[CERT-daily] Tageszusammenfassung - 14.06.2023
Daily end-of-shift report
team at cert.at
Wed Jun 14 18:27:07 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 13-06-2023 18:00 − Mittwoch 14-06-2023 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Microsoft: Windows 10 21H2 has reached end of servicing ∗∗∗
---------------------------------------------
Multiple editions of Windows 10 21H2 have reached their end of service (EOS) in this months Patch Tuesday, as Microsoft reminded customers today.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-21h2-has-reached-end-of-servicing/
∗∗∗ Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits ∗∗∗
---------------------------------------------
At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service.All seven repositories, which are still available as of writing, claim to be a proof-of-concept (PoC) exploit for purported zero-day flaws in Discord, Google Chrome, and Microsoft Exchange Server,
---------------------------------------------
https://thehackernews.com/2023/06/fake-researcher-profiles-spread-malware.html
∗∗∗ Shampoo: A New ChromeLoader Campaign ∗∗∗
---------------------------------------------
Recently HP Wolf Security detected a new malware campaign built around a new malicious ChromeLoader extension called Shampoo. [..] Its goal is to install a malicious extension in Google Chrome that is used for advertising. Older versions of ChromeLoader have a particularly complex infection chain, starting with the victim downloading malicious ISO files from websites hosting illegal content.
---------------------------------------------
https://www.bromium.com/shampoo-a-new-chromeloader-campaign/
∗∗∗ VMware ESXi Zero-Day Used [..] to Perform Privileged Guest Operations on Compromised Hypervisors ∗∗∗
---------------------------------------------
This blog post describes an expanded understanding of the attack path seen in Figure 1 and highlights the implications of both the zero-day vulnerability (CVE-2023-20867) and VMCI communication sockets the attacker leveraged to complete their goal.
[Note: Patch verfügbar, siehe VMSA-2023-0013: "VMware Tools update addresses Authentication Bypass vulnerability"]
---------------------------------------------
https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass
∗∗∗ Pre-announcement of BIND 9 security issues scheduled for disclosure 21 June 2023 ∗∗∗
---------------------------------------------
As part of our policy of pre-notification of upcoming security releases, we are writing to inform you that the June 2023 BIND 9 maintenance releases that will be published on Wednesday, 21 June will contain patches for security vulnerabilities affecting stable BIND 9 release branches.
---------------------------------------------
https://lists.isc.org/pipermail/bind-announce/2023-June/001234.html
∗∗∗ Booking.com-Betrug: Unterkünfte stornieren Buchungen und verlangen externe Zahlungen! ∗∗∗
---------------------------------------------
Auf booking.com scheinen Kriminelle eine neue Betrugsmethode für sich entdeckt zu haben. Sie bieten eine Unterkunft mit Zahlung vor Ort und kostenloser Stornierung an. Bucht jemand die Unterkunft, wird diese kurz darauf storniert. Außerhalb der booking.com-Kommunikationskanäle verspricht man nach „Verifikation des Zahlungsmittels“ einen neuerlichen Buchungsabschluss.
---------------------------------------------
https://www.watchlist-internet.at/news/bookingcom-betrug-unterkuenfte-stornieren-buchungen-und-verlangen-externe-zahlungen/
∗∗∗ U.S. and International Partners Release Comprehensive Cyber Advisory on LockBit Ransomware ∗∗∗
---------------------------------------------
This joint advisory is a comprehensive resource with common tools; exploitations; and tactics, techniques, and procedures (TTPs) used by LockBit affiliates, along with recommended mitigations for organizations to reduce the likelihood and impact of future ransomware incidents.
---------------------------------------------
https://www.cisa.gov/news-events/news/us-and-international-partners-release-comprehensive-cyber-advisory-lockbit-ransomware
=====================
= Vulnerabilities =
=====================
∗∗∗ WordPress Stripe payment plugin bug leaks customer order details ∗∗∗
---------------------------------------------
The WooCommerce Stripe Gateway plugin for WordPress was found to be vulnerable to a bug that allows any unauthenticated user to view order details placed through the plugin.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/wordpress-stripe-payment-plugin-bug-leaks-customer-order-details/
∗∗∗ Webbrowser: Neue Chrome-Version schließt kritische Schwachstelle ∗∗∗
---------------------------------------------
Im Webbrowser Chrome von Google klafft eine kritische Sicherheitslücke. Updates zum Schließen stehen bereit. Chrome-Nutzer sollten sie zügig installieren.
---------------------------------------------
https://heise.de/-9186834
∗∗∗ Webkonferenz-Software: Mehrere hochriskante Lücken in Zoom gestopft ∗∗∗
---------------------------------------------
Die Entwickler der Webkonferenz-Software Zoom haben zwölf Sicherheitsmeldungen veröffentlicht. Zum Abdichten der Schwachstellen liefern sie Aktualisierungen.
---------------------------------------------
https://heise.de/-9186898
∗∗∗ WordPress-Shops mit WooCommerce-Plug-in: Angreifer könnten Kundendaten einsehen ∗∗∗
---------------------------------------------
Aufgrund einer Schwachstelle sind persönliche Kundendaten in WordPress-Shopwebsites nicht optimal geschützt. Admins sollten zügig handeln.
---------------------------------------------
https://heise.de/-9187447
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ffmpeg, owslib, php7.4, and php8.2), Fedora (ntp-refclock, php, and python3.7), Red Hat (c-ares, firefox, and thunderbird), SUSE (kernel, openldap2, and tomcat), and Ubuntu (binutils, dotnet6, dotnet7, node-fetch, and python-tornado).
---------------------------------------------
https://lwn.net/Articles/934619/
∗∗∗ SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates ∗∗∗
---------------------------------------------
SAP has released eight new security notes on June 2023 Security Patch Day, including two that address high-severity vulnerabilities.The post SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates appeared first on SecurityWeek.
---------------------------------------------
https://www.securityweek.com/sap-patches-high-severity-vulnerabilities-with-june-2023-security-updates/
∗∗∗ ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities ∗∗∗
---------------------------------------------
ICS Patch Tuesday: Siemens and Schneider Electric have published more than a dozen advisories addressing over 200 vulnerabilities.The post ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities appeared first on SecurityWeek.
---------------------------------------------
https://www.securityweek.com/ics-patch-tuesday-siemens-addresses-over-180-third-party-component-vulnerabilities/
∗∗∗ Windows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490 ∗∗∗
---------------------------------------------
CTX559370 NewWindows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490Applicable Products : Citrix Virtual Apps and Desktops
---------------------------------------------
https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490
∗∗∗ Fortinet Releases June 2023 Vulnerability Advisories ∗∗∗
---------------------------------------------
Fortinet has released its June 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the Fortinet June 2023 Vulnerability Advisories page for more information and apply the necessary updates.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/06/13/fortinet-releases-june-2023-vulnerability-advisories
∗∗∗ Adobe Releases Security Updates for Multiple Products ∗∗∗
---------------------------------------------
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.Experience Manager APSB23-31Commerce APSB23-35Animate APSB23-36Substance 3D Designer APSB23-39
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/06/13/adobe-releases-security-updates-multiple-products
∗∗∗ Tuesday June 20 2023 Security Releases ∗∗∗
---------------------------------------------
The Node.js project will release new versions of the 16.x, 18.x and 20.x releases lines on or shortly after, Tuesday June 20 2023 in order to address: 7 medium severity issues, 3 high severity issues, OpenSSL security updates, c-ares 22th May security updates
---------------------------------------------
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases
∗∗∗ Microsoft Releases June 2023 Security Updates ∗∗∗
---------------------------------------------
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review Microsoft’s June 2023 Security Update Guide and Deployment Information and apply the necessary updates.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/06/13/microsoft-releases-june-2023-security-updates
∗∗∗ IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6999317
∗∗∗ IBM Security Guardium is affected by multiple Oracle\u00ae MySQL vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981105
∗∗∗ IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981101
∗∗∗ IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7000021
∗∗∗ IBM Security Guardium is affected by FasterXML jackson-databind vulnerabilities (CVE-2020-25649, X-Force ID 217968) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6573001
∗∗∗ IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTTP request smuggling in Apache Tomcat (CVE-2022-42252). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003581
∗∗∗ IBM Cloud Pak for Security includes components with multiple known vulnerabilities (CVE-2023-0286, CVE-2023-23931) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003815
∗∗∗ A vulnerability in Certifi package may affect IBM Storage Scale (CVE-2022-23491) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003817
∗∗∗ IBM App Connect for Healthcare is affected by multiple Apache vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6999671
∗∗∗ Apache Commons FileUpload vulnerability affects IBM Financial Transaction Manager (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003827
∗∗∗ TADDM is vulnerable to a denial of service due to vulnerability in Castor Library ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003861
∗∗∗ Multiple Vulnerabilities of Apache HttpClient have affected APM Linux KVM Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003887
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list