End-of-Day report
Timeframe: Dienstag 13-06-2023 18:00 - Mittwoch 14-06-2023 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Microsoft: Windows 10 21H2 has reached end of servicing
Multiple editions of Windows 10 21H2 have reached their end of service (EOS) in this months Patch Tuesday, as Microsoft reminded customers today.
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-21h2-has-reached-end-of-servicing/
Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits
At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service.All seven repositories, which are still available as of writing, claim to be a proof-of-concept (PoC) exploit for purported zero-day flaws in Discord, Google Chrome, and Microsoft Exchange Server,
https://thehackernews.com/2023/06/fake-researcher-profiles-spread-malware.html
Shampoo: A New ChromeLoader Campaign
Recently HP Wolf Security detected a new malware campaign built around a new malicious ChromeLoader extension called Shampoo. [..] Its goal is to install a malicious extension in Google Chrome that is used for advertising. Older versions of ChromeLoader have a particularly complex infection chain, starting with the victim downloading malicious ISO files from websites hosting illegal content.
https://www.bromium.com/shampoo-a-new-chromeloader-campaign/
VMware ESXi Zero-Day Used [..] to Perform Privileged Guest Operations on Compromised Hypervisors
This blog post describes an expanded understanding of the attack path seen in Figure 1 and highlights the implications of both the zero-day vulnerability (CVE-2023-20867) and VMCI communication sockets the attacker leveraged to complete their goal.
[Note: Patch verfügbar, siehe VMSA-2023-0013: "VMware Tools update addresses Authentication Bypass vulnerability"]
https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass
Pre-announcement of BIND 9 security issues scheduled for disclosure 21 June 2023
As part of our policy of pre-notification of upcoming security releases, we are writing to inform you that the June 2023 BIND 9 maintenance releases that will be published on Wednesday, 21 June will contain patches for security vulnerabilities affecting stable BIND 9 release branches.
https://lists.isc.org/pipermail/bind-announce/2023-June/001234.html
Booking.com-Betrug: Unterkünfte stornieren Buchungen und verlangen externe Zahlungen!
Auf booking.com scheinen Kriminelle eine neue Betrugsmethode für sich entdeckt zu haben. Sie bieten eine Unterkunft mit Zahlung vor Ort und kostenloser Stornierung an. Bucht jemand die Unterkunft, wird diese kurz darauf storniert. Außerhalb der booking.com-Kommunikationskanäle verspricht man nach -Verifikation des Zahlungsmittels- einen neuerlichen Buchungsabschluss.
https://www.watchlist-internet.at/news/bookingcom-betrug-unterkuenfte-stornieren-buchungen-und-verlangen-externe-zahlungen/
U.S. and International Partners Release Comprehensive Cyber Advisory on LockBit Ransomware
This joint advisory is a comprehensive resource with common tools; exploitations; and tactics, techniques, and procedures (TTPs) used by LockBit affiliates, along with recommended mitigations for organizations to reduce the likelihood and impact of future ransomware incidents.
https://www.cisa.gov/news-events/news/us-and-international-partners-release-comprehensive-cyber-advisory-lockbit-ransomware
Vulnerabilities
WordPress Stripe payment plugin bug leaks customer order details
The WooCommerce Stripe Gateway plugin for WordPress was found to be vulnerable to a bug that allows any unauthenticated user to view order details placed through the plugin.
https://www.bleepingcomputer.com/news/security/wordpress-stripe-payment-plugin-bug-leaks-customer-order-details/
Webbrowser: Neue Chrome-Version schließt kritische Schwachstelle
Im Webbrowser Chrome von Google klafft eine kritische Sicherheitslücke. Updates zum Schließen stehen bereit. Chrome-Nutzer sollten sie zügig installieren.
https://heise.de/-9186834
Webkonferenz-Software: Mehrere hochriskante Lücken in Zoom gestopft
Die Entwickler der Webkonferenz-Software Zoom haben zwölf Sicherheitsmeldungen veröffentlicht. Zum Abdichten der Schwachstellen liefern sie Aktualisierungen.
https://heise.de/-9186898
WordPress-Shops mit WooCommerce-Plug-in: Angreifer könnten Kundendaten einsehen
Aufgrund einer Schwachstelle sind persönliche Kundendaten in WordPress-Shopwebsites nicht optimal geschützt. Admins sollten zügig handeln.
https://heise.de/-9187447
Security updates for Wednesday
Security updates have been issued by Debian (ffmpeg, owslib, php7.4, and php8.2), Fedora (ntp-refclock, php, and python3.7), Red Hat (c-ares, firefox, and thunderbird), SUSE (kernel, openldap2, and tomcat), and Ubuntu (binutils, dotnet6, dotnet7, node-fetch, and python-tornado).
https://lwn.net/Articles/934619/
SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates
SAP has released eight new security notes on June 2023 Security Patch Day, including two that address high-severity vulnerabilities.The post SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates appeared first on SecurityWeek.
https://www.securityweek.com/sap-patches-high-severity-vulnerabilities-with-june-2023-security-updates/
ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities
ICS Patch Tuesday: Siemens and Schneider Electric have published more than a dozen advisories addressing over 200 vulnerabilities.The post ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities appeared first on SecurityWeek.
https://www.securityweek.com/ics-patch-tuesday-siemens-addresses-over-180-third-party-component-vulnerabilities/
Windows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490
CTX559370 NewWindows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490Applicable Products : Citrix Virtual Apps and Desktops
https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490
Fortinet Releases June 2023 Vulnerability Advisories
Fortinet has released its June 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the Fortinet June 2023 Vulnerability Advisories page for more information and apply the necessary updates.
https://www.cisa.gov/news-events/alerts/2023/06/13/fortinet-releases-june-2023-vulnerability-advisories
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.Experience Manager APSB23-31Commerce APSB23-35Animate APSB23-36Substance 3D Designer APSB23-39
https://www.cisa.gov/news-events/alerts/2023/06/13/adobe-releases-security-updates-multiple-products
Tuesday June 20 2023 Security Releases
The Node.js project will release new versions of the 16.x, 18.x and 20.x releases lines on or shortly after, Tuesday June 20 2023 in order to address: 7 medium severity issues, 3 high severity issues, OpenSSL security updates, c-ares 22th May security updates
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases
Microsoft Releases June 2023 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review Microsoft-s June 2023 Security Update Guide and Deployment Information and apply the necessary updates.
https://www.cisa.gov/news-events/alerts/2023/06/13/microsoft-releases-june-2023-security-updates
IBM Security Guardium is affected by multiple vulnerabilities
https://www.ibm.com/support/pages/node/6999317
IBM Security Guardium is affected by multiple Oracle\u00ae MySQL vulnerabilities
https://www.ibm.com/support/pages/node/6981105
IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898)
https://www.ibm.com/support/pages/node/6981101
IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041)
https://www.ibm.com/support/pages/node/7000021
IBM Security Guardium is affected by FasterXML jackson-databind vulnerabilities (CVE-2020-25649, X-Force ID 217968)
https://www.ibm.com/support/pages/node/6573001
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTTP request smuggling in Apache Tomcat (CVE-2022-42252).
https://www.ibm.com/support/pages/node/7003581
IBM Cloud Pak for Security includes components with multiple known vulnerabilities (CVE-2023-0286, CVE-2023-23931)
https://www.ibm.com/support/pages/node/7003815
A vulnerability in Certifi package may affect IBM Storage Scale (CVE-2022-23491)
https://www.ibm.com/support/pages/node/7003817
IBM App Connect for Healthcare is affected by multiple Apache vulnerabilities
https://www.ibm.com/support/pages/node/6999671
Apache Commons FileUpload vulnerability affects IBM Financial Transaction Manager (CVE-2023-24998)
https://www.ibm.com/support/pages/node/7003827
TADDM is vulnerable to a denial of service due to vulnerability in Castor Library
https://www.ibm.com/support/pages/node/7003861
Multiple Vulnerabilities of Apache HttpClient have affected APM Linux KVM Agent
https://www.ibm.com/support/pages/node/7003887