Tageszusammenfassung - 07.12.2023

End-of-Day report

Timeframe: Mittwoch 06-12-2023 18:00 - Donnerstag 07-12-2023 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer

News

CISA and International Partners Release Advisory on [..] Star Blizzard

The joint CSA aims to raise awareness of the specific tactics, techniques, and delivery methods [..] Known Star Blizzard techniques include: Impersonating known contacts' email accounts, Creating fake social media profiles, Using webmail addresses from providers such as Outlook, Gmail and others, and Creating malicious domains that resemble legitimate organizations.

https://www.cisa.gov/news-events/alerts/2023/12/07/cisa-and-international-partners-release-advisory-russia-based-threat-actor-group-star-blizzard


CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps

The guide strongly encourages executives of software manufacturers to prioritize using memory safe programing languages, write and publish memory safe roadmaps and implement changes to eliminate this class of vulnerability and protect their customers. Software developers and support staff should develop the roadmap, which should detail how the manufacturer will modify their software development life cycle (SDLC) to dramatically reduce and eventually eliminate memory unsafe code in their products. This guidance also provides a clear outline of elements that a memory safe roadmap should include.

https://www.cisa.gov/news-events/news/cisa-nsa-fbi-and-international-cybersecurity-authorities-publish-guide-case-memory-safe-roadmaps

Vulnerabilities

PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2

WordPress 6.4.2 was released today, on December 6, 2023. It includes a patch for a POP chain introduced in version 6.4 that, combined with a separate Object Injection vulnerability, could result in a Critical-Severity vulnerability allowing attackers to execute arbitrary PHP code on the site. We urge all WordPress users to update to 6.4.2 immediately, as this issue could allow full site takeover if another vulnerability is present.

https://www.wordfence.com/blog/2023/12/psa-critical-pop-chain-allowing-remote-code-execution-patched-in-wordpress-6-4-2/


Security updates for Thursday

Security updates have been issued by Debian (tzdata), Fedora (gmailctl), Oracle (kernel), Red Hat (linux-firmware, postgresql:12, postgresql:13, and squid:4), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, frr, libtorrent-rasterbar, qbittorrent, openssl-3, openvswitch, openvswitch3, and suse-build-key), and Ubuntu (bluez, curl, linux, linux-aws, linux-azure, linux-laptop, linux-lowlatency, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive, linux-gcp, open-vm-tools, postgresql-12, postgresql-14, postgresql-15, and python-cryptography).

https://lwn.net/Articles/953977/


Kritische Sicherheitslücken in mehreren Produkten von Atlassian - Patches verfügbar

Mehrere Versionen von Produkten des Unternehmens Atlassian enthalten kritische Sicherheitslücken. Die Ausnutzung der Sicherheitslücken ermöglicht Angreifer:innen die vollständige Übernahme von verwundbaren Systemen, sowie den Zugriff auf alle darauf gespeicherten Daten. CVE-Nummer(n): CVE-2023-22522, CVE-2022-1471 CVSS Base Score: 9.0 bzw. 9.8

https://cert.at/de/warnungen/2023/12/kritische-sicherheitslucken-in-mehreren-produkten-von-atlassian-patches-verfugbar


CISA Releases Five Industrial Control Systems Advisories

ICSA-23-341-01 Mitsubishi Electric FA Engineering Software Products, ICSA-23-341-02 Schweitzer Engineering Laboratories SEL-411L, ICSA-23-341-03 Johnson Controls Metasys and Facility Explorer, ICSA-23-341-05 ControlbyWeb Relay, ICSA-23-341-06 Sierra Wireless AirLink with ALEOS firmware

https://www.cisa.gov/news-events/alerts/2023/12/07/cisa-releases-five-industrial-control-systems-advisories


BIOS Image Parsing Function Vulnerabilities (LogoFAIL)

Vulnerabilities were reported in the image parsing libraries in AMI, Insyde and Phoenix BIOS which are used to parse personalized boot logos that are loaded from the EFI System Partition that could allow a local attacker with elevated privileges to trigger a denial of service or arbitrary code execution. [..] Update system firmware to the version (or newer) indicated for your model in the Product Impact section.

http://support.lenovo.com/product_security/PS500590-BIOS-IMAGE-PARSING-FUNCTION-VULNERABILITIES-LOGOFAIL


Drupal: Group - Less critical - Access bypass - SA-CONTRIB-2023-054

https://www.drupal.org/sa-contrib-2023-054


IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/