USN-6826-1: mod_jk vulnerability

Read Time:12 Second

Karl von Randow discovered that mod_jk was vulnerable to an authentication
bypass. If the configuration did not provide explicit mounts for all
possible proxied requests, an attacker could possibly use this
vulnerability to bypass security constraints configured in httpd.

Read More

USN-6823-1: MySQL vulnerabilities

Read Time:27 Second

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.37 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 23.10, and Ubuntu 24.04 LTS.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-37.html
https://www.oracle.com/security-alerts/cpuapr2024.html

Read More

USN-6817-2: Linux kernel (OEM) vulnerabilities

Read Time:5 Minute, 52 Second

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)

It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)

It was discovered that the Atheros 802.11ac wireless driver did not
properly validate certain data structures, leading to a NULL pointer
dereference. An attacker could possibly use this to cause a denial of
service. (CVE-2023-7042)

Gui-Dong Han discovered that the software RAID driver in the Linux kernel
contained a race condition, leading to an integer overflow vulnerability. A
privileged attacker could possibly use this to cause a denial of service
(system crash). (CVE-2024-23307)

Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in
the Linux kernel contained a race condition, leading to an integer overflow
vulnerability. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2024-24861)

Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)

It was discovered that the MediaTek SoC Gigabit Ethernet driver in the
Linux kernel contained a race condition when stopping the device. A local
attacker could possibly use this to cause a denial of service (device
unavailability). (CVE-2024-27432)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– PowerPC architecture;
– x86 architecture;
– Block layer subsystem;
– ACPI drivers;
– Bluetooth drivers;
– Clock framework and drivers;
– CPU frequency scaling framework;
– Cryptographic API;
– DPLL subsystem;
– ARM SCMI message protocol;
– EFI core;
– GPU drivers;
– InfiniBand drivers;
– IOMMU subsystem;
– LED subsystem;
– Multiple devices driver;
– Media drivers;
– MMC subsystem;
– Network drivers;
– NTB driver;
– NVME drivers;
– PCI subsystem;
– Powercap sysfs driver;
– SCSI drivers;
– Freescale SoC drivers;
– SPI subsystem;
– Media staging drivers;
– Thermal drivers;
– TTY drivers;
– USB subsystem;
– DesignWare USB3 driver;
– VFIO drivers;
– Backlight driver;
– Virtio drivers;
– Xen hypervisor drivers;
– AFS file system;
– File systems infrastructure;
– BTRFS file system;
– debug file system;
– Ext4 file system;
– F2FS file system;
– FAT file system;
– Network file system client;
– NILFS2 file system;
– Overlay file system;
– Pstore file system;
– Diskquota system;
– SMB network file system;
– UBI file system;
– io_uring subsystem;
– BPF subsystem;
– Core kernel;
– Memory management;
– Bluetooth subsystem;
– Networking core;
– HSR network protocol;
– IPv4 networking;
– IPv6 networking;
– MAC80211 subsystem;
– IEEE 802.15.4 subsystem;
– Netfilter;
– Packet sockets;
– Network traffic control;
– Sun RPC protocol;
– ALSA SH drivers;
– SOF drivers;
– USB sound devices;
– KVM core;
(CVE-2024-26859, CVE-2024-26944, CVE-2024-27049, CVE-2024-26868,
CVE-2024-26932, CVE-2024-35843, CVE-2024-35814, CVE-2024-26866,
CVE-2024-26941, CVE-2024-27080, CVE-2024-26938, CVE-2024-26889,
CVE-2024-27075, CVE-2024-27077, CVE-2024-26864, CVE-2024-35787,
CVE-2024-27071, CVE-2024-26880, CVE-2024-26961, CVE-2024-26945,
CVE-2024-26863, CVE-2024-35795, CVE-2024-27045, CVE-2024-27066,
CVE-2024-27046, CVE-2024-26816, CVE-2024-27069, CVE-2024-26861,
CVE-2024-26968, CVE-2024-26963, CVE-2024-26878, CVE-2024-27073,
CVE-2024-35806, CVE-2024-26951, CVE-2024-26954, CVE-2024-27026,
CVE-2024-26956, CVE-2024-35811, CVE-2024-35803, CVE-2024-26964,
CVE-2024-26848, CVE-2024-27434, CVE-2024-35844, CVE-2024-26977,
CVE-2024-27031, CVE-2024-35813, CVE-2024-26960, CVE-2024-27067,
CVE-2024-26937, CVE-2024-26884, CVE-2024-26656, CVE-2024-27068,
CVE-2024-26871, CVE-2023-52653, CVE-2024-26939, CVE-2024-26967,
CVE-2024-26966, CVE-2024-27043, CVE-2024-26814, CVE-2024-35829,
CVE-2024-26973, CVE-2024-35810, CVE-2024-26877, CVE-2024-27392,
CVE-2024-35805, CVE-2024-26875, CVE-2024-26970, CVE-2024-26657,
CVE-2024-26874, CVE-2024-26971, CVE-2024-26872, CVE-2024-35798,
CVE-2024-26931, CVE-2024-26948, CVE-2024-26883, CVE-2024-26955,
CVE-2024-27039, CVE-2024-27038, CVE-2024-27065, CVE-2024-26899,
CVE-2024-27048, CVE-2024-35874, CVE-2024-35845, CVE-2024-35799,
CVE-2024-35827, CVE-2024-26935, CVE-2024-27079, CVE-2024-35821,
CVE-2024-26950, CVE-2024-26879, CVE-2024-26940, CVE-2024-35788,
CVE-2024-26891, CVE-2024-27063, CVE-2024-27433, CVE-2024-27036,
CVE-2024-35819, CVE-2024-26969, CVE-2024-27044, CVE-2024-27028,
CVE-2024-27070, CVE-2023-52649, CVE-2024-27435, CVE-2024-35830,
CVE-2024-26929, CVE-2024-26653, CVE-2024-26887, CVE-2024-26869,
CVE-2024-26942, CVE-2024-35822, CVE-2024-26979, CVE-2024-26881,
CVE-2024-26655, CVE-2024-26975, CVE-2023-52650, CVE-2024-26651,
CVE-2024-35828, CVE-2024-26965, CVE-2024-27437, CVE-2024-35794,
CVE-2024-26962, CVE-2024-27058, CVE-2024-27076, CVE-2024-27035,
CVE-2024-27074, CVE-2024-27027, CVE-2024-26860, CVE-2024-27042,
CVE-2024-27390, CVE-2024-26815, CVE-2023-52662, CVE-2024-27051,
CVE-2024-35796, CVE-2024-27047, CVE-2024-26930, CVE-2024-26865,
CVE-2024-27064, CVE-2024-35826, CVE-2024-26885, CVE-2024-26873,
CVE-2024-26943, CVE-2024-26893, CVE-2024-27030, CVE-2024-26976,
CVE-2024-35793, CVE-2024-26952, CVE-2023-52644, CVE-2024-35797,
CVE-2024-27029, CVE-2024-26927, CVE-2024-26812, CVE-2024-27432,
CVE-2024-26897, CVE-2024-26890, CVE-2024-26972, CVE-2024-35800,
CVE-2024-27032, CVE-2024-27052, CVE-2023-52647, CVE-2024-26898,
CVE-2023-52652, CVE-2024-35808, CVE-2024-26876, CVE-2024-26933,
CVE-2024-26862, CVE-2024-27033, CVE-2023-52663, CVE-2024-27041,
CVE-2023-52648, CVE-2024-26888, CVE-2024-26957, CVE-2024-26953,
CVE-2023-52659, CVE-2024-27436, CVE-2024-27040, CVE-2024-27054,
CVE-2024-27050, CVE-2024-26886, CVE-2023-52661, CVE-2024-35831,
CVE-2024-26946, CVE-2024-26949, CVE-2024-26809, CVE-2024-26892,
CVE-2024-26654, CVE-2024-26901, CVE-2024-27053, CVE-2024-26882,
CVE-2024-35809, CVE-2024-26978, CVE-2024-27037, CVE-2024-27391,
CVE-2024-27034, CVE-2024-26895, CVE-2024-35817, CVE-2024-26900,
CVE-2024-26896, CVE-2024-26958, CVE-2024-35801, CVE-2024-27388,
CVE-2024-26934, CVE-2024-27078, CVE-2024-35789, CVE-2024-26894,
CVE-2024-27389, CVE-2024-35807, CVE-2024-27072, CVE-2024-26947,
CVE-2024-26870, CVE-2024-26813, CVE-2022-48669, CVE-2024-26959,
CVE-2024-26810)

Read More

LLMs Acting Deceptively

Read Time:51 Second

New research: “Deception abilities emerged in large language models“:

Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the steady increase in reasoning abilities, future LLMs are under suspicion of becoming able to deceive human operators and utilizing this ability to bypass monitoring efforts. As a prerequisite to this, LLMs need to possess a conceptual understanding of deception strategies. This study reveals that such strategies emerged in state-of-the-art LLMs, but were nonexistent in earlier LLMs. We conduct a series of experiments showing that state-of-the-art LLMs are able to understand and induce false beliefs in other agents, that their performance in complex deception scenarios can be amplified utilizing chain-of-thought reasoning, and that eliciting Machiavellianism in LLMs can trigger misaligned deceptive behavior. GPT-4, for instance, exhibits deceptive behavior in simple test scenarios 99.16% of the time (P

Read More

The Hidden Risks of eSports: Cybersecurity on the Virtual Battlefield

Read Time:6 Minute, 43 Second

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

From humble beginnings as a niche hobby relegated to small gaming cafes and basements, eSports has grown into a huge affair where gamers compete for million-dollar prizes and prestigious titles. As of 2024, the global eSports industry is worth $4.3 billion, up from just $1.2 billion in 2017. Major eSports tournaments now fill virtual arenas and stadiums, with millions of viewers tuning in.

Amid the excitement and fanfare, however, a crucial aspect often gets overlooked – cybersecurity. Maintaining integrity and security in these virtual environments has become increasingly vital.

From the potential for game-altering hacks and cheats to the risk of data breaches and cyberattacks, the challenges facing the industry are growing more complex by the day.

Understanding the Cybersecurity Threats in eSports

The eSports industry’s rapid growth, lucrative prize pools, and massive online viewership have made it an attractive target for cybercriminals and unscrupulous actors seeking to disrupt events, compromise systems, or gain an unfair advantage.

Additionally, some eSports organizations like FaZe Clan are experiencing surges on the stock market, making them even more attractive targets than, let’s say, stealing data from individual players.

To begin with, let’s go through the primary cybersecurity threats plaguing the world of eSports:

DDoS Attacks

Distributed Denial of Service (DDoS) attacks involve sending an influx of malicious traffic to a network or server, overwhelming it and making it unable to respond to legitimate requests, effectively taking it offline.

In eSports, DDoS attacks can disrupt live tournaments, causing delays, disconnections, and frustration for players and viewers alike.

These can also target individual players, knocking them offline during crucial matches. For instance, in 2023, a DDoS attack on the 24 Hours of Le Mans Virtual eSports event kicked out Max Verstappen, who was leading the race. Activision Blizzard was also hit with multiple DDoS attacks in 2020, affecting several of its game titles, including Call of Duty, Overwatch, and World of Warcraft.

Account Hijacking

Account hijacking involves unauthorized access to a player’s account, typically through phishing, keylogging, or exploiting security vulnerabilities.

Hijacked accounts can be used for cheating, sabotage, or even sold on the black market, putting players at risk of financial loss and reputational damage. In 2019, for example, some professional Counter-Strike: Global Offensive players had their accounts hijacked, leading to the loss of in-game assets worth thousands of dollars.

Cheating Hacks and Exploits

Cheating hacks and exploits, such as aimbots, wallhacks, and speed hacks, undermine the principles of fair play and competitive integrity, tarnishing the reputation of eSports and eroding trust in the gaming community.

The popularity of these exploits has even given rise to cheating software in the form of platforms as a service (PaaS), with brands like NeverLose and Iniuria offering entire suites of cheating services, from aim assistance to more devious tools.

Cheating scandals have rocked various eSports titles, raising concerns about the prevalence of such practices and the need for robust anti-cheat measures. For example, early this year, a cheating scandal emerged during the North American Finals of Apex Legends as players encountered widespread aimbots and wallhacks, prompting the organizers to postpone the event.

Malware and Ransomware Attacks

Malware and ransomware attacks pose huge risks to gaming platforms, tournament systems, and organizers’ networks.

Ransomware attacks can be especially devastating for small eSports teams. Obviously, the likes of G2, Team Liquid, and other Tier 1 teams in DOTA, CS2, and LoL certainly have the means to protect their players and strategies. However, many lower-ranked squads operate like traditional small businesses, using third-party tools to merge PDF files, record scrims, and share sensitive data, which can make them especially vulnerable to cybercriminals.

However, malware and ransom attacks aren’t isolated to eSports teams; even gaming platforms often fall victim.

For instance, in 2017, the popular gaming platform Steam was targeted by a malware campaign aimed at stealing user credentials and financial information, highlighting the vulnerability of these platforms.

Consequences of Cybersecurity Breaches

The cost of securing compromised systems and compensating affected customers can run into millions. Moreover, organizers face potential revenue losses from disrupted tournaments and decreased sponsorships.

Meanwhile, players could lose valuable in-game assets or income streams, particularly if their accounts are hijacked. For instance, when Max Verstapen was knocked out of a tournament by a DDoS attack, he lost out on $250,000 in potential winnings despite leading in the game before the attack.

The public exposure of cheating scandals, match-fixing allegations, or data breaches can erode fan trust and tarnish the image of teams, players, and the entire eSports ecosystem. This could lead to diminished sponsorship opportunities and a decline in viewership and engagement.

The competitive spirit and fair play principles that are the foundation of eSports competitions could also be called into question, casting doubt on the legitimacy of results and sowing discord within the gaming community.

This erosion of trust and integrity could deter new players, sponsors, and fans from engaging with the industry, ultimately stunting its growth and development.

Protecting the Virtual Battlefield

With the growing threat of cyber attacks, the eSports industry needs to implement proactive strategies to safeguard the integrity and security of the virtual battlefield.

Here are some ideas on what players, platforms, and tournament organizers can do to stay ahead of cybercriminals.

Strategies for Players

Players must prioritize account security by implementing strong, unique passwords, enabling two-factor authentication, and being cautious of social engineering attacks like phishing attempts or suspicious links. Regular password changes and monitoring for unauthorized access can help mitigate the risk of account hijacking.

It’s also important for players to keep gaming hardware and software up-to-date with the latest security patches and use reputable anti-virus and anti-malware solutions to protect themselves against malicious code and exploits.

Finally, players need to stay cautious about sharing personal information online and remain vigilant for suspicious activities or attempts to gather sensitive data. They should always verify sources before providing sensitive details or downloading unfamiliar files.

Measures for Platforms and Tournament Organizers

Gaming platforms and tournament organizers should invest in robust cybersecurity frameworks, including secure network infrastructure, regular security audits, encryption of sensitive data, network monitoring, API pen-testing tools, and intrusion detection systems to detect unusual activities.

In the event of a cybersecurity breach, they should have well-defined incident response and mitigation plans in place. These plans should outline clear procedures for containing and mitigating the impact of an attack to minimize losses, as well as communication strategies to keep stakeholders informed and maintain transparency.

It’s also important to think about compliance with data protection regulations. For instance, if there are in-game purchases, the game publisher/developer should use PCI-compliant hosting to keep users’ financial data safe. With the recent Helldivers 2 scandal bringing Sony’s previous data leaks to light, more and more players are getting skeptical of sharing their data with game publishers who don’t care about their privacy.

Platforms and organizers should also cultivate strong partnerships with cybersecurity experts and law enforcement agencies who can provide valuable insights, resources, and support in combating cyber threats. Regular threat intelligence sharing and collaborative efforts can help them stay ahead of evolving cyber risks and enhance the overall security of the eSports industry.

Wrapping Up

Unfortunately, the consequences of successful cyber attacks extend far beyond financial losses for organizations and players. They strike at the very heart of what makes eSports so compelling – the principles of fair play, skill, and competitive spirit that have drawn millions of fans to this rapidly evolving form of entertainment. Only by addressing the hidden risks lurking in the shadows of this virtual world can we truly unleash the full potential of eSports and preserve the essence of what makes it so enthralling – a celebration of skill, competition, and the unifying power of play.

Read More

composer-2.7.7-1.fc40

Read Time:1 Minute, 8 Second

FEDORA-2024-9ed24c98cd

Packages in this update:

composer-2.7.7-1.fc40

Update description:

Version 2.7.7 2024-06-10

Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c / CVE-2024-35241)
Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf / CVE-2024-35242)
Fixed PSR violations for classes not matching the namespace of a rule being hidden, this may lead to new violations being shown (#11957)
Fixed UX when a plugin is still in vendor dir but is not required nor allowed anymore after changing branches (#12000)
Fixed new platform requirements from composer.json not being checked if the lock file is outdated (#12001)
Fixed secure-http checks that could be bypassed by using malformed URL formats (fa3b9582c)
Fixed Filesystem::isLocalPath including windows-specific checks on linux (3c37a67c)
Fixed perforce argument escaping (3773f775)
Fixed handling of zip bombs when extracting archives (de5f7e32)
Fixed Windows command parameter escaping to prevent abuse of unicode characters with best fit encoding conversion (3130a7455, 04a63b324)
Fixed ability for config command to remove autoload keys (#11967)
Fixed empty type support in init command (#11999)
Fixed git clone errors when safe.bareRepository is set to strict in the git config (#11969)
Fixed regression showing network errors on PHP <8.1 (#11974)
Fixed some color bleed from a few warnings (#11972)

Read More

composer-2.7.7-1.el9

Read Time:1 Minute, 9 Second

FEDORA-EPEL-2024-01755f0acd

Packages in this update:

composer-2.7.7-1.el9

Update description:

Version 2.7.7 2024-06-10

Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c / CVE-2024-35241)
Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf / CVE-2024-35242)
Fixed PSR violations for classes not matching the namespace of a rule being hidden, this may lead to new violations being shown (#11957)
Fixed UX when a plugin is still in vendor dir but is not required nor allowed anymore after changing branches (#12000)
Fixed new platform requirements from composer.json not being checked if the lock file is outdated (#12001)
Fixed secure-http checks that could be bypassed by using malformed URL formats (fa3b9582c)
Fixed Filesystem::isLocalPath including windows-specific checks on linux (3c37a67c)
Fixed perforce argument escaping (3773f775)
Fixed handling of zip bombs when extracting archives (de5f7e32)
Fixed Windows command parameter escaping to prevent abuse of unicode characters with best fit encoding conversion (3130a7455, 04a63b324)
Fixed ability for config command to remove autoload keys (#11967)
Fixed empty type support in init command (#11999)
Fixed git clone errors when safe.bareRepository is set to strict in the git config (#11969)
Fixed regression showing network errors on PHP <8.1 (#11974)
Fixed some color bleed from a few warnings (#11972)

Read More