Monthly Archives: November 2024

Advisories

perl-Module-ScanDeps-1.37-1.fc41

Read Time:31 Second

FEDORA-2024-c05ef21f1f

Packages in this update:

perl-Module-ScanDeps-1.37-1.fc41

Update description:

1.37
– fix parsing of “use if …”
Fixes errors in PAR::Packer test t/90-rt59710.t
– add test for _parse_libs()
1.36
– Fix CVE-2024-10224: Unsanitized input leads to LPE
– use three-argument open()
– replace ‘eval “…”‘ constructs
Note: this version was not released on CPAN because of
Coordinated Release Date for CVE
– README: add “Source Repository” and “Contact” info
switch “Please submit bug reports to …” to GitHub issues
– add preload rule for MooX::HandlesVia
cf. https://github.com/rschupp/PAR-Packer/issues/88

Read More

News

Fintech Giant Finastra Investigating Data Breach

Read Time:5 Minute, 2 Second

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.

London-based Finastra has offices in 42 countries and reported $1.9 billion in revenues last year. The company employs more than 7,000 people and serves approximately 8,100 financial institutions around the world. A major part of Finastra’s day-to-day business involves processing huge volumes of digital files containing instructions for wire and bank transfers on behalf of its clients.

On November 8, 2024, Finastra notified financial institution customers that on Nov. 7 its security team detected suspicious activity on Finastra’s internally hosted file transfer platform. Finastra also told customers that someone had begun selling large volumes of files allegedly stolen from its systems.

“On November 8, a threat actor communicated on the dark web claiming to have data exfiltrated from this platform,” reads Finastra’s disclosure, a copy of which was shared by a source at one of the customer firms.

“There is no direct impact on customer operations, our customers’ systems, or Finastra’s ability to serve our customers currently,” the notice continued. “We have implemented an alternative secure file sharing platform to ensure continuity, and investigations are ongoing.”

But its notice to customers does indicate the intruder managed to extract or “exfiltrate” an unspecified volume of customer data.

“The threat actor did not deploy malware or tamper with any customer files within the environment,” the notice reads. “Furthermore, no files other than the exfiltrated files were viewed or accessed. We remain focused on determining the scope and nature of the data contained within the exfiltrated files.”

In a written statement in response to questions about the incident, Finastra said it has been “actively and transparently responding to our customers’ questions and keeping them informed about what we do and do not yet know about the data that was posted.” The company also shared an updated communication to its clients, which said while it was still investigating the root cause, “initial evidence points to credentials that were compromised.”

“Additionally, we have been sharing Indicators of Compromise (IOCs) and our CISO has been speaking directly with our customers’ security teams to provide updates on the investigation and our eDiscovery process,” the statement continues. Here is the rest of what they shared:

“In terms of eDiscovery, we are analyzing the data to determine what specific customers were affected, while simultaneously assessing and communicating which of our products are not dependent on the specific version of the SFTP platform that was compromised. The impacted SFTP platform is not used by all customers and is not the default platform used by Finastra or its customers to exchange data files associated with a broad suite of our products, so we are working as quickly as possible to rule out affected customers. However, as you can imagine, this is a time-intensive process because we have many large customers that leverage different Finastra products in different parts of their business. We are prioritizing accuracy and transparency in our communications.

Importantly, for any customers who are deemed to be affected, we will be reaching out and working with them directly.”

On Nov. 8, a cybercriminal using the nickname “abyss0” posted on the English-language cybercrime community BreachForums that they’d stolen files belonging to some of Finastra’s largest banking clients. The data auction did not specify a starting or “buy it now” price, but said interested buyers should reach out to them on Telegram.

abyss0’s Nov. 7 sales thread on BreachForums included many screenshots showing the file directory listings for various Finastra customers. Image: Ke-la.com.

According to screenshots collected by the cyber intelligence platform Ke-la.com, abyss0 first attempted to sell the data allegedly stolen from Finastra on October 31, but that earlier sales thread did not name the victim company. However, it did reference many of the same banks called out as Finastra customers in the Nov. 8 post on BreachForums.

The original October 31 post from abyss0, where they advertise the sale of data from several large banks that are customers of a large financial software company. Image: Ke-la.com.

The October sales thread also included a starting price: $20,000. By Nov. 3, that price had been reduced to $10,000. A review of abyss0’s posts to BreachForums reveals this user has offered to sell databases stolen in several dozen other breaches advertised over the past six months.

The apparent timeline of this breach suggests abyss0 gained access to Finastra’s file sharing system at least a week before the company says it first detected suspicious activity, and that the Nov. 7 activity cited by Finastra may have been the intruder returning to exfiltrate more data.

Maybe abyss0 found a buyer who paid for their early retirement. We may never know, because this person has effectively vanished. The Telegram account that abyss0 listed in their sales thread appears to have been suspended or deleted. Likewise, abyss0’s account on BreachForums no longer exists, and all of their sales threads have since disappeared.

It seems improbable that both Telegram and BreachForums would have given this user the boot at the same time. The simplest explanation is that something spooked abyss0 enough for them to abandon a number of pending sales opportunities, in addition to a well-manicured cybercrime persona.

In March 2020, Finastra suffered a ransomware attack that sidelined a number of the company’s core businesses for days. According to reporting from Bloomberg, Finastra was able to recover from that incident without paying a ransom.

This is a developing story. Updates will be noted with timestamps. If you have any additional information about this incident, please reach out to krebsonsecurity @ gmail.com or at protonmail.com.

Read More

Advisories

USN-7121-1: Linux kernel vulnerabilities

Read Time:1 Minute, 12 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– S390 architecture;
– x86 architecture;
– Block layer subsystem;
– Cryptographic API;
– ATM drivers;
– Device frequency scaling framework;
– GPU drivers;
– Hardware monitoring drivers;
– VMware VMCI Driver;
– Network drivers;
– Device tree and open firmware driver;
– SCSI drivers;
– Greybus lights staging drivers;
– BTRFS file system;
– File systems infrastructure;
– F2FS file system;
– JFS file system;
– NILFS2 file system;
– Netfilter;
– Memory management;
– Ethernet bridge;
– IPv6 networking;
– IUCV driver;
– Logical Link layer;
– MAC80211 subsystem;
– NFC subsystem;
– Network traffic control;
– Unix domain sockets;
(CVE-2023-52614, CVE-2024-26633, CVE-2024-46758, CVE-2024-46723,
CVE-2023-52502, CVE-2024-41059, CVE-2024-44987, CVE-2024-36020,
CVE-2023-52599, CVE-2023-52639, CVE-2024-26668, CVE-2024-42094,
CVE-2022-48938, CVE-2022-48733, CVE-2024-27397, CVE-2023-52578,
CVE-2024-38560, CVE-2024-38538, CVE-2024-42310, CVE-2024-46722,
CVE-2024-46800, CVE-2024-41095, CVE-2024-42104, CVE-2024-35877,
CVE-2022-48943, CVE-2024-46743, CVE-2023-52531, CVE-2024-46757,
CVE-2024-36953, CVE-2024-46756, CVE-2024-38596, CVE-2023-52612,
CVE-2024-38637, CVE-2024-41071, CVE-2024-46759, CVE-2024-43882,
CVE-2024-26675, CVE-2024-43854, CVE-2024-44942, CVE-2024-44998,
CVE-2024-42240, CVE-2024-41089, CVE-2024-26636, CVE-2024-46738,
CVE-2024-42309)

Read More

Advisories

USN-7119-1: Linux kernel (IoT) vulnerabilities

Read Time:4 Minute, 12 Second

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an integer overflow vulnerability. A local attacker could
use this to cause a denial of service (system crash). (CVE-2022-36402)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– PowerPC architecture;
– User-Mode Linux (UML);
– x86 architecture;
– Block layer subsystem;
– Cryptographic API;
– Android drivers;
– Serial ATA and Parallel ATA drivers;
– ATM drivers;
– Drivers core;
– CPU frequency scaling framework;
– Device frequency scaling framework;
– GPU drivers;
– HID subsystem;
– Hardware monitoring drivers;
– InfiniBand drivers;
– Input Device core drivers;
– Input Device (Miscellaneous) drivers;
– IOMMU subsystem;
– IRQ chip drivers;
– ISDN/mISDN subsystem;
– Modular ISDN driver;
– LED subsystem;
– Multiple devices driver;
– Media drivers;
– EEPROM drivers;
– VMware VMCI Driver;
– MMC subsystem;
– Network drivers;
– Near Field Communication (NFC) drivers;
– NVME drivers;
– Device tree and open firmware driver;
– Parport drivers;
– PCI subsystem;
– Pin controllers subsystem;
– Remote Processor subsystem;
– S/390 drivers;
– SCSI drivers;
– QCOM SoC drivers;
– Direct Digital Synthesis drivers;
– TTY drivers;
– Userspace I/O drivers;
– DesignWare USB3 driver;
– USB Gadget drivers;
– USB Host Controller drivers;
– USB Serial drivers;
– USB Type-C Connector System Software Interface driver;
– USB over IP driver;
– Watchdog drivers;
– BTRFS file system;
– File systems infrastructure;
– Ext4 file system;
– F2FS file system;
– GFS2 file system;
– JFS file system;
– NILFS2 file system;
– Netfilter;
– BPF subsystem;
– Core kernel;
– DMA mapping infrastructure;
– Tracing infrastructure;
– Radix Tree data structure library;
– Kernel userspace event delivery library;
– Objagg library;
– Memory management;
– Amateur Radio drivers;
– Bluetooth subsystem;
– CAN network layer;
– Networking core;
– Ethtool driver;
– IPv4 networking;
– IPv6 networking;
– IUCV driver;
– KCM (Kernel Connection Multiplexor) sockets driver;
– MAC80211 subsystem;
– RxRPC session sockets;
– Network traffic control;
– SCTP protocol;
– Sun RPC protocol;
– TIPC protocol;
– TLS protocol;
– Wireless networking;
– AppArmor security module;
– Integrity Measurement Architecture(IMA) framework;
– Simplified Mandatory Access Control Kernel framework;
– SoC audio core drivers;
– USB sound devices;
(CVE-2024-46750, CVE-2024-43853, CVE-2024-46722, CVE-2024-42311,
CVE-2024-46679, CVE-2023-52918, CVE-2024-42309, CVE-2024-42160,
CVE-2024-26668, CVE-2024-42271, CVE-2024-40929, CVE-2024-46747,
CVE-2024-41064, CVE-2024-43839, CVE-2024-46757, CVE-2024-41059,
CVE-2024-42301, CVE-2024-46737, CVE-2024-42297, CVE-2024-41015,
CVE-2024-43854, CVE-2024-42289, CVE-2024-41017, CVE-2024-26787,
CVE-2024-47667, CVE-2024-46675, CVE-2024-42246, CVE-2024-46723,
CVE-2024-46817, CVE-2024-43841, CVE-2024-26800, CVE-2024-41098,
CVE-2022-48863, CVE-2023-52531, CVE-2024-42265, CVE-2024-46828,
CVE-2024-41020, CVE-2024-42305, CVE-2024-46755, CVE-2024-46744,
CVE-2024-43871, CVE-2024-43884, CVE-2024-41042, CVE-2024-43914,
CVE-2024-43856, CVE-2024-27397, CVE-2024-26607, CVE-2024-42228,
CVE-2024-41091, CVE-2024-26677, CVE-2024-38611, CVE-2024-43867,
CVE-2024-46829, CVE-2021-47188, CVE-2024-46756, CVE-2024-45025,
CVE-2024-42313, CVE-2024-44947, CVE-2024-26669, CVE-2024-47668,
CVE-2024-44987, CVE-2024-42295, CVE-2024-42281, CVE-2024-43880,
CVE-2024-46777, CVE-2024-46780, CVE-2024-42285, CVE-2024-26891,
CVE-2024-46714, CVE-2024-44999, CVE-2024-41068, CVE-2024-44944,
CVE-2024-43882, CVE-2024-27051, CVE-2024-41072, CVE-2024-46783,
CVE-2024-46781, CVE-2024-26885, CVE-2024-46844, CVE-2024-47669,
CVE-2024-45008, CVE-2024-46758, CVE-2024-44954, CVE-2024-45021,
CVE-2024-42304, CVE-2024-41081, CVE-2024-46798, CVE-2024-43890,
CVE-2024-46840, CVE-2024-44960, CVE-2024-41012, CVE-2022-48791,
CVE-2024-43908, CVE-2024-46721, CVE-2024-43829, CVE-2024-41073,
CVE-2024-42306, CVE-2024-46745, CVE-2024-43858, CVE-2024-47663,
CVE-2024-46782, CVE-2024-42244, CVE-2024-41090, CVE-2024-38602,
CVE-2024-45003, CVE-2024-35848, CVE-2024-43883, CVE-2024-46677,
CVE-2024-42280, CVE-2024-43846, CVE-2024-47659, CVE-2024-44965,
CVE-2024-43893, CVE-2024-26960, CVE-2024-46676, CVE-2024-45016,
CVE-2024-46689, CVE-2024-44998, CVE-2024-44995, CVE-2024-41022,
CVE-2024-45026, CVE-2024-46739, CVE-2024-43830, CVE-2024-42286,
CVE-2024-26640, CVE-2024-27012, CVE-2024-45006, CVE-2024-42276,
CVE-2024-46818, CVE-2024-39494, CVE-2024-43860, CVE-2024-41070,
CVE-2023-52614, CVE-2024-42283, CVE-2024-44969, CVE-2024-42229,
CVE-2024-46740, CVE-2024-44948, CVE-2024-46822, CVE-2024-46738,
CVE-2024-36484, CVE-2024-41065, CVE-2024-46685, CVE-2024-44935,
CVE-2024-46759, CVE-2024-42292, CVE-2024-43879, CVE-2024-42287,
CVE-2024-42288, CVE-2024-41063, CVE-2024-41011, CVE-2024-44946,
CVE-2024-42290, CVE-2024-38570, CVE-2024-42310, CVE-2024-46743,
CVE-2024-43861, CVE-2024-42131, CVE-2021-47212, CVE-2024-46719,
CVE-2024-46815, CVE-2024-26641, CVE-2024-43894, CVE-2024-44988,
CVE-2024-42259, CVE-2024-46771, CVE-2024-46673, CVE-2024-45028,
CVE-2024-46761, CVE-2024-41071, CVE-2024-38630, CVE-2024-43835,
CVE-2024-46800, CVE-2024-42284)

Read More

Advisories

USN-7089-7: Linux kernel (Low Latency) vulnerabilities

Read Time:4 Minute, 22 Second

Chenyuan Yang discovered that the USB Gadget subsystem in the Linux
kernel did not properly check for the device to be enabled before
writing. A local attacker could possibly use this to cause a denial of
service. (CVE-2024-25741)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– MIPS architecture;
– PA-RISC architecture;
– PowerPC architecture;
– RISC-V architecture;
– S390 architecture;
– x86 architecture;
– Cryptographic API;
– Serial ATA and Parallel ATA drivers;
– Null block device driver;
– Bluetooth drivers;
– Cdrom driver;
– Clock framework and drivers;
– Hardware crypto device drivers;
– CXL (Compute Express Link) drivers;
– Cirrus firmware drivers;
– GPIO subsystem;
– GPU drivers;
– I2C subsystem;
– IIO subsystem;
– InfiniBand drivers;
– ISDN/mISDN subsystem;
– LED subsystem;
– Multiple devices driver;
– Media drivers;
– Fastrpc Driver;
– Network drivers;
– Microsoft Azure Network Adapter (MANA) driver;
– Near Field Communication (NFC) drivers;
– NVME drivers;
– NVMEM (Non Volatile Memory) drivers;
– PCI subsystem;
– Pin controllers subsystem;
– x86 platform drivers;
– S/390 drivers;
– SCSI drivers;
– Thermal drivers;
– TTY drivers;
– UFS subsystem;
– USB DSL drivers;
– USB core drivers;
– DesignWare USB3 driver;
– USB Gadget drivers;
– USB Serial drivers;
– VFIO drivers;
– VHOST drivers;
– File systems infrastructure;
– BTRFS file system;
– GFS2 file system;
– JFFS2 file system;
– JFS file system;
– Network file systems library;
– Network file system client;
– NILFS2 file system;
– NTFS3 file system;
– SMB network file system;
– Memory management;
– Netfilter;
– Tracing infrastructure;
– io_uring subsystem;
– BPF subsystem;
– Core kernel;
– Bluetooth subsystem;
– CAN network layer;
– Ceph Core library;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– IUCV driver;
– MAC80211 subsystem;
– Network traffic control;
– Sun RPC protocol;
– Wireless networking;
– AMD SoC Alsa drivers;
– SoC Audio for Freescale CPUs drivers;
– MediaTek ASoC drivers;
– SoC audio core drivers;
– SOF drivers;
– Sound sequencer drivers;
(CVE-2024-42104, CVE-2024-42084, CVE-2024-42252, CVE-2024-41096,
CVE-2024-42237, CVE-2024-42140, CVE-2024-42150, CVE-2024-41031,
CVE-2024-41059, CVE-2024-41062, CVE-2024-41051, CVE-2024-41028,
CVE-2024-41090, CVE-2024-41092, CVE-2024-43855, CVE-2024-41021,
CVE-2024-42229, CVE-2024-41056, CVE-2024-41048, CVE-2024-41036,
CVE-2024-42094, CVE-2024-41089, CVE-2024-41068, CVE-2024-41039,
CVE-2024-41095, CVE-2024-41069, CVE-2024-42234, CVE-2024-42136,
CVE-2024-41025, CVE-2024-42157, CVE-2024-42248, CVE-2024-42087,
CVE-2024-41041, CVE-2024-42230, CVE-2024-42151, CVE-2024-42130,
CVE-2024-42244, CVE-2024-41079, CVE-2024-42253, CVE-2024-42092,
CVE-2024-41022, CVE-2024-42137, CVE-2024-42132, CVE-2024-42108,
CVE-2024-42155, CVE-2024-42127, CVE-2024-41060, CVE-2024-42074,
CVE-2024-41081, CVE-2024-42066, CVE-2024-42098, CVE-2024-42082,
CVE-2024-42093, CVE-2024-42245, CVE-2024-41072, CVE-2024-41052,
CVE-2024-42161, CVE-2024-42096, CVE-2024-42115, CVE-2024-41074,
CVE-2024-42120, CVE-2024-41046, CVE-2024-42239, CVE-2024-41063,
CVE-2024-42090, CVE-2024-41023, CVE-2024-42069, CVE-2024-41087,
CVE-2024-42158, CVE-2024-41067, CVE-2024-41084, CVE-2024-41077,
CVE-2024-42240, CVE-2024-42145, CVE-2024-42102, CVE-2024-41020,
CVE-2024-42231, CVE-2024-41053, CVE-2024-42131, CVE-2024-42089,
CVE-2024-41083, CVE-2024-42247, CVE-2024-42105, CVE-2024-41044,
CVE-2024-42128, CVE-2024-42271, CVE-2024-41037, CVE-2024-42114,
CVE-2024-42106, CVE-2024-41076, CVE-2024-42088, CVE-2024-41057,
CVE-2024-41091, CVE-2024-42152, CVE-2024-41070, CVE-2024-41035,
CVE-2024-41050, CVE-2024-39487, CVE-2024-42113, CVE-2024-42250,
CVE-2024-41047, CVE-2024-42149, CVE-2024-42079, CVE-2024-42091,
CVE-2024-42227, CVE-2024-42095, CVE-2024-42109, CVE-2024-41033,
CVE-2023-52888, CVE-2024-41061, CVE-2024-42223, CVE-2024-42235,
CVE-2024-41086, CVE-2024-42133, CVE-2024-41082, CVE-2024-41071,
CVE-2024-41007, CVE-2023-52887, CVE-2024-39486, CVE-2024-41075,
CVE-2024-42101, CVE-2024-42077, CVE-2024-41042, CVE-2024-42225,
CVE-2024-42126, CVE-2024-41094, CVE-2024-41085, CVE-2024-41019,
CVE-2024-41058, CVE-2024-41066, CVE-2024-42156, CVE-2024-42119,
CVE-2024-41032, CVE-2024-41088, CVE-2024-42100, CVE-2024-42142,
CVE-2024-41054, CVE-2024-42103, CVE-2024-42124, CVE-2024-41034,
CVE-2024-42251, CVE-2024-42153, CVE-2024-41045, CVE-2024-42086,
CVE-2024-42243, CVE-2024-41055, CVE-2024-41078, CVE-2024-42117,
CVE-2024-41030, CVE-2024-42068, CVE-2024-42110, CVE-2024-42147,
CVE-2024-42121, CVE-2024-41080, CVE-2024-41027, CVE-2024-43858,
CVE-2024-42085, CVE-2024-42111, CVE-2024-42238, CVE-2024-41018,
CVE-2024-42138, CVE-2024-41038, CVE-2024-42070, CVE-2024-42141,
CVE-2024-41098, CVE-2024-42118, CVE-2024-41073, CVE-2024-42144,
CVE-2024-42280, CVE-2024-41049, CVE-2024-42076, CVE-2024-41065,
CVE-2024-42063, CVE-2024-41064, CVE-2024-41017, CVE-2024-42112,
CVE-2024-42064, CVE-2024-42135, CVE-2024-42146, CVE-2024-41010,
CVE-2024-41097, CVE-2024-41012, CVE-2024-42097, CVE-2024-42067,
CVE-2024-42236, CVE-2024-42080, CVE-2024-42241, CVE-2024-42065,
CVE-2024-42232, CVE-2024-42246, CVE-2024-41093, CVE-2024-41015,
CVE-2024-42129, CVE-2024-42073, CVE-2024-41029)

Read More