SysAdmin 24x7

BPFDoor Malware Evolves – Stealthy Sniffing Backdoor Ups Its Game What is BPFdoor? BPFdoor is a Linux-specific, low-profile, passive backdoor intended to maintain a persistent, long-term foothold in already-breached networks and environments and functions primarily to ensure an attacker can re-enter an infected system over an extended period of time, post-compromise. https://www.deepinstinct.com/blog/bpfdoor-malware-evolves-stealthy-sniffing-backdoor-ups-its-game

New Linux kernel NetFilter flaw gives attackers root privileges A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system. The CVE-2023-32233 identifier has been reserved for the vulnerability, but a severity level is yet to be determined. https://www.bleepingcomputer.com/news/security/new-linux-kernel-netfilter-flaw-gives-attackers-root-privileges/

Múltiples vulnerabilidades en productos de Aruba Fecha de publicación: 10/05/2023 Importancia: 5 - Crítica https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-productos-de-aruba

Actualización de seguridad de SAP de mayo de 2023 Fecha de publicación: 10/05/2023 Importancia: 5 - Crítica https://www.incibe.es/incibe-cert/alerta-temprana/avisos/actualizacion-de-seguridad-de-sap-de-mayo-de-2023

USN-6063-1: Ceph vulnerabilities 9 May 2023 Several security issues were fixed in Ceph. Releases Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM https://ubuntu.com/security/notices/USN-6063-1

May 2023 Security Updates https://msrc.microsoft.com/update-guide/releaseNote/2023-May

FG-IR-22-297 Date May 3, 2023 Severity High CVSSv3 Score 7.6 Impact Execute unauthorized code or commands CVE ID CVE-2023-27999 Affected Products FortiADC : 7.2.0, 7.1.1, 7.1.0 https://www.fortiguard.com/psirt/FG-IR-22-297

Android’s May 2023 security patch prevents downgrades to infinitely old system app versions You can no longer downgrade system apps beyond the pre-installed version https://www.androidpolice.com/android-may-2023-security-patch-no-downgrades-infinitely-old-system-app-versions/

Elastic Security Labs discovers the LOBSHOT malware An analysis of LOBSHOT, an hVNC malware family spreading through Google Ads. https://www.elastic.co/security-labs/elastic-security-labs-discovers-lobshot-malware

Apple’s first Rapid Security Response patch fails to install on iPhones Apple has launched the first Rapid Security Response (RSR) patches for iOS 16.4.1 and macOS 13.3.1 devices, with some users having issues installing them on their iPhones. https://www.bleepingcomputer.com/news/apple/apples-first-rapid-security-response-patch-fails-to-install-on-iphones/

VMSA-2023-0008 CVSSv3 Range:7.3-9.3 Issue Date:2023-04-25 CVE(s): CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872 Synopsis: VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872) https://www.vmware.com/security/advisories/VMSA-2023-0008.html

Oracle Releases Security Updates Release DateApril 21, 2023 Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for April 2023 to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. https://www.cisa.gov/news-events/alerts/2023/04/21/oracle-releases-security-updates

Drupal Releases Security Advisory to Address Vulnerability in Drupal Core Release DateApril 21, 2023 Drupal has released a security advisory to address an access bypass vulnerability affecting multiple Drupal versions. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal security advisory SA-CORE-2023-005 for more information and apply the necessary updates. https://www.cisa.gov/news-events/alerts/2023/04/21/drupal-releases-security-advisory-address-vulnerability-drupal-core

Múltiples vulnerabilidades en VMware Aria Operations for Logs Fecha de publicación: 21/04/2023 Identificador: INCIBE-2023-0150 Importancia: 5 - Crítica Recursos afectados: VMware Aria Operations for Logs, versiones: 8.10.2; 8.10; 8.8.x; 8.6.x; 4.x. Descripción: Diversos investigadores han reportado 2 vulnerabilidades, 1 crítica y 1 alta, que afectan Aria Operations for Logs de VMware, cuya explotación podría permitir a un atacante ejecutar código/comandos arbitrarios como root. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-vmware-aria-operations-logs

Actualizaciones críticas en Oracle (abril 2023) Fecha de publicación: 19/04/2023 Identificador: INCIBE-2023-0144 Importancia: 5 - Crítica https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizaciones-criticas-oracle-abril-2023

Múltiples vulnerabilidades en Control de Ciber Fecha de publicación: 19/04/2023 Identificador: INCIBE-2023-0145 Importancia: 4 - Alta Recursos afectados: Control de Ciber, versión 1.650. Descripción: INCIBE ha coordinado la publicación de 3 vulnerabilidades en el aplicativo Control de Ciber, que han sido descubiertas por Sergio Apellániz. A estas vulnerabilidades se les han asignado los códigos: CVE-2022-4896, CVE-2022-48474 y CVE-2022-48475. Para las 3 vulnerabilidades, se ha calculado una puntuación base CVSS v3.1 de 7,3, siendo el cálculo del CVSS el siguiente: AV:N/AC:L/PR:N/UI:N/S:U/C:L/N:N/A:H. Solución: No hay solución identificada por el momento. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-control-ciber

Chromium: CVE-2023-2033 Type Confusion in V8 CVE-2023-2033 Security Vulnerability Released: Apr 15, 2023 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2033 https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html

Juniper Networks Releases Security Updates Release DateApril 13, 2023 Juniper Networks has released security updates to address vulnerabilities affecting Junos OS, Paragon Active Assurance (PAA), and Juniper Secure Analytics (JSA) Series. An attacker could exploit some of these vulnerabilities to take control of an affected system. https://www.cisa.gov/news-events/alerts/2023/04/13/juniper-networks-releases-security-updates

Adobe Releases Security Updates for Multiple Products Release DateApril 11, 2023 https://www.cisa.gov/news-events/alerts/2023/04/11/adobe-releases-security-updates-multiple-products

Actualización de seguridad de SAP de abril de 2023 Fecha de publicación: 12/04/2023 Identificador: Inicbe-2023-0136 Importancia: 5 - Crítica Recursos afectados: SAP Diagnostics Agent (OSCommand Bridge and EventLogServiceCollector), versión 720. SAP BusinessObjects Business Intelligence Platform (Promotion Management, versiones 420 y 430. SAP NetWeaver (BI CONT ADDON), versiones 707, 737, 747 y 757. El resto de productos afectados se pueden consultar en SAP Security Patch Day – Abril 2023. Descripción: SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-abril-2023