[CERT-daily] Tageszusammenfassung - 07.12.2023
Daily end-of-shift report
team at cert.at
Thu Dec 7 19:21:06 CET 2023
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 06-12-2023 18:00 − Donnerstag 07-12-2023 18:00
Handler: Robert Waldner
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ CISA and International Partners Release Advisory on [..] Star Blizzard ∗∗∗
---------------------------------------------
The joint CSA aims to raise awareness of the specific tactics, techniques, and delivery methods [..] Known Star Blizzard techniques include: Impersonating known contacts' email accounts, Creating fake social media profiles, Using webmail addresses from providers such as Outlook, Gmail and others, and Creating malicious domains that resemble legitimate organizations.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/12/07/cisa-and-international-partners-release-advisory-russia-based-threat-actor-group-star-blizzard
∗∗∗ CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps ∗∗∗
---------------------------------------------
The guide strongly encourages executives of software manufacturers to prioritize using memory safe programing languages, write and publish memory safe roadmaps and implement changes to eliminate this class of vulnerability and protect their customers. Software developers and support staff should develop the roadmap, which should detail how the manufacturer will modify their software development life cycle (SDLC) to dramatically reduce and eventually eliminate memory unsafe code in their products. This guidance also provides a clear outline of elements that a memory safe roadmap should include.
---------------------------------------------
https://www.cisa.gov/news-events/news/cisa-nsa-fbi-and-international-cybersecurity-authorities-publish-guide-case-memory-safe-roadmaps
=====================
= Vulnerabilities =
=====================
∗∗∗ PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2 ∗∗∗
---------------------------------------------
WordPress 6.4.2 was released today, on December 6, 2023. It includes a patch for a POP chain introduced in version 6.4 that, combined with a separate Object Injection vulnerability, could result in a Critical-Severity vulnerability allowing attackers to execute arbitrary PHP code on the site. We urge all WordPress users to update to 6.4.2 immediately, as this issue could allow full site takeover if another vulnerability is present.
---------------------------------------------
https://www.wordfence.com/blog/2023/12/psa-critical-pop-chain-allowing-remote-code-execution-patched-in-wordpress-6-4-2/
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (tzdata), Fedora (gmailctl), Oracle (kernel), Red Hat (linux-firmware, postgresql:12, postgresql:13, and squid:4), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, frr, libtorrent-rasterbar, qbittorrent, openssl-3, openvswitch, openvswitch3, and suse-build-key), and Ubuntu (bluez, curl, linux, linux-aws, linux-azure, linux-laptop, linux-lowlatency, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive, linux-gcp, open-vm-tools, postgresql-12, postgresql-14, postgresql-15, and python-cryptography).
---------------------------------------------
https://lwn.net/Articles/953977/
∗∗∗ Kritische Sicherheitslücken in mehreren Produkten von Atlassian - Patches verfügbar ∗∗∗
---------------------------------------------
Mehrere Versionen von Produkten des Unternehmens Atlassian enthalten kritische Sicherheitslücken. Die Ausnutzung der Sicherheitslücken ermöglicht Angreifer:innen die vollständige Übernahme von verwundbaren Systemen, sowie den Zugriff auf alle darauf gespeicherten Daten. CVE-Nummer(n): CVE-2023-22522, CVE-2022-1471 CVSS Base Score: 9.0 bzw. 9.8
---------------------------------------------
https://cert.at/de/warnungen/2023/12/kritische-sicherheitslucken-in-mehreren-produkten-von-atlassian-patches-verfugbar
∗∗∗ CISA Releases Five Industrial Control Systems Advisories ∗∗∗
---------------------------------------------
ICSA-23-341-01 Mitsubishi Electric FA Engineering Software Products,
ICSA-23-341-02 Schweitzer Engineering Laboratories SEL-411L,
ICSA-23-341-03 Johnson Controls Metasys and Facility Explorer,
ICSA-23-341-05 ControlbyWeb Relay,
ICSA-23-341-06 Sierra Wireless AirLink with ALEOS firmware
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/12/07/cisa-releases-five-industrial-control-systems-advisories
∗∗∗ BIOS Image Parsing Function Vulnerabilities (LogoFAIL) ∗∗∗
---------------------------------------------
Vulnerabilities were reported in the image parsing libraries in AMI, Insyde and Phoenix BIOS which are used to parse personalized boot logos that are loaded from the EFI System Partition that could allow a local attacker with elevated privileges to trigger a denial of service or arbitrary code execution. [..] Update system firmware to the version (or newer) indicated for your model in the Product Impact section.
---------------------------------------------
http://support.lenovo.com/product_security/PS500590-BIOS-IMAGE-PARSING-FUNCTION-VULNERABILITIES-LOGOFAIL
∗∗∗ Drupal: Group - Less critical - Access bypass - SA-CONTRIB-2023-054 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-054
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list