End-of-Day report
Timeframe: Donnerstag 06-04-2023 18:00 - Freitag 07-04-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Robert Waldner
News
Security baseline for Microsoft Edge v112
Microsoft is pleased to announce the release of the security baseline for Microsoft Edge, version 112! We have reviewed the settings in Microsoft Edge version 112 and updated our guidance with the removal of three obsolete settings. A new Microsoft Edge security baseline package was just released to the Download Center.
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-v112/ba-p/3789975
Security headers you should add into your application to increase cyber risk protection, (Thu, Apr 6th)
Web applications are a wide world that is currently the object of numerous cyberattacks, mostly seeking to compromise the information directly in the clients that use them.
https://isc.sans.edu/diary/rss/29720
Detecting Suspicious API Usage with YARA Rules, (Fri, Apr 7th)
YARA is a beautiful tool for malware researchers and incident responders. No need to present it again. It became a standard tool to add to your arsenal. While teaching FOR610 (Malware Analysis & Reverse Engineering), a student asked me how to detect specific API calls with dangerous parameters during the triage phase. This phase will help you quickly assess the malware sample and help you decide how to perform the following steps.
https://isc.sans.edu/diary/rss/29724
Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign
Our team at Sucuri has been tracking a massive WordPress infection campaign since 2017 - but up until recently never bothered to give it a proper name. Typically, we refer to it as an ongoing long lasting massive WordPress infection campaign that leverages all known and recently discovered theme and plugin vulnerabilities.
https://blog.sucuri.net/2023/04/balada-injector-synopsis-of-a-massive-ongoing-wordpress-malware-campaign.html
With ICMP magic, you can snoop on vulnerable HiSilicon, Qualcomm-powered Wi-Fi
WPA stands for will-provide-access, if you can successfully exploit a targets setup. A vulnerability identified in at least 55 Wi-Fi router models can be exploited by miscreants to spy on victims data as its sent over a wireless network.
https://go.theregister.com/feed/www.theregister.com/2023/04/07/wifi_access_icmp/
Pwning Pixel 6 with a leftover patch
In this post, I-ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain arbitrary kernel code execution and root from a malicious app. This highlights how treacherous it can be when backporting security changes.
https://github.blog/2023-04-06-pwning-pixel-6-with-a-leftover-patch/
Umfrage: Softwarebedingte Schwachstellen sind das größte Sicherheitsproblem
Hacker setzen vermehrt auf bekannte Sicherheitslücken. Ransomware ist der Umfrage zufolge nur die viertgrößte Bedrohung. Ein weiteres Problem: viele Unternehmen weisen Mitarbeiter an, meldepflichtige Vorfälle zu verschweigen.
https://www.zdnet.de/88408311/umfrage-softwarebedingte-schwachstellen-sind-das-groesste-sicherheitsproblem/
Vulnerabilities
Release notes for Microsoft Edge Security Updates (CVE-2023-28284, CVE-2023-24935, CVE-2023-28301)
April 6, 2023: Microsoft has released the latest Microsoft Edge Stable Channel (Version 112.0.1722.34) which incorporates the latest Security Updates of the Chromium project.
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
Security updates for Friday
Security updates have been issued by Mageia (ldb/samba, libapreq2, opencontainers-runc, peazip, python-cairosvg, stellarium, and zstd), Oracle (httpd and mod_http2, kernel, and nss), SUSE (conmon, go1.19, go1.20, libgit2, openssl-1_1, and openvswitch), and Ubuntu (emacs24).
https://lwn.net/Articles/928559/
F5: K000133432 : Intel CPU vulnerability CVE-2022-21216
https://my.f5.com/manage/s/article/K000133432
CISA Adds Five Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2023/04/07/cisa-adds-five-known-exploited-vulnerabilities-catalog
IBM Informix Dynamic Server is affected when a specific function in the Spatial Datablade is called with an out-of-range parameter
https://www.ibm.com/support/pages/node/6343587
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in GnuPG Libksba [CVE-2022-3515]
https://www.ibm.com/support/pages/node/6981855
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in libexpat [CVE-2022-40674]
https://www.ibm.com/support/pages/node/6981859
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in SQlite [CVE-2020-35527]
https://www.ibm.com/support/pages/node/6981851
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary commands execution in Python (CVE-2015-20107)
https://www.ibm.com/support/pages/node/6981849
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in GNU Libtasn1 [CVE-2021-46848]
https://www.ibm.com/support/pages/node/6981853
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in Git [CVE-2022-23521]
https://www.ibm.com/support/pages/node/6981857
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in Git [CVE-2022-41903]
https://www.ibm.com/support/pages/node/6981861
Privilege Escalation vulnerability
https://www.ibm.com/support/pages/node/6981911
Improper Error Handling
https://www.ibm.com/support/pages/node/6981917
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)
https://www.ibm.com/support/pages/node/6982047
Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server
https://www.ibm.com/support/pages/node/286971
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)
https://www.ibm.com/support/pages/node/6982141