cyrus-imapd-3.8.3-1.fc41

Read Time:16 Second

FEDORA-2024-cfbdc342a2

Packages in this update:

cyrus-imapd-3.8.3-1.fc41

Update description:

Automatic update for cyrus-imapd-3.8.3-1.fc41.

Changelog

* Wed Jun 5 2024 Martin Osvald <mosvald@redhat.com> – 3.8.3-1
– Fix CVE-2024-34055 (rhbz#2290512)
– Convert to %autorelease and %autochangelog

Read More

USN-6806-1: GDK-PixBuf vulnerability

Read Time:13 Second

Pedro Ribeiro and Vitor Pedreira discovered that the GDK-PixBuf
library did not properly handle certain ANI files. An attacker
could use this flaw to cause GDK-PixBuf to crash, resulting in
a denial of service, or to possibly execute arbitrary code.

Read More

USN-6715-2: unixODBC vulnerability

Read Time:14 Second

USN-6715-1 fixed a vulnerability in unixODBC. This update provides the
corresponding fix for Ubuntu 24.04 LTS.

Original advisory details:

It was discovered that unixODBC incorrectly handled certain bytes.
An attacker could use this issue to execute arbitrary code or cause
a crash.

Read More

libvirt-10.1.0-2.fc40

Read Time:10 Second

FEDORA-2024-ee96e0c470

Packages in this update:

libvirt-10.1.0-2.fc40

Update description:

Fix crash in event loop (CVE-2024-4418)
Fix leak of GSource object
Fix leak of udev object reference

Read More

How To Prevent Your Emails From Being Hacked

Read Time:4 Minute, 51 Second

My mother recently turned 80, so of course a large celebration was in order. With 100 plus guests, entertainment, and catering to organise, the best way for me to keep everyone updated (and share tasks) was to use Google Docs. Gee, it worked well. My updates could immediately be seen by everyone, the family could access it from all the devices, and it was free to use! No wonder Google has a monopoly on drive and document sharing.

But here’s the thing – hackers know just how much both individuals and businesses have embraced Google products. So, it makes complete sense that they use reputable companies such as Google to devise phishing emails that are designed to extract our personal information. In fact, the Google Docs phishing scam was widely regarded as one of the most successful personal data extraction scams to date. They know that billions of people worldwide use Google so an invitation to click a link and view a document does not seem like an unreasonable email to receive. But it caused so much grief for so many people.

It’s All About Phishing

Emails designed to trick you into sharing your personal information are a scammer’s bread and butter. This is essentially what phishing is. It is by far the most successful tool they use to get their hands on your personal data and access your email.

‘But why do they want my email logins?’ – I hear you ask. Well, email accounts are what every scammer dreams of – they are a treasure trove of personally identifiable material that they can either steal or exploit. They could also use your email to launch a wide range of malicious activities from spamming and spoofing to spear phishing. Complicated terms, I know but in essence these are different types of phishing strategies. So, you can see why they are keen!!

But successful phishing emails usually share a few criteria which is important to know. Firstly, the email looks like it has been sent from a legitimate company e.g. Microsoft, Amex, or Google. Secondly, the email has a strong ‘call to action’ e.g. ‘your password has been changed, if this is not the case, please click here’. And thirdly, the email does not seem too out of place or random from the potential victim’s perspective.

What To Do To Prevent Your Email Being Hacked?

Despite the fact that scammers are savvy tricksters, there are steps you can take to maximise the chances your email remains locked away from their prying eyes. Here’s what I suggest:

Don’t Fall Victim to a Phishing Scam

Never respond to an unexpected email or website that asks you for personal information or your login details no matter how professional it looks. If you have any doubts, always contact the company directly to verify.

Protect Yourself!

Make sure you have super-duper internet security software that includes all the bells and whistles. Not only does internet security software McAfee+ include protection for daily browsing but it also has a password manager, a VPN, and a social privacy manager that will lock down your privacy settings on your social media accounts. A complete no-brainer!

Say No to Public Wi-Fi and Public Computers

Avoid using public Wi-Fi to log into your email from public places. It takes very little effort for a hacker to position themselves between you and the connection point. So, it’s entirely possible for them to be in receipt of all your private information and logins which clearly you don’t want. If you really need to use it, invest in a Virtual Private Network (VPN) which will ensure everything you share via Wi-Fi will be encrypted. Your McAfee+ subscription includes a VPN.

Public computers should also be avoided even just to ‘check your email’. Not only is there a greater chance of spyware on untrusted computers but some of them sport key-logging programs which can both monitor and record the keys you strike on the keyboard – a great way of finding out your password!

Passwords, Passwords, Passwords

Ensuring each of your online accounts has its own unique, strong, and complex password is one of the best ways of keeping hackers out of your life. I always suggest at least 10-12 characters with a combination of upper and lower case letters, symbols, and numbers. A crazy nonsensical sentence is a great option here but better still is a password manager that will remember and generate passwords that no human could! A password manager is also part of your McAfee+ online security pack.

What To Do If Your Email Is Hacked?

Even if you have taken all the necessary steps to protect your email from hackers, there is the chance that your email logins may be leaked in a data breach. A data breach happens when a company’s data is accessed by scammers and customers’ personal information is stolen. You may remember the Optus, Medibank and Latitude hacks of 2022/23?

If you have had your personal information stolen, please be assured that there are steps you can take to remedy this. The key is to act fast. Check out my recent blog post here for everything you need to know.

So, next time you’re organising a big gathering don’t hesitate to use Google Docs to plan or Microsoft Teams to host your planning meetings. While the thought of being hacked might make you want to withdraw, please don’t. Instead, cultivate a questioning mindset in both yourself and your kids, and always have a healthy amount of suspicion when going about your online life. You’ve got this!!

Till next time,
Stay safe!
Alex

The post How To Prevent Your Emails From Being Hacked appeared first on McAfee Blog.

Read More

Online Privacy and Overfishing

Read Time:4 Minute, 14 Second

Microsoft recently caught state-backed hackers using its generative AI tools to help with their attacks. In the security community, the immediate questions weren’t about how hackers were using the tools (that was utterly predictable), but about how Microsoft figured it out. The natural conclusion was that Microsoft was spying on its AI users, looking for harmful hackers at work.

Some pushed back at characterizing Microsoft’s actions as “spying.” Of course cloud service providers monitor what users are doing. And because we expect Microsoft to be doing something like this, it’s not fair to call it spying.

We see this argument as an example of our shifting collective expectations of privacy. To understand what’s happening, we can learn from an unlikely source: fish.

In the mid-20th century, scientists began noticing that the number of fish in the ocean—so vast as to underlie the phrase “There are plenty of fish in the sea”—had started declining rapidly due to overfishing. They had already seen a similar decline in whale populations, when the post-WWII whaling industry nearly drove many species extinct. In whaling and later in commercial fishing, new technology made it easier to find and catch marine creatures in ever greater numbers. Ecologists, specifically those working in fisheries management, began studying how and when certain fish populations had gone into serious decline.

One scientist, Daniel Pauly, realized that researchers studying fish populations were making a major error when trying to determine acceptable catch size. It wasn’t that scientists didn’t recognize the declining fish populations. It was just that they didn’t realize how significant the decline was. Pauly noted that each generation of scientists had a different baseline to which they compared the current statistics, and that each generation’s baseline was lower than that of the previous one.

What seems normal to us in the security community is whatever was commonplace at the beginning of our careers.

Pauly called this “shifting baseline syndrome” in a 1995 paper. The baseline most scientists used was the one that was normal when they began their research careers. By that measure, each subsequent decline wasn’t significant, but the cumulative decline was devastating. Each generation of researchers came of age in a new ecological and technological environment, inadvertently masking an exponential decline.

Pauly’s insights came too late to help those managing some fisheries. The ocean suffered catastrophes such as the complete collapse of the Northwest Atlantic cod population in the 1990s.

Internet surveillance, and the resultant loss of privacy, is following the same trajectory. Just as certain fish populations in the world’s oceans have fallen 80 percent, from previously having fallen 80 percent, from previously having fallen 80 percent (ad infinitum), our expectations of privacy have similarly fallen precipitously. The pervasive nature of modern technology makes surveillance easier than ever before, while each successive generation of the public is accustomed to the privacy status quo of their youth. What seems normal to us in the security community is whatever was commonplace at the beginning of our careers.

Historically, people controlled their computers, and software was standalone. The always-connected cloud-deployment model of software and services flipped the script. Most apps and services are designed to be always-online, feeding usage information back to the company. A consequence of this modern deployment model is that everyone—cynical tech folks and even ordinary users—expects that what you do with modern tech isn’t private. But that’s because the baseline has shifted.

AI chatbots are the latest incarnation of this phenomenon: They produce output in response to your input, but behind the scenes there’s a complex cloud-based system keeping track of that input—both to improve the service and to sell you ads.

Shifting baselines are at the heart of our collective loss of privacy. The U.S. Supreme Court has long held that our right to privacy depends on whether we have a reasonable expectation of privacy. But expectation is a slippery thing: It’s subject to shifting baselines.

The question remains: What now? Fisheries scientists, armed with knowledge of shifting-baseline syndrome, now look at the big picture. They no longer consider relative measures, such as comparing this decade with the last decade. Instead, they take a holistic, ecosystem-wide perspective to see what a healthy marine ecosystem and thus sustainable catch should look like. They then turn these scientifically derived sustainable-catch figures into limits to be codified by regulators.

In privacy and security, we need to do the same. Instead of comparing to a shifting baseline, we need to step back and look at what a healthy technological ecosystem would look like: one that respects people’s privacy rights while also allowing companies to recoup costs for services they provide. Ultimately, as with fisheries, we need to take a big-picture perspective and be aware of shifting baselines. A scientifically informed and democratic regulatory process is required to preserve a heritage—whether it be the ocean or the Internet—for the next generation.

Read More

Why Firewalls Are Not Enough in Today’s Cybersecurity Landscape

Read Time:7 Minute, 12 Second

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Firewall technology has mirrored the complexities in network security, evolving significantly over time. Originally serving as basic traffic regulators based on IP addresses, firewalls advanced to stateful inspection models, offering a more nuanced approach to network security. This evolution continued with the emergence of Next-Generation Firewalls (NGFWs), which brought even greater depth through data analysis and application-level inspection.

Yet, even with these advancements, firewalls struggle to contend with the increasingly sophisticated nature of cyberthreats. The modern digital landscape presents formidable challenges like zero-day attacks, highly evasive malware, encrypted threats, and social engineering tactics, often surpassing the capabilities of traditional firewall defenses.

The discovery of CVE-2023-36845 in September 2023, affecting nearly 12,000 Juniper firewall devices, is a case in point. This zero-day exploit enabled unauthorized actors to execute arbitrary code, circumventing established security measures and exposing critical networks to risk. Incidents like this highlight the growing need for a dynamic and comprehensive approach to network security, one that extends beyond the traditional firewall paradigm.

Human Element – The Weakest Link in Firewall Security

While the discovery of CVEs highlights vulnerabilities to zero-day exploits, it also brings to the forefront another critical challenge in firewall security: human error. Beyond the sophisticated external threats, the internal risks posed by misconfiguration due to human oversight are equally significant. These errors, often subtle, can drastically weaken the protective capabilities of firewalls.

Misconfigurations in Firewall Security

Misconfigurations in firewall security, frequently a result of human error, can significantly compromise the effectiveness of these crucial security barriers. These misconfigurations can take various forms, each posing unique risks to network integrity. Common types of firewall misconfigurations include:

Improper Access Control Lists (ACLs) Setup:

ACLs define who can access what resources in a network. Misconfigurations here might involve setting rules that are too permissive, inadvertently allowing unauthorized users to access sensitive areas of the network.

An example could be erroneously allowing traffic from untrusted sources or failing to restrict access to critical internal resources.

Faulty VPN Configurations:

Virtual Private Networks (VPNs) are essential for secure remote access. Misconfigured VPNs can create vulnerabilities, especially if they are not properly integrated with the firewall’s rule set.

Common errors include not enforcing strong authentication or neglecting to restrict access based on user roles and permissions.

Outdated or Redundant Firewall Rules:

Over time, the network environment changes, but firewall rules may not be updated accordingly. Outdated rules can create security gaps or unnecessary complexity.

Redundant or conflicting rules can also lead to confusion in policy enforcement, potentially leaving the network open to exploitation.

Incorrect Port Management:

Open ports are necessary for network communication, but unnecessary open ports can be exploited by attackers.

Misconfigurations here include leaving ports open that are no longer in use, or misidentifying the ports that need to be open for legitimate network functions.

Failure in Implementing Intrusion Prevention/Detection Systems (IPS/IDS):

IPS/IDS are critical for identifying and preventing potential threats. Not integrating these systems effectively with the firewall can lead to gaps in threat detection.

Misconfigurations might involve poorly defined signatures or thresholds, leading to a high rate of false positives or negatives.

Neglecting to Configure Security Zones and Network Segmentation:

Proper network segmentation is vital for limiting the spread of attacks within a network. Inadequate segmentation can result in widespread network compromise in the event of a breach.

Common errors include not defining or improperly configuring internal and external zones, or failing to apply stringent rules to traffic moving between different segments.

Regulatory Compliance and Advanced Security Needs

The landscape of cybersecurity regulation is defined by stringent standards, each emphasizing the need for robust security measures. Traditional firewalls, while fundamental, often fall short in meeting the specific requirements of these standards. Instead, there’s a growing emphasis on the use of unidirectional gateways and data diodes to comply with these regulations. This shift not only aligns with the stringent requirements of modern cybersecurity mandates but also reduces the risks associated with human error in firewall configuration.

Several key standards highlighting the importance of unidirectional technologies include:

NERC CIP: Governing North America’s bulk electric system, NERC CIP includes standards that specifically require the use of unidirectional gateways for data communication between networks. These standards reflect the necessity for stringent security measures in the energy sector.
Nuclear Regulatory Commission (NRC): The NRC’s guidelines for the nuclear power industry underscore the importance of data diodes in securing critical systems. This requirement points to the need for highly secure data transmission methods that traditional firewalls cannot provide.
ISA/IEC 62443: Designed for industrial automation and control system security, ISA/IEC 62443 standards advocate for the use of unidirectional gateways. This recommendation acknowledges the unique security challenges in industrial environments and the limitations of traditional firewalls in such settings.
NIST Cybersecurity Framework: Developed by the National Institute of Standards and Technology, this framework emphasizes network segmentation to isolate critical assets. It recommends using data diodes or security gateways for this purpose, highlighting their role in enhancing network security beyond the capabilities of conventional firewalls.
ISO 27001 (Information Security Management System): As an international standard for information security management, ISO 27001 suggests the implementation of data diodes or security gateways. These technologies are crucial for meeting the standard’s requirements for secure data access and controlled communication between networks, ensuring comprehensive information security management.

The focus on unidirectional gateways and data diodes across these various standards illustrates a shift in cybersecurity strategy. As organizations strive to align with these stringent compliance mandates, it becomes evident that the role of traditional firewalls is changing, necessitating the integration of more advanced security solutions to adequately protect critical network infrastructures.

Integrating Advanced Technologies with Unidirectional Gateways

Unidirectional gateways, or data diodes, are specialized security devices that allow data to travel only in one direction, typically from a secure network to a less secure one. This design inherently prevents any possibility of external attacks infiltrating the secure network via the gateway.

Benefits of Unidirectional Gateways in Cybersecurity:

Enhanced Security: By allowing data flow in only one direction, unidirectional gateways provide a robust barrier against inbound cyberthreats, effectively isolating critical systems from potential attack vectors.
Compliance with Regulations: As highlighted in various cybersecurity standards, unidirectional gateways meet stringent compliance requirements, particularly where the protection of critical infrastructure is concerned.
Reduced Attack Surface: Implementing these gateways significantly narrows the attack surface, as they eliminate the risk of external breaches through the data transmission path.

Integration with Advanced Technologies:

Integrating unidirectional gateways with other advanced technologies like Malware Multiscanning and Threat Intelligence platforms elevates their effectiveness.

Malware Multiscanning: Integrating Malware Multiscanning with unidirectional gateways ensures that any data transferred is scrutinized for potential threats using multiple antivirus engines, thereby enhancing the detection and prevention of malware.
Threat Intelligence: Coupling threat intelligence platforms with these gateways enables the analysis of data traffic patterns and the identification of potential threats based on the latest intelligence, ensuring that the information passing through the gateways is secure and verified.

Illustrating Comprehensive Protection through Integration:

Consider a scenario in an ICS environment, where operational data needs to be sent securely from the control network to a corporate network for analysis. A unidirectional gateway ensures that no potentially harmful traffic can enter the control network. When integrated with a malware scanning system, the data passing through the gateway is thoroughly scanned, ensuring it’s free of malware. Simultaneously, threat intelligence can analyze this data flow for any unusual patterns or indicators of compromise, providing an additional layer of security.

In another use case, a financial institution might use a unidirectional gateway to securely transfer transaction data to an external auditing system. The integration with advanced threat detection tools ensures real-time analysis of this data, detecting any anomalies or signs of data manipulation, thereby safeguarding the integrity of the transaction records.

These scenarios demonstrate how integrating unidirectional gateways with advanced technologies addresses the limitations of traditional firewalls, providing a more comprehensive and proactive approach to cybersecurity.

Future Outlook

The future of network security lies in a defense-in-depth strategy, where layers of defense create a fortified barrier around critical infrastructures. This approach combines the strengths of traditional firewalls with advanced solutions like unidirectional security gateways. Together, they form a multi-layered perimeter, effectively shrinking the attack surface and minimizing potential entry points for cyberthreats. Organizations are encouraged to consider these insights and proactively enhance their cybersecurity measures, ensuring robust protection for their critical networks and data assets.

Read More