[CERT-daily] Tageszusammenfassung - 20.01.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 19-01-2023 18:00 − Freitag 20-01-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Exploit released for critical ManageEngine RCE bug, patch now ∗∗∗
---------------------------------------------
Proof-of-concept exploit code is now available for a remote code execution (RCE) vulnerability in multiple Zoho ManageEngine products.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-manageengine-rce-bug-patch-now/


∗∗∗ Exploiting null-dereferences in the Linux kernel ∗∗∗
---------------------------------------------
While the null-dereference bug itself was fixed in October 2022, the more important fix was the introduction of an oops limit which causes the kernel to panic if too many oopses occur. While this patch is already upstream, it is important that distributed kernels also inherit this oops limit and backport it to LTS releases if we want to avoid treating such null-dereference bugs as full-fledged security issues in the future.
---------------------------------------------
https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html


∗∗∗ Importance of signing in Windows environments, (Fri, Jan 20th) ∗∗∗
---------------------------------------------
NTLM relaying has been a plague in Windows environments for many years and we have witnessed many exploits that rely on the fact that it is possible to relay NTLM authentication attempts to various target services.
---------------------------------------------
https://isc.sans.edu/diary/rss/29456


∗∗∗ Vulnerable WordPress Sites Compromised with Different Database Infections ∗∗∗
---------------------------------------------
Vulnerabilities within WordPress can lead to compromise, and oftentimes known vulnerabilities are utilized to infect WordPress sites with more than one infection. It is common for out of date websites to be attacked by multiple threat actors or targeted by the same attacker using multiple different channels. We recently came across a database injection that has two different pieces of malware accomplishing two unrelated goals.
---------------------------------------------
https://blog.sucuri.net/2023/01/vulnerable-wordpress-sites-compromised-with-different-database-infections.html


∗∗∗ New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability ∗∗∗
---------------------------------------------
Earlier this month, Fortinet disclosed that unknown hacking groups have capitalized on the shortcoming to target governments and other large organizations with a generic Linux implant capable of delivering additional payloads and executing commands sent by a remote server.
---------------------------------------------
https://thehackernews.com/2023/01/new-chinese-malware-spotted-exploiting.html


∗∗∗ Neue Love-Scam Masche: Wenn die Internetbekanntschaft Sie zum Online-Handel überredet ∗∗∗
---------------------------------------------
Betrügerische Internetbekanntschaften versuchen auf unterschiedlichsten Wegen an Ihr Geld zu kommen. Bei einer neuen Masche erschleichen sich die Kriminellen Ihr Vertrauen, um Sie später auf den Online-Marktplatz haremark.
---------------------------------------------
https://www.watchlist-internet.at/news/neue-love-scam-masche-wenn-die-internetbekanntschaft-sie-zum-online-handel-ueberredet/


∗∗∗ CVE-2022-35690: Unauthenticated RCE in Adobe ColdFusion ∗∗∗
---------------------------------------------
n this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Lucas Miller and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in Adobe ColdFusion.
---------------------------------------------
https://www.thezdi.com/blog/2023/1/18/cve-2022-35690-unauthenticated-rce-in-adobe-coldfusion


∗∗∗ NCSC to retire Logging Made Easy ∗∗∗
---------------------------------------------
The NCSC is retiring Logging Made Easy (LME). After 31 March 2023, we will no longer support LME, and the GitHub page will close shortly after.
---------------------------------------------
https://www.ncsc.gov.uk/blog-post/ncsc-to-retire-logging-made-easy



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco: Hochriskantes Sicherheitsleck in Unified Communications Manager ∗∗∗
---------------------------------------------
In der Unified Communications Manager-Software von Cisco klafft eine Sicherheitslücke mit hohem Risiko. Der Hersteller stellt Updates zum Schließen bereit.
---------------------------------------------
https://heise.de/-7465203


∗∗∗ Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434) ∗∗∗
---------------------------------------------
The Galaxy App Store is an alternative application store that comes pre-installed on Samsung Android devices. Several Android applications are available on both the Galaxy App Store and Google App Store, and users have the option to use either store to install specific applications.
---------------------------------------------
https://research.nccgroup.com/2023/01/20/technical-advisory-multiple-vulnerabilities-in-the-galaxy-app-store-cve-2023-21433-cve-2023-21434/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (lava and libitext5-java), Oracle (java-11-openjdk, java-17-openjdk, and libreoffice), SUSE (firefox, git, mozilla-nss, postgresql-jdbc, and sudo), and Ubuntu (git, linux-aws-5.4, linux-gkeop, linux-hwe-5.4, linux-oracle, linux-snapdragon, linux-azure, linux-gkeop, linux-intel-iotg, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15, and linux-bluefield).
---------------------------------------------
https://lwn.net/Articles/920646/


∗∗∗ Vulnerability Spotlight: XSS vulnerability in Ghost CMS ∗∗∗
---------------------------------------------
The TALOS-2022-1686 (CVE-2022-47194-CVE-2022-47197) shows that several XSS vulnerabilities could lead to privilege escalation.
---------------------------------------------
https://blog.talosintelligence.com/vulnerability-spotlight-xss-vulnerability-in-ghost-cms/


∗∗∗ Hitachi Energy PCU400 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-23-019-01


∗∗∗ ;">uniFLOW MOM Tech Support Potential Data Exposure Vulnerability – 20 January 2023 ∗∗∗
---------------------------------------------
https://www.canon-europe.com/support/product-security-latest-news/


∗∗∗ Vulnerability in minimatch affects IBM Process Mining . CVE-2022-3517 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6856471


∗∗∗ Content Manager Enterprise Edition is affected by a vulnerability in FasterXML jackson ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6856659


∗∗∗ Content Manager Enterprise Edition is affected by a vulnerability in FasterXML jackson ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6856661


∗∗∗ Liberty is vulnerable to denial of service due to GraphQL Java affecting IBM TXSeries for Multiplatforms ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6856687


∗∗∗ IBM UrbanCode Release is affected by CVE-2022-42252 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6856719


∗∗∗ IBM UrbanCode Release is affected by CVE-2022-42252 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6856717


∗∗∗ IBM UrbanCode Release is affected by CVE-2022-34305 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6856713


∗∗∗ IBM UrbanCode Release is affected by CVE-2022-45143 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6856721

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily