernel addresses. A local
attacker could use this to ease exploitation of another kernel
vulnerability. ( CVE-2021-20239 )

It was discovered that the BPF verifier in the Linux kernel did not
properly handle signed add32 and sub integer overflows. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. ( CVE-2021-20268 )

It was discovered that the priority inheritance futex implementation in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. ( CVE-2021-3347 )

It was discovered that the network block device (nbd) driver in the Linux
kernel contained a use-after-free vulnerability during device setup. A
local attacker with access to the nbd device could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
( CVE-2021-3348 )

 discovered that the NFS implementation in the Linux kernel did not
properly prevent access outside of an NFS export that is a subdirectory of
a file system. An attacker could possibly use this to bypass NFS access
restrictions. ( CVE-2021-3178 )

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 20.10

  o linux-image-5.8.0-1020-raspi - 5.8.0-1020.23
  o linux-image-5.8.0-1020-raspi-nolpae - 5.8.0-1020.23
  o linux-image-5.8.0-49-generic-lpae - 5.8.0-49.55
  o linux-image-oracle - 5.8.0.1025.24
  o linux-image-5.8.0-49-generic-64k - 5.8.0-49.55
  o linux-image-raspi-nolpae - 5.8.0.1020.23
  o linux-image-5.8.0-1023-kvm - 5.8.0-1023.25
  o linux-image-5.8.0-1027-gcp - 5.8.0-1027.28
  o linux-image-oem-20.04 - 5.8.0.49.54
  o linux-image-azure - 5.8.0.1027.27
  o linux-image-5.8.0-1025-oracle - 5.8.0-1025.26
  o linux-image-virtual - 5.8.0.49.54
  o linux-image-raspi - 5.8.0.1020.23
  o linux-image-gke - 5.8.0.1027.27
  o linux-image-generic-64k - 5.8.0.49.54
  o linux-image-generic - 5.8.0.49.54
  o linux-image-aws - 5.8.0.1028.30
  o linux-image-kvm - 5.8.0.1023.25
  o linux-image-5.8.0-1027-azure - 5.8.0-1027.29
  o linux-image-5.8.0-49-lowlatency - 5.8.0-49.55
  o linux-image-5.8.0-1028-aws - 5.8.0-1028.30
  o linux-image-5.8.0-49-generic - 5.8.0-49.55
  o linux-image-generic-lpae - 5.8.0.49.54
  o linux-image-gcp - 5.8.0.1027.27
  o linux-image-lowlatency - 5.8.0.49.54

Ubuntu 20.04

  o linux-image-virtual-hwe-20.04 - 5.8.0.49.55~20.04.33
  o linux-image-5.8.0-49-lowlatency - 5.8.0-49.55~20.04.1
  o linux-image-generic-lpae-hwe-20.04 - 5.8.0.49.55~20.04.33
  o linux-image-5.8.0-49-generic - 5.8.0-49.55~20.04.1
  o linux-image-generic-64k-hwe-20.04 - 5.8.0.49.55~20.04.33
  o linux-image-lowlatency-hwe-20.04 - 5.8.0.49.55~20.04.33
  o linux-image-5.8.0-49-generic-lpae - 5.8.0-49.55~20.04.1
  o linux-image-generic-hwe-20.04 - 5.8.0.49.55~20.04.33
  o linux-image-5.8.0-49-generic-64k - 5.8.0-49.55~20.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

  o CVE-2021-20268
  o CVE-2021-3178
  o CVE-2021-3347
  o CVE-2021-3348
  o CVE-2021-20239

Related notices

  o USN-4877-1 : linux-aws-hwe, linux-image-4.15.0-137-lowlatency,
    linux-image-4.15.0-1094-gcp, linux-image-azure, linux-image-powerpc-e500mc,
    linux-image-4.15.0-1095-aws, linux-image-dell300x,
    linux-image-azure-lts-18.04, linux-image-lowlatency, linux-raspi2,
    linux-aws, linux-image-4.15.0-137-generic, linux-dell300x,
    linux-image-generic-lpae, linux-gcp, linux-image-gcp,
    linux-image-4.15.0-1066-oracle, linux-image-gke, linux-gcp-4.15,
    linux-image-4.15.0-1086-kvm, linux-image-raspi2, linux-image-powerpc-smp,
    linux-image-lowlatency-hwe-16.04, linux-snapdragon,
    linux-image-4.15.0-1013-dell300x, linux-image-powerpc64-emb,
    linux-image-powerpc64-smp, linux-image-snapdragon,
    linux-image-4.15.0-1097-snapdragon, linux-kvm, linux-image-oracle,
    linux-image-gcp-lts-18.04, linux-image-kvm, linux-image-4.15.0-1080-raspi2,
    linux-image-oracle-lts-18.04, linux-image-4.15.0-1109-azure,
    linux-image-generic-hwe-16.04, linux, linux-image-4.15.0-137-generic-lpae,
    linux-azure, linux-oracle, linux-image-virtual,
    linux-image-generic-lpae-hwe-16.04, linux-image-virtual-hwe-16.04,
    linux-image-oem, linux-image-generic, linux-image-aws-hwe, linux-hwe,
    linux-image-aws-lts-18.04, linux-azure-4.15
  o USN-4907-1 : linux-aws-hwe, linux-image-4.15.0-1112-azure,
    linux-image-azure, linux-image-4.15.0-1083-raspi2,
    linux-image-powerpc-e500mc, linux-image-4.15.0-1016-dell300x,
    linux-image-4.15.0-141-generic, linux-image-dell300x,
    linux-image-azure-lts-18.04, linux-image-lowlatency, linux-raspi2,
    linux-aws, linux-image-4.15.0-1100-snapdragon, linux-dell300x,
    linux-image-generic-lpae, linux-gcp, linux-image-4.15.0-1089-kvm,
    linux-image-gcp, linux-image-gke, linux-gcp-4.15, linux-image-raspi2,
    linux-image-4.15.0-141-generic-lpae, linux-image-powerpc-smp,
    linux-image-4.15.0-141-lowlatency, linux-snapdragon,
    linux-image-4.15.0-1097-gcp, linux-image-4.15.0-1069-oracle,
    linux-image-powerpc64-emb, linux-image-powerpc64-smp,
    linux-image-snapdragon, linux-kvm, linux-image-oracle,
    linux-image-gcp-lts-18.04, linux-image-kvm, linux-image-oracle-lts-18.04,
    linux, linux-azure, linux-oracle, linux-image-virtual, linux-image-generic,
    linux-image-aws-hwe, linux-image-4.15.0-1098-aws,
    linux-image-aws-lts-18.04, linux-azure-4.15
  o USN-4878-1 : linux-image-5.4.0-67-lowlatency, linux-image-aws,
    linux-image-azure, linux-image-gcp-edge, linux-image-5.4.0-1011-gkeop,
    linux-image-oem-osp1, linux-image-raspi, linux-image-snapdragon-hwe-18.04,
    linux-image-lowlatency, linux-image-generic-hwe-18.04, linux-aws,
    linux-gkeop-5.4, linux-image-raspi-hwe-18.04, linux-image-aws-edge,
    linux-image-azure-edge, linux-image-gkeop-5.4, linux-image-generic-lpae,
    linux-gcp, linux-image-gcp, linux-image-gkeop, linux-image-5.4.0-1038-gcp,
    linux-image-lowlatency-hwe-18.04, linux-image-raspi2,
    linux-image-5.4.0-1030-raspi, linux-aws-5.4, linux-gke-5.4,
    linux-raspi-5.4, linux-image-gke-5.4, linux-image-5.4.0-1041-azure,
    linux-azure-5.4, linux-image-oracle, linux-kvm,
    linux-image-5.4.0-67-generic, linux-image-5.4.0-1037-gke, linux-image-kvm,
    linux-image-5.4.0-67-generic-lpae, linux, linux-image-5.4.0-1039-oracle,
    linux-azure, linux-gcp-5.4, linux-oracle, linux-oracle-5.4,
    linux-image-virtual, linux-image-5.4.0-1039-aws, linux-image-oem,
    linux-image-generic, linux-image-virtual-hwe-18.04,
    linux-image-5.4.0-1034-kvm, linux-gkeop, linux-hwe-5.4,
    linux-image-generic-lpae-hwe-18.04, linux-raspi
  o USN-4909-1 : linux-image-aws, linux-image-azure,
    linux-image-5.4.0-1044-azure, linux-image-oem-osp1, linux-image-raspi,
    linux-image-snapdragon-hwe-18.04, linux-image-lowlatency,
    linux-image-generic-hwe-18.04, linux-aws, linux-gkeop-5.4,
    linux-image-raspi-hwe-18.04, linux-image-5.4.0-71-lowlatency,
    linux-image-gkeop-5.4, linux-image-generic-lpae, linux-gcp,
    linux-image-5.4.0-71-generic-lpae, linux-image-gcp, linux-image-gkeop,
    linux-image-lowlatency-hwe-18.04, linux-image-raspi2, linux-aws-5.4,
    linux-gke-5.4, linux-image-5.4.0-1040-gke, linux-raspi-5.4,
    linux-image-5.4.0-1037-kvm, linux-image-gke-5.4, linux-azure-5.4,
    linux-image-oracle, linux-kvm, linux-image-kvm, linux-image-5.4.0-1043-aws,
    linux, linux-azure, linux-gcp-5.4, linux-gkeop, linux-image-5.4.0-1041-gcp,
    linux-oracle, linux-oracle-5.4, linux-image-virtual,
    linux-image-5.4.0-71-generic, linux-image-oem, linux-image-generic,
    linux-image-5.4.0-1033-raspi, linux-image-virtual-hwe-18.04,
    linux-image-5.4.0-1013-gkeop, linux-image-5.4.0-1042-oracle, linux-hwe-5.4,
    linux-image-generic-lpae-hwe-18.04, linux-raspi
  o USN-4884-1 : linux-image-5.10.0-1017-oem, linux-image-oem-20.04b,
    linux-oem-5.10
  o USN-4876-1 : linux-image-powerpc64-smp-lts-xenial, linux-image-aws,
    linux-image-4.4.0-204-powerpc64-smp, linux-image-powerpc-e500mc,
    linux-image-4.4.0-204-generic, linux-image-lowlatency, linux-raspi2,
    linux-aws, linux-image-4.4.0-204-generic-lpae,
    linux-image-4.4.0-204-powerpc-e500mc, linux-image-generic-lpae,
    linux-image-4.4.0-204-powerpc64-emb, linux-image-powerpc64-emb-lts-xenial,
    linux-image-lowlatency-lts-xenial, linux-image-4.4.0-204-powerpc-smp,
    linux-image-raspi2, linux-image-powerpc-smp,
    linux-image-powerpc-smp-lts-xenial, linux-snapdragon,
    linux-image-generic-lpae-lts-xenial, linux-image-powerpc64-emb,
    linux-image-powerpc64-smp, linux-image-snapdragon,
    linux-image-4.4.0-1089-kvm, linux-kvm, linux-image-kvm,
    linux-image-virtual-lts-xenial, linux, linux-image-4.4.0-1087-aws,
    linux-image-generic-lts-xenial, linux-image-virtual,
    linux-image-4.4.0-1147-raspi2, linux-image-powerpc-e500mc-lts-xenial,
    linux-image-4.4.0-1151-snapdragon, linux-image-generic, linux-lts-xenial,
    linux-image-4.4.0-204-lowlatency, linux-image-4.4.0-1123-aws

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHZeSuNLKJtyKPYoAQhEIRAAr28GVNIe/XiWrRfjE+cSIqIWfxzONqiK
7F70cA9663JeDaFn7wy10azGmoAb094/x7349nE5RFIr+Ums/5eXVi2gOhORR14E
RjP4ryS9+2ex1PGcJqCkh3Lz9gRq86owg9ND4jcqJLpLKWX46NwZrK1OPKwOPSC4
VIu4YJKzH6TCXh4ZNi2k2So6QqkQ2nQbnYDJ9UI2sizTvleBNaPL3PinnCyYSF2e
WqEMZU3J+zyMNP+pAx9b69Ii5dgGjHJ8fLlBbM+CuBSKdAzJwGB/r8pzLJjst+Vt
/qG9fcFpLxjeGkzglBAuHbvfLTX8nFRX0gBaA38mP8o4JpeCZIc9CY/rjBBJxV2J
lHG3LnzIoINFZRGC/049oE0Pw5LxcD1H9v6+ZbS9+6lnSCXLbqQNdHaFIXirnEAM
YGGmVSEErPjaxInzesc/XQlG8zQLQqlyAYut3HIct0dZ7D2d/RZ19wh8xHE+ISnN
XHmqK8ZaODivC8srdxNnoDsAqwgwXUQV7Y/UXoMJ4sn0BEjYyLJjM7YV17aRfobt
MVvnLdePd2VC+ZdxRUqv+a3mPq/RajslV+NNRDtD7GCcrKj1nb+6+9V6ACk1o3/s
OxvMu8Q0XmSV9rHBikFGJXPRv+VuXNl2BA35VROXPMkIyq9AzNVF9Y8QI/0BNxes
a5yKBGAanmg=
=wS5G
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1250 – [Ubuntu] Linux kernel: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/14/esb-2021-1250-ubuntu-linux-kernel-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1250-ubuntu-linux-kernel-multiple-vulnerabilities

How do you solve a problem like customer data protection?

Cybercrime is on the rise. In our digital-first world, distributed workplaces and remote work routines are creating new security vulnerabilities…

The post How do you solve a problem like customer data protection? appeared first on Entrust Blog.

The post How do you solve a problem like customer data protection? appeared first on Security Boulevard.

Read More

The post How do you solve a problem like customer data protection? appeared first on Malware Devil.

https://malwaredevil.com/2021/04/14/how-do-you-solve-a-problem-like-customer-data-protection/?utm_source=rss&utm_medium=rss&utm_campaign=how-do-you-solve-a-problem-like-customer-data-protection

The Security Digest: #56

Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, …

The post The Security Digest: #56 appeared first on Cyral.

The post The Security Digest: #56 appeared first on Security Boulevard.

Read More

The post The Security Digest: #56 appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/the-security-digest-56/?utm_source=rss&utm_medium=rss&utm_campaign=the-security-digest-56

Network Security News Summary for Wednesday April 14th, 2021

MSFT Patch Tuesday; Name:Wreck DNS Vulns; #PATCHEXCHANGEAGAIN

Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+April+2021+Patch+Tuesday/27306/

NAME:WRECK DNS Vulnerabilities
https://www.forescout.com/research-labs/namewreck/

keywords: name:wreck; dns; microsoft; patches; exchange

The post Network Security News Summary for Wednesday April 14th, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/network-security-news-summary-for-wednesday-april-14th-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-wednesday-april-14th-2021

VERT Threat Alert: April 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s April 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-939 on Wednesday, April 14th. In-The-Wild & Disclosed CVEs CVE-2021-28310 Borin Larin of Kaspersky Lab discovered this vulnerability being actively used for exploitation and suspects that it is tied to the BITTER APT […]… Read More

The post VERT Threat Alert: April 2021 Patch Tuesday Analysis appeared first on The State of Security.

The post VERT Threat Alert: April 2021 Patch Tuesday Analysis appeared first on Security Boulevard.

Read More

The post VERT Threat Alert: April 2021 Patch Tuesday Analysis appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/vert-threat-alert-april-2021-patch-tuesday-analysis/?utm_source=rss&utm_medium=rss&utm_campaign=vert-threat-alert-april-2021-patch-tuesday-analysis

Microsoft Patch Tuesday, April 2021 Edition

Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server — the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windows flaw that is actively being exploited in the wild.

The post Microsoft Patch Tuesday, April 2021 Edition appeared first on Security Boulevard.

Read More

The post Microsoft Patch Tuesday, April 2021 Edition appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/microsoft-patch-tuesday-april-2021-edition-2/?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-patch-tuesday-april-2021-edition-2

Microsoft Patch Tuesday, April 2021 Edition

Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server — the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windows flaw that is actively being exploited in the wild.

Nineteen of the vulnerabilities fixed this month earned Microsoft’s most-dire “Critical” label, meaning they could be used by malware or malcontents to seize remote control over vulnerable Windows systems without any help from users.

Microsoft released updates to fix four more flaws in Exchange Server versions 2013-2019 (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483). Interestingly, all four were reported by the U.S. National Security Agency, although Microsoft says it also found two of the bugs internally. A Microsoft blog post published along with today’s patches urges Exchange Server users to make patching their systems a top priority.

Satnam Narang, staff research engineer at Tenable, said these vulnerabilities have been rated ‘Exploitation More Likely’ using Microsoft’s Exploitability Index.

“Two of the four vulnerabilities (CVE-2021-28480, CVE-2021-28481) are pre-authentication, meaning an attacker does not need to authenticate to the vulnerable Exchange server to exploit the flaw,” Narang said. “With the intense interest in Exchange Server since last month, it is crucial that organizations apply these Exchange Server patches immediately.”

Also patched today was a vulnerability in Windows (CVE-2021-28310) that’s being exploited in active attacks already. The flaw allows an attacker to elevate their privileges on a target system.

“This does mean that they will either need to log on to a system or trick a legitimate user into running the code on their behalf,” said Dustin Childs of Trend Micro. “Considering who is listed as discovering this bug, it is probably being used in malware. Bugs of this nature are typically combined with other bugs, such as browser bug of PDF exploit, to take over a system.”

In a technical writeup on what they’ve observed since finding and reporting attacks on CVE-2021-28310, researchers at Kaspersky Lab noted the exploit they saw was likely used together with other browser exploits to escape “sandbox” protections of the browser.

“Unfortunately, we weren’t able to capture a full chain, so we don’t know if the exploit is used with another browser zero-day, or coupled with known, patched vulnerabilities,” Kaspersky’s researchers wrote.

Allan Laska, senior security architect at Recorded Future, notes that there are several remote code execution vulnerabilities in Microsoft Office products released this month as well. CVE-2021-28454 and CVE-2021-28451 involve Excel, while CVE-2021-28453 is in Microsoft Word and CVE-2021-28449 is in Microsoft Office. All four vulnerabilities are labeled by Microsoft as “Important” (not quite as bad as “Critical”). These vulnerabilities impact all versions of their respective products, including Office 365.

Other Microsoft products that got security updates this month include Edge (Chromium-based), Azure and Azure DevOps Server, SharePoint Server, Hyper-V, Team Foundation Server, and Visual Studio.

Separately, Adobe has released security updates for Photoshop, Digital Editions, RoboHelp, and Bridge.

It’s a good idea for Windows users to get in the habit of updating at least once a month, but for regular users (read: not enterprises) it’s usually safe to wait a few days until after the patches are released, so that Microsoft has time to iron out any kinks in the new armor.

But before you update, please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.

Read More

The post Microsoft Patch Tuesday, April 2021 Edition appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/microsoft-patch-tuesday-april-2021-edition/?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-patch-tuesday-april-2021-edition

DNS Vulnerabilities Expose Millions of Internet-Connected Devices to Attack

Researchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products.

Tens of millions of Internet connected devices — including medical equipment, storage systems, servers, firewalls, commercial network equipment, and consumer Internet of Things (IoT) products — are open to potential remote code execution and denial-of-service attacks because of vulnerable DNS implementations.

A new study that Forescout Research Labs and JSOF Research conducted recently has uncovered a set of nine vulnerabilities in four TCP/IP stacks present in billions of devices worldwide. The four stacks in which the vulnerabilities exist are FreeBSD, Nucleus NET, NetX, and IPnet.

“These vulnerabilities affect many devices because of the widespread nature of implementations in TCP/IP stacks,” says Daniel dos Santos, research manager at Forescout. Significantly, such vulnerabilities are likely to be more widespread than just on TCP/IP stacks, he says. “Any software that processes DNS packets may be affected, such as firewalls, intrusion detection systems, and other network appliances,” dos Santos says. “That is why we are releasing tools for other researchers and developers to find and fix these problems.”

FreeBSD is used in many high-performance servers, printers, firewalls, and embedded systems deployed on IT networks around the world, including at major companies such as Yahoo and Netflix. Nucleus NET is part of Nucleus RTOS, a real-time operating system from Siemens that is used in many industrial systems, medical, automation, and airborne systems. The OS is most commonly found in devices used for building automation and in operational technology and VoIP environments. NetX is commonly run by ThreadX, a real-time operating system found in many medical devices, energy equipment, printers, and power equipment in industrial control system environments. Meanwhile, the vulnerability that Forescout and JSOF discovered in IPnet was previously discovered by other researchers and quietly fixed, so it presents a smaller threat that the other flaws.

In a new technical report, Forescout and JSOF describe the set of nine vulnerabilities they discovered as giving attackers a way to knock devices offline or to download malware on them in order to steal data and disrupt production systems in operational technology environments. Among the most affected are organizations in the healthcare and government sectors because of the widespread use of devices running the vulnerable DNS implementations in both environments, Forescout and JSOF say.

According to the two companies, patches are available for the vulnerabilities in FreeBSD, Nucleus NET, and NetX. Device vendors using the vulnerable stacks should provide updates to customers. But because it may not always be possible to apply patches easily, organizations should consider mitigation measures, such as discovering and inventorying vulnerable systems, segmenting them, monitoring network traffic, and configuring systems to rely on internal DNS servers, they say. The two companies also released tools that other organizations can use to find and fix DNS implementation errors in their own products.

Device vendors often do not issue patches for vulnerabilities that affect third-party components that are integrated with other software in their products, dos Santos says. “Even if patches are issued, they have to be applied to devices that are difficult or impossible to take offline because they are mission-critical,” he says, pointing to medical devices and industrial control systems as examples.

Message Compression
Forescout and JSOF discovered the nine vulnerabilities while conducting a study on underlying security problems in Doman Name System implementations. The study was part of a broader research effort called “Project Memoria” that Forescout has been leading to understand the security of TCP/IP stacks. The effort has led to the discovery of scores of TCP/IP stack vulnerabilities over the past year. In June 2020, Forescout and JSOF disclosed a set of 19 vulnerabilities, collectively dubbed Ripple20, on the Treck TCP/IP stack. Last December, Forescout disclosed Amnesia:33, a collection of 33 bugs across four open source TCP/IP stacks; and in February 2021, the company announced Number:Jack, a set of nine vulnerabilities in the so-called Initial Sequence Number implementation found in nine TCP/IP stacks.

The latest set of nine vulnerabilities have been collectively labeled Name:Wreck. The two companies uncovered them while analyzing the implementation of what is known as DNS message compression in a total of eight TCP/IP stacks. Four of the stacks turned out to have vulnerabilities ranging in severity from moderate to critical — though not all of the flaws were related to message compression protocol.

Dos Santos explains message compression as a feature of the DNS protocol that allows servers to send shorter messages to save on bandwidth consumption and for other reasons. The protocol historically has been vulnerable because the manner in which the decompression works gives attackers a way to manipulate it, he says. Five of the nine newly disclosed vulnerabilities disclosed resulted from a memory compression issue. The list includes a critical remote code execution (RCE) issue in Nucleus NET, a denial-of-service (DoS) flaw in NetX, and an RCE flaw in FreeBSD.

Three of the flaws — including one of critical severity — exist in Nucleus NET and result from problems with a process called domain name label parsing. “Domain name label parsing is what a DNS client must do when processing a DNS packet received from a server,” dos Santos says. Forescout and JSOF found that in some cases, the length of a label specified in a packet was different from its actual length. In other cases, there were no markers to note the end of a label. “In both cases, the parser may continue reading a packet past a certain point where the label has finished, which can lead it to access protected memory regions and crash a device running this code.” The remaining vulnerability — also in Nucleus NET — is of medium severity and leads to DNS cache poisoning.

The DoS vulnerabilities are easier to exploit than the RCE flaws because the attacker only needs to send malformed packets to crash a device. “The remote code executions are harder because the attacker has to craft a packet in a way that it will hijack the code execution in the device and inject malicious code,” dos Santos says. Pulling off such an attack would require the adversary to have knowledge about the internals of a device and how to fine-tune the attacks for different devices, he says.

Dos Santos says it’s hard to predict how, and how widely, attackers will exploit the newly disclosed flaws. But there have been numerous attacks leveraging similar weaknesses in DNS servers previously, he says. As examples, Santos points to a 2018 attack on an Amazon service that redirected users of cryptocurrency websites to malicious domains, and a DNS server hijacking campaign in 2019 that aimed at government agencies around the world. “The vulnerabilities we are presenting now affect DNS clients,” he says, “which is a somewhat overlooked part of DNS security that also allows for severe attacks.”

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

How the Rapid Shift to Remote Work Impacted IT Complexity and Post-Pandemic Security Priorities

SASE: The Right Framework for Today’s Distributed Enterprises

More Webcasts

White Papers

10 Must-Have Capabilities for Stopping Malicious Automation Checklist

2020 SANS Enterprise Cloud Incident Response Survey

More White Papers

Reports

Improving Security by Moving Beyond VPN

Accelerate Threat Resolutions with DNS

More Reports

The post DNS Vulnerabilities Expose Millions of Internet-Connected Devices to Attack appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/dns-vulnerabilities-expose-millions-of-internet-connected-devices-to-attack/?utm_source=rss&utm_medium=rss&utm_campaign=dns-vulnerabilities-expose-millions-of-internet-connected-devices-to-attack

Enfrentando os desafios de segurança de rede usando as soluções de ITOM da ManageEngine

O gerenciamento de segurança de rede normalmente envolve a gestão ponta a ponta de toda a infraestrutura de segurança de rede em uma empresa. No entanto, neste ecossistema em rápida mudança, há uma necessidade inerente de os administradores de TI …

The post Enfrentando os desafios de segurança de rede usando as soluções de ITOM da ManageEngine appeared first on ManageEngine Blog.

The post Enfrentando os desafios de segurança de rede usando as soluções de ITOM da ManageEngine appeared first on Security Boulevard.

Read More

The post Enfrentando os desafios de segurança de rede usando as soluções de ITOM da ManageEngine appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/enfrentando-os-desafios-de-seguranca-de-rede-usando-as-solucoes-de-itom-da-manageengine/?utm_source=rss&utm_medium=rss&utm_campaign=enfrentando-os-desafios-de-seguranca-de-rede-usando-as-solucoes-de-itom-da-manageengine

NSA Alerted Microsoft to New Exchange Server Vulnerabilities

Microsoft today patched 114 CVEs to address the Exchange Server flaws, more than 50 remote code execution vulnerabilities, and one zero-day.

Microsoft today issued fixes for 114 vulnerabilities as part of its monthly security update release, which this month addressed 19 critical flaws, four critical Microsoft Exchange Server bugs found by the National Security Agency (NSA), and one zero-day bug in Desktop Window Manager.

The patches released today address flaws in Microsoft Windows, the Edge browser, Microsoft Office, Azure and Azure DevOps Server, Exchange Server, SharePoint Server, Hyper-V, Visual Studio, and Team Foundation Server. None of the bugs were disclosed at the recent Pwn2Own.

CVE-2021-28310, a Win32k elevation of privilege vulnerability, is the only CVE under active attack patched this month. Kaspersky researchers who found it believe it’s potentially being used in the wild by several attackers. They note it’s likely used with other browser exploits to escape sandboxes or achieve system privileges; however, they did not capture a full chain so are unable to confirm the full attack sequence.

Attack complexity for this vulnerability is low, according to Microsoft, and it requires low-level privileges. An attacker would have to access the target system locally or remotely, or rely on a user to run the malicious code for them.

Today’s patches also addressed four critical remote code execution vulnerabilities in Microsoft Exchange Server: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, and CVE-2021-28483. All of these were discovered by the NSA and affect Exchange Server versions 2013 through 2019.

CVE-2021-28480 and CVE-2021-28481 have a CVSS score of 9.8 and require no authorization or user interaction to exploit. Dustin Childs of Trend Micro’s Zero-Day Initiative notes this CVSS score is higher than the scores for the Exchange Server vulnerabilities disclosed last month, and given that Microsoft lists the attack vector as “Network,” it’s likely they are wormable – at least between Exchange Servers. Considering they came from the NSA, patching should be a priority.

“We have not seen the vulnerabilities used in attacks against our customers,” Microsoft says of the on-premise Exchange Server flaws patched today. “However, given recent adversary focus on Exchange, we recommend customers install the updates as soon as possible to ensure they remain protected from these and other threats.” Exchange Online users are already protected.

Microsoft has also identified a whopping 27 remote code execution flaws in Remote Procedure Call, a protocol that lets a program request service from a program on another machine in the same network. Of these, 12 are rated as Critical and 15 are categorized at Important in severity.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

How the Rapid Shift to Remote Work Impacted IT Complexity and Post-Pandemic Security Priorities

SASE: The Right Framework for Today’s Distributed Enterprises

More Webcasts

White Papers

10 Must-Have Capabilities for Stopping Malicious Automation Checklist

2020 SANS Enterprise Cloud Incident Response Survey

More White Papers

Reports

Improving Security by Moving Beyond VPN

Accelerate Threat Resolutions with DNS

More Reports

The post NSA Alerted Microsoft to New Exchange Server Vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/nsa-alerted-microsoft-to-new-exchange-server-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=nsa-alerted-microsoft-to-new-exchange-server-vulnerabilities

Compromised Microsoft Exchange Server Used to Host Cryptominer

Subscribe to Newsletters

Cybersecurity Risk Management FREE Event 4/22
Using MS Teams as Your Phone System – FREE Event 4/14
Earn (ISC)2 CPEs at Interop Digital, April 29

More Informa Tech Live Events

White Papers

What Elite Threat Hunters See That Others Miss: Case Study

Are We Cyber-Resilient? The Key Question Every Organization Must Answer

10 Must-Have Capabilities for Stopping Malicious Automation Checklist

SANS 2021 Cyber Threat Intelligence Survey

Cybersecurity Report Card

More White Papers

Video

All Videos

Cartoon

Post a Comment

Cartoon Archive

Current Issue

2021 Top Enterprise IT TrendsWe’ve identified the key trends that are poised to impact the IT landscape in 2021. Find out why they’re important and how they will affect you today!

Back Issues | Must Reads

Flash Poll

All Polls

How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.

Download Now!

Assessing Cybersecurity Risk in Today’s Enterprises

0 comments

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2021-3460
PUBLISHED: 2021-04-13

The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.

CVE-2021-3462
PUBLISHED: 2021-04-13

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver’s device object.

CVE-2021-3463
PUBLISHED: 2021-04-13

A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.

CVE-2021-3471
PUBLISHED: 2021-04-13

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

CVE-2021-3473
PUBLISHED: 2021-04-13

An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exist…

The post Compromised Microsoft Exchange Server Used to Host Cryptominer appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/compromised-microsoft-exchange-server-used-to-host-cryptominer/?utm_source=rss&utm_medium=rss&utm_campaign=compromised-microsoft-exchange-server-used-to-host-cryptominer

How the NAME:WRECK Bugs Impact Consumers, Businesses

How this class of vulnerabilities will impact millions connected devices and potentially wreck the day of IT security professionals.
Read More

The post How the NAME:WRECK Bugs Impact Consumers, Businesses appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/how-the-namewreck-bugs-impact-consumers-businesses/?utm_source=rss&utm_medium=rss&utm_campaign=how-the-namewreck-bugs-impact-consumers-businesses

10 Must-Ask Questions When Choosing a SOAR Solution in 2021

The adoption of security orchestration, automation and response (SOAR) platforms has grown significantly in recent years. Countless end-user and service…

The post 10 Must-Ask Questions When Choosing a SOAR Solution in 2021 appeared first on Siemplify.

The post 10 Must-Ask Questions When Choosing a SOAR Solution in 2021 appeared first on Security Boulevard.

Read More

The post 10 Must-Ask Questions When Choosing a SOAR Solution in 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/10-must-ask-questions-when-choosing-a-soar-solution-in-2021/?utm_source=rss&utm_medium=rss&utm_campaign=10-must-ask-questions-when-choosing-a-soar-solution-in-2021

Global Dwell Time Drops as Ransomware Attacks Accelerate

The length of time attackers remain undiscovered in a target network has fallen to 24 days, researchers report, but ransomware plays a role.

Attackers are spending less time inside target networks, researchers report, but the seemingly positive trend hides a concerning development: Ransomware attacks, which by nature have a shorter “dwell time,” are growing more common and efficient, shrinking the average time frame for all attacks.

In their 2021 M-Trends threat report, Mandiant researchers note the global median dwell time, or the number of days an attacker is in an environment before detection, has fallen to 24 days. While median dwell time has consistently dropped from 416 days in 2011, this year’s number marks a notable drop, says Steven Stone, senior director of advanced practices at Mandiant.

“Half the dwell time went away compared to last year,” he notes. The 2020 M-Trends report found a global median dwell time of 56 days, making this year’s number “a significant drop.”

This decline could be explained by several factors, including continued improvement in threat detection capabilities, new policies, and higher security budgets. However, the attack landscape plays a critical role. As dwell time dropped last year, the number of ransomware cases rose: Twenty-five percent of Mandiant investigations involved ransomware, a sharp increase from 14% in 2019.

A breakdown of dwell time by attack type is more telling. The median dwell time for non-ransomware investigations was 45 days; for ransomware investigations, it was only five. These metrics combined brought the global median dwell time down to its new low of 24 days.

As researchers see more ransomware, they expect dwell time to continue shrinking. After all, the attackers deploying ransomware don’t want to remain hidden for very long.

“We’re seeing ransomware intrusions … move to ransomware much, much quicker than we have in previous years,” Stone points out. “We think that’s clearly a contributing factor.”

In the past, ransomware operators would try to get into a target environment and typically spend more time trying to understand it before deploying ransomware at the end. Now they move quickly through the attack cycle. Many have adopted the technique of “multifaceted extortion,” in which they also threaten to publish stolen data if the ransom isn’t paid in time.

It seems attackers are growing more comfortable with ransomware compared with other forms of monetization. This, combined with increasingly higher payouts, is bad news for defenders. Today’s ransomware operators are growing more comfortable with negotiating higher sums.

“We talk about intrusion like it’s a machine, but it’s ultimately people, and people tend to do what they’re most comfortable with,” Stone explains. “They need a mechanism to monetize the intrusion, and as they’re learning more and more about how to do that with ransomware year over year, they’re getting more comfortable in that space.”

What Else Is In Attackers’ Toolkits?
Of course, ransomware isn’t the only threat Mandiant researchers investigated last year. Their responses to a range of security intrusions yielded several observations, including a preference for exploits (29%) over phishing attacks (23%) as an initial infection vector. Other common vectors included stolen credentials or brute force (19%) along with prior compromise (12%).

“It definitely sticks out to us,” Stone says of the rise in exploits. “If anything, we’re seeing that trend accelerate currently.” Researchers are already two full quarters into what will be the next M-Trends report, “and we’re actually seeing more exploits than we did when we wrote this report.”

There was a time when exploits were dominant, he explains, but they began to trend down as phishing attacks grew. Now “they’re back with a vengeance,” he says. While researchers aren’t sure what’s driving the trend, Stone notes that exploit usage is different than it was in the past. More exploits are continuously dropping, and there are more groups taking advantage of them.

“In the past we would typically see an exploit targeted by one high-end group … now you’ll see an exploit, and you’ll see a range of groups in a very quick time frame either using that or converting that once it goes public,” he adds.

The presence of offensive security tools in attackers’ arsenals was another dominant trend. Beacon, a backdoor commercially available as part of the Cobalt Strike platform, was seen in 24% of incidents. Empire, a publicly available PowerShell post-exploitation framework, was seen in 8%. Rounding out the top five were Maze ransomware (5%), Netwalker ransomware (4%), and the Metasploit pen-testing platform (3%).

When they aren’t using publicly available tools, attackers are relying on privately developed ones: Seventy-eight percent of malware families used in attacks were private; the rest =were public. The trend is consistent across the most advanced groups and lesser-skilled attackers, Stone explains. Many of these tools are easy to use, lowering the cost of entry and empowering attackers.

“We’re seeing a number of lower-level skillset groups deploy custom malware along with these public tools,” he says. “That makes incident response very challenging, and I think organizations need to be prepared for that.”

One of the groups using Cobalt Strike Beacon is UNC2452, the name Mandiant has given to the group behind the supply chain attack that involved an implant in SolarWinds’ Orion platform. This is “arguably the most advanced group we’ve ever dealt with,” Stone says, and the fact it’s deploying Beacon is very concerning.

While organizations face new threats, the process of preparing for these types of attacks hasn’t changed, he continues.

“Be prepared for an intrusion. Be prepared to make smart decisions based on the actual threats you’re seeing,” says Stone.

An attack from a group like UNC2452 and a ransomware attack are very different intrusions, he says, and organizations must respond and remediate differently. They have to be able to make the right call for a particular threat, versus a “one-size-fits-all” approach.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Cybersecurity Risk Management

Advancing the Hybrid Cloud & App Modernization Journey with IBM

More Webcasts

White Papers

What Elite Threat Hunters See That Others Miss: Case Study

The Top 5 Mistakes Everyone is Making in Vulnerability Remediation

More White Papers

Reports

Improving Security by Moving Beyond VPN

Accelerate Threat Resolutions with DNS

More Reports

The post Global Dwell Time Drops as Ransomware Attacks Accelerate appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/global-dwell-time-drops-as-ransomware-attacks-accelerate/?utm_source=rss&utm_medium=rss&utm_campaign=global-dwell-time-drops-as-ransomware-attacks-accelerate

COVID-Related Threats, PowerShell Attacks Lead Malware Surge

Researchers measured 648 new malware threats every minute during Q4 2020.  
Read More

The post COVID-Related Threats, PowerShell Attacks Lead Malware Surge appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/covid-related-threats-powershell-attacks-lead-malware-surge/?utm_source=rss&utm_medium=rss&utm_campaign=covid-related-threats-powershell-attacks-lead-malware-surge

Introducing ThycoticCentrify: Integrating Two Identity Security Leaders

By Art Gilliland and Jim Legg

Today, we are pleased to share that Centrify and Thycotic have merged to become one. This follows on the previously-announced acquisitions of Centrify and Thycotic by TPG Capital. We are now able to embark on the process of integrating our businesses and solutions to better serve our customers and partners.

As we’ve previously reinforced, our customers are our highest priority. We’re confident that this combination will enable us to better serve you through an enhanced and diversified product suite – a comprehensive platform uniquely built to enable and protect the modern, hybrid enterprise.

In the near-term, our customers can expect no changes or impact on their relationship with Thycotic or Centrify. Both companies will continue to operate in a “business-as-usual” mode as we begin the integration process. All products are still accessible, and our customers can expect the same great support and service that they have always known from our teams.

Likewise, our partners are vital to our success, and we believe that the combined company and solutions will create a more valuable and attractive offering to solve the modern identity security needs in the market. Again, “business as usual” is the current mindset, and you will continue to work with Centrify and Thycotic as separate partners. We are committed to keeping you apprised of the integration, the technology roadmap and integration, and the go-to-market strategy.

This is a very exciting time for all of us, and the opportunity before us is tremendous. Merging two companies is not easy, but we have a talented team in place to execute on our strategy. We have built out a comprehensive integration plan that will help to ensure success and hold us accountable to you and our teams.

During this transition we feel it is important to provide as much transparency as possible into the integration process, so starting today you will find Merger Status Update pages on both Thycotic.com and Centrify.com. These will be regularly updated with information regarding operations, technology integration, go-to-market, and more. You can already find links to an external FAQ, a joint blog, this morning’s press release, and more on those pages.

As part of the integration plan, we have also chosen a new temporary name: ThycoticCentrify.

This new name will be used in the interim period between now and when we launch our new brand later this year. Until then, for the most part, both brands will continue to operate separately. Over the next few months, we will take an informed approach to defining a new brand that is aspirational, references the rich legacies of both companies, and communicates modern identity security.

The post Introducing ThycoticCentrify: Integrating Two Identity Security Leaders appeared first on Security Boulevard.

Read More

The post Introducing ThycoticCentrify: Integrating Two Identity Security Leaders appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/introducing-thycoticcentrify-integrating-two-identity-security-leaders/?utm_source=rss&utm_medium=rss&utm_campaign=introducing-thycoticcentrify-integrating-two-identity-security-leaders

Thycotic and Centrify Merge to Become a Leading Cloud Privileged Identity Security Vendor

Combined company to deliver comprehensive cloud privileged access management solutions to meet unique demands of the market, from SMB to global enterprises

The post Thycotic and Centrify Merge to Become a Leading Cloud Privileged Identity Security Vendor appeared first on Security Boulevard.

Read More

The post Thycotic and Centrify Merge to Become a Leading Cloud Privileged Identity Security Vendor appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/thycotic-and-centrify-merge-to-become-a-leading-cloud-privileged-identity-security-vendor/?utm_source=rss&utm_medium=rss&utm_campaign=thycotic-and-centrify-merge-to-become-a-leading-cloud-privileged-identity-security-vendor

Dark Reading to Upgrade Site Design, Performance

Improvements will make site content easier to navigate, faster, and more functional.

Dark Reading will look different to readers in the days ahead, and that’s a good thing.

In an effort to improve the reader experience, Dark Reading has embarked on a broad initiative to improve the design, navigation, functionality, and performance of its entire site. In coming months, readers will see new page design, new navigation tools, new links to related content, and new capabilities across the Dark Reading site. We hope that these improvements will make it easier for readers to find the cybersecurity information they need, locate related information, and use Dark Reading’s content on mobile devices more effectively.

If you’re a loyal reader of Dark Reading, you’ll see the same great news, commentary, and in-depth information, but with a new look and feel. Our pages will be better organized, easier to read, and will load faster. You’ll see new navigation elements that make it easier to find the stories you’re looking for. You’ll see new links to Dark Reading’s many cybersecurity programs, including webinars, virtual events, original research, white papers, and e-zines. And you’ll discover that Dark Reading content is easier to see and read on mobile devices, making it more useful to you when you’re at home or on the go.

While we know that these improvements will make your experience much better in the long term, like all home improvement projects, it’s likely that there will be a few glitches or hiccups as we implement these new features and capabilities on Dark Reading in the coming months. We want to thank you for your patience as you experience the occasional glitch, and invite you to provide feedback on our new design and features. Some of our new features will offer a pop-up survey, which we hope you’ll answer. Or you can write us an email at [email protected].

We are excited about our new design and capabilities, and we hope they make Dark Reading even more helpful and useful to you. Please feel free to offer your feedback!

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech’s online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Managing a Hybrid Cloud Infrastructure

Advancing the Hybrid Cloud & App Modernization Journey with IBM

More Webcasts

White Papers

What Elite Threat Hunters See That Others Miss: Case Study

2020 SANS Enterprise Cloud Incident Response Survey

More White Papers

Reports

Improving Security by Moving Beyond VPN

Accelerate Threat Resolutions with DNS

More Reports

The post Dark Reading to Upgrade Site Design, Performance appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/dark-reading-to-upgrade-site-design-performance/?utm_source=rss&utm_medium=rss&utm_campaign=dark-reading-to-upgrade-site-design-performance

Hybrid IAM and Cloud Steer Maersk Toward Improved Experiences and Cost Savings

You’ve seen those iconic blue containers filled with everything from cars to TVs and stamped with the Maersk logo countless times on ships docked at ports around the world. But have you ever thought about what it takes to orchestrate the movement of that cargo? 

Maersk operates in 134 countries, shipping 10 million containers to 76 global ports annually with the help of 88,000 employees. A complex network of people and systems are responsible for its safe passage. Take a car battery. You can’t put a battery into a shipping container and simply say goodbye. A battery is considered dangerous cargo. It goes into a specialized climate-controlled container, requires special customs clearance, and must follow specific logistics to safely transport the batteries over land. And Maersk must keep every vendor, partner and customer updated during each point of the journey. As Maersk’s Angel Donchev, vice president of Platform Tech Lead – Web, Mobile, API/EDI, Blockchain, says, “Maersk is a fascinating company.”

To reduce the complexity of these operations, streamline processes and keep its various constituents happy, Maersk is leveraging a hybrid identity and access management (IAM) and cloud strategy with identity serving as a “pivotal role,” according to Angel. In fact, he says, “The more adoption you have around the cloud, the more identity becomes critical for you because you need to authenticate services, users, partners, vendors and all kinds of different personas, as well as connected devices.”

Since embarking on this hybrid IAM and cloud strategy, Maersk is experiencing numerous benefits. The company has shortened authentication time by a factor of four, so customers, partners and vendors can quickly access essential information through any digital channel in less than a millisecond. The organization has also decreased onboarding time for new vendors from months to less than a week. Lastly, Maersk has reduced costs for Angel’s massive department by 45%, while at the same time increasing the engineering capacity by 45%.

Check out this video to hear more about how Maersk’s hybrid IAM and cloud strategy is helping the company achieve its goal of becoming the leading global integrator of containers and logistics.

 

The post Hybrid IAM and Cloud Steer Maersk Toward Improved Experiences and Cost Savings appeared first on Security Boulevard.

Read More

The post Hybrid IAM and Cloud Steer Maersk Toward Improved Experiences and Cost Savings appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/hybrid-iam-and-cloud-steer-maersk-toward-improved-experiences-and-cost-savings/?utm_source=rss&utm_medium=rss&utm_campaign=hybrid-iam-and-cloud-steer-maersk-toward-improved-experiences-and-cost-savings