End-of-Day report
Timeframe: Donnerstag 20-07-2023 18:00 - Freitag 21-07-2023 18:00
Handler: Robert Waldner
Co-Handler: Michael Schlagenhaufer
News
GitHub warns of Lazarus hackers targeting devs with malicious projects
GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware.
https://www.bleepingcomputer.com/news/security/github-warns-of-lazarus-hackers-targeting-devs-with-malicious-projects/
Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities
A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts.
https://thehackernews.com/2023/07/sophisticated-bundlebot-malware.html
Supply chain security for Go, Part 3: Shifting left
Previously in our Supply chain security for Go series, we covered dependency and vulnerability management tools and how Go ensures package integrity and availability as part of the commitment to countering the rise in supply chain attacks in recent years. In this final installment, we-ll discuss how -shift left- security can help make sure you have the security information you need, when you need it, to avoid unwelcome surprises.
http://security.googleblog.com/2023/07/supply-chain-security-for-go-part-3.html
Vulnerabilities
VU#653767: Perimeter81 macOS Application Multiple Vulnerabilities
At the time, the latest Perimeter81 MacOS application (10.0.0.19) suffers from local privilege escalation vulnerability inside its com.perimeter81.osx.HelperTool. This HelperTool allows main application to setup things which require administrative privileges such as VPN connection, changing routing table, etc.
https://kb.cert.org/vuls/id/653767
Schwachstellen in AMI-Firmware: Gigabyte-Hack gefährdet unzählige Serversysteme
Nach einem Hackerangriff auf Gigabyte ist unter anderem eine AMI-Firmware geleakt, in der Forscher nun äußerst brisante Schwachstellen fanden.
https://www.golem.de/news/schwachstellen-in-ami-firmware-gigabyte-hack-gefaehrdet-unzaehlige-serversysteme-2307-176046.html
Security updates for Friday
Security updates have been issued by Fedora (golang, nodejs16, nodejs18, and R-jsonlite), Red Hat (java-1.8.0-openjdk and java-17-openjdk), SUSE (container-suseconnect, redis, and redis7), and Ubuntu (wkhtmltopdf).
https://lwn.net/Articles/938878/
WebKitGTK and WPE WebKit Security Advisory WSA-2023-0006
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE identifiers: CVE-2023-37450, CVE-2023-32393.
https://webkitgtk.org/security/WSA-2023-0006.html
Foxit PDF Reader und PDF Editor 12.1.3 als Sicherheitsupdates
Kurze Information für Leute, die noch den Foxit PDF Reader und/oder den PDF Editor einsetzen sollten. In älteren Versionen gibt es Sicherheitslücken, die durch ein Sicherheitsupdate auf die Version 12.1.3.15356 beseitigt werden [...]
https://www.borncity.com/blog/2023/07/20/foxit-pdf-reader-und-pdf-editor-12-1-3-als-sicherheitsupdates/
GBrowse vulnerable to unrestricted upload of files with dangerous types
https://jvn.jp/en/jp/JVN35897618/
Security Vulnerabilities fixed in Thunderbird 115.0.1
https://www.mozilla.org/en-US/security/advisories/mfsa2023-27/
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer
https://www.ibm.com/support/pages/node/7013595
IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to unspecified vulnerabilities in IBM Runtime Environment Java Technology Edition
https://www.ibm.com/support/pages/node/7010095
IBM Sterling Global Mailbox is vulnerable to arbitrary command execution due to com.ibm.ws.org.apache.commons.collections (CVE-2015-7501)
https://www.ibm.com/support/pages/node/6963962
IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests (CVE-2022-38712)
https://www.ibm.com/support/pages/node/6855661
IBM Sterling Global Mailbox is vulnerable to denial of service due to WebSphere Liberty Server ( CVE-2022-3509, CVE-2022-3171)
https://www.ibm.com/support/pages/node/6963956
IBM Sterling Global Mailbox is vulnerable to arbitrary code execution due to Apache Commons Collections [CVE-2015-6420, CVE-2017-15708]
https://www.ibm.com/support/pages/node/6957392
IBM Sterling Global Mailbox is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)
https://www.ibm.com/support/pages/node/6963958
IBM Sterling Global Mailbox is vulnerable to sensitive data exposure due to Apache CXF (CVE-2022-46363)
https://www.ibm.com/support/pages/node/6963960
IBM Sterling Global Mailbox is vulnerable to HTTP header injection due WebSphere Liberty Server (CVE-2022-34165)
https://www.ibm.com/support/pages/node/6954401
IBM Sterling Global Mailbox is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42003)
https://www.ibm.com/support/pages/node/6954403
IBM Global Mailbox is vulnerable to remote code execution due to Apache Cassandra (CVE-2021-44521)
https://www.ibm.com/support/pages/node/6852565
IBM Sterling Global Mailbox is vulnerable to security bypass due to Apache HttpClient (CVE-2020-13956)
https://www.ibm.com/support/pages/node/6954405
IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to IBM MQ (CVE-2023-26285, CVE-2023-28950)
https://www.ibm.com/support/pages/node/7011767
Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights
https://www.ibm.com/support/pages/node/7013887
Vulnerability in Google gson 2.2.4 libraries (CVE-2022-25647) affects IBM Operations Analytics Predictive Insights
https://www.ibm.com/support/pages/node/7013881