[CERT-daily] Tageszusammenfassung - 12.05.2023
Daily end-of-shift report
team at cert.at
Fri May 12 18:50:37 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 11-05-2023 18:00 − Freitag 12-05-2023 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Windows: Windows-Sicherheitspatch kann Bootmedien unbrauchbar machen ∗∗∗
---------------------------------------------
Aktuell lässt sich Secure Boot in Windows durch eine Lücke umgehen. Bis die gefixt ist, wird es wohl noch bis 2024 dauern - aus Gründen.
---------------------------------------------
https://www.golem.de/news/windows-windows-sicherheitspatch-kann-bootmedien-unbrauchbar-machen-2305-174140.html
∗∗∗ New Stealthy Variant of Linux Backdoor BPFDoor Emerges from the Shadows ∗∗∗
---------------------------------------------
A previously undocumented and mostly undetected variant of a Linux backdoor called BPFDoor has been spotted in the wild, cybersecurity firm Deep Instinct said in a technical report published this week. "BPFDoor retains its reputation as an extremely stealthy and difficult-to-detect malware with this latest iteration," security researchers Shaul Vilkomir-Preisman and Eliran Nissan said.
---------------------------------------------
https://thehackernews.com/2023/05/new-variant-of-linux-backdoor-bpfdoor.html
∗∗∗ Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG ∗∗∗
---------------------------------------------
This joint advisory provides detection methods for exploitation of CVE-2023-27350 as well and indicators of compromise (IOCs) associated with Bl00dy Ransomware Gang activity. FBI and CISA strongly encourage users and administrators to immediately apply patches, and workarounds if unable to patch. FBI and CISA especially encourage organizations who did not patch immediately to assume compromise and hunt for malicious activity using the detection signatures in this CSA.
---------------------------------------------
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a
∗∗∗ Mehrere Sicherheitslücken in VMwares Cloud-Management Aria Operations ∗∗∗
---------------------------------------------
Patches schließen mehrere Sicherheitslücken, die die Ausweitung von Rechten innerhalb von VMwares Cloud-Management Aria Operationse erlauben.
---------------------------------------------
https://heise.de/-9012909
∗∗∗ Verschlüsselungstrojaner: Es gibt Hoffnung für BlackCat-Opfer ∗∗∗
---------------------------------------------
Stimmen die Voraussetzungen, können Opfer des Verschlüsselungstrojaner BlackCat wieder auf ihre Daten zugreifen.
---------------------------------------------
https://heise.de/-9010373
∗∗∗ Shopsystem: Kritische Sicherheitslücke in Prestashop wird angegriffen ∗∗∗
---------------------------------------------
Eine kritische Sicherheitslücke klafft im Shopping-System Prestashop. Angreifer missbrauchen sie bereits. Ein aktueller Softwarestand schützt.
---------------------------------------------
https://heise.de/-9010286
∗∗∗ Cisco: SD-WAN-Zertifikate abgelaufen, jetzt updaten! ∗∗∗
---------------------------------------------
Cisco Systems weist seine Kundschaft darauf hin, dass einige SD-WAN Appliances der vEdge-Reihe dringende Updates benötigen.
---------------------------------------------
https://heise.de/-9014471
∗∗∗ Enforce Zero Trust in Microsoft 365 – Part 2: Protect against external users and applications ∗∗∗
---------------------------------------------
In the first blog post of this series, we have seen how strong authentication, i.e., Multi-Factor Authentication (MFA), could be enforced for users using a free Azure Active Directory subscription within the Microsoft 365 environment. In this blog post, we will continue to harden the configuration of our Azure AD tenant to enforce Zero Trust [...]
---------------------------------------------
https://blog.nviso.eu/2023/05/12/enforce-zero-trust-in-microsoft-365-part-2-protect-against-external-users-and-applications/
=====================
= Vulnerabilities =
=====================
∗∗∗ Severe Security Flaw Exposes Over a Million WordPress Sites to Hijack ∗∗∗
---------------------------------------------
The issue, tracked as CVE-2023-32243, has been addressed by the plugin maintainers in version 5.7.2 that was shipped on May 11, 2023. Essential Addons for Elementor has over one million active installations.
---------------------------------------------
https://thehackernews.com/2023/05/severe-security-flaw-exposes-over.html
∗∗∗ VMSA-2023-0009: VMware Aria Operations (formerly vRealize Operations) ∗∗∗
---------------------------------------------
CVSSv3 Range: 6.4-8.8 CVE(s): CVE-2023-20877, CVE-2023-20878, CVE-2023-20879, CVE-2023-20880 VMware Aria Operations update addresses multiple Local Privilege Escalations and a Deserialization issue
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2023-0009.html
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (postgresql-13 and webkit2gtk), Fedora (git), SUSE (helm and skopeo), and Ubuntu (cinder, nova, python-glance-store, and python-os-brick).
---------------------------------------------
https://lwn.net/Articles/931760/
∗∗∗ Case update: DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN ∗∗∗
---------------------------------------------
Last event: 11 Apr 2023 - CERN released White Rabbit Switch 6.0.2, which contains a fix for CVE-2023-22577 and CVE-2023-22581.
---------------------------------------------
https://csirt.divd.nl/cases/DIVD-2022-00068/
∗∗∗ Beekeeper Studio vulnerable to code injection ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN11705010/
∗∗∗ [R1] Nessus Version 10.5.2 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2023-20
∗∗∗ IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2023-27554) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6989667
∗∗∗ IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2023-27554) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6989665
∗∗∗ Deserialization vulnerability affect IBM Business Automation Workflow BPM Event Emitters - CVE-2022-1471 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6988027
∗∗∗ Multiple Vulnerabilities in Multicloud Management Security Services ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6991215
∗∗∗ IBM i Modernization Engine for Lifecycle Integration is vulnerable to cross-site scripting (CVE-2022-0225) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6991217
∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2023-27554) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6991213
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list