Tageszusammenfassung - 12.05.2023
End-of-Day report
Timeframe: Donnerstag 11-05-2023 18:00 \u2212 Freitag 12-05-2023 18:00 Handler: Robert Waldner Co-Handler: Stephan RichterNews
\u2217\u2217\u2217 Windows: Windows-Sicherheitspatch kann Bootmedien unbrauchbar machen \u2217\u2217\u2217 Aktuell lsst sich Secure Boot in Windows durch eine Lcke umgehen. Bis die gefixt ist, wird es wohl noch bis 2024 dauern - aus Grnden. https://www.golem.de/news/windows-windows-sicherheitspatch-kann-bootmedien-unbrauchbar-machen-2305-174140.html\u2217\u2217\u2217 New Stealthy Variant of Linux Backdoor BPFDoor Emerges from the Shadows \u2217\u2217\u2217 A previously undocumented and mostly undetected variant of a Linux backdoor called BPFDoor has been spotted in the wild, cybersecurity firm Deep Instinct said in a technical report published this week. "BPFDoor retains its reputation as an extremely stealthy and difficult-to-detect malware with this latest iteration," security researchers Shaul Vilkomir-Preisman and Eliran Nissan said. https://thehackernews.com/2023/05/new-variant-of-linux-backdoor-bpfdoor.html
\u2217\u2217\u2217 Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG \u2217\u2217\u2217 This joint advisory provides detection methods for exploitation of CVE-2023-27350 as well and indicators of compromise (IOCs) associated with Bl00dy Ransomware Gang activity. FBI and CISA strongly encourage users and administrators to immediately apply patches, and workarounds if unable to patch. FBI and CISA especially encourage organizations who did not patch immediately to assume compromise and hunt for malicious activity using the detection signatures in this CSA. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a
\u2217\u2217\u2217 Mehrere Sicherheitslcken in VMwares Cloud-Management Aria Operations \u2217\u2217\u2217 Patches schlieen mehrere Sicherheitslcken, die die Ausweitung von Rechten innerhalb von VMwares Cloud-Management Aria Operationse erlauben. https://heise.de/-9012909
\u2217\u2217\u2217 Verschlsselungstrojaner: Es gibt Hoffnung fr BlackCat-Opfer \u2217\u2217\u2217 Stimmen die Voraussetzungen, knnen Opfer des Verschlsselungstrojaner BlackCat wieder auf ihre Daten zugreifen. https://heise.de/-9010373
\u2217\u2217\u2217 Shopsystem: Kritische Sicherheitslcke in Prestashop wird angegriffen \u2217\u2217\u2217 Eine kritische Sicherheitslcke klafft im Shopping-System Prestashop. Angreifer missbrauchen sie bereits. Ein aktueller Softwarestand schtzt. https://heise.de/-9010286
\u2217\u2217\u2217 Cisco: SD-WAN-Zertifikate abgelaufen, jetzt updaten! \u2217\u2217\u2217 Cisco Systems weist seine Kundschaft darauf hin, dass einige SD-WAN Appliances der vEdge-Reihe dringende Updates bentigen. https://heise.de/-9014471
\u2217\u2217\u2217 Enforce Zero Trust in Microsoft 365 \u2013 Part 2: Protect against external users and applications \u2217\u2217\u2217 In the first blog post of this series, we have seen how strong authentication, i.e., Multi-Factor Authentication (MFA), could be enforced for users using a free Azure Active Directory subscription within the Microsoft 365 environment. In this blog post, we will continue to harden the configuration of our Azure AD tenant to enforce Zero Trust [...] https://blog.nviso.eu/2023/05/12/enforce-zero-trust-in-microsoft-365-part-2-protect-against-external-users-and-applications/
Vulnerabilities
\u2217\u2217\u2217 Severe Security Flaw Exposes Over a Million WordPress Sites to Hijack \u2217\u2217\u2217 The issue, tracked as CVE-2023-32243, has been addressed by the plugin maintainers in version 5.7.2 that was shipped on May 11, 2023. Essential Addons for Elementor has over one million active installations. https://thehackernews.com/2023/05/severe-security-flaw-exposes-over.html\u2217\u2217\u2217 VMSA-2023-0009: VMware Aria Operations (formerly vRealize Operations) \u2217\u2217\u2217 CVSSv3 Range: 6.4-8.8 CVE(s): CVE-2023-20877, CVE-2023-20878, CVE-2023-20879, CVE-2023-20880 VMware Aria Operations update addresses multiple Local Privilege Escalations and a Deserialization issue https://www.vmware.com/security/advisories/VMSA-2023-0009.html
\u2217\u2217\u2217 Security updates for Friday \u2217\u2217\u2217 Security updates have been issued by Debian (postgresql-13 and webkit2gtk), Fedora (git), SUSE (helm and skopeo), and Ubuntu (cinder, nova, python-glance-store, and python-os-brick). https://lwn.net/Articles/931760/
\u2217\u2217\u2217 Case update: DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN \u2217\u2217\u2217 Last event: 11 Apr 2023 - CERN released White Rabbit Switch 6.0.2, which contains a fix for CVE-2023-22577 and CVE-2023-22581. https://csirt.divd.nl/cases/DIVD-2022-00068/
\u2217\u2217\u2217 Beekeeper Studio vulnerable to code injection \u2217\u2217\u2217 https://jvn.jp/en/jp/JVN11705010/
\u2217\u2217\u2217 [R1] Nessus Version 10.5.2 Fixes Multiple Vulnerabilities \u2217\u2217\u2217 https://www.tenable.com/security/tns-2023-20
\u2217\u2217\u2217 IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2023-27554) \u2217\u2217\u2217 https://www.ibm.com/support/pages/node/6989667
\u2217\u2217\u2217 IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2023-27554) \u2217\u2217\u2217 https://www.ibm.com/support/pages/node/6989665
\u2217\u2217\u2217 Deserialization vulnerability affect IBM Business Automation Workflow BPM Event Emitters - CVE-2022-1471 \u2217\u2217\u2217 https://www.ibm.com/support/pages/node/6988027
\u2217\u2217\u2217 Multiple Vulnerabilities in Multicloud Management Security Services \u2217\u2217\u2217 https://www.ibm.com/support/pages/node/6991215
\u2217\u2217\u2217 IBM i Modernization Engine for Lifecycle Integration is vulnerable to cross-site scripting (CVE-2022-0225) \u2217\u2217\u2217 https://www.ibm.com/support/pages/node/6991217
\u2217\u2217\u2217 A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2023-27554) \u2217\u2217\u2217 https://www.ibm.com/support/pages/node/6991213