Tageszusammenfassung - 24.03.2023

End-of-Day report

Timeframe: Donnerstag 23-03-2023 18:00 - Freitag 24-03-2023 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter


Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It impacts versions 4.8.0 through 5.6.1.


GitHub publishes RSA SSH host keys by mistake, issues update

Getting connection failures? Dont panic. Get new keys GitHub has updated its SSH keys after accidentally publishing the private part to the world. Whoops.


ChinaZ DDoS Bot Malware Distributed to Linux SSH Servers

AhnLab Security Emergency response Center (ASEC) has recently discovered the ChinaZ DDoS Bot malware being installed on inadequately managed Linux SSH servers. [..] The threat group most likely scanned port 22, the area where SSH services operate, before finding an active SSH service and performing a dictionary attack using commonly used SSH account credentials.


Hacking AI: System and Cloud Takeover via MLflow Exploit

Protect AI tested the security of MLflow and found a combined Local File Inclusion/Remote File Inclusion vulnerability which can lead to a complete system or cloud provider takeover. Organizations running an MLflow server are urged to update to the latest release immediately.


JavaScript-Runtime: Deno 1.32 schließt kritische Sicherheitslücke

Die JS-Runtime Deno 1.32 liefert weitere Verbesserungen für die Kompatibilität mit Node.js und neue Funktionen für den Befehl deno compile.


CISA Ships -Untitled Goose Tool- to Hunt for Microsoft Azure Cloud Infections

The U.S. government-s cybersecurity agency ships a new tool to help network defenders hunt for signs of compromise in Microsoft-s Azure and M365 cloud deployments.


APT attacks on industrial organizations in H2 2022

This summary provides an overview of APT attacks on industrial enterprises and activity of groups that have been observed attacking industrial organizations and critical infrastructure facilities.


Outlook-Schwachstelle CVE-2023-23397 nicht vollständig gepatcht - Absicherung erforderlich

Noch ein kurzer Nachtrag zum März 2023-Patchday. Microsoft hat zum 14. März 2023 die kritische RCE-Schwachstelle CVE-2023-23397 in Outlook zwar mit einem Sicherheitsupdate versehen. Aber der Patch ist unvollständig, der Angriff kann weiterhin mit etwas modifizierten E-Mails immer noch ausgelöst werden. Und inzwischen ist ein Proof of Concept öffentlich, was demonstriert, wie die Schwachstelle ausgenutzt wird.



Cisco DNA Center Information Disclosure Vulnerability

A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API.


Security updates for Friday

Security updates have been issued by Debian (chromium, libdatetime-timezone-perl, and tzdata), Fedora (flatpak and gmailctl), Mageia (firefox, flatpak, golang, gssntlmssp, libmicrohttpd, libtiff, python-flask-security, python-owslib, ruby-rack, thunderbird, unarj, and vim), Red Hat (firefox, kpatch-patch, nss, openssl, and thunderbird), SUSE (containerd, hdf5, qt6-base, and squirrel), and Ubuntu (amanda, gif2apng, graphviz, and linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi).


Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-003


ELECOM WAB-MAT registers its windows service executable with an unquoted file path


TADDM is vulnerable to a denial of service vulnerability in Apache-Log4j (CVE-2023-26464)


IBM Tivoli Application Dependency Discovery Manager is vulnerable to a bypass vulnerability due to the use of Python (CVE-2023-24329)


IBM API Connect is impacted by an improper access control vulnerability (CVE-2023-28522)


Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus


Stored SMB credentials may allow access to vSnap after oracle backup in IBM Spectrum Protect Plus for Db2 and Oracle (CVE-2023-27863)


A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2023-26283)


Multiple vulnerabilies in Java affect IBM Robotic Process Automation for Cloud Pak which may result in a denial of service (CVE-2023-21830, CVE-2023-21835, CVE-2023-21843)


A vulnerability in Luxon may affect IBM Robotic Process Automation and result in a denial of service (CVE-2023-22467)


Multiple vulnerabilities in IBM Content Navigator may affect IBM Business Automation Workflow