FEDORA-2022-bba9ca95b5
Packages in this update:
fapolicyd-1.1.2-1.fc36
Update description:
Rebase to v1.1.2
fixed CVE-2022-1117
fapolicyd-1.1.2-1.fc36
Rebase to v1.1.2
fixed CVE-2022-1117
fapolicyd-1.1.2-1.fc37
Automatic update for fapolicyd-1.1.2-1.fc37.
* Wed May 25 2022 Radovan Sroka <rsroka@redhat.com> – 1.1.2-1
– rebase to v1.1.2
– fixed CVE-2022-1117
Resolves: rhbz#2089692
Applications for joining the Government Cyber Security Advisory Board are now open.
Ransomware detected in India is calling upon people to assist in feeding, clothing and making healthcare accessible to the poor.
mariadb-10.7-3520220523151110.f27b74a8
MariaDB 10.7.4
Release notes:
mariadb-10.7-3620220523151110.5e5ad4a0
MariaDB 10.7.4
Release notes:
mariadb-10.6-3620220523134545.5e5ad4a0
MariaDB 10.6
Release notes:
mariadb-10.6-3520220523134545.f27b74a8
MariaDB 10.6
Release notes:
Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Extended Detection and Response customers.
AT&T Alien Labs does a tremendous job of developing and maintaining a database of observed Indicators of Compromise (IOC) that have been involved with at least one customer through the Open Threat Exchange (OTX). Containing over 70 million reference points that cover an array of attack types, techniques, and industries, OTX provides an additional resource for the AT&T Security Operations Center (SOC) analysts to utilize in the event that an unrecognized event takes place on a customer’s network. Not only can an analyst browse external Open Source Intelligence (OSINT), but there is also a repository of previously identified IOCs that can be referenced to point out any sort of pattern or commonality. SOC analysts also have the ability to add newly observed IOCs or remove ‘out of date’ indicators that are no longer a threat to the customers we serve.
The AT&T Managed Threat Detection and Response (MTDR) SOC detected a successful connection made between a customer asset and an IOC with a known reputation via OSINT as well as OTX. Signatures provided by the OTX reveal the potential IOC associated with the ‘Cobalt Strike’ Malware Family, which could be in relation to C2 Beaconing activity involving a customer asset. Upon further investigation, it was determined that the activity was indeed malicious, however due to the location of the subnet it proved to be benign in this specific case.
From the initial breakdown of the alarm, the analysts knew that a connection was ‘Allowed’ from a customer owned IP to a specific domain ‘tomatoreach[.]com’ and external IP ‘192.243.59[.]12’. The known OTX reputation of the URL and IP is what caused the alarm to trigger. The external OSINT on the two observed IOCs confirmed the suspicious reputation.
Event logs of the actual alarm do not reveal any additional IOCs or supporting information as it pertains to the activity.
Upon further investigation into the involved user around the time of the event, it was determined that the user was associated with browsing an additional 20+ suspicious IOCs. Subject of these newly identified domains varies from content streaming to blog posts. Each new IOC was presented with the investigation in hopes of correlating any unrecognized activity occurring.
Due to the fact that the observed IOCs contain a reputation both on the OTX as well as externally, this alarm looks to be a legitimate concern for the customer. Originally, it was received with a ‘High’ severity. After additional review, the investigation was opened with a ‘Medium’ severity because there were no obvious malicious actions taking place with the involved user other than the browsing of suspicious web sites, which may not be authorized under company policy. All supporting evidence was included in the investigation, and a recommendation for remediation was also provided.
Per the customer’s Incident Response Plan (IRP) a phone call was not required when this investigation was opened. Once addressed, the customer was able to confirm that what occurred was not in the scope of normal business activity. However, identifying the user and the host involved, the customer was able to establish the subnet being a “Guest” network that is authorized for personal use. MTDR’s full breakdown of user involved web traffic was valued and aided in the effortless closing of this investigation.
mutt-2.2.3-1.fc36
Upgrade to 2.2.3