AI-powered tools are among the top fraud techniques used by threat actors in 2023, according to Sumsub’s third annual Identity Fraud Report
Monthly Archives: November 2023
iOS 17 NameDrop privacy scare: What you need to know
Warnings are spreading on social media about NameDrop, a new way for iPhone users to quickly share their contact information with others.
Should you be worried, and what should you do about it?
Read more in my article on the Hot for Security blog.
webkitgtk-2.42.2-1.fc39
FEDORA-2023-8f84dc8e09
Packages in this update:
webkitgtk-2.42.2-1.fc39
Update description:
Bump Safari version in user agent header.
Fix blob URL regression that broke many websites.
Fix several crashes and rendering issues.
Fix CVE-2023-41983 and CVE-2023-42852
USN-6508-2: poppler regression
USN-6508-1 fixed vulnerabilities in poppler. The update introduced
one minor regression in Ubuntu 18.04 LTS. This update fixes the
problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that poppler incorrectly handled certain malformed PDF
files. If a user or an automated system were tricked into opening a
specially crafted PDF file, a remote attacker could possibly use this
issue to cause a denial of service. This issue only affected Ubuntu 16.04
LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-23804)
It was discovered that poppler incorrectly handled certain malformed PDF
files. If a user or an automated system were tricked into opening a
specially crafted PDF file, a remote attacker could possibly use this
issue to cause a denial of service. (CVE-2022-37050, CVE-2022-37051,
CVE-2022-37052, CVE-2022-38349)
Cybercriminals Hesitant About Using Generative AI
An analysis of dark web forums revealed many threat actors are skeptical about using tools like ChatGPT to launch attacks
Americans Receive Two Billion Spam Calls Per Month
For want of a cyber nail the kingdom fell
An old proverb, dating to at least the 1360’s, states:
“For want of a nail, the shoe was lost,
for want of a shoe, the horse was lost,
for want of a horse, the rider was lost,
for want of a rider, the battle was lost,
for want of a battle, the kingdom was lost,
and all for the want of a horseshoe nail,”
When published in Ben Franklin’s Poor Richard’s Almanack in 1768, it was preceded by the cautionary words:
“a little neglect may breed great mischief”.
This simple proverb and added comment serve as emblematic examples of how seemingly inconsequential missteps or neglect can lead to sweeping, irreversible, catastrophic losses. The cascade of events resonates strongly within the increasingly complex domain of cybersecurity, in which the omission of even the most elementary precaution can result in a spiraling series of calamities.
Indeed, the realm of cybersecurity is replete with elements that bear striking resemblance to the nail, shoe, horse, and rider in this proverb. Consider, for example, the ubiquitous and elementary software patch that may be considered the proverbial digital “nail.” In isolation, this patch might seem trivial, but its role becomes crucial when viewed within the broader network of security measures. The 2017 WannaCry ransomware attack demonstrates the significance of such patches; an unpatched vulnerability in Microsoft Windows allowed the malware to infiltrate hundreds of thousands of computers across the globe. It wasn’t just a single machine that was compromised due to this overlooked ‘nail,’ but entire networks, echoing how a lost shoe leads to a lost horse in the proverb.
This analogy further extends to the human elements of cybersecurity. Personnel tasked with maintaining an organization’s cyber hygiene play the role of the “rider” in our metaphorical tale. However, the rider is only as effective as the horse they ride; likewise, even the most skilled IT professional cannot secure a network if the basic building blocks—the patches, firewalls, and antivirus software—resemble missing nails and shoes. Numerous reports and studies have indicated that human error constitutes one of the most common causes of data breaches, often acting as the ‘rider’ who loses the ‘battle’.
Once the ‘battle’ of securing a particular network or system is lost, the ramifications can extend much further, jeopardizing the broader ‘kingdom’ of an entire organization or, in more extreme cases, critical national infrastructure. One glaring example that serves as a cautionary tale is the Equifax data breach of 2017, wherein a failure to address a known vulnerability resulted in the personal data of 147 million Americans being compromised. Much like how the absence of a single rider can tip the scales of an entire battle, this singular oversight led to repercussions that went far beyond just the digital boundaries of Equifax, affecting millions of individuals and shaking trust in the security of financial systems.
As with any kingdom, a community approach to defense is often the most effective strategy. This involves viewing cybersecurity not merely as a siloed department but as an organizational culture. Research by Singer and Friedman supports this view, emphasizing the importance of fostering a corporate environment where every employee is aware of and committed to best security practices. In the context of the proverb, it’s equivalent to ensuring not just that the rider is skilled but that everyone in the kingdom understands the stakes of the impending battle.
So, how does one protect the ‘kingdom’ in the context of cybersecurity? While the absence of a single ‘nail’ can set off a cascade of failures, the presence of a robust, multi-layered security posture can often prevent the loss of the ‘kingdom.’ This involves a holistic cybersecurity strategy, one that accounts for not only technological defenses but also educates the ‘riders,’ reinforcing that the ‘battle’ is a collective responsibility.
In summary, the proverb “For want of a nail the kingdom was lost” serves as a potent metaphor for the complex, interconnected landscape of cybersecurity. Just as a lost nail can culminate in the loss of a kingdom, so can a single overlooked detail in a cybersecurity framework result in catastrophic outcomes, whether it’s a successful ransomware attack or a large-scale data breach. The wisdom encapsulated in this ancient adage is not merely a cautionary tale; it is a clarion call for vigilance in our increasingly interconnected digital world. A kingdom, after all, is only as strong as its weakest link—or, in this case, its least-attended ‘nail.’
How can AT&T Help? AT&T’s robust catalog of managed security solutions incorporating detection, prevention, and response capabilities coupled with industry-leading cyber consulting within numerous domains to include secure infrastructure, incidence response and risk management help ensure your kingdom continues to stand tall and does not want for a security nail.
LSN-0099-1: Kernel Live Patch Security Notice
It was discovered that the Xen netback driver in the Linux kernel did not
properly handle packets structured in certain ways. An attacker in a guest
VM could possibly use this to cause a denial of service (host NIC
availability).(CVE-2022-3643)
It was discovered that the virtual terminal driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly expose sensitive
information (kernel memory).(CVE-2023-3567)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-3609)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2023-3776)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code.(CVE-2023-3777)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code.(CVE-2023-3995)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code.(CVE-2023-4004)
Bing-Jhong Billy Jheng discovered that the Unix domain socket
implementation in the Linux kernel contained a race condition in certain
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code.(CVE-2023-4622)
Budimir Markovic discovered that the qdisc implementation in the Linux
kernel did not properly validate inner classes, leading to a use-after-free
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2023-4623)
Alex Birnberg discovered that the netfilter subsystem in the Linux kernel
did not properly validate register length, leading to an out-of- bounds
write vulnerability. A local attacker could possibly use this to cause a
denial of service (system crash).(CVE-2023-4881)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle removal of rules from chain bindings in certain
circumstances, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code.(CVE-2023-5197)
Gwangun Jung discovered that the Quick Fair Queueing scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2023-31436)
Ross Lagerwall discovered that the Xen netback backend driver in the Linux
kernel did not properly handle certain unusual packets from a
paravirtualized network frontend, leading to a buffer overflow. An attacker
in a guest VM could use this to cause a denial of service (host system
crash) or possibly execute arbitrary code.(CVE-2023-34319)
It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2023-40283)
Kyle Zeng discovered that the networking stack implementation in the Linux
kernel did not properly validate skb object size in certain conditions. An
attacker could use this cause a denial of service (system crash) or
possibly execute arbitrary code.(CVE-2023-42752)
Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did
not properly calculate array offsets, leading to a out-of-bounds write
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2023-42753)
CISA Warns Congress on Chemical Industry Terror Attacks
Securing the software supply chain webinar
Join me, and the experts from JFrog, for a discussion about software supply chain security on December 5 2023.