SysAdmin 24x7

Apple Releases Security Advisories for Multiple Products Release DateOctober 26, 2023 iOS 17.1 and iPadOS 17.1 iOS 16.7.2 and iPadOS 16.7.2 iOS 15.8 and iPadOS 15.8 macOS Sonoma 14.1 macOS Ventura 13.6.1 macOS Monterey 12.7.1 tvOS 17.1 watchOS 10.1 Safari 17.1 https://www.cisa.gov/news-events/alerts/2023/10/26/apple-releases-security-advisories-multiple-products

Múltiples vulnerabilidades en Squid Fecha 26/10/2023 Importancia 5 - Crítica Recursos Afectados Squid, versiones anteriores a 6.4. Descripción Varios investigadores han detectado y reportado varias vulnerabilidades de severidad crítica que afectan a Squid, cuya explotación podría permitir a un atacante realizar DoS o contrabando de peticiones ( request smuggling) HTTP. Solución Actualizar Squid a la versión 6.4. https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-squid

👆🏼⚠️VMware addressed critical vCenter flaw also for End-of-Life products VMware vCenter Server 6.7U3t Release Date 2023-10-24 https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VC67U3T&productId=742&rPId=112241 VMware vCenter Server 6.5U3v Release Date 2023-10-24 https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VC65U3V&productId=614&rPId=111937 Applying vCenter Server 6.7 Update 3t patch on VMware Cloud Foundation for VCF 3.x releases. (95194) Last Updated: 25/10/2023 https://kb.vmware.com/s/article/95194

VMSA-2023-0023 CVSSv3 Range: 4.3-9.8 Issue Date: 2023-10-25 CVE(s): CVE-2023-34048, CVE-2023-34056 Synopsis: VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056) Impacted Products VMware vCenter Server VMware Cloud Foundation Introduction An out-of-bounds write (CVE-2023-34048) and a partial information disclosure (CVE-2023-34056) in vCenter Server were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. https://www.vmware.com/security/advisories/VMSA-2023-0023.html

1Password discloses security incident linked to Okta breach 1Password, a popular password management platform used by over 100,000 businesses, suffered a security incident after hackers gained access to its Okta ID management tenant. "We detected suspicious activity on our Okta instance related to their Support System incident. After a thorough investigation, we concluded that no 1Password user data was accessed," reads a very brief security incident notification from 1Password CTO Pedro Canahuati. "On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps." https://www.bleepingcomputer.com/news/security/1password-discloses-security-incident-linked-to-okta-breach/ https://blog.1password.com/okta-incident/

👆🏼Updated On: 2023-10-23 https://www.vmware.com/security/advisories/VMSA-2023-0021.html

THREAT ACTORS BREACHED OKTA SUPPORT SYSTEM AND STOLE CUSTOMERS’ DATA Okta revealed that threat actors breached its support case management system and stole sensitive data that can be used in future attacks. Okta says that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valide users. Okta asks customers to upload an HTTP Archive (HAR) file in order to support them in solving their problems and replicating browser activity. HAR files can also contain sensitive data, including authentication information. https://securityaffairs.com/152803/data-breach/okta-support-system-breached.html

Critical RCE flaws found in SolarWinds access audit solution Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges. https://www.bleepingcomputer.com/news/security/critical-rce-flaws-found-in-solarwinds-access-audit-solution/

VMSA-2023-0022 CVSSv3 Range: 6.6-7.1 Issue Date: 2023-10-19 CVE(s): CVE-2023-34044, CVE-2023-34045, CVE-2023-34046 Synopsis: VMware Fusion and Workstation updates address privilege escalation and information disclosure vulnerabilities (CVE-2023-34044, CVE-2023-34045, CVE-2023-34046) Impacted Products VMware Workstation Pro / Player (Workstation) VMware Fusion Introduction Multiple security vulnerabilities in VMware Workstation and Fusion were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in the affected VMware products. https://www.vmware.com/security/advisories/VMSA-2023-0022.html

VMSA-2023-0021 CVSSv3 Range: 8.1 Issue Date: 2023-10-19 CVE(s): CVE-2023-34051, CVE-2023-34052 Synopsis: VMware Aria Operations for Logs updates address multiple vulnerabilities. (CVE-2023-34051, CVE-2023-34052) Impacted Products Aria Operations for Logs Introduction Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products. https://www.vmware.com/security/advisories/VMSA-2023-0021.html

Oracle Releases October 2023 Critical Patch Update Advisory Release DateOctober 19, 2023 Oracle has released its Critical Patch Update Advisory for October 2023 to address 387 vulnerabilities across multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. https://www.cisa.gov/news-events/alerts/2023/10/19/oracle-releases-october-2023-critical-patch-update-advisory

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967 Description of Problem Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967

GNU Mailutils: unexpected processsing of escape sequences — GLSA 202310-13 https://security.gentoo.org/glsa/202310-13

Múltiples vulnerabilidades en Moodle Fecha 18/10/2023 Importancia 4 - Alta Recursos Afectados Las siguientes versiones de Moodle se ven afectadas: desde 4.2 hasta 4.2.2, desde 4.1 hasta 4.1.5, desde 4.0 hasta 4.0.10, desde 3.11 hasta 3.11.16, desde 3.9 hasta 3.9.23 versiones anteriores sin soporte. Descripción Varios investigadores han reportado 4 vulnerabilidades de severidad alta y varias bajas que se pueden consultar en la web de avisos de Moodle. Solución Actualizar a las versiones 4.2.3, 4.1.6, 4.0.11, 3.11.17 y 3.9.24. http://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-moodle-2

Múltiples vulnerabilidades en Liferay Fecha 18/10/2023 Importancia 5 - Crítica Recursos Afectados Liferay DXP 7.3 fix pack 1, hasta la actualización 23; Liferay DXP 7.4, antes de la actualización 89; Liferay Portal, desde 7.3.6 hasta 7.4.3.89. Descripción Liferay ha publicado 5 vulnerabilidades críticas que afectan a distintas versiones de sus productos DXP y Portal. http://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-liferay

Actualizaciones críticas en Oracle (octubre 2023) Fecha 18/10/2023 Importancia 5 - Crítica http://www.incibe.es/incibe-cert/alerta-temprana/avisos/actualizaciones-criticas-en-oracle-octubre-2023

HTTP/2 Rapid Reset: cómo desarmamos el ataque sin precedentes https://blog.cloudflare.com/es-es/technical-breakdown-http2-rapid-reset-ddos-attack-es-es/

SONICOS AFFECTED BY MULTIPLE VULNERABILITIES Advisory ID SNWLID-2023-0012 First Published 2023-10-17 Workaround true Status Applicable CVE CVE-2023-39276, CVE-2023-39277, CVE-2023-39278, CVE-2023-39279, CVE-2023-39280, CVE-2023-41711, CVE-2023-41712, CVE-2023-41713, CVE-2023-41715 CWE CWE-121, CWE-259, CWE-269 CVSS v3 7.7 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability Advisory ID: cisco-sa-iosxe-webui-privesc-j22SaA4z First Published: 2023 October 16 15:00 GMT Version 1.1: Interim Workarounds: No workarounds available Cisco Bug IDs: CSCwh87343 CVE-2023-20198 CVSS Score: Base 10.0 Vulnerable Products This vulnerability affects Cisco IOS XE Software if the web UI feature is enabled. The web UI feature is enabled through the ip http server or ip http secure-server commands. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z