End-of-Day report
Timeframe: Donnerstag 19-01-2023 18:00 - Freitag 20-01-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Exploit released for critical ManageEngine RCE bug, patch now
Proof-of-concept exploit code is now available for a remote code execution (RCE) vulnerability in multiple Zoho ManageEngine products.
https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-manageengine-rce-bug-patch-now/
Exploiting null-dereferences in the Linux kernel
While the null-dereference bug itself was fixed in October 2022, the more important fix was the introduction of an oops limit which causes the kernel to panic if too many oopses occur. While this patch is already upstream, it is important that distributed kernels also inherit this oops limit and backport it to LTS releases if we want to avoid treating such null-dereference bugs as full-fledged security issues in the future.
https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
Importance of signing in Windows environments, (Fri, Jan 20th)
NTLM relaying has been a plague in Windows environments for many years and we have witnessed many exploits that rely on the fact that it is possible to relay NTLM authentication attempts to various target services.
https://isc.sans.edu/diary/rss/29456
Vulnerable WordPress Sites Compromised with Different Database Infections
Vulnerabilities within WordPress can lead to compromise, and oftentimes known vulnerabilities are utilized to infect WordPress sites with more than one infection. It is common for out of date websites to be attacked by multiple threat actors or targeted by the same attacker using multiple different channels. We recently came across a database injection that has two different pieces of malware accomplishing two unrelated goals.
https://blog.sucuri.net/2023/01/vulnerable-wordpress-sites-compromised-with-different-database-infections.html
New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability
Earlier this month, Fortinet disclosed that unknown hacking groups have capitalized on the shortcoming to target governments and other large organizations with a generic Linux implant capable of delivering additional payloads and executing commands sent by a remote server.
https://thehackernews.com/2023/01/new-chinese-malware-spotted-exploiting.html
Neue Love-Scam Masche: Wenn die Internetbekanntschaft Sie zum Online-Handel überredet
Betrügerische Internetbekanntschaften versuchen auf unterschiedlichsten Wegen an Ihr Geld zu kommen. Bei einer neuen Masche erschleichen sich die Kriminellen Ihr Vertrauen, um Sie später auf den Online-Marktplatz haremark.
https://www.watchlist-internet.at/news/neue-love-scam-masche-wenn-die-internetbekanntschaft-sie-zum-online-handel-ueberredet/
CVE-2022-35690: Unauthenticated RCE in Adobe ColdFusion
n this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Lucas Miller and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in Adobe ColdFusion.
https://www.thezdi.com/blog/2023/1/18/cve-2022-35690-unauthenticated-rce-in-adobe-coldfusion
NCSC to retire Logging Made Easy
The NCSC is retiring Logging Made Easy (LME). After 31 March 2023, we will no longer support LME, and the GitHub page will close shortly after.
https://www.ncsc.gov.uk/blog-post/ncsc-to-retire-logging-made-easy
Vulnerabilities
Cisco: Hochriskantes Sicherheitsleck in Unified Communications Manager
In der Unified Communications Manager-Software von Cisco klafft eine Sicherheitslücke mit hohem Risiko. Der Hersteller stellt Updates zum Schließen bereit.
https://heise.de/-7465203
Technical Advisory - Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
The Galaxy App Store is an alternative application store that comes pre-installed on Samsung Android devices. Several Android applications are available on both the Galaxy App Store and Google App Store, and users have the option to use either store to install specific applications.
https://research.nccgroup.com/2023/01/20/technical-advisory-multiple-vulnerabilities-in-the-galaxy-app-store-cve-2023-21433-cve-2023-21434/
Security updates for Friday
Security updates have been issued by Debian (lava and libitext5-java), Oracle (java-11-openjdk, java-17-openjdk, and libreoffice), SUSE (firefox, git, mozilla-nss, postgresql-jdbc, and sudo), and Ubuntu (git, linux-aws-5.4, linux-gkeop, linux-hwe-5.4, linux-oracle, linux-snapdragon, linux-azure, linux-gkeop, linux-intel-iotg, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15, and linux-bluefield).
https://lwn.net/Articles/920646/
Vulnerability Spotlight: XSS vulnerability in Ghost CMS
The TALOS-2022-1686 (CVE-2022-47194-CVE-2022-47197) shows that several XSS vulnerabilities could lead to privilege escalation.
https://blog.talosintelligence.com/vulnerability-spotlight-xss-vulnerability-in-ghost-cms/
Hitachi Energy PCU400
https://us-cert.cisa.gov/ics/advisories/icsa-23-019-01
;">uniFLOW MOM Tech Support Potential Data Exposure Vulnerability - 20 January 2023
https://www.canon-europe.com/support/product-security-latest-news/
Vulnerability in minimatch affects IBM Process Mining . CVE-2022-3517
https://www.ibm.com/support/pages/node/6856471
Content Manager Enterprise Edition is affected by a vulnerability in FasterXML jackson
https://www.ibm.com/support/pages/node/6856659
Content Manager Enterprise Edition is affected by a vulnerability in FasterXML jackson
https://www.ibm.com/support/pages/node/6856661
Liberty is vulnerable to denial of service due to GraphQL Java affecting IBM TXSeries for Multiplatforms
https://www.ibm.com/support/pages/node/6856687
IBM UrbanCode Release is affected by CVE-2022-42252
https://www.ibm.com/support/pages/node/6856719
IBM UrbanCode Release is affected by CVE-2022-42252
https://www.ibm.com/support/pages/node/6856717
IBM UrbanCode Release is affected by CVE-2022-34305
https://www.ibm.com/support/pages/node/6856713
IBM UrbanCode Release is affected by CVE-2022-45143
https://www.ibm.com/support/pages/node/6856721