[CERT-daily] Tageszusammenfassung - 07.04.2023

Fri Apr 7 18:33:49 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 06-04-2023 18:00 − Freitag 07-04-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Security baseline for Microsoft Edge v112 ∗∗∗
---------------------------------------------
Microsoft is pleased to announce the release of the security baseline for Microsoft Edge, version 112!   We have reviewed the settings in Microsoft Edge version 112 and updated our guidance with the removal of three obsolete settings. A new Microsoft Edge security baseline package was just released to the Download Center.
---------------------------------------------
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-v112/ba-p/3789975


∗∗∗ Security headers you should add into your application to increase cyber risk protection, (Thu, Apr 6th) ∗∗∗
---------------------------------------------
Web applications are a wide world that is currently the object of numerous cyberattacks, mostly seeking to compromise the information directly in the clients that use them.
---------------------------------------------
https://isc.sans.edu/diary/rss/29720


∗∗∗ Detecting Suspicious API Usage with YARA Rules, (Fri, Apr 7th) ∗∗∗
---------------------------------------------
YARA is a beautiful tool for malware researchers and incident responders. No need to present it again. It became a standard tool to add to your arsenal. While teaching FOR610 (Malware Analysis & Reverse Engineering), a student asked me how to detect specific API calls with dangerous parameters during the triage phase. This phase will help you quickly assess the malware sample and help you decide how to perform the following steps.
---------------------------------------------
https://isc.sans.edu/diary/rss/29724


∗∗∗ Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign ∗∗∗
---------------------------------------------
Our team at Sucuri has been tracking a massive WordPress infection campaign since 2017 — but up until recently never bothered to give it a proper name. Typically, we refer to it as an ongoing long lasting massive WordPress infection campaign that leverages all known and recently discovered theme and plugin vulnerabilities.
---------------------------------------------
https://blog.sucuri.net/2023/04/balada-injector-synopsis-of-a-massive-ongoing-wordpress-malware-campaign.html


∗∗∗ With ICMP magic, you can snoop on vulnerable HiSilicon, Qualcomm-powered Wi-Fi ∗∗∗
---------------------------------------------
WPA stands for will-provide-access, if you can successfully exploit a targets setup. A vulnerability identified in at least 55 Wi-Fi router models can be exploited by miscreants to spy on victims data as its sent over a wireless network.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2023/04/07/wifi_access_icmp/


∗∗∗ Pwning Pixel 6 with a leftover patch ∗∗∗
---------------------------------------------
In this post, I’ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain arbitrary kernel code execution and root from a malicious app. This highlights how treacherous it can be when backporting security changes.
---------------------------------------------
https://github.blog/2023-04-06-pwning-pixel-6-with-a-leftover-patch/


∗∗∗ Umfrage: Softwarebedingte Schwachstellen sind das größte Sicherheitsproblem ∗∗∗
---------------------------------------------
Hacker setzen vermehrt auf bekannte Sicherheitslücken. Ransomware ist der Umfrage zufolge nur die viertgrößte Bedrohung. Ein weiteres Problem: viele Unternehmen weisen Mitarbeiter an, meldepflichtige Vorfälle zu verschweigen.
---------------------------------------------
https://www.zdnet.de/88408311/umfrage-softwarebedingte-schwachstellen-sind-das-groesste-sicherheitsproblem/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Release notes for Microsoft Edge Security Updates (CVE-2023-28284, CVE-2023-24935, CVE-2023-28301) ∗∗∗
---------------------------------------------
April 6, 2023: Microsoft has released the latest Microsoft Edge Stable Channel (Version 112.0.1722.34) which incorporates the latest Security Updates of the Chromium project.
---------------------------------------------
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Mageia (ldb/samba, libapreq2, opencontainers-runc, peazip, python-cairosvg, stellarium, and zstd), Oracle (httpd and mod_http2, kernel, and nss), SUSE (conmon, go1.19, go1.20, libgit2, openssl-1_1, and openvswitch), and Ubuntu (emacs24).
---------------------------------------------
https://lwn.net/Articles/928559/


∗∗∗ F5: K000133432 : Intel CPU vulnerability CVE-2022-21216 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000133432


∗∗∗ CISA Adds Five Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/04/07/cisa-adds-five-known-exploited-vulnerabilities-catalog


∗∗∗ IBM Informix Dynamic Server is affected when a specific function in the Spatial Datablade is called with an out-of-range parameter ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6343587


∗∗∗ IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in GnuPG Libksba [CVE-2022-3515] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981855


∗∗∗ IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in libexpat [CVE-2022-40674] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981859


∗∗∗ IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in SQlite [CVE-2020-35527] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981851


∗∗∗ IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary commands execution in Python (CVE-2015-20107) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981849


∗∗∗ IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in GNU Libtasn1 [CVE-2021-46848] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981853


∗∗∗ IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in Git [CVE-2022-23521] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981857


∗∗∗ IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in Git [CVE-2022-41903] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981861


∗∗∗ Privilege Escalation vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981911


∗∗∗ Improper Error Handling ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981917


∗∗∗ IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6982047


∗∗∗ Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/286971


∗∗∗ IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6982141

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily