USN-6039-1: OpenSSL vulnerabilities

Read Time:1 Minute, 13 Second

It was discovered that OpenSSL was not properly managing file locks when
processing policy constraints. If a user or automated system were tricked
into processing a certificate chain with specially crafted policy
constraints, a remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu
22.10. (CVE-2022-3996)

David Benjamin discovered that OpenSSL was not properly performing the
verification of X.509 certificate chains that include policy constraints,
which could lead to excessive resource consumption. If a user or automated
system were tricked into processing a specially crafted X.509 certificate
chain that includes policy constraints, a remote attacker could possibly
use this issue to cause a denial of service. (CVE-2023-0464)

David Benjamin discovered that OpenSSL was not properly handling invalid
certificate policies in leaf certificates, which would result in certain
policy checks being skipped for the certificate. If a user or automated
system were tricked into processing a specially crafted certificate, a
remote attacker could possibly use this issue to assert invalid
certificate policies and circumvent policy checking. (CVE-2023-0465)

David Benjamin discovered that OpenSSL incorrectly documented the
functionalities of function X509_VERIFY_PARAM_add0_policy, stating that
it would implicitly enable certificate policy checks when doing
certificate verifications, contrary to its implementation. This could
cause users and applications to not perform certificate policy checks
even when expected to do so. (CVE-2023-0466)

Read More

Accenture, IBM, Mandiant join Elite Cyber Defenders Program to secure critical infrastructure

Read Time:41 Second

Leading cybersecurity response firms Accenture, IBM, and Mandiant have joined the Elite Cyber Defenders Program – a new, collaborative initiative designed to help secure critical infrastructure. Led by Nozomi Networks, the program aims to provide global industrial and government customers access to strong cybersecurity defense tools, incident response teams, and threat intelligence.

The Elite Cyber Defenders Program was announced during RSA Conference in San Francisco and comes as the cyberthreats posed to global critical infrastructure remain high. This week, it was revealed that the group responsible for the supply chain attack against VoIP company 3CX also breached two critical infrastructure organizations in the energy sector. Last week, the UK National Cyber Security Centre (NCSC) warned of a new class of Russian cyber adversary threatening critical infrastructure organizations.

To read this article in full, please click here

Read More

Pro-Russia hackers attack European air traffic control website, but don’t panic! Flights continue as normal

Read Time:24 Second

Eurocontrol, the European air traffic control agency, has revealed that it has been under cyber attack for the last week, and says that pro-Russian hackers have claimed responsibility for the disruption.

When you first see the headline in the likes of the Wall Street Journal, it’s a scary thing to read.

But dig a little deeper, and you realise that the err.. sky is not falling.

Read more in my article on the Hot for Security blog.

Read More

USN-6040-1: Linux kernel (HWE) vulnerabilities

Read Time:1 Minute, 57 Second

It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)

It was discovered that the OverlayFS implementation in the Linux kernel did
not properly handle copy up operation in some conditions. A local attacker
could possibly use this to gain elevated privileges. (CVE-2023-0386)

Haowei Yan discovered that a race condition existed in the Layer 2
Tunneling Protocol (L2TP) implementation in the Linux kernel. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-4129)

It was discovered that the network queuing discipline implementation in the
Linux kernel contained a null pointer dereference in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2022-47929)

It was discovered that the NTFS file system implementation in the Linux
kernel contained a null pointer dereference in some situations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2022-4842)

Kyle Zeng discovered that the IPv6 implementation in the Linux kernel
contained a NULL pointer dereference vulnerability in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-0394)

It was discovered that the Human Interface Device (HID) support driver in
the Linux kernel contained a type confusion vulnerability in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1073)

It was discovered that a memory leak existed in the SCTP protocol
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (memory exhaustion). (CVE-2023-1074)

It was discovered that the NFS implementation in the Linux kernel did not
properly handle pending tasks in some situations. A local attacker could
use this to cause a denial of service (system crash) or expose sensitive
information (kernel memory). (CVE-2023-1652)

Lianhui Tang discovered that the MPLS implementation in the Linux kernel
did not properly handle certain sysctl allocation failure conditions,
leading to a double-free vulnerability. An attacker could use this to cause
a denial of service or possibly execute arbitrary code. (CVE-2023-26545)

Read More

Abnormal Security expands threat protection to Slack, Teams and Zoom

Read Time:21 Second

Cloud-based email security provider Abnormal Security has announced three new capabilities focusing on threat detection for Slack, Microsoft Teams, and Zoom.

The company — focused on protecting enterprises from targeted email attacks, such as phishing, social engineering, and business email compromise — is also adding data ingestion from new sources to better its AI model, which maps user identity behavior.

To read this article in full, please click here

Read More

New AWS GuardDuty capabilities secure container, database, serverless workloads

Read Time:39 Second

Amazon Web Services (AWS) has added three new capabilities to its threat detection service Amazon GuardDuty. The new features expand GuardDuty protection to container runtime behavior, as well as database and serverless environments, strengthening customer security through enhanced coverage, AWS said.

GuardDuty is part of a broad set of AWS security services that help customers identify potential security risks. It uses machine learning and integrated threat intelligence to detect suspicious data access, potential Amazon Elastic Compute Cloud (Amazon EC2) compromise, and malware.

The three new capabilities are EKS Runtime Monitoring, RDS Protection, and Lambda Protection. These have been added to the hundreds of features already available within GuardDuty and can be enabled with no other requirements or prerequisites, according to AWS.

To read this article in full, please click here

Read More

Circle Security debuts platform “purpose-built” to tackle credential-driven threats, cloud attacks

Read Time:44 Second

Cybersecurity company Circle Security has emerged from stealth with the release of a new platform “purpose-built” to protect against credential-driven threats and cloud attacks. Powered by a decentralized architecture, Circle is available as a device-native service, a mobile app, a browser-based solution, and via a developer-focused API, according to the firm.

Circle Security boasts an impressive advisory board featuring several high-profile cybersecurity thought leaders including Bruce Schneier, Lucia Milica, global CISO of Proofpoint, and Eric Liebowitz, CISO of Thales Group.

Credential-driven data breaches are the biggest threat vector for most companies. Cybercriminals are prioritizing stolen credentials for use in attacks, with weak credentials significant contributors to cloud security risks. Meanwhile, access brokers – criminal groups that sell stolen access credentials – have become a key component of the eCrime threat landscape.

To read this article in full, please click here

Read More

Thousands of misconfigured container and artifact registries expose sensitive credentials

Read Time:48 Second

Researchers have found thousands of publicly exposed and misconfigured container registries and artifact repositories belonging to businesses that could give attackers access to access tokens, encryption keys, and other sensitive information about internal systems. This information can allow attackers to plan and execute attacks against production and development systems, and in some cases even inject malicious code into repositories.

“In many cases artifact management systems and container registries are connected to the internet deliberately and by design allowing anonymous users to connect to various areas in the registry or even to the entire registry,” researchers from cloud security firm Aqua Security said in a report. “This design allows global teams, customers, and other stakeholders access to open-source software that is shared across the company or with outside users. In some cases, however, restricted environments are accidentally shared with anonymous users; in other cases teams accidentally publish sensitive information to public areas.”

To read this article in full, please click here

Read More