[CERT-daily] Tageszusammenfassung - 25.05.2023

Thu May 25 18:41:44 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 24-05-2023 18:00 − Donnerstag 25-05-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Hackers target 1.5M WordPress sites with cookie consent plugin exploit ∗∗∗
---------------------------------------------
Ongoing attacks are targeting an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in a WordPress cookie consent plugin named Beautiful Cookie Consent Banner with more than 40,000 active installs.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-target-15m-wordpress-sites-with-cookie-consent-plugin-exploit/


∗∗∗ A new OAuth vulnerability that may impact hundreds of online services ∗∗∗
---------------------------------------------
This post details issues identified in Expo, a popular framework used by many online services to implement OAuth (as well as other functionality). The vulnerability in the expo-auth-session library warranted a CVE assignment – CVE-2023-28131. Expo created a hotfix within the day that automatically provided mitigation, but Expo recommends that customers update their deployment to deprecate this service to fully remove the risk (see the Expo security advisory on the topic).
---------------------------------------------
https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services


∗∗∗ codeexplain.vim: A nvim plugin Powered by GPT4ALL for Real-time Code Explanation and Vulnerability Detection (no internet necessary) ∗∗∗
---------------------------------------------
codeexplain.nvim is a NeoVim plugin that uses the powerful GPT4ALL language model to provide on-the-fly, line-by-line explanations and potential security vulnerabilities for selected code directly in your NeoVim editor. Its like having your personal code assistant right inside your editor without leaking your codebase to any company.
---------------------------------------------
https://github.com/mthbernardes/codeexplain.nvim


∗∗∗ Google Authenticator: Geräteverschlüsselung versprochen, aber nicht geliefert ∗∗∗
---------------------------------------------
Google hat dem Authenticator eine Backup-Funktion spendiert, die Geheimnisse jedoch nicht verschlüsselt. Ein Update soll das ändern. Das tut es aber nicht.
---------------------------------------------
https://heise.de/-9065547


∗∗∗ Buhti: New Ransomware Operation Relies on Repurposed Payloads ∗∗∗
---------------------------------------------
Attackers use rebranded variants of leaked LockBit and Babuk ransomware payloads but use own custom exfiltration tool.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/threat-intelligence/buhti-ransomware


∗∗∗ Mercenary mayhem: A technical analysis of Intellexas PREDATOR spyware ∗∗∗
---------------------------------------------
Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).
---------------------------------------------
https://blog.talosintelligence.com/mercenary-intellexa-predator/


∗∗∗ Abusing Web Services Using Automated CAPTCHA-Breaking Services and Residential Proxies ∗∗∗
---------------------------------------------
This blog entry features three case studies that show how malicious actors evade the antispam, antibot, and antiabuse measures of online web services via residential proxies and CAPTCHA-breaking services.
---------------------------------------------
https://www.trendmicro.com/en_us/research/23/e/abusing-web-services-using-automated-captcha-breaking-services-and-residential-proxies.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Teils kritische Sicherheitslücken in Mitel MiVoice Connect ∗∗∗
---------------------------------------------
In Mitels MiVoice Connect und Connect Mobility Router klaffen teils kritische Sicherheitslücken. Updates zum Schließen stehen bereit.
---------------------------------------------
https://heise.de/-9064992


∗∗∗ Kritisches Sicherheitsupdate (24. Mai 2023) für alle Zyxel-Firewall-Produkte – Angriffe laufen bereits ∗∗∗
---------------------------------------------
Der taiwanesische Hersteller Zyxel hat ein sehr kritisches Security Update für sämtliche Security Produkte veröffentlicht. Die Sicherheitswarnung gibt an, dass gleich mehrere Buffer Overflow-Schwachstellen (CVE-2023-33009, CVE-2023-33010) betroffen seien.
---------------------------------------------
https://www.borncity.com/blog/2023/05/25/kritisches-sicherheitsupdate-24-mai-2023-fr-alle-zyxel-firewall-produkte-angriffe-laufen-bereits/


∗∗∗ Kritische Sicherheitslücke mit Höchstwertung bedroht GitLab ∗∗∗
---------------------------------------------
Es gibt eine wichtiges Sicherheitsupdate für die Versionsverwaltung GitLab. Entwickler sollten jetzt reagieren.
---------------------------------------------
https://heise.de/-9065150


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (python2.7), Fedora (maradns), Red Hat (devtoolset-12-binutils, go-toolset and golang, httpd24-httpd, jenkins and jenkins-2-plugins, rh-ruby27-ruby, and sudo), Scientific Linux (git), Slackware (texlive), SUSE (cups-filters, poppler, texlive, distribution, golang-github-vpenso-prometheus_slurm_exporter, kubernetes1.18, kubernetes1.23, openvswitch, rmt-server, and ucode-intel), and Ubuntu (ca-certificates, calamares-settings-ubuntu, Jhead, libhtml-stripscripts-perl, and postgresql-10, postgresql-12, postgresql-14, postgresql-15).
---------------------------------------------
https://lwn.net/Articles/932994/


∗∗∗ Wacom Tablet Driver installer for macOS vulnerable to improper link resolution before file access ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN90278893/


∗∗∗ D-Link D-View 8 : v2.0.1.27 and below : TrendMicro (ZDI) Reported Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332


∗∗∗ Autodesk: Multiple Vulnerabilities in PSKernel component used by specific Autodesk products ∗∗∗
---------------------------------------------
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009


∗∗∗ Autodesk: Privilege Escalation Vulnerability in the Autodesk Installer Software ∗∗∗
---------------------------------------------
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0010


∗∗∗ F5: K000134768 : Linux kernel vulnerability CVE-2022-4378 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000134768


∗∗∗ F5: K000134770 : Linux kernel vulnerability CVE-2022-42703 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000134770


∗∗∗ Moxa MXsecurity Series ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-145-01


∗∗∗ Nextcloud: Blind SSRF in the Mail app on avatar endpoint ∗∗∗
---------------------------------------------
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8gph-9895-w564


∗∗∗ Nextcloud: Contacts - PHOTO svg only sanitized if mime type is all lower case ∗∗∗
---------------------------------------------
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hxr6-cx85-gcjx


∗∗∗ Nextcloud: Error in calendar when booking an appointment reveals the full path of the website ∗∗∗
---------------------------------------------
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j


∗∗∗ Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6987493


∗∗∗ IBM HTTP Server is vulnerable to information disclosure due to IBM GSKit (CVE-2023-32342) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998037


∗∗∗ IBM Planning Analytics Workspace has addressed a vulnerability in SnakeYaml (CVE-2022-1471) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998025


∗∗∗ Vulnerability from log4j-1.2.16.jar affect IBM Operations Analytics - Log Analysis (CVE-2023-26464) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998333


∗∗∗ IBM App Connect Enterprise Certified Container IntegrationServer operands that run Designer flows is vulnerable to arbitrary code execution due to [CVE-2022-37614] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998341


∗∗∗ IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to [CVE-2023-2251] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998357


∗∗∗ A vulnerability in Etcd-io could affect IBM CICS TX Standard [CVE-2021-28235] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998361


∗∗∗ A vulnerability in Etcd-io could affect IBM CICS TX Advanced [CVE-2021-28235] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998367


∗∗∗ IBM App Connect Enterprise Certified Container DesignerAuthoring operands is vulnerable to arbitrary code execution due to [CVE-2023-30547] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998381


∗∗∗ Due to the use of Apache spring-web, IBM ECM Content Management Interoperability Services (CMIS) is affected by remote code execution (RCE) security vulnerability CVE-2016-1000027 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998405


∗∗∗ Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Go ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998391

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily