Tageszusammenfassung - 14.06.2023

End-of-Day report

Timeframe: Dienstag 13-06-2023 18:00 - Mittwoch 14-06-2023 18:00 Handler: Robert Waldner Co-Handler: n/a

News

Microsoft: Windows 10 21H2 has reached end of servicing

Multiple editions of Windows 10 21H2 have reached their end of service (EOS) in this months Patch Tuesday, as Microsoft reminded customers today.

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-21h2-has-reached-end-of-servicing/


Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits

At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service.All seven repositories, which are still available as of writing, claim to be a proof-of-concept (PoC) exploit for purported zero-day flaws in Discord, Google Chrome, and Microsoft Exchange Server,

https://thehackernews.com/2023/06/fake-researcher-profiles-spread-malware.html


Shampoo: A New ChromeLoader Campaign

Recently HP Wolf Security detected a new malware campaign built around a new malicious ChromeLoader extension called Shampoo. [..] Its goal is to install a malicious extension in Google Chrome that is used for advertising. Older versions of ChromeLoader have a particularly complex infection chain, starting with the victim downloading malicious ISO files from websites hosting illegal content.

https://www.bromium.com/shampoo-a-new-chromeloader-campaign/


VMware ESXi Zero-Day Used [..] to Perform Privileged Guest Operations on Compromised Hypervisors

This blog post describes an expanded understanding of the attack path seen in Figure 1 and highlights the implications of both the zero-day vulnerability (CVE-2023-20867) and VMCI communication sockets the attacker leveraged to complete their goal. [Note: Patch verfügbar, siehe VMSA-2023-0013: "VMware Tools update addresses Authentication Bypass vulnerability"]

https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass


Pre-announcement of BIND 9 security issues scheduled for disclosure 21 June 2023

As part of our policy of pre-notification of upcoming security releases, we are writing to inform you that the June 2023 BIND 9 maintenance releases that will be published on Wednesday, 21 June will contain patches for security vulnerabilities affecting stable BIND 9 release branches.

https://lists.isc.org/pipermail/bind-announce/2023-June/001234.html


Booking.com-Betrug: Unterkünfte stornieren Buchungen und verlangen externe Zahlungen!

Auf booking.com scheinen Kriminelle eine neue Betrugsmethode für sich entdeckt zu haben. Sie bieten eine Unterkunft mit Zahlung vor Ort und kostenloser Stornierung an. Bucht jemand die Unterkunft, wird diese kurz darauf storniert. Außerhalb der booking.com-Kommunikationskanäle verspricht man nach -Verifikation des Zahlungsmittels- einen neuerlichen Buchungsabschluss.

https://www.watchlist-internet.at/news/bookingcom-betrug-unterkuenfte-stornieren-buchungen-und-verlangen-externe-zahlungen/


U.S. and International Partners Release Comprehensive Cyber Advisory on LockBit Ransomware

This joint advisory is a comprehensive resource with common tools; exploitations; and tactics, techniques, and procedures (TTPs) used by LockBit affiliates, along with recommended mitigations for organizations to reduce the likelihood and impact of future ransomware incidents.

https://www.cisa.gov/news-events/news/us-and-international-partners-release-comprehensive-cyber-advisory-lockbit-ransomware

Vulnerabilities

WordPress Stripe payment plugin bug leaks customer order details

The WooCommerce Stripe Gateway plugin for WordPress was found to be vulnerable to a bug that allows any unauthenticated user to view order details placed through the plugin.

https://www.bleepingcomputer.com/news/security/wordpress-stripe-payment-plugin-bug-leaks-customer-order-details/


Webbrowser: Neue Chrome-Version schließt kritische Schwachstelle

Im Webbrowser Chrome von Google klafft eine kritische Sicherheitslücke. Updates zum Schließen stehen bereit. Chrome-Nutzer sollten sie zügig installieren.

https://heise.de/-9186834


Webkonferenz-Software: Mehrere hochriskante Lücken in Zoom gestopft

Die Entwickler der Webkonferenz-Software Zoom haben zwölf Sicherheitsmeldungen veröffentlicht. Zum Abdichten der Schwachstellen liefern sie Aktualisierungen.

https://heise.de/-9186898


WordPress-Shops mit WooCommerce-Plug-in: Angreifer könnten Kundendaten einsehen

Aufgrund einer Schwachstelle sind persönliche Kundendaten in WordPress-Shopwebsites nicht optimal geschützt. Admins sollten zügig handeln.

https://heise.de/-9187447


Security updates for Wednesday

Security updates have been issued by Debian (ffmpeg, owslib, php7.4, and php8.2), Fedora (ntp-refclock, php, and python3.7), Red Hat (c-ares, firefox, and thunderbird), SUSE (kernel, openldap2, and tomcat), and Ubuntu (binutils, dotnet6, dotnet7, node-fetch, and python-tornado).

https://lwn.net/Articles/934619/


SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates

SAP has released eight new security notes on June 2023 Security Patch Day, including two that address high-severity vulnerabilities.The post SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates appeared first on SecurityWeek.

https://www.securityweek.com/sap-patches-high-severity-vulnerabilities-with-june-2023-security-updates/


ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities

ICS Patch Tuesday: Siemens and Schneider Electric have published more than a dozen advisories addressing over 200 vulnerabilities.The post ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities appeared first on SecurityWeek.

https://www.securityweek.com/ics-patch-tuesday-siemens-addresses-over-180-third-party-component-vulnerabilities/


Windows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490

CTX559370 NewWindows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490Applicable Products : Citrix Virtual Apps and Desktops

https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490


Fortinet Releases June 2023 Vulnerability Advisories

Fortinet has released its June 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the Fortinet June 2023 Vulnerability Advisories page for more information and apply the necessary updates.

https://www.cisa.gov/news-events/alerts/2023/06/13/fortinet-releases-june-2023-vulnerability-advisories


Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.Experience Manager APSB23-31Commerce APSB23-35Animate APSB23-36Substance 3D Designer APSB23-39

https://www.cisa.gov/news-events/alerts/2023/06/13/adobe-releases-security-updates-multiple-products


Tuesday June 20 2023 Security Releases

The Node.js project will release new versions of the 16.x, 18.x and 20.x releases lines on or shortly after, Tuesday June 20 2023 in order to address: 7 medium severity issues, 3 high severity issues, OpenSSL security updates, c-ares 22th May security updates

https://nodejs.org/en/blog/vulnerability/june-2023-security-releases


Microsoft Releases June 2023 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review Microsoft-s June 2023 Security Update Guide and Deployment Information and apply the necessary updates.

https://www.cisa.gov/news-events/alerts/2023/06/13/microsoft-releases-june-2023-security-updates


IBM Security Guardium is affected by multiple vulnerabilities

https://www.ibm.com/support/pages/node/6999317


IBM Security Guardium is affected by multiple Oracle\u00ae MySQL vulnerabilities

https://www.ibm.com/support/pages/node/6981105


IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898)

https://www.ibm.com/support/pages/node/6981101


IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041)

https://www.ibm.com/support/pages/node/7000021


IBM Security Guardium is affected by FasterXML jackson-databind vulnerabilities (CVE-2020-25649, X-Force ID 217968)

https://www.ibm.com/support/pages/node/6573001


IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTTP request smuggling in Apache Tomcat (CVE-2022-42252).

https://www.ibm.com/support/pages/node/7003581


IBM Cloud Pak for Security includes components with multiple known vulnerabilities (CVE-2023-0286, CVE-2023-23931)

https://www.ibm.com/support/pages/node/7003815


A vulnerability in Certifi package may affect IBM Storage Scale (CVE-2022-23491)

https://www.ibm.com/support/pages/node/7003817


IBM App Connect for Healthcare is affected by multiple Apache vulnerabilities

https://www.ibm.com/support/pages/node/6999671


Apache Commons FileUpload vulnerability affects IBM Financial Transaction Manager (CVE-2023-24998)

https://www.ibm.com/support/pages/node/7003827


TADDM is vulnerable to a denial of service due to vulnerability in Castor Library

https://www.ibm.com/support/pages/node/7003861


Multiple Vulnerabilities of Apache HttpClient have affected APM Linux KVM Agent

https://www.ibm.com/support/pages/node/7003887