[CERT-daily] Tageszusammenfassung - 24.03.2023

Fri Mar 24 18:25:42 CET 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 23-03-2023 18:00 − Freitag 24-03-2023 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites ∗∗∗
---------------------------------------------
Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It impacts versions 4.8.0 through 5.6.1.
---------------------------------------------
https://thehackernews.com/2023/03/critical-woocommerce-payments-plugin.html


∗∗∗ GitHub publishes RSA SSH host keys by mistake, issues update ∗∗∗
---------------------------------------------
Getting connection failures? Dont panic. Get new keys GitHub has updated its SSH keys after accidentally publishing the private part to the world. Whoops.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2023/03/24/github_changes_its_ssh_host/


∗∗∗ ChinaZ DDoS Bot Malware Distributed to Linux SSH Servers ∗∗∗
---------------------------------------------
AhnLab Security Emergency response Center (ASEC) has recently discovered the ChinaZ DDoS Bot malware being installed on inadequately managed Linux SSH servers. [..] The threat group most likely scanned port 22, the area where SSH services operate, before finding an active SSH service and performing a dictionary attack using commonly used SSH account credentials.
---------------------------------------------
https://asec.ahnlab.com/en/50316/


∗∗∗ Hacking AI: System and Cloud Takeover via MLflow Exploit ∗∗∗
---------------------------------------------
Protect AI tested the security of MLflow and found a combined Local File Inclusion/Remote File Inclusion vulnerability which can lead to a complete system or cloud provider takeover. Organizations running an MLflow server are urged to update to the latest release immediately.
---------------------------------------------
https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow


∗∗∗ JavaScript-Runtime: Deno 1.32 schließt kritische Sicherheitslücke ∗∗∗
---------------------------------------------
Die JS-Runtime Deno 1.32 liefert weitere Verbesserungen für die Kompatibilität mit Node.js und neue Funktionen für den Befehl deno compile.
---------------------------------------------
https://heise.de/-7971810


∗∗∗ CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections ∗∗∗
---------------------------------------------
The U.S. government’s cybersecurity agency ships a new tool to help network defenders hunt for signs of compromise in Microsoft’s Azure and M365 cloud deployments.
---------------------------------------------
https://www.securityweek.com/cisa-ships-untitled-goose-tool-to-hunt-for-microsoft-azure-cloud-infections/


∗∗∗ APT attacks on industrial organizations in H2 2022 ∗∗∗
---------------------------------------------
This summary provides an overview of APT attacks on industrial enterprises and activity of groups that have been observed attacking industrial organizations and critical infrastructure facilities.
---------------------------------------------
https://ics-cert.kaspersky.com/publications/apt-attacks-on-industrial-organizations-in-h2-2022/


∗∗∗ Outlook-Schwachstelle CVE-2023-23397 nicht vollständig gepatcht – Absicherung erforderlich ∗∗∗
---------------------------------------------
Noch ein kurzer Nachtrag zum März 2023-Patchday. Microsoft hat zum 14. März 2023 die kritische RCE-Schwachstelle CVE-2023-23397 in Outlook zwar mit einem Sicherheitsupdate versehen. Aber der Patch ist unvollständig, der Angriff kann weiterhin mit etwas modifizierten E-Mails immer noch ausgelöst werden. Und inzwischen ist ein Proof of Concept öffentlich, was demonstriert, wie die Schwachstelle ausgenutzt wird.
---------------------------------------------
https://www.borncity.com/blog/2023/03/24/outlook-schwachstelle-cve-2023-23397-nicht-vollstndig-gepatcht-absicherung-erforderlich/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco DNA Center Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API.
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-infodisc-pe7zAbdR


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, libdatetime-timezone-perl, and tzdata), Fedora (flatpak and gmailctl), Mageia (firefox, flatpak, golang, gssntlmssp, libmicrohttpd, libtiff, python-flask-security, python-owslib, ruby-rack, thunderbird, unarj, and vim), Red Hat (firefox, kpatch-patch, nss, openssl, and thunderbird), SUSE (containerd, hdf5, qt6-base, and squirrel), and Ubuntu (amanda, gif2apng, graphviz, and linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi).
---------------------------------------------
https://lwn.net/Articles/927198/


∗∗∗ Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-003 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-core-2023-003


∗∗∗ ELECOM WAB-MAT registers its windows service executable with an unquoted file path ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN35246979/


∗∗∗ TADDM is vulnerable to a denial of service vulnerability in Apache-Log4j (CVE-2023-26464) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6965790


∗∗∗ IBM Tivoli Application Dependency Discovery Manager is vulnerable to a bypass vulnerability due to the use of Python (CVE-2023-24329) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6965792


∗∗∗ IBM API Connect is impacted by an improper access control vulnerability (CVE-2023-28522) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6965612


∗∗∗ Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6965816


∗∗∗ Stored SMB credentials may allow access to vSnap after oracle backup in IBM Spectrum Protect Plus for Db2 and Oracle (CVE-2023-27863) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6965812


∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2023-26283) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6965822


∗∗∗ Multiple vulnerabilies in Java affect IBM Robotic Process Automation for Cloud Pak which may result in a denial of service (CVE-2023-21830, CVE-2023-21835, CVE-2023-21843) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6965846


∗∗∗ A vulnerability in Luxon may affect IBM Robotic Process Automation and result in a denial of service (CVE-2023-22467) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6965848


∗∗∗ Multiple vulnerabilities in IBM Content Navigator may affect IBM Business Automation Workflow ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6965908

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily