End-of-Day report
Timeframe: Donnerstag 23-03-2023 18:00 - Freitag 24-03-2023 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites
Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It impacts versions 4.8.0 through 5.6.1.
https://thehackernews.com/2023/03/critical-woocommerce-payments-plugin.html
GitHub publishes RSA SSH host keys by mistake, issues update
Getting connection failures? Dont panic. Get new keys GitHub has updated its SSH keys after accidentally publishing the private part to the world. Whoops.
https://go.theregister.com/feed/www.theregister.com/2023/03/24/github_changes_its_ssh_host/
ChinaZ DDoS Bot Malware Distributed to Linux SSH Servers
AhnLab Security Emergency response Center (ASEC) has recently discovered the ChinaZ DDoS Bot malware being installed on inadequately managed Linux SSH servers. [..] The threat group most likely scanned port 22, the area where SSH services operate, before finding an active SSH service and performing a dictionary attack using commonly used SSH account credentials.
https://asec.ahnlab.com/en/50316/
Hacking AI: System and Cloud Takeover via MLflow Exploit
Protect AI tested the security of MLflow and found a combined Local File Inclusion/Remote File Inclusion vulnerability which can lead to a complete system or cloud provider takeover. Organizations running an MLflow server are urged to update to the latest release immediately.
https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow
JavaScript-Runtime: Deno 1.32 schließt kritische Sicherheitslücke
Die JS-Runtime Deno 1.32 liefert weitere Verbesserungen für die Kompatibilität mit Node.js und neue Funktionen für den Befehl deno compile.
https://heise.de/-7971810
CISA Ships -Untitled Goose Tool- to Hunt for Microsoft Azure Cloud Infections
The U.S. government-s cybersecurity agency ships a new tool to help network defenders hunt for signs of compromise in Microsoft-s Azure and M365 cloud deployments.
https://www.securityweek.com/cisa-ships-untitled-goose-tool-to-hunt-for-microsoft-azure-cloud-infections/
APT attacks on industrial organizations in H2 2022
This summary provides an overview of APT attacks on industrial enterprises and activity of groups that have been observed attacking industrial organizations and critical infrastructure facilities.
https://ics-cert.kaspersky.com/publications/apt-attacks-on-industrial-organizations-in-h2-2022/
Outlook-Schwachstelle CVE-2023-23397 nicht vollständig gepatcht - Absicherung erforderlich
Noch ein kurzer Nachtrag zum März 2023-Patchday. Microsoft hat zum 14. März 2023 die kritische RCE-Schwachstelle CVE-2023-23397 in Outlook zwar mit einem Sicherheitsupdate versehen. Aber der Patch ist unvollständig, der Angriff kann weiterhin mit etwas modifizierten E-Mails immer noch ausgelöst werden. Und inzwischen ist ein Proof of Concept öffentlich, was demonstriert, wie die Schwachstelle ausgenutzt wird.
https://www.borncity.com/blog/2023/03/24/outlook-schwachstelle-cve-2023-23397-nicht-vollstndig-gepatcht-absicherung-erforderlich/
Vulnerabilities
Cisco DNA Center Information Disclosure Vulnerability
A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-infodisc-pe7zAbdR
Security updates for Friday
Security updates have been issued by Debian (chromium, libdatetime-timezone-perl, and tzdata), Fedora (flatpak and gmailctl), Mageia (firefox, flatpak, golang, gssntlmssp, libmicrohttpd, libtiff, python-flask-security, python-owslib, ruby-rack, thunderbird, unarj, and vim), Red Hat (firefox, kpatch-patch, nss, openssl, and thunderbird), SUSE (containerd, hdf5, qt6-base, and squirrel), and Ubuntu (amanda, gif2apng, graphviz, and linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi).
https://lwn.net/Articles/927198/
Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-003
https://www.drupal.org/sa-core-2023-003
ELECOM WAB-MAT registers its windows service executable with an unquoted file path
https://jvn.jp/en/jp/JVN35246979/
TADDM is vulnerable to a denial of service vulnerability in Apache-Log4j (CVE-2023-26464)
https://www.ibm.com/support/pages/node/6965790
IBM Tivoli Application Dependency Discovery Manager is vulnerable to a bypass vulnerability due to the use of Python (CVE-2023-24329)
https://www.ibm.com/support/pages/node/6965792
IBM API Connect is impacted by an improper access control vulnerability (CVE-2023-28522)
https://www.ibm.com/support/pages/node/6965612
Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus
https://www.ibm.com/support/pages/node/6965816
Stored SMB credentials may allow access to vSnap after oracle backup in IBM Spectrum Protect Plus for Db2 and Oracle (CVE-2023-27863)
https://www.ibm.com/support/pages/node/6965812
A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2023-26283)
https://www.ibm.com/support/pages/node/6965822
Multiple vulnerabilies in Java affect IBM Robotic Process Automation for Cloud Pak which may result in a denial of service (CVE-2023-21830, CVE-2023-21835, CVE-2023-21843)
https://www.ibm.com/support/pages/node/6965846
A vulnerability in Luxon may affect IBM Robotic Process Automation and result in a denial of service (CVE-2023-22467)
https://www.ibm.com/support/pages/node/6965848
Multiple vulnerabilities in IBM Content Navigator may affect IBM Business Automation Workflow
https://www.ibm.com/support/pages/node/6965908