Read Time:5 Second
The attack targeted Israeli websites and has been linked to a nation-state actor from Iran
Monthly Archives: May 2023
Axiado releases new security processors for servers and network appliances
Read Time:42 Second
Security processor provider Axiado has announced the availability of two new trusted compute units (TCUs) to help detect ransomware and other cyberattacks on servers and infrastructure elements in cloud data centers, 5G networks, and network switches.
Dubbed AX3000 and AX2000, these TCUs are AI-powered hardware security platform solutions that, the company says, integrate all security functions within a single system-on-chip (SoC) module.
“Products such as Axiado’s TCU are important developments in the market, as they answer a specific need for high-level and multi-function hardware security demands for data center technology,” said Michela Menting, senior research director at ABI Research. “Single-chip implementations provide a better cost-benefit ratio than having to implement different hardware components for different use cases—storage vs crypto acceleration vs ransomware identification.”
GoldenJackal Targets Diplomatic Entities in Middle East, South Asia
USN-5996-2: Libloius vulnerabilities
Read Time:15 Second
USN-5996-1 fixed vulnerabilities in Liblouis. This update provides
the corresponding updates for Ubuntu 23.04.
Original advisory details:
It was discovered that Liblouis incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2023-26767, CVE-2023-26768, CVE-2023-26769)
A New Vision for Cyber Threat Intelligence at the MS-ISAC
Read Time:7 Second
The MS- and EI-ISACs have a vision: to be the premier cyber threat intelligence (CTI) source for all SLTTs and elections infrastructure.
USN-6098-1: Jhead vulnerabilities
Read Time:1 Minute, 17 Second
It was discovered that Jhead did not properly handle certain crafted images
while processing the JFIF markers. An attacker could cause Jhead to crash. This
issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.
(CVE-2019-19035)
It was discovered that Jhead did not properly handle certain crafted images
while processing longitude tags. An attacker could cause Jhead to crash. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010301)
It was discovered that Jhead did not properly handle certain crafted images
while processing IPTC data. An attacker could cause Jhead to crash. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010302)
Binbin Li discovered that Jhead did not properly handle certain crafted images
while processing the DQT data. An attacker could cause Jhead to crash.
(CVE-2020-6624)
Binbin Li discovered that Jhead did not properly handle certain crafted images
while processing longitude data. An attacker could cause Jhead to crash.
(CVE-2020-6625)
Feng Zhao Yang discovered that Jhead did not properly handle certain crafted
images while reading JPEG sections. An attacker could cause Jhead to crash.
(CVE-2020-26208)
It was discovered that Jhead did not properly handle certain crafted images
while processing Canon images. An attacker could cause Jhead to crash.
(CVE-2021-28276)
It was discovered that Jhead did not properly handle certain crafted images
when removing a certain type of sections. An attacker could cause Jhead to
crash. (CVE-2021-28278)
USN-6088-2: runC vulnerabilities
Read Time:55 Second
USN-6088-1 fixed vulnerabilities in runC. This update provides
the corresponding updates for Ubuntu 16.04 LTS.
It was discovered that runC incorrectly performed access control when
mounting /proc to non-directories. An attacker could possibly use
this issue to escalate privileges.
(CVE-2019-19921)
Felix Wilhelm discovered that runC incorrecly handled netlink
messages. An attacker could possibly use
this issue to escalate privileges. (CVE-2021-43784)
Andrew G. Morgan discovered that runC incorrectly set
inherited process capabilities inside the container.
An attacker could possibly use this issue to
escalate privileges. (CVE-2022-29162)
Original advisory details:
It was discovered that runC incorrectly made /sys/fs/cgroup
writable when in rootless mode. An attacker could possibly
use this issue to escalate privileges. (CVE-2023-25809)
It was discovered that runC incorrectly performed access control when
mounting /proc to non-directories. An attacker could possibly use
this issue to escalate privileges. (CVE-2023-27561)
It was discovered that runC incorrectly handled /proc and
/sys mounts inside a container. An attacker could possibly
use this issue to bypass AppArmor, and potentially SELinux.
(CVE-2023-28642)
USN-6042-2: Cloud-init regression
Read Time:20 Second
USN-6042-1 fixed a vulnerability in Cloud-init. The update introduced a
regression on Ubuntu 20.04 LTS resulting in a possible loss of networking.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
James Golovich discovered that sensitive data could be exposed in logs. An
attacker could use this information to find hashed passwords and possibly
escalate their privilege.
USN-5725-2: Go vulnerability
Read Time:18 Second
USN-5725-1 fixed a vulnerability in Go. This update provides
the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston
Van Loon discovered that Go incorrectly handled certain inputs.
An attacker could possibly use this issue to cause Go applications
to hang or crash, resulting in a denial of service.
Teleport releases Teleport 13 with automatic vulnerability patching, enhanced DevOps security
Read Time:44 Second
Infrastructure access management company Teleport has announced the release of Teleport 13, the latest version of its Teleport Access Platform. Teleport 13 features scanning and automatic patching of Teleport vulnerabilities to enhance security and reduce operational overhead for DevOps teams responsible for securing cloud infrastructure, the firm said.
The solution aims to address the targeting of user credentials and other forms of secrets by attackers and is ideal for users that adopt the Teleport Open Source edition but do not want to host it themselves, according to Teleport.
Other features include Transport Layer Security (TLS) routing via a single TLS port and the ability to import applications/groups from Okta to application access and AWS OpenSearch support for secure database access. Users can also view and share Windows desktop session recordings with security teams and external auditors.