USN-6734-2: libvirt vulnerabilities

Read Time:26 Second

USN-6734-1 fixed vulnerabilities in libvirt. This update provides the
corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

Alexander Kuznetsov discovered that libvirt incorrectly handled certain API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-1441)

It was discovered that libvirt incorrectly handled certain RPC library API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-2494)

Read More

USN-6733-2: GnuTLS vulnerabilities

Read Time:29 Second

USN-6733-1 fixed vulnerabilities in GnuTLS. This update provides the
corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

It was discovered that GnuTLS had a timing side-channel when performing
certain ECDSA operations. A remote attacker could possibly use this issue
to recover sensitive information. (CVE-2024-28834)

It was discovered that GnuTLS incorrectly handled verifying certain PEM
bundles. A remote attacker could possibly use this issue to cause GnuTLS to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS and Ubuntu 23.10. (CVE-2024-28835)

Read More

USN-6718-3: curl vulnerabilities

Read Time:30 Second

USN-6718-1 fixed vulnerabilities in curl. This update provides the
corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

Dan Fandrich discovered that curl would incorrectly use the default set of
protocols when a parameter option disabled all protocols without adding
any, contrary to expectations. This issue only affected Ubuntu 23.10.
(CVE-2024-2004)

It was discovered that curl incorrectly handled memory when limiting the
amount of headers when HTTP/2 server push is allowed. A remote attacker
could possibly use this issue to cause curl to consume resources, leading
to a denial of service. (CVE-2024-2398)

Read More

USN-6729-3: Apache HTTP Server vulnerabilities

Read Time:38 Second

USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update
provides the corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

Orange Tsai discovered that the Apache HTTP Server incorrectly handled
validating certain input. A remote attacker could possibly use this
issue to perform HTTP request splitting attacks. (CVE-2023-38709)

Keran Mu and Jianjun Chen discovered that the Apache HTTP Server
incorrectly handled validating certain input. A remote attacker could
possibly use this issue to perform HTTP request splitting attacks.
(CVE-2024-24795)

Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module
incorrectly handled endless continuation frames. A remote attacker could
possibly use this issue to cause the server to consume resources, leading
to a denial of service. (CVE-2024-27316)

Read More

USN-6737-2: GNU C Library vulnerability

Read Time:20 Second

USN-6737-1 fixed a vulnerability in the GNU C Library. This update provides
the corresponding update for Ubuntu 24.04 LTS.

Original advisory details:

Charles Fol discovered that the GNU C Library iconv feature incorrectly
handled certain input sequences. An attacker could use this issue to cause
the GNU C Library to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Read More

USN-6755-1: GNU cpio vulnerabilities

Read Time:15 Second

Ingo Brückl discovered that cpio contained a path traversal vulnerability.
If a user or automated system were tricked into extracting a specially
crafted cpio archive, an attacker could possibly use this issue to write
arbitrary files outside the target directory on the host, even if using the
option –no-absolute-filenames.

Read More

Whale Song Code

Read Time:51 Second

During the Cold War, the US Navy tried to make a secret code out of whale song.

The basic plan was to develop coded messages from recordings of whales, dolphins, sea lions, and seals. The submarine would broadcast the noises and a computer—the Combo Signal Recognizer (CSR)—would detect the specific patterns and decode them on the other end. In theory, this idea was relatively simple. As work progressed, the Navy found a number of complicated problems to overcome, the bulk of which centered on the authenticity of the code itself.

The message structure couldn’t just substitute the moaning of a whale or a crying seal for As and Bs or even whole words. In addition, the sounds Navy technicians recorded between 1959 and 1965 all had natural background noise. With the technology available, it would have been hard to scrub that out. Repeated blasts of the same sounds with identical extra noise would stand out to even untrained sonar operators.

In the end, it didn’t work.

Read More

USN-6756-1: less vulnerability

Read Time:12 Second

It was discovered that less mishandled newline characters in file names. If
a user or automated system were tricked into opening specially crafted
files, an attacker could possibly use this issue to execute arbitrary
commands on the host.

Read More

Enhancing Financial Security Through Behavioral Biometrics

Read Time:4 Minute, 31 Second

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The evolution of tech necessitates stronger cybersecurity. Financial information is appealing to hackers trying to steal identities and commit fraud. These bad actors are evolving with tech to figure out ways to bypass the increasingly robust cybersecurity measures.

Organizations commonly use physical biometric applications, like fingerprinting and facial recognition, when they’re conducting transactions, when people are entering buildings, and when they’re logging into sites with sensitive information. However, you need a stronger layer of security to keep your information safe. This is where behavioral biometrics comes in.

Possible Financial Security Issues

Consumers lose millions of dollars due to fraud every year, according to the FTC. Online shopping is the number one avenue where this money is lost, with bad investments and illegitimate businesses falling close behind. There is an increasing amount of ways that scammers can have access to your information or social engineer you into spending money. Some examples include phishing emails, password attacks, and malware.

Often, hackers will also target people whom they profile as gullible. Charity scams are unfortunately rampant, including scammers pretending to be charitable organizations like the Red Cross. These crop up when disaster strikes, and they masquerade as legitimate ways to donate.

Other scammers will pretend to be individuals in need, family members, or even government organizations. Instead, the money goes to illegitimate scammers. To avoid this, you should always double-check links and, more importantly, log in to a reputable site when entering any credit card or banking information.

Financial institutions are surprisingly not the most targeted, but they are still rife with sensitive info that can be vulnerable to hackers if not guarded correctly. Cybersecurity in online banking is extremely important. There can be data breaches, customer phishing scams, and even offshore banking transparency issues. Enhanced security must be in place to prevent these scams, including encryption, multi-factor authentication, threat detection, and biometrics.

Why Stronger Biometrics Are Necessary

Physical biometrics are the most common form of biometrics employed for financial security currently. However, bad actors have learned how to bypass these physical barriers. Printed-out photos can work for face identification, and fingerprints and palm prints can be stolen and imprinted onto soft surfaces and then used for sign-ins. Evolving threats demand cybersecurity measures that are as far advanced as possible.

Behavioral biometrics takes things a step further by analyzing the behavior patterns of device users. Then, these patterns can be developed over time and set to be recognized by the device. These behaviors can be digital or in-person and include factors like:

Gait;
Posture;
Signatures;
Keystroke patterns;
Cursor movement;
Cognitive patterns;
Vocal patterns.

These patterns are unique to each person and can identify them more reliably than their external biological features. While physical biometrics are hard to replicate, it’s not impossible. Sophisticated hackers can use synthetic identity fraud in which they fraudulently use someone’s information. Fraudsters forge biometrics like fingerprints through sophisticated copying methods. It’s best to operate under the assumption that all traffic can be malicious. This means incorporating the highest level of cybersecurity possible, including behavioral biometrics.

Integrating Behavioral Biometrics Into the Finance Industry

The finance industry and any institution that deals with sensitive financial information needs to integrate behavioral biometrics into their cybersecurity tactics. The adoption of physical biometrics was gradual, with fingerprint scanners showing up sporadically on card readers in banks and retail establishments.

For behavioral biometrics to be integrated into society, businesses and organizations need to understand the importance of their application. These institutions need to educate their teams about this new tech, explaining the need for the extra layer of identity verification and what can happen if it isn’t employed. They should be able to visualize the process of the customer journey in a simplified way, allowing them to identify areas for cybersecurity improvement.

Unlike traditional methods, behavioral biometrics can deliver continuous verification. Instead of limiting verification to sign-in or entrance to banking institutions, sensors and algorithms must be integrated so fully that they continue to monitor a user’s entire interaction.

This can mean tracking keystroke patterns the entire time a banking customer is on a website and performing online banking activities. It can also mean installing cameras with sensors to continuously monitor the posture and gait of people in in-person scenarios with sensitive information, like ATMs, retail transactions, and brick-and-mortar banking activities.

The Future of Financial Security

Prioritizing financial security means finding a way to integrate behavioral biometrics into everyday life. Banks, retail establishments, e-commerce sites, and any business that deals with sensitive information will have to change their verification process. The future requires a seamless integration, requiring behavioral biometrics without disrupting the user experience.

For behavioral biometrics to reach their full potential in financial security, consumers must also remain vigilant. If they feel their privacy is being invaded or their experience is hindered, they may not choose to engage in these enhanced security measures. Instead, the future of financial security will depend on the industry’s ability to educate, monitor, and cater to citizens through their cybersecurity design. With behavioral biometrics in place, cybersecurity attacks are likely to decrease, and financial security will be more accessible for all.

Read More