[CERT-daily] Tageszusammenfassung - 31.03.2023
Daily end-of-shift report
team at cert.at
Fri Mar 31 18:33:47 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 30-03-2023 18:00 − Freitag 31-03-2023 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ 10-year-old Windows bug with opt-in fix exploited in 3CX attack ∗∗∗
---------------------------------------------
A 10-year-old Windows vulnerability is still being exploited in attacks to make it appear that executables are legitimately signed, with the fix from Microsoft still "opt-in" after all these years. Even worse, the fix is removed after upgrading to Windows 11.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/10-year-old-windows-bug-with-opt-in-fix-exploited-in-3cx-attack/
∗∗∗ Realtek and Cacti flaws now actively exploited by malware botnets ∗∗∗
---------------------------------------------
Multiple malware botnets actively target Cacti and Realtek vulnerabilities in campaigns detected between January and March 2023, spreading ShellBot and Moobot malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/realtek-and-cacti-flaws-now-actively-exploited-by-malware-botnets/
∗∗∗ Hackers exploit bug in Elementor Pro WordPress plugin with 11M installs ∗∗∗
---------------------------------------------
Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin used by over eleven million websites.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-exploit-bug-in-elementor-pro-wordpress-plugin-with-11m-installs/
∗∗∗ Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains, (Fri, Mar 31st) ∗∗∗
---------------------------------------------
In my last Diary[1], I shortly mentioned the need for correctly set Content Security Policy and/or the obsolete[2] X-Frame-Options HTTP security headers (not just) in order to prevent phishing pages, which overlay a fake login prompt over a legitimate website, from functioning correctly. Or, to be more specific, to prevent them from dynamically loading a legitimate page in an iframe under the fake login prompt, since this makes such phishing websites look much less like a legitimate login page and thus much less effective.
---------------------------------------------
https://isc.sans.edu/diary/rss/29698
∗∗∗ WordPress Vulnerability & Patch Roundup March 2023 ∗∗∗
---------------------------------------------
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and patches for the WordPress ecosystem this past month.
---------------------------------------------
https://blog.sucuri.net/2023/03/wordpress-vulnerability-patch-roundup-march-2023.html
∗∗∗ Booby Trapping IBM i ∗∗∗
---------------------------------------------
In our first post about IBM i we noted that the operating system includes a database engine, Db2. This level of integration means that practically all objects of the system are accessible via SQL, a powerful tool to discover and analyze system configuration, and also to identify potential vulnerabilities. However, the “database view” of the operating system not only allows us to read data, but lets us insert additional data that can affect the behavior of the system too.
---------------------------------------------
https://blog.silentsignal.eu/2023/03/30/booby-trapping-ibm-i/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (joblib, json-smart, libmicrohttpd, and xrdp), Fedora (thunderbird and xorg-x11-server-Xwayland), Mageia (dino, perl-Cpanel-JSON-XS, perl-Net-Server, snort, tigervnc/x11-server, and xapian), SUSE (curl, kernel, openssl-1_0_0, and shim), and Ubuntu (glusterfs, linux-gcp-4.15, musl, and xcftools).
---------------------------------------------
https://lwn.net/Articles/928013/
∗∗∗ Samba Releases Security Updates for Multiple Versions of Samba ∗∗∗
---------------------------------------------
The Samba Team has released security updates addressing vulnerabilities in multiple versions of Samba. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following announcements and apply the necessary updates: CVE-2023-0225 CVE-2023-0922 CVE-2023-0614
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/03/31/samba-releases-security-updates-multiple-versions-samba
∗∗∗ Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser ∗∗∗
---------------------------------------------
OpenImageIO is a library that converts, compares and processes various image files. Blender and AliceVision, two often used computer imaging services, utilize the library, among other software offerings.
---------------------------------------------
https://blog.talosintelligence.com/vulnerability-spotlight-specially-crafted-files-could-lead-to-denial-of-service-information-disclosure-in-openimageio-parser/
∗∗∗ Xcode 14.3 ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT213679
∗∗∗ [webapps] WooCommerce v7.1.0 - Remote Code Execution(RCE) ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/51156
∗∗∗ IBM Security Bulletins 2023-03-31 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list