USN-6765-1: Linux kernel (OEM) vulnerabilities

Read Time:3 Minute, 33 Second

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel
did not properly validate H2C PDU data, leading to a null pointer
dereference vulnerability. A remote attacker could use this to cause a
denial of service (system crash). (CVE-2023-6356, CVE-2023-6535,
CVE-2023-6536)

Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for Intel
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2024-2201)

Chenyuan Yang discovered that the RDS Protocol implementation in the Linux
kernel contained an out-of-bounds read vulnerability. An attacker could use
this to possibly cause a denial of service (system crash). (CVE-2024-23849)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– PowerPC architecture;
– S390 architecture;
– Core kernel;
– x86 architecture;
– Block layer subsystem;
– Cryptographic API;
– Android drivers;
– Drivers core;
– Power management core;
– Bus devices;
– Hardware random number generator core;
– Device frequency;
– DMA engine subsystem;
– EDAC drivers;
– ARM SCMI message protocol;
– GPU drivers;
– IIO ADC drivers;
– InfiniBand drivers;
– IOMMU subsystem;
– Media drivers;
– Multifunction device drivers;
– MTD block device drivers;
– Network drivers;
– NVME drivers;
– PCI driver for MicroSemi Switchtec;
– x86 platform drivers;
– Power supply drivers;
– SCSI drivers;
– QCOM SoC drivers;
– SPMI drivers;
– Thermal drivers;
– TTY drivers;
– VFIO drivers;
– BTRFS file system;
– Ceph distributed file system;
– EFI Variable file system;
– EROFS file system;
– Ext4 file system;
– F2FS file system;
– GFS2 file system;
– JFS file system;
– Network file systems library;
– Network file system server daemon;
– Pstore file system;
– ReiserFS file system;
– SMB network file system;
– BPF subsystem;
– Memory management;
– TLS protocol;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Logical Link layer;
– Netfilter;
– Network traffic control;
– SMC sockets;
– Sun RPC protocol;
– AppArmor security module;
(CVE-2023-52635, CVE-2024-26632, CVE-2023-52468, CVE-2023-52472,
CVE-2023-52589, CVE-2024-26671, CVE-2024-26640, CVE-2024-26631,
CVE-2023-52489, CVE-2023-52616, CVE-2023-52445, CVE-2023-52463,
CVE-2024-26610, CVE-2023-52497, CVE-2023-52453, CVE-2023-52470,
CVE-2024-26649, CVE-2023-52583, CVE-2024-26644, CVE-2023-52607,
CVE-2023-52587, CVE-2024-26594, CVE-2023-52618, CVE-2023-52495,
CVE-2023-52632, CVE-2024-26583, CVE-2023-52633, CVE-2023-52591,
CVE-2024-26633, CVE-2023-52627, CVE-2024-26670, CVE-2024-26598,
CVE-2024-26592, CVE-2023-52473, CVE-2023-52623, CVE-2023-52446,
CVE-2023-52443, CVE-2023-52451, CVE-2024-26629, CVE-2023-52462,
CVE-2024-26808, CVE-2023-52598, CVE-2023-52611, CVE-2023-52492,
CVE-2023-52456, CVE-2023-52626, CVE-2023-52455, CVE-2024-26641,
CVE-2023-52588, CVE-2023-52608, CVE-2024-26618, CVE-2024-26582,
CVE-2023-52609, CVE-2023-52604, CVE-2024-26646, CVE-2024-26634,
CVE-2023-52469, CVE-2023-52467, CVE-2023-52447, CVE-2024-26623,
CVE-2023-52621, CVE-2024-26647, CVE-2024-26615, CVE-2023-52450,
CVE-2023-52619, CVE-2023-52610, CVE-2023-52606, CVE-2023-52464,
CVE-2023-52465, CVE-2024-26638, CVE-2023-52498, CVE-2024-26625,
CVE-2023-52449, CVE-2023-52584, CVE-2023-52454, CVE-2023-52458,
CVE-2024-26585, CVE-2024-26669, CVE-2023-52493, CVE-2024-26645,
CVE-2024-26607, CVE-2023-52615, CVE-2023-52617, CVE-2024-26612,
CVE-2024-26668, CVE-2023-52594, CVE-2023-52612, CVE-2024-26584,
CVE-2024-26586, CVE-2024-26616, CVE-2024-26673, CVE-2023-52448,
CVE-2024-26620, CVE-2023-52614, CVE-2024-26636, CVE-2023-52602,
CVE-2023-52452, CVE-2023-52601, CVE-2024-26635, CVE-2024-26627,
CVE-2023-52488, CVE-2023-52487, CVE-2023-52597, CVE-2023-52494,
CVE-2023-52444, CVE-2024-26608, CVE-2023-52593, CVE-2023-52491,
CVE-2023-52595, CVE-2023-52599, CVE-2024-26595, CVE-2023-52622,
CVE-2024-26650, CVE-2024-26614, CVE-2023-52490, CVE-2023-52486,
CVE-2023-52457)

Read More

USN-6764-1: libde265 vulnerability

Read Time:13 Second

It was discovered that libde265 could be made to allocate memory that
exceeds the maximum supported size. If a user or automated system were
tricked into opening a specially crafted file, an attacker could possibly
use this issue to cause a denial of service.

Read More

USN-6754-2: nghttp2 vulnerability

Read Time:47 Second

USN-6754-1 fixed vulnerabilities in nghttp2. This update provides the
corresponding update for Ubuntu 24.04 LTS.

Original advisory details:

It was discovered that nghttp2 incorrectly handled the HTTP/2
implementation. A remote attacker could possibly use this issue to cause
nghttp2 to consume resources, leading to a denial of service. This issue
only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,
CVE-2019-9513)

It was discovered that nghttp2 incorrectly handled request cancellation. A
remote attacker could possibly use this issue to cause nghttp2 to consume
resources, leading to a denial of service. This issue only affected Ubuntu
16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)

It was discovered that nghttp2 could be made to process an unlimited number
of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this
issue to cause nghttp2 to consume resources, leading to a denial of
service. (CVE-2024-28182)

Read More

CIS Benchmarks Community Volunteer Spotlight: Bruce Bading

Read Time:17 Second

CIS relies on a global community of IT security professionals to ensure that the CIS Benchmarks provide independent, vendor-agnostic security guidance. These volunteers provide their expertise for the benefit of all those who seek to use the internet to interact with the world safely and securely online. Bruce F. Bading, President, BFB Consulting, Inc., has […]

Read More

How to Report Identity Theft to Social Security

Read Time:8 Minute, 5 Second

In the hands of a thief, your Social Security Number is the master key to your identity. 

With a Social Security Number (SSN), a thief can unlock everything from credit history and credit line to tax refunds and medical care. In extreme cases, thieves can use it to impersonate others. So, if you suspect your number is lost or stolen, it’s important to report identity theft to Social Security right away. 

Part of what makes an SSN so powerful in identity theft is that there’s only one like it. Unlike a compromised credit card, you can’t hop on the phone and get a replacement. No question, the theft of your SSN has serious implications. If you suspect it, report it. So, let’s take a look at how it can happen and how you can report identity theft to Social Security if it does. 

Can I change my Social Security number? 

Yes. Sort of. The Social Security Administration can assign a new SSN in a limited number of cases. However, per the SSA, “When we assign a different Social Security number, we do not destroy the original number. We cross-refer the new number with the original number to make sure the person receives credit for all earnings under both numbers.”  

In other words, your SSN is effectively for forever, which means if it’s stolen, you’re still faced with clearing up any of the malicious activity associated with the theft potentially for quite some time. That’s yet another reason why the protection of your SSN deserves particular attention. 

How does Social Security identity theft happen? 

There are several ways an SSN can end up with a thief. Some involve physical theft, and others can take the digital route. To what extent are SSNs at risk? Notably, there was the Equifax breach of 2017, which exposed some 147 million SSNs. Yet just because an SSN has been potentially exposed does not mean that an identity crime has been committed with it.  

So, let’s start with the basics: how do SSNs get stolen or exposed? 

A lost or misplaced wallet is one way, where you actually lose your SSN card or someone steals it. This is one reason to avoid carrying it on your person unless absolutely necessary. Otherwise, keep it stored in a safe and secure location until you need it, like when starting a new job.  
Old-fashioned dumpster diving is another, where someone will rummage through your trash, the trash of a business, or even a public dump in search of personal information, which is why it’s important to shred any documents that have personal information listed. 
People can simply overhear you provide your number when you’re on a call or over the course of an in-person conversation. In our digital age, we may not think of eavesdropping as much of a threat, but it still very much is. That’s why we strongly recommend providing such info in a secure, private location out of earshot. 
SSNs can get stolen from a place of work, where thieves end up with unsecured documents or information. The same could go for your home, which is another reason to secure your physical SSN cards and any information – physical or digital – that contains them. 
Phishing attacks can also lead to SSN theft, whether that’s through an attack aimed at you or at a business that has access to your personal information like SSNs.  
Data leaks, like the Equifax leak mentioned above, are another way. Yet while the Equifax breach involved millions of records, smaller breaches can expose SSNs just as readily, like the breaches that have plagued many healthcare providers and hospitals over the past year 

That’s quite the list. Broadly speaking, the examples above give good reasons for keeping your SSN as private and secure as possible. With that, it’s helpful to know that there are only a handful of situations where your SSN is required for legitimate purposes, which can help you make decisions about how and when to give it out. The list of required cases is relatively short, such as: 

When applying for credit or a loan. 
Applying for or changing group health care coverage with an insurance provider. 
Transactions that require IRS notification, like working with investment firms, real estate purchases, auto purchases, etc. 
Registering with a business as a full-time or contract employee (for tax reporting purposes). 

You’ll notice that places like doctor’s offices and other businesses are not listed here, though they’ll often request an SSN for identification purposes. While there’s no law preventing them from asking you for that information, they may refuse to work with you if you do not provide that info. In such cases, ask what the SSN would be used for and if there is another form of identification that they can use instead. In all, your SSN is uniquely yours, so be extremely cautious in order to minimize its potential exposure to theft. 

How to report identity theft to Social Security in three steps 

Let’s say you spot something unusual on your credit report or get a notification that someone has filed a tax return on your behalf without your knowledge. These are possible signs that your identity, if not your SSN, is in jeopardy, which means it’s time to act right away using the steps below: 

1. Report the theft to local and federal authorities. 

File a police report and a Federal Trade Commission (FTC) Identity Theft Report. This will help in case someone uses your Social Security number to commit fraud since it will provide a legal record of the theft. The FTC can also assist by guiding you through the identity theft recovery process as well. Their site really is an excellent resource. 

2. Contact the businesses involved. 

Get in touch with the fraud department at each of the businesses where you suspect theft has taken place, let them know of your situation, and follow the steps they provide. With your police and FTC reports, you will already have a couple of vital pieces of information that can help you clear your name.  

3. Reach the Social Security Administration and the IRS.

 Check your Social Security account to see if someone has gotten a job and used your SSN for employment purposes. Reviewing earnings associated with your SSN can uncover fraudulent use. You can also contact the Social Security Fraud Hotline at (800) 269-0271 or reach out to your local SSA office for further, ongoing assistance. Likewise, contact the Internal Revenue Service at (800) 908-4490 to report the theft and help prevent someone from submitting a tax return in your name. 

What do I do next? Ongoing steps to take. 

As we’ve talked about in some of my other blog posts, identity theft can be a long-term problem where follow-up instances of theft can crop up over time. However, there are a few steps you can take to minimize the damage and ensure it doesn’t happen again. I cover several of those steps in detail in this blog here, yet let’s take a look at a few of the top items as they relate to SSN theft: 

Consider placing a fraud alert. 

By placing a fraud alert, you can make it harder for thieves to open accounts in your name. Place it with one of the three major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. During the year-long fraud alert period, it will require businesses to verify your identity before issuing new credit in your name. 

Look into an all-out credit freeze. 

A full credit freeze is in place until you lift it and will prohibit creditors from pulling your credit report altogether. This can help stop thieves dead in their tracks since approving credit requires pulling a report. However, this applies to legitimate inquiries, including any that you make, like opening a new loan or signing up for a credit card. If that’s the case, you’ll need to take extra steps as directed by the particular institution or lender. Unlike the fraud alert, you’ll need to notify each of the three major credit bureaus (Experian, TransUnion, Equifax) when you want the freeze lifted. 

Monitor your credit reports. 

Once a week you can access a free credit report from Experian, TransUnion, and Equifax. Doing so will allow you to spot any future discrepancies and offer you options for correcting them. 

Sign up for an identity protection service. 

Using a service to help protect your identity can monitor several types of personally identifiable information and alert you of potentially unauthorized use. Our own Identity Protection Service will do all this and more, like offering guided help to neutralize threats and prevent theft from happening again. You can set it up on your computers and smartphone to stay in the know, address issues immediately, and keep your identity secured.  

Your most unique identifier calls for extra care and protection 

Of all the forms of identity theft, the theft of a Social Security Number is certainly one of the most potentially painful because it can unlock so many vital aspects of your life. It’s uniquely you, even more than your name alone – at least in the eyes of creditors, banks, insurance companies, criminal records, etc. Your SSN calls for extra protection, and if you have any concerns that it may have been lost or stolen, don’t hesitate to spring into action. 

The post How to Report Identity Theft to Social Security appeared first on McAfee Blog.

Read More

2024 Cyber Resilience Research Reveals a Complex Terrain

Read Time:2 Minute, 38 Second

New data helps business leaders understand how and why to prioritize resilience.

In the ever-evolving landscape of digital innovation, businesses find themselves at the intersection of progress and peril. The data reveals that the tradeoffs are not just dramatic, but they also put the organization at significant risk.

One of the primary obstacles is the disconnect between senior executives and cybersecurity priorities. While cyber resilience is recognized as a critical imperative, many organizations struggle to garner the necessary support and resources from top leadership. This lack of engagement not only impedes progress but also leaves businesses vulnerable to potential breaches.

Meanwhile, technology advances at a breakneck pace, as do the risks posed by cyber threats. The 2024 LevelBlue FuturesTM Report reveals this delicate balancing act between innovation and security. We looked at the whole business issues involved in both cyber and cybersecurity resilience and discovered executive leadership and technical leadership have opportunities for much deeper alignment.

Get your complimentary copy of the report. 

The elusive quest for cyber resilience.

Imagine a world where businesses are impervious to cyber threats—a world where every aspect of an organization is safeguarded against potential disruptions. This is the lofty ideal of cyber resilience, yet for many businesses, it remains an elusive goal. The rapid evolution of computing has transformed the IT landscape, blurring the lines between proprietary and open-source software, legacy systems, cloud computing, and digital transformation initiatives. While these advancements bring undeniable benefits, they also introduce unprecedented risks.

According to our research, a staggering 85% of IT leaders acknowledge that computing innovation comes at the cost of increased risk. In a world where cybercriminals are becoming increasingly sophisticated, the need for cyber resilience has never been more urgent. From massive ransomware attacks to debilitating DDoS incidents, businesses operate in a climate where a single cyber breach can have catastrophic consequences.

Exploring the relationship between executive leadership and cyber resilience.

Our survey of 1,050 C-suite and senior executives included 18 countries and seven industries: energy and utilities, financial services, healthcare, manufacturing, retail, transportation, and US SLED (state, local government, and higher education). In the coming months, we will release a vertical report for each market. This landmark report was designed to help organizations start talking more thoughtfully about vulnerabilities and opportunities for improvement.

In the report, you’ll:

Discover why business leaders and tech leaders alike need to prioritize cyber resilience.
Learn about the critical barriers to cyber resilience.
Find out about the challenges impacting cybersecurity resilience.

Uncover the importance of business context and operational issues associated with prioritizing resilience.

Recognizing the imperative of cyber resilience, business leaders are called upon to chart a course toward greater security and preparedness. It’s no longer enough to react to cyber threats as they arise; organizations must proactively fortify their defenses and cultivate a culture of resilience from within.

Our research delves into the multifaceted challenges facing organizations in their quest for cyber resilience. From the lack of visibility into IT estates to the complexity of regulatory compliance, businesses grapple with deep-seated barriers that hinder their ability to withstand cyber threats. Get your complimentary copy of the report. 

Read More