SysAdmin 24x7

Adobe Releases Security Updates for Multiple Products Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. Adobe Acrobat and Reader APSB23-01 Adobe InDesign APSB23-07 Adobe InCopy APSB23-08 Adobe Dimension APSB23-10 https://www.cisa.gov/uscert/ncas/current-activity/2023/01/10/adobe-releases-security-updates-multiple-products

FortiADC - command injection in web interface. IR Number: FG-IR-22-061 Date: Jan 3, 2023 Severity: High CVSSv3 Score: 8.6 Impact: Execute unauthorized code or commands Summary An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests. Affected Products FortiADC version 7.0.0 through 7.0.2 FortiADC version 6.2.0 through 6.2.3 FortiADC version 6.1.0 through 6.1.6 FortiADC version 6.0.0 through 6.0.4 FortiADC version 5.4.0 through 5.4.5 https://www.fortiguard.com/psirt/FG-IR-22-061

Múltiples vulnerabilidades en productos Netgear Fecha de publicación: 29/12/2022 Identificador: INCIBE-2022-1071 Importancia: 5 - Crítica Recursos afectados: CAX30, versiones de firmware anteriores a 1.4.11.2. Descripción: Netgear ha publicado múltiples avisos de seguridad, entre los que destaca uno de severidad crítica que afecta al producto CAX30. Solución: Actualizar el firmware de CAX30 a la versión 1.4.11.2. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-23

LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all. Popular password management company LastPass has been under the pump this year, following a network intrusion back in August 2022. https://nakedsecurity.sophos.com/2022/12/23/lastpass-finally-admits-they-did-steal-your-password-vaults-after-all/

Patch now: Serious Linux kernel security hole uncovered. The Zero Day Initiative originally rated this Linux 5.15 in-kernel SMB server, ksmbd, bug a perfectly awful 10. https://www.zdnet.com/article/patch-now-serious-linux-kernel-security-hole-uncovered/ https://www.zerodayinitiative.com/advisories/ZDI-22-1690/

Microsoft research uncovers new Zerobot capabilities. Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things (IoT) devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow. Recent trends have shown that operators are redeploying malware for a variety of distributions and objectives, modifying existing botnets to scale operations and add as many devices as possible to their infrastructure. https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/

New STEPPY#KAVACH Attack Campaign Likely Targeting Indian Government: Technical Insights and Detection Using Securonix. The Securonix Threat Research team has recently identified a new malicious attack campaign related to a malicious threat actor (MTA) tracked by Securonix as STEPPY#KAVACH targeting victims likely associated with the Indian government. https://www.securonix.com/blog/new-steppykavach-attack-campaign/

#CCNNovedades Ya están disponibles las ponencias y talleres de las #XVIJornadasCCNCERT y #IVJornadasCiberdefensaESPDEFCERT 📽️Lista de reproducción: https://t.co/htEfnIgBlT https://t.co/4Dd2XjBaJ7

Cisco lanza 29 parches de seguridad: 5 críticos y 17 altos en la última semana https://unaaldia.hispasec.com/2022/12/cisco-lanza-29-parches-de-seguridad-5-criticos-y-17-altos-en-la-ultima-semana.html?utm_source=rss&utm_medium=rss&utm_campaign=cisco-lanza-29-parches-de-seguridad-5-criticos-y-17-altos-en-la-ultima-semana

Múltiples vulnerabilidades en productos Netgear Fecha de publicación: 19/12/2022 Identificador: INICBE-2022-1060 Importancia: 5 - Crítica Recursos afectados: Routers NETGEAR Nighthawk WiFi6, versiones anteriores a la v1.0.9.90. Descripción: Se han detectado 3 vulnerabilidades que podrían permitir a un atacante ejecutar comandos arbitrarios en el dispositivo sin autenticación. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-22

https://www.samba.org/samba/security/CVE-2022-38023.html https://www.samba.org/samba/security/CVE-2022-37966.html https://www.samba.org/samba/security/CVE-2022-37967.html https://www.samba.org/samba/security/CVE-2022-45141.html

Samba Releases Security Updates Original release date: December 16, 2022 The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba security announcements and apply the necessary updates. CVE-2022-38023 CVE-2022-37966 CVE-2022-37967 CVE-2022-45141 https://www.cisa.gov/uscert/ncas/current-activity/2022/12/16/samba-releases-security-updates

VMSA-2022-0034 CVSSv3 Range: 4.4-7.2 Issue Date: 2022-12-15 Updated On: 2022-12-15 (Initial Advisory) CVE(s): CVE-2022-31707, CVE-2022-31708 Synopsis: VMware vRealize Operations (vROps) updates address privilege escalation vulnerabilities (CVE-2022-31707, CVE-2022-31708) Impacted Products VMware vRealize Operations (vROps) Introduction Multiple vulnerabilities in VMware vRealize Operations (vROps) were privately reported to VMware. Patches and updates are available to remediate these vulnerabilities in affected VMware products. https://www.vmware.com/security/advisories/VMSA-2022-0034.html

VMSA-2021-0025.6 CVSSv3 Range: 7.1 Issue Date: 2021-11-10 Updated On: 2022-12-15 CVE(s): CVE-2021-22048 Synopsis: VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048) https://www.vmware.com/security/advisories/VMSA-2021-0025.html

Akamai WAF bypassed via Spring Boot to trigger RCE. Akamai issued an update to resolve the flaw several months ago A researcher has disclosed a technique that bypassed Akamai web application firewalls (WAF) running Spring Boot, potentially leading to remote code execution (RCE). https://portswigger.net/daily-swig/akamai-waf-bypassed-via-spring-boot-to-trigger-rce

Múltiples vulnerabilidades que afectan a productos de TIBCO Fecha de publicación: 14/12/2022 Identificador: INCIBE-2022-1054 Importancia: 5 - Crítica Recursos afectados: TIBCO JasperReports Server, versiones 8.0.2 y anteriores. Servidor TIBCO JasperReports, versión 8.1.0. TIBCO JasperReports Server - Community Edition, versiones 8.1.0 y anteriores. TIBCO JasperReports Server - Developer Edition, versiones 8.1.0 y anteriores. TIBCO JasperReports Server para AWS Marketplace, versiones 8.0.2 y anteriores. TIBCO JasperReports Server para AWS Marketplace, versión 8.1.0. TIBCO JasperReports Server para Microsoft Azure, versiones 8.0.2 y anteriores. TIBCO JasperReports Server para Microsoft Azure, versión 8.1.0. Descripción: TIBCO ha detectado 3 vulnerabilidades: 2 de severidad crítica y 1 de severidad alta que podrían permitir a un atacante con privilegios de administrador y acceso a la red, ejecutar código de forma remota o un ataque XSS en el sistema afectado. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-afectan-productos-tibco

Actualización de seguridad de SAP de diciembre de 2022 Fecha de publicación: 14/12/2022 Identificador: INCIBE-2022-1055 Importancia: 5 - Crítica Recursos afectados: SAP Business Client, versiones 6.5, 7.0 y 7.70; SAP BusinessObjects Business Intelligence Platform, versiones 420 y 430; SAP NetWeaver Process Integration, versión 7.50; SAP Commerce, versiones 1905, 2005, 2105, 2011 y 2205; SAP NetWeaver Process Integration, versión 7.50; SAPBASIS, versiones 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790 y 791; SAP Business Planning y Consolidation, versiones SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300 y CPMBPC 810; SAP BusinessObjects Business Intelligence Platform (Program Objects) versiones 420 y 430; SAP Commerce Webservices 2.0 (Swagger UI), versiones 1905, 2005, 2105, 2011 y 2205; SAPUI5, versiones 754, 755, 756, 757 y CLIENT RUNTIME, versiones –600, 700, 800, 900 y 1000; El resto de productos afectados se pueden consultar en SAP Security Patch Day – Diciembre 2022. Descripción: SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-diciembre-2022 https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10

Apple Releases Security Updates for Multiple Products Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible: iCloud for Windows 14.1 Safari 16.2 macOS Monterey 12.6.2 macOS Big Sur 11.7.2 tvOS 16.2 watchOS 9.2 iOS 15.7.2 and iPadOS 15.7.2 iOS 16.2 and iPadOS 16.2 macOS Ventura 13.1 https://www.cisa.gov/uscert/ncas/current-activity/2022/12/13/apple-releases-security-updates-multiple-products

Microsoft Releases December 2022 Security Updates https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec

VMSA-2022-0031 CVSSv3 Range: 7.5-9.8 Issue Date: 2022-12-13 CVE(s): CVE-2022-31702, CVE-2022-31703 Synopsis: VMware vRealize Network Insight (vRNI) updates address command injection and directory traversal security vulnerabilities (CVE-2022-31702, CVE-2022-31703) Impacted Products VMware vRealize Network Insight (vRNI) Introduction Multiple vulnerabilities in VMware vRealize Network Insight (vRNI)were privately reported to VMware. Patches and updates are available to remediate these vulnerabilities in affected VMware products. https://www.vmware.com/security/advisories/VMSA-2022-0031.html