[CERT-daily] Tageszusammenfassung - 20.04.2023

Daily end-of-shift report team at cert.at
Thu Apr 20 18:17:37 CEST 2023


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 19-04-2023 18:00 − Donnerstag 20-04-2023 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Schwachstelle ermöglicht es Dieben, iPhones zu übernehmen ∗∗∗
---------------------------------------------
Über eine Sicherheitslücke verschaffen sich Kriminelle Zugang zu den Apple-IDs ihrer Opfer.
---------------------------------------------
https://futurezone.at/produkte/schwachstelle-diebstahl-iphones-uebernehmen-code-wiederherstellung-schluessel-usa/402418847


∗∗∗ Goldoson Android Malware Infects Over 100 Million Google Play Store Downloads ∗∗∗
---------------------------------------------
hA new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. [..] Following responsible disclosure to Google, 36 of the 63 offending apps have been pulled from the Google Play Store. The remaining 27 apps have been updated to remove the malicious library.
---------------------------------------------
https://thehackernews.com/2023/04/goldoson-android-malware-infects-over.html


∗∗∗ The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks ∗∗∗
---------------------------------------------
The mass compromise of the VoIP firms customers is the first confirmed incident where one software supply chain attack enabled another, researchers say.
---------------------------------------------
https://www.wired.com/story/3cx-supply-chain-attack-times-two/


∗∗∗ ‘AuKill’ EDR killer malware abuses Process Explorer driver ∗∗∗
---------------------------------------------
The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying either a backdoor or ransomware on the target system.
---------------------------------------------
https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/


∗∗∗ Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 2 ∗∗∗
---------------------------------------------
In the previous blog post, we described how the Docker research started and showed how we could gain a full privilege escalation through a vulnerability in Docker Desktop. In this follow-up blog post, we will show the other vulnerable functions we were able to exploit.
---------------------------------------------
https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2


∗∗∗ Vermehrte Angriffe auf Cisco Router und Switche mit Cisco IOS und IOS-XE ∗∗∗
---------------------------------------------
Mehrere Sicherheitsbehörden und Cisco selbst warnen vor der gehäuften Ausnutzung alter Schwachstellen in Cisco IOS und IOS-XE.
---------------------------------------------
https://heise.de/-8973626


∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 10, 2023 to Apr 16, 2023) ∗∗∗
---------------------------------------------
Last week, there were 69 vulnerabilities disclosed in 60 WordPress plugins and 4 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
---------------------------------------------
https://www.wordfence.com/blog/2023/04/wordfence-intelligence-weekly-wordpress-vulnerability-report-apr-10-2023-to-apr-16-2023/


∗∗∗ LockBit-Ransomware bereitet Angriffe auf Apple vor ∗∗∗
---------------------------------------------
Hacker haben ihre Malware offenbar weiterentwickelt und eine neue Variante in Umlauf gebracht, die es auf Apple-Computer abgesehen hat.
---------------------------------------------
https://www.zdnet.de/88408574/lockbit-ransomware-bereitet-angriffe-auf-apple-vor/


∗∗∗ CISA and Partners Release Cybersecurity Best Practices for Smart Cities ∗∗∗
---------------------------------------------
Today, CISA, NSA, FBI, NCSC-UK, ACSC, CCCS and NCSC-NZ released a joint guide: Cybersecurity Best Practices for Smart Cities. Smart cities may create safer, more efficient, resilient communities through technological innovation and data-driven decision making. However, this opportunity also introduces potential vulnerabilities and weaknesses that—if exploited—could impact national security, economic security, public health and safety, and critical infrastructure operations.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/04/19/cisa-and-partners-release-cybersecurity-best-practices-smart-cities



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005 ∗∗∗
---------------------------------------------
Security risk: Moderately critical
The file download facility doesnt sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to.Some sites may require configuration changes following this security release.
---------------------------------------------
https://www.drupal.org/sa-core-2023-005


∗∗∗ Cisco Security Advisories Published on April 19, 2023 - 2 Critical, 2 High, 2 Medium ∗∗∗
---------------------------------------------
* StarOS Software Key-Based SSH Authentication Privilege Escalation Vulnerability
* SD-WAN vManage Software Arbitrary File Deletion Vulnerability
* TelePresence Collaboration Endpoint and RoomOS Arbitrary File Write Vulnerabilities
* Industrial Network Director Vulnerabilities
* Modeling Labs External Authentication Bypass Vulnerability
* BroadWorks Network Server TCP Denial of Service Vulnerability
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2023%2F04%2F19&firstPublishedEndDate=2023%2F04%2F19


∗∗∗ Mehrere Schadcode-Lücken in Foxit PDF geschlossen ∗∗∗
---------------------------------------------
Wer Foxit PDF Reader oder PDF Editor unter Windows nutzt, ist angreifbar.
---------------------------------------------
https://heise.de/-8974063


∗∗∗ Stable Channel Update for Desktop ∗∗∗
---------------------------------------------
The Stable and extended stable channel has been updated to 112.0.5615.137/138 for Windows and 112.0.5615.137 for Mac and 112.0.5615.165 for Linux which will roll out over the coming days/weeks. [..] Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix.
---------------------------------------------
http://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html


∗∗∗ Blubrry Addresses Authenticated Stored XSS Vulnerability in PowerPress WordPress Plugin ∗∗∗
---------------------------------------------
On April 5, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in Blubrry’s PowerPress plugin, which is actively installed on more than 50,000 WordPress websites.
---------------------------------------------
https://www.wordfence.com/blog/2023/04/blubrry-addresses-authenticated-stored-xss-vulnerability-in-powerpress-wordpress-plugin/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (golang-1.11), Fedora (chromium, golang-github-cenkalti-backoff, golang-github-cli-crypto, golang-github-cli-gh, golang-github-cli-oauth, golang-github-gabriel-vasile-mimetype, libpcap, lldpd, parcellite, tcpdump, thunderbird, and zchunk), Red Hat (java-11-openjdk, java-17-openjdk, and kernel), SUSE (chromium, dnsmasq, ImageMagick, nodejs16, openssl-1_0_0, openssl1, ovmf, and python-Flask), and Ubuntu (dnsmasq, libxml2, linux, linux-aws, linux-aws-5.4, linux-azure, linu linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15 linux-oracle, linux-raspi2, linux-oem-5.17, linux-oem-6.0, linux-oem-6.1, and linux-snapdragon).
---------------------------------------------
https://lwn.net/Articles/929671/


∗∗∗ Chromium: CVE-2023-2136 Integer overflow in Skia ∗∗∗
---------------------------------------------
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2023-2136 exists in the wild.
---------------------------------------------
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2136


∗∗∗ Spring Boot 2.7.11 available now fixing CVE-2023-20873 ∗∗∗
---------------------------------------------
https://spring.io/blog/2023/04/20/spring-boot-2-7-11-available-now-fixing-cve-2023-20873


∗∗∗ Spring Boot 3.0.6 available now fixing CVE-2023-20873 ∗∗∗
---------------------------------------------
https://spring.io/blog/2023/04/20/spring-boot-3-0-6-available-now-fixing-cve-2023-20873


∗∗∗ Security Vulnerabilities have been identifed in the IBM WebSphere Liberty product as shipped with the IBM Security Verify Access products. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6953617


∗∗∗ Unprivileged GPU access vulnerability - CVE-2013-5987 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/864038


∗∗∗ Multiple vulnerabilities found in third party libraries used by IBM\u00ae MobileFirst Platform ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6984763


∗∗∗ Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server used by IBM Maximo Application Suite ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6984785


∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js npm module information disclosure (CVE-2022-29244) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6984799


∗∗∗ IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6984945


∗∗∗ Unprivileged GPU access vulnerability - CVE-2013-5987 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/864038


∗∗∗ IBM Security Verify Governance is vulnerable to sensitive information exposure (CVE-2021-31403) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6984957


∗∗∗ IBM Security Verify Governance is vulnerable to denial of service and security bypass (CVE-2018-10237, CVE-2020-8908) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6984959


∗∗∗ IBM Security Verify Governance is vulnerable to a denial of service (CVE-2022-42004, CVE-2022-42003) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6984967


∗∗∗ IBM Security Verify Governance is vulnerable to sensitive information exposure and denial of service (CVE-2021-31403, CVE-2021-33609) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6984971


∗∗∗ IBM Security Verify Governance is vulnerable to denial of service (CVE-2022-24839) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6984973


∗∗∗ IBM Security Verify Governance is vulnerable to arbitrary code execution (CVE-2020-10650) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6984963


∗∗∗ IBM Security Verify Governance is vulnerable to denial of service ( CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6984969


∗∗∗ Security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6984965


∗∗∗ IBM Rational Build Forge is vulnerable and could allow an unauthenticated attacker to obtain sensitive information due to the use of JSSE component (CVE-2021-35603) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6984975


∗∗∗ IBM App Connect Enterprise is vulnerable to a denial of service due to the ua-parser-js module (CVE-2022-25927) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6984987


∗∗∗ Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6839127


∗∗∗ Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6967213


∗∗∗ CVE-2022-3676 may affect IBM\u00ae SDK, Java\u2122 Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6839777


∗∗∗ IBM Rational Build Forge is vulnerable and could allow attacker to obtain sensitive information due to the use of JSSE component(CVE-2021-35550) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6985007


∗∗∗ CVE-2023-30441 affects IBM\u00ae SDK, Java\u2122 Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6985011


∗∗∗ AIX is vulnerable to arbitrary command execution (CVE-2023-26286) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6983236


∗∗∗ INEA ME RTU ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-110-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list