USN-6846-1: Ansible vulnerabilities

Read Time:31 Second

It was discovered that Ansible incorrectly handled certain inputs when using
tower_callback parameter. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to obtain sensitive information. This issue only affected Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3697)

It was discovered that Ansible incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to perform a Template Injection.
(CVE-2023-5764)

Read More

emacs-29.4-2.fc39

Read Time:10 Second

FEDORA-2024-3fedeba41f

Packages in this update:

emacs-29.4-2.fc39

Update description:

Update to version 29.4, fixing CVE-2024-39331.

Update to Emacs 29.4, fixing CVE-2024-39331.

Read More

The Role of Cybersecurity in Modern Construction and Manufacturing

Read Time:4 Minute, 13 Second

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Cybersecurity and threat preparedness may be at the forefront of your mind, and you may have protections in place against more common threats. Yet, as these threats continue to evolve, vigilance and adaptation are crucial for construction and manufacturing organizations.

Cybercriminals have gotten both more prolific and more creative. 2023 saw a record-breaking spike in cyberattacks, with well over 300 million victims falling prey to data breaches, and the average corporate data breach cost 4.45 million dollars. In an industry where reputation is everything, a single breach could sink your ship in more ways than one.

As we proceed, we’ll unpack the many ways that a cyberattack could impact your ability to turn a profit, making you aware of vulnerabilities that exist within your organization’s structure. Then we’ll provide you with practical suggestions to patch these vulnerabilities, insulating you from outside threats and keeping you on track to remain profitable.

Computer Vision and Vulnerabilities

As you use new technologies to support your existing processes, you must be aware of vulnerabilities that new systems can create. If you’ve looked into leveraging recent tech advancements in your field, you’re probably familiar with computer vision technology. Computer vision technology uses data gathered from physical images, importing them into the digital realm and unlocking a variety of potential benefits.

Takeoff software and AI-powered planning systems streamline the project liftoff process by, simplifying cost estimation, identifying and correcting blueprint errors, and even advancing sustainability goals. While these systems can be leveraged to optimize a wide variety of processes, they also shift the balance of project planning from human input to automated computing processes. This in turn puts you more at risk for being a victim of a cyberattack.

Malefactors can access automated systems through a wide variety of channels. Whether they break into your network via access to an IoT-connected device that someone misplaced in the workspace, or secret malicious code into the data sources your devices consume to function, increasing your use of technology also increases their windows of opportunity. As these systems increase in scope and importance, leaving windows like these open increases the risk of potentially profitable projects turning belly up.

Process Disruption

However, cybercriminals don’t need you to use newfangled technology solutions to cause havoc throughout your processes. Cybercriminals already have a tried-and-true playbook that they’ve been using on your competitors for years, and to great effect.

Some of the ways cyberthreats can fracture manufacturers’ processes include:

Ransomware: If a cybercriminal gains access to mission-critical data, they can then lock that data behind a ransomware program. Ransomware holds company data and systems hostage until a certain amount of money is paid to the programmer. As with many other line items on this list, this can cause project delays, reputational damage, and heavy financial losses.

IP Theft: Cybercriminals have methods of spying on network connections that they can leverage to get ahold of organizations’ intellectual property. Patching these vulnerabilities can help stop trade secrets from leaking out into the wider market.

Supply chain fragmentation: Yes, cybercrime can make the problem of mitigating supply chain issues even worse. A single vendor being compromised can lead to a domino effect of missed deliveries, wasted or damaged goods, and deadline extensions.

Most cybersecurity failures, including those above, involve a combination of employee negligence and the exploitation of system vulnerabilities. Gaining a level of cybersecurity awareness is absolutely necessary, as it will allow you to pre-emptively shield pain points from being exploited.

Tools You Can Leverage To Protect Your Systems

Educating your employees on common cybercriminal tactics must be your first step. Employee negligence is, far and away, the biggest vulnerability that organizations across industries have, being unevenly responsible for data breaches. As such, robust and frequent threat awareness training is a must for employees of all levels – it only takes one email to allow malware to take root in your organization’s systems.

Antivirus software, network monitoring solutions, and data encryption solutions like VPN servers are also absolutely necessary. Each provides insulation against a specific threat; antivirus software flags and quarantines malicious code before it ingrains itself in your network, while network monitoring and VPN solutions secure your web traffic from prying eyes.

You can also practice cybersecurity awareness and implement good practices across your company structures, like device hardening protocols, end-to-end encryption, and frequent patching of your operating system. Along with the above tools, these processes protect against employee negligence by proactively reinforcing network safety protocol, encouraging authorized users to comply and keeping unauthorized agents out.

As technology continues to evolve, and your sector with it, cybercrime threatens to become even more disruptive for manufacturers. Strive to attain cybersecurity awareness throughout your organization, and you’ll be able to protect your bottom line and your reputation from unwanted consequences.

Read More

SEC Consult SA-20240624-0 :: Multiple Vulnerabilities allowing complete bypass in Faronics WINSelect (Standard + Enterprise)

Read Time:18 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 24

SEC Consult Vulnerability Lab Security Advisory < 20240624-0 >
=======================================================================
title: Multiple Vulnerabilities allowing complete bypass
product: Faronics WINSelect (Standard + Enterprise)
vulnerable version: <8.30.xx.903
fixed version: 8.30.xx.903
CVE number: CVE-2024-36495, CVE-2024-36496, CVE-2024-36497
impact: high…

Read More