End-of-Day report
Timeframe: Mittwoch 06-12-2023 18:00 - Donnerstag 07-12-2023 18:00
Handler: Robert Waldner
Co-Handler: Michael Schlagenhaufer
News
CISA and International Partners Release Advisory on [..] Star Blizzard
The joint CSA aims to raise awareness of the specific tactics, techniques, and delivery methods [..] Known Star Blizzard techniques include: Impersonating known contacts' email accounts, Creating fake social media profiles, Using webmail addresses from providers such as Outlook, Gmail and others, and Creating malicious domains that resemble legitimate organizations.
https://www.cisa.gov/news-events/alerts/2023/12/07/cisa-and-international-partners-release-advisory-russia-based-threat-actor-group-star-blizzard
CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps
The guide strongly encourages executives of software manufacturers to prioritize using memory safe programing languages, write and publish memory safe roadmaps and implement changes to eliminate this class of vulnerability and protect their customers. Software developers and support staff should develop the roadmap, which should detail how the manufacturer will modify their software development life cycle (SDLC) to dramatically reduce and eventually eliminate memory unsafe code in their products. This guidance also provides a clear outline of elements that a memory safe roadmap should include.
https://www.cisa.gov/news-events/news/cisa-nsa-fbi-and-international-cybersecurity-authorities-publish-guide-case-memory-safe-roadmaps
Vulnerabilities
PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2
WordPress 6.4.2 was released today, on December 6, 2023. It includes a patch for a POP chain introduced in version 6.4 that, combined with a separate Object Injection vulnerability, could result in a Critical-Severity vulnerability allowing attackers to execute arbitrary PHP code on the site. We urge all WordPress users to update to 6.4.2 immediately, as this issue could allow full site takeover if another vulnerability is present.
https://www.wordfence.com/blog/2023/12/psa-critical-pop-chain-allowing-remote-code-execution-patched-in-wordpress-6-4-2/
Security updates for Thursday
Security updates have been issued by Debian (tzdata), Fedora (gmailctl), Oracle (kernel), Red Hat (linux-firmware, postgresql:12, postgresql:13, and squid:4), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, frr, libtorrent-rasterbar, qbittorrent, openssl-3, openvswitch, openvswitch3, and suse-build-key), and Ubuntu (bluez, curl, linux, linux-aws, linux-azure, linux-laptop, linux-lowlatency, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive, linux-gcp, open-vm-tools, postgresql-12, postgresql-14, postgresql-15, and python-cryptography).
https://lwn.net/Articles/953977/
Kritische Sicherheitslücken in mehreren Produkten von Atlassian - Patches verfügbar
Mehrere Versionen von Produkten des Unternehmens Atlassian enthalten kritische Sicherheitslücken. Die Ausnutzung der Sicherheitslücken ermöglicht Angreifer:innen die vollständige Übernahme von verwundbaren Systemen, sowie den Zugriff auf alle darauf gespeicherten Daten. CVE-Nummer(n): CVE-2023-22522, CVE-2022-1471 CVSS Base Score: 9.0 bzw. 9.8
https://cert.at/de/warnungen/2023/12/kritische-sicherheitslucken-in-mehreren-produkten-von-atlassian-patches-verfugbar
CISA Releases Five Industrial Control Systems Advisories
ICSA-23-341-01 Mitsubishi Electric FA Engineering Software Products,
ICSA-23-341-02 Schweitzer Engineering Laboratories SEL-411L,
ICSA-23-341-03 Johnson Controls Metasys and Facility Explorer,
ICSA-23-341-05 ControlbyWeb Relay,
ICSA-23-341-06 Sierra Wireless AirLink with ALEOS firmware
https://www.cisa.gov/news-events/alerts/2023/12/07/cisa-releases-five-industrial-control-systems-advisories
BIOS Image Parsing Function Vulnerabilities (LogoFAIL)
Vulnerabilities were reported in the image parsing libraries in AMI, Insyde and Phoenix BIOS which are used to parse personalized boot logos that are loaded from the EFI System Partition that could allow a local attacker with elevated privileges to trigger a denial of service or arbitrary code execution. [..] Update system firmware to the version (or newer) indicated for your model in the Product Impact section.
http://support.lenovo.com/product_security/PS500590-BIOS-IMAGE-PARSING-FUNCTION-VULNERABILITIES-LOGOFAIL
Drupal: Group - Less critical - Access bypass - SA-CONTRIB-2023-054
https://www.drupal.org/sa-contrib-2023-054
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/