End-of-Day report
Timeframe: Donnerstag 30-03-2023 18:00 - Freitag 31-03-2023 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
10-year-old Windows bug with opt-in fix exploited in 3CX attack
A 10-year-old Windows vulnerability is still being exploited in attacks to make it appear that executables are legitimately signed, with the fix from Microsoft still "opt-in" after all these years. Even worse, the fix is removed after upgrading to Windows 11.
https://www.bleepingcomputer.com/news/microsoft/10-year-old-windows-bug-with-opt-in-fix-exploited-in-3cx-attack/
Realtek and Cacti flaws now actively exploited by malware botnets
Multiple malware botnets actively target Cacti and Realtek vulnerabilities in campaigns detected between January and March 2023, spreading ShellBot and Moobot malware.
https://www.bleepingcomputer.com/news/security/realtek-and-cacti-flaws-now-actively-exploited-by-malware-botnets/
Hackers exploit bug in Elementor Pro WordPress plugin with 11M installs
Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin used by over eleven million websites.
https://www.bleepingcomputer.com/news/security/hackers-exploit-bug-in-elementor-pro-wordpress-plugin-with-11m-installs/
Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains, (Fri, Mar 31st)
In my last Diary[1], I shortly mentioned the need for correctly set Content Security Policy and/or the obsolete[2] X-Frame-Options HTTP security headers (not just) in order to prevent phishing pages, which overlay a fake login prompt over a legitimate website, from functioning correctly. Or, to be more specific, to prevent them from dynamically loading a legitimate page in an iframe under the fake login prompt, since this makes such phishing websites look much less like a legitimate login page and thus much less effective.
https://isc.sans.edu/diary/rss/29698
WordPress Vulnerability & Patch Roundup March 2023
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we-ve compiled a list of important security updates and patches for the WordPress ecosystem this past month.
https://blog.sucuri.net/2023/03/wordpress-vulnerability-patch-roundup-march-2023.html
Booby Trapping IBM i
In our first post about IBM i we noted that the operating system includes a database engine, Db2. This level of integration means that practically all objects of the system are accessible via SQL, a powerful tool to discover and analyze system configuration, and also to identify potential vulnerabilities. However, the -database view- of the operating system not only allows us to read data, but lets us insert additional data that can affect the behavior of the system too.
https://blog.silentsignal.eu/2023/03/30/booby-trapping-ibm-i/
Vulnerabilities
Security updates for Friday
Security updates have been issued by Debian (joblib, json-smart, libmicrohttpd, and xrdp), Fedora (thunderbird and xorg-x11-server-Xwayland), Mageia (dino, perl-Cpanel-JSON-XS, perl-Net-Server, snort, tigervnc/x11-server, and xapian), SUSE (curl, kernel, openssl-1_0_0, and shim), and Ubuntu (glusterfs, linux-gcp-4.15, musl, and xcftools).
https://lwn.net/Articles/928013/
Samba Releases Security Updates for Multiple Versions of Samba
The Samba Team has released security updates addressing vulnerabilities in multiple versions of Samba. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following announcements and apply the necessary updates: CVE-2023-0225 CVE-2023-0922 CVE-2023-0614
https://www.cisa.gov/news-events/alerts/2023/03/31/samba-releases-security-updates-multiple-versions-samba
Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser
OpenImageIO is a library that converts, compares and processes various image files. Blender and AliceVision, two often used computer imaging services, utilize the library, among other software offerings.
https://blog.talosintelligence.com/vulnerability-spotlight-specially-crafted-files-could-lead-to-denial-of-service-information-disclosure-in-openimageio-parser/
Xcode 14.3
https://support.apple.com/kb/HT213679
[webapps] WooCommerce v7.1.0 - Remote Code Execution(RCE)
https://www.exploit-db.com/exploits/51156
IBM Security Bulletins 2023-03-31
https://www.ibm.com/support/pages/bulletin/