USN-5357-2: Linux kernel vulnerability

Read Time:14 Second

It was discovered that the IPsec implementation in the Linux kernel did not
properly allocate enough memory when performing ESP transformations,
leading to a heap-based buffer overflow. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code.

Read More

Attackers compromise 94% of critical assets within four steps of initial breach

Read Time:43 Second

New research from XM Cyber analyzing the methods, attack paths, and impacts of cyberattacks has discovered that attackers can compromise 94% of critical assets within just four steps of initial breach points. The hybrid cloud security company’s Attack Path Management Impact Report incorporates insights from nearly two million endpoints, files, folders, and cloud resources throughout 2021, highlighting key findings on attack trends and techniques impacting critical assets across on-prem, multi-cloud, and hybrid environments.

Critical assets vulnerable to attack, credentials an Achilles heal

The findings showed that 75% of an organization’s critical assets are open to compromise in their current security state, while 73% of the top attack techniques used last year involved mismanaged or stolen credentials. Just over a quarter (27%) of most common attack techniques exploited a vulnerability or misconfiguration.

To read this article in full, please click here

Read More

USN-5360-1: Tomcat vulnerabilities

Read Time:30 Second

It was discovered that Tomcat incorrectly performed input verification.
A remote attacker could possibly use this issue to intercept sensitive
information. (CVE-2020-13943, CVE-2020-17527, CVE-2021-25122, CVE-2021-30640)

It was discovered that Tomcat did not properly deserialize untrusted data.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-9484, CVE-2021-33037)

It was discovered that Tomcat did not properly validate the input length. An
attacker could possibly use this to trigger an infinite loop, resulting in a
denial of service. (CVE-2020-9494, CVE-2021-25329, CVE-2021-41079)

Read More

[R1] Nessus Agent Versions 8.3.3 and 10.1.3 Fix One Third-Party Vulnerability

Read Time:24 Second
Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and an updated version has been made available by the provider.

Out of caution and in line with best practice, Tenable has opted to upgrade OpenSSL to address the potential impact of the issue. Nessus Agent 8.3.3 and Nessus Agent 10.1.3 update OpenSSL to version 1.1.1n to address the identified vulnerability.

Read More

Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk

Read Time:37 Second

A remote code execution vulnerability in Spring Framework has sparked fears that it could have a widespread impact across enterprise environments. Spring is one of the most popular open-source frameworks for developing Java applications.

The flaw, which has since been dubbed SpringShell or Spring4Shell, came to light when a Chinese developer released a proof-of-concept (PoC) exploit on GitHub and then removed it, prompting widespread speculation about the unpatched flaw, its causes and potential impact. There was also some early confusion between this vulnerability and a different one patched Tuesday in Spring Cloud, a microservices library that’s different from the core Spring Framework. That vulnerability is tracked as CVE-2022-22963.

To read this article in full, please click here

Read More

White House Announces Possible Rise in Cyberattacks—What You Can Do to Stay Safe

Read Time:7 Minute, 51 Second

The White House recently reissued a warning to American businesses in response to the unprecedented economic sanctions the U.S. has imposed on Russia for the Ukraine invasion, stating, “There is now evolving intelligence that Russia may be exploring options for potential cyberattacks.”  

Along with this statement, the White House published a fact sheet outlining the new and ongoing steps the government is taking to protect its infrastructure and technologies, along with steps that private businesses can take to protect themselves from attacks as well.  

Of course, any successful attack on government operations and the operations of private businesses could potentially affect households as well—such as in the case of data breaches where data or information is stolen from a system, often the personal data and information of individuals. 

Word of potential attacks understandably leaves people feeling uncertain and may further leave them wondering if there’s anything they can do to protect themselves. With regards to data breaches and the cases of identity theft that typically follow, there are several steps people can take to keep safer online.  

Let’s break down what a data breach looks like, how it can affect you, and what you can do in advance of a breach to protect yourself. 

Examples of data breaches in the past 

We’ve certainly seen data breaches make the news over the years, which are often (but not always) associated with malicious hackers or hacker organizations. A quick list of some of the largest and most impactful breaches we’ve seen in recent years: 

Facebook – 2019: Two datasets leaked the records of more than 530 million users, including phone numbers, account names, Facebook IDs, and more. 
Marriott International (Starwood) – 2018. Leakage of 500,000 guest names, emails, actual mailing addresses, phone numbers, passport numbers, Starwood Preferred Guest account information, date of birth, and information about stays. 
Equifax – 2017. Approximately 147 million records, including name, address, date of birth, driver’s license numbers, and Social Security Numbers were leaked, as well as credit card information for a further 200,000 victims. 

Healthcare facilities have seen their data breached, along with the operations of popular restaurants. Small businesses find themselves in the crosshairs as well, with one report stating that 43% of data leaks target small businesses. Those may come by way of an attack on where those businesses store their records, a disgruntled employee, or by way of a compromised point-of-sale terminal in their store, office, or location. 

What differs with the White House warning is who may end up being behind these potential attacks—a nation-state rather than what are financially motivated hackers or hacking groups. (Some research indicates that nearly 90% of breaches are about the money.) However, the result is the same. Your personal information winds up loose in the world and possibly in the hands of a bad actor.   

What can get exposed in a data breach?  

The fact is that plenty of our information is out there on the internet, simply because we go about so much of our day online, whether that involves shopping, banking, getting results from our doctors, or simply hopping online to play a game once in a while.  

Naturally, that means the data in any given breach will vary from service to service and platform to platform involved. Certainly, a gaming service will certainly have different information about you than your insurance company. Yet broadly speaking, there’s a broad range of information about you stored in various places, which could include:  

Username and password 
E-mail address 
Phone numbers and home address 
Contact information of friends and family 
Date of birth 
Driver’s license number 
Credit card and debit card numbers, bank account details 
Purchase history and account behavior history 
Patient information (in the case of healthcare breaches) 
Social Security Number or Tax ID Number 

As to what gets exposed and when you might find out about it, that can vary greatly as well. One industry research report found that 60% of breaches were discovered in just days from the initial attack while others could take months or even longer detect. Needless to say, the timeline can get rather stretched before word reaches you, which is a good reason to change your passwords regularly should any of them get swept up in a breach. (An outdated password does a hacker no good—more on that in a bit.) 

What do cybercriminals do with this kind of information? 

The answer is plenty. In all, personal information like that listed above has a dollar value to it. In a way, your data and information are a kind of currency because they’re tied to everything from your bank accounts, investments, insurance payments—even tax returns and personal identification like driver’s licenses.  

With this information in hand, a crook can commit several types of identity crimes—ranging from fraud to theft. In the case of fraud, that could include running up a bill on one of your credits cards or draining one of your bank accounts. In the case of theft, that could see crooks impersonate you so they can open new accounts or services in your name. Beyond that, they may attempt to claim your tax refund or potentially get an ID issued in your name as well. 

Another possibility is that a hacker will simply sell that information on the dark marketplace, perhaps in large clumps or as individual pieces of information that go for a few dollars each. However it gets sold, these dark-market practices allow other fraudsters and thieves to take advantage of your identity for financial or another gain.  

Protecting yourself from the effects of data breaches 

The succinct answer is to sign up for an identity protection service. It can monitor dozens of types of personal information and then alert you if any of them are possibly being misused, so you can address any issues right away before they become a potentially much bigger problem.  

Further, pairing identity protection with online protection software can protect you even more. With an all-up view of your overall online security—how well you’re protecting yourself and your identity online—it can guide you through steps that can shore up your protection and make you safer still. 

Identity protection such as ours gives you the added benefit of a professional recovery specialist who can assist with restoring your affairs in the wake of fraud or theft, plus up to $1 million in insurance coverage. 

What if I think I’m the victim of identity theft? 

When a business, service, or organization falls victim to a breach, it doesn’t always mean that you’re automatically a victim too. Your information may not have been caught up in it. However, it’s best to act as if it was. With that, we strongly suggest you take these immediate steps. 

Change your passwords and use two-factor authentication 

Given the possibility that your password may be in the hands of a bad actor, change it right away. Strong, unique passwords offer one of your best defenses against hackers. Update them regularly as well. As mentioned above, this can protect you in the event a breach occurs and you don’t find out about it until well after it’s happened. You can spare yourself the upkeep that involves a password manager that can keep on top of it all for you. If your account offers two-factor authentication as part of the login process, make use of it as it adds another layer of security that makes hacking tougher.  

Keep an eye on your accounts 

If you spot unusual or unfamiliar charges or transactions in your account, bank, or debit card statements, follow up immediately. That could indicate improper use. In general, banks, credit card companies, and many businesses have countermeasures to deal with fraud, along with customer support teams that can help you file a claim if needed. 

Sign up for an identity theft protection service 

As outlined above, identity protection like ours can monitor a broad set of your personal information and provide you guidance for making it more secure, in addition to getting help from a professional recovery specialist.  

For an even closer look at identity theft, we have two articles that can help guide the way if you think you’re a victim, each featuring a series of straightforward steps you can take to set matters right: 

Top Signs of Identity Theft 
How to Report Identity Theft to Social Security 

Proactively protecting yourself and your family 

No matter how uncertain news of possible cyberattacks may any of us feel, you can take steps to set some of that uncertainty aside. An identity protection service is a strong first move against possible identity theft, as is pairing it with online protection software that keeps you safer online overall. Likewise, knowing the signs of possible identity theft and what you can do to address it right away offer further assurance still—like having the services of a professional recovery specialist to help.  

In all, there’s no need to leave yourself wondering at the news from the White House. As an individual, you have it in your power to make yourself and your family safer than they are now. 

The post White House Announces Possible Rise in Cyberattacks—What You Can Do to Stay Safe appeared first on McAfee Blog.

Read More

SpringShell (Spring4Shell) : New Unpatched RCE Vulnerability in Spring Core Framework

Read Time:2 Minute, 23 Second

FortiGuard Labs is aware that an alleged Proof-of-Concept (POC) code for a new Remote Code Execution (RCE) vulnerability in Spring Core, part of the popular web open-source framework for Java called “Spring,” was made available to the public (the POC was later removed). Dubbed SpringShell (Spring4Shell), CVE-2022-22965 has been assigned to the vulnerability and an emergency fix was released on March 31st, 2022.Why is this Significant?This is significant because Spring Core is part of Spring Framework, one of the most popular JAVA frameworks used in the field and is very popular for enterprise applications. As such, wide exploitation of the vulnerability can impact users globally if the security update is not applied.What is the Vulnerability Detail?An insecure de-serialization exists in Spring Core Framework. The vulnerability is due to insufficient validation of user supplied inputs and could lead to remote code execution.The official advisory reads “A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it”.Has the Vendor Released an Advisory?An advisory has been published by both Spring and VMware, who supports Spring. See the Appendix for a link to “Spring Framework RCE, Early Announcement” and “CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+”.What Versions of Spring Core are Vulnerable?The official advisory states that the following prerequisites for the exploit:JDK 9 or higherApache Tomcat as the Servlet containerPackaged as a traditional WAR (in contrast to a Spring Boot executable jar)spring-webmvc or spring-webflux dependencySpring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versionsHas a CVE been Assigned to the Vulnerability?CVE-2022-22965 has been assigned to the vulnerability.There is a lot of online chatter about SpringShell being related to CVE-2022-22963 or CVE-2022-27772, but that is not the case.CVE-2022-22963 is a vulnerability in Spring Cloud and was patched on March 29, 2022.CVE-2022-27772 is a vulnerability in Spring Boot that allows temporary directory hijacking.Has the Vendor Released a Patch?Yes, the fix was released on March 31, 2022 for the following versions of Spring Framework:5.3.185.2.20What is the Status of Coverage?FortiGuard Labs provides the following AV coverage based on available SpringShell POCs:Python/SpingShell.A!exploitFortiGuard Labs is currently investigating for IPS coverage. This Threat Signal will be updated when coverage becomes available.

Read More