[CERT-daily] Tageszusammenfassung - 21.07.2023

Fri Jul 21 19:30:02 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 20-07-2023 18:00 − Freitag 21-07-2023 18:00
Handler:     Robert Waldner
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ GitHub warns of Lazarus hackers targeting devs with malicious projects ∗∗∗
---------------------------------------------
GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/github-warns-of-lazarus-hackers-targeting-devs-with-malicious-projects/


∗∗∗ Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities ∗∗∗
---------------------------------------------
A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts.
---------------------------------------------
https://thehackernews.com/2023/07/sophisticated-bundlebot-malware.html


∗∗∗ Supply chain security for Go, Part 3: Shifting left ∗∗∗
---------------------------------------------
Previously in our Supply chain security for Go series, we covered dependency and vulnerability management tools and how Go ensures package integrity and availability as part of the commitment to countering the rise in supply chain attacks in recent years. In this final installment, we’ll discuss how “shift left” security can help make sure you have the security information you need, when you need it, to avoid unwelcome surprises. 
---------------------------------------------
http://security.googleblog.com/2023/07/supply-chain-security-for-go-part-3.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ VU#653767: Perimeter81 macOS Application Multiple Vulnerabilities ∗∗∗
---------------------------------------------
At the time, the latest Perimeter81 MacOS application (10.0.0.19) suffers from local privilege escalation vulnerability inside its com.perimeter81.osx.HelperTool. This HelperTool allows main application to setup things which require administrative privileges such as VPN connection, changing routing table, etc.
---------------------------------------------
https://kb.cert.org/vuls/id/653767


∗∗∗ Schwachstellen in AMI-Firmware: Gigabyte-Hack gefährdet unzählige Serversysteme ∗∗∗
---------------------------------------------
Nach einem Hackerangriff auf Gigabyte ist unter anderem eine AMI-Firmware geleakt, in der Forscher nun äußerst brisante Schwachstellen fanden.
---------------------------------------------
https://www.golem.de/news/schwachstellen-in-ami-firmware-gigabyte-hack-gefaehrdet-unzaehlige-serversysteme-2307-176046.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (golang, nodejs16, nodejs18, and R-jsonlite), Red Hat (java-1.8.0-openjdk and java-17-openjdk), SUSE (container-suseconnect, redis, and redis7), and Ubuntu (wkhtmltopdf).
---------------------------------------------
https://lwn.net/Articles/938878/


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2023-0006 ∗∗∗
---------------------------------------------
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE identifiers: CVE-2023-37450, CVE-2023-32393.  
---------------------------------------------
https://webkitgtk.org/security/WSA-2023-0006.html


∗∗∗ Foxit PDF Reader und PDF Editor 12.1.3 als Sicherheitsupdates ∗∗∗
---------------------------------------------
Kurze Information für Leute, die noch den Foxit PDF Reader und/oder den PDF Editor einsetzen sollten. In älteren Versionen gibt es Sicherheitslücken, die durch ein Sicherheitsupdate auf die Version 12.1.3.15356 beseitigt werden [...]
---------------------------------------------
https://www.borncity.com/blog/2023/07/20/foxit-pdf-reader-und-pdf-editor-12-1-3-als-sicherheitsupdates/


∗∗∗ GBrowse vulnerable to unrestricted upload of files with dangerous types ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN35897618/


∗∗∗ Security Vulnerabilities fixed in Thunderbird 115.0.1 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2023-27/


∗∗∗ Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7013595


∗∗∗ IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to unspecified vulnerabilities in IBM Runtime Environment Java Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010095


∗∗∗ IBM Sterling Global Mailbox is vulnerable to arbitrary command execution due to com.ibm.ws.org.apache.commons.collections (CVE-2015-7501) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963962


∗∗∗ IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests (CVE-2022-38712) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6855661


∗∗∗ IBM Sterling Global Mailbox is vulnerable to denial of service due to WebSphere Liberty Server ( CVE-2022-3509, CVE-2022-3171) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963956


∗∗∗ IBM Sterling Global Mailbox is vulnerable to arbitrary code execution due to Apache Commons Collections [CVE-2015-6420, CVE-2017-15708] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957392


∗∗∗ IBM Sterling Global Mailbox is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963958


∗∗∗ IBM Sterling Global Mailbox is vulnerable to sensitive data exposure due to Apache CXF (CVE-2022-46363) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963960


∗∗∗ IBM Sterling Global Mailbox is vulnerable to HTTP header injection due WebSphere Liberty Server (CVE-2022-34165) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6954401


∗∗∗ IBM Sterling Global Mailbox is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42003) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6954403


∗∗∗ IBM Global Mailbox is vulnerable to remote code execution due to Apache Cassandra (CVE-2021-44521) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6852565


∗∗∗ IBM Sterling Global Mailbox is vulnerable to security bypass due to Apache HttpClient (CVE-2020-13956) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6954405


∗∗∗ IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to IBM MQ (CVE-2023-26285, CVE-2023-28950) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7011767


∗∗∗ Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7013887


∗∗∗ Vulnerability in Google gson 2.2.4 libraries (CVE-2022-25647) affects IBM Operations Analytics Predictive Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7013881

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily