4088
Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat
Apple Releases Security Advisories for Multiple Products
Release DateOctober 26, 2023
iOS 17.1 and iPadOS 17.1
iOS 16.7.2 and iPadOS 16.7.2
iOS 15.8 and iPadOS 15.8
macOS Sonoma 14.1
macOS Ventura 13.6.1
macOS Monterey 12.7.1
tvOS 17.1
watchOS 10.1
Safari 17.1
https://www.cisa.gov/news-events/alerts/2023/10/26/apple-releases-security-advisories-multiple-products
👆🏼⚠️VMware addressed critical vCenter flaw also for End-of-Life products
VMware vCenter Server 6.7U3t
Release Date 2023-10-24
https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VC67U3T&productId=742&rPId=112241
VMware vCenter Server 6.5U3v
Release Date 2023-10-24
https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VC65U3V&productId=614&rPId=111937
Applying vCenter Server 6.7 Update 3t patch on VMware Cloud Foundation for VCF 3.x releases. (95194)
Last Updated: 25/10/2023
https://kb.vmware.com/s/article/95194
1Password discloses security incident linked to Okta breach
1Password, a popular password management platform used by over 100,000 businesses, suffered a security incident after hackers gained access to its Okta ID management tenant.
"We detected suspicious activity on our Okta instance related to their Support System incident. After a thorough investigation, we concluded that no 1Password user data was accessed," reads a very brief security incident notification from 1Password CTO Pedro Canahuati.
"On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps."
https://www.bleepingcomputer.com/news/security/1password-discloses-security-incident-linked-to-okta-breach/
https://blog.1password.com/okta-incident/
THREAT ACTORS BREACHED OKTA SUPPORT SYSTEM AND STOLE CUSTOMERS’ DATA
Okta revealed that threat actors breached its support case management system and stole sensitive data that can be used in future attacks.
Okta says that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valide users.
Okta asks customers to upload an HTTP Archive (HAR) file in order to support them in solving their problems and replicating browser activity. HAR files can also contain sensitive data, including authentication information.
https://securityaffairs.com/152803/data-breach/okta-support-system-breached.html
VMSA-2023-0022
CVSSv3 Range: 6.6-7.1
Issue Date: 2023-10-19
CVE(s): CVE-2023-34044, CVE-2023-34045, CVE-2023-34046
Synopsis:
VMware Fusion and Workstation updates address privilege escalation and information disclosure vulnerabilities (CVE-2023-34044, CVE-2023-34045, CVE-2023-34046)
Impacted Products
VMware Workstation Pro / Player (Workstation)
VMware Fusion
Introduction
Multiple security vulnerabilities in VMware Workstation and Fusion were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in the affected VMware products.
https://www.vmware.com/security/advisories/VMSA-2023-0022.html
Oracle Releases October 2023
Critical Patch Update Advisory
Release DateOctober 19, 2023
Oracle has released its Critical Patch Update Advisory for October 2023 to address 387 vulnerabilities across multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
https://www.cisa.gov/news-events/alerts/2023/10/19/oracle-releases-october-2023-critical-patch-update-advisory
GNU Mailutils: unexpected processsing of escape sequences — GLSA 202310-13
https://security.gentoo.org/glsa/202310-13
Múltiples vulnerabilidades en Liferay
Fecha 18/10/2023
Importancia 5 - Crítica
Recursos Afectados
Liferay DXP 7.3 fix pack 1, hasta la actualización 23;
Liferay DXP 7.4, antes de la actualización 89;
Liferay Portal, desde 7.3.6 hasta 7.4.3.89.
Descripción
Liferay ha publicado 5 vulnerabilidades críticas que afectan a distintas versiones de sus productos DXP y Portal.
http://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-liferay
HTTP/2 Rapid Reset: cómo desarmamos el ataque sin precedentes
https://blog.cloudflare.com/es-es/technical-breakdown-http2-rapid-reset-ddos-attack-es-es/
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
Advisory ID:
cisco-sa-iosxe-webui-privesc-j22SaA4z
First Published: 2023 October 16 15:00 GMT
Version 1.1: Interim
Workarounds: No workarounds available
Cisco Bug IDs:
CSCwh87343 CVE-2023-20198
CVSS Score: Base 10.0
Vulnerable Products
This vulnerability affects Cisco IOS XE Software if the web UI feature is enabled. The web UI feature is enabled through the ip http server or ip http secure-server commands.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
DarkGate Opens Organizations for Attack via Skype, Teams
https://www.trendmicro.com/en_ph/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Actualización de seguridad 6.3.2 para WordPress
Fecha 13/10/2023
Importancia 3 - Media
Recursos Afectados
WordPress, versiones anteriores a 6.3.2.
Descripción
Se ha publicado la última versión de WordPress que contiene 41 correcciones de errores y 8 de seguridad.
http://www.incibe.es/incibe-cert/alerta-temprana/avisos/actualizacion-de-seguridad-632-para-wordpress
Microsoft Releases October 2023 Security Updates
https://msrc.microsoft.com/update-guide/releaseNote/2023-oct
HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487
Release DateOctober 10, 2023
Researchers and vendors have disclosed a denial-of-service (DoS) vulnerability in HTTP/2 protocol. The vulnerability (CVE-2023-44487), known as Rapid Reset, has been exploited in the wild in August 2023 through October 2023.
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
Múltiples vulnerabilidades en D-View de D-Link
Fecha 09/10/2023
Importancia 5 - Crítica
Recursos Afectados
D-View.
Descripción
rgod ha notificado varias vulnerabilidades 0day, entre ellas dos de severidad crítica, que podrían permitir a atacantes remotos eludir la autenticación o ejecutar código arbitrario.
Solución
Aún no existe una actualización, por lo que se recomienda restringir la interacción con la aplicación.
http://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-d-view-de-d-link
Múltiples vulnerabilidades en Squid
Fecha 26/10/2023
Importancia 5 - Crítica
Recursos Afectados
Squid, versiones anteriores a 6.4.
Descripción
Varios investigadores han detectado y reportado varias vulnerabilidades de severidad crítica que afectan a Squid, cuya explotación podría permitir a un atacante realizar DoS o contrabando de peticiones ( request smuggling) HTTP.
Solución
Actualizar Squid a la versión 6.4.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-squid
VMSA-2023-0023
CVSSv3 Range: 4.3-9.8
Issue Date: 2023-10-25
CVE(s): CVE-2023-34048, CVE-2023-34056
Synopsis:
VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056)
Impacted Products
VMware vCenter Server
VMware Cloud Foundation
Introduction
An out-of-bounds write (CVE-2023-34048) and a partial information disclosure (CVE-2023-34056) in vCenter Server were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
https://www.vmware.com/security/advisories/VMSA-2023-0023.html
👆🏼Updated On: 2023-10-23
https://www.vmware.com/security/advisories/VMSA-2023-0021.html
Critical RCE flaws found in SolarWinds access audit solution
Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges.
https://www.bleepingcomputer.com/news/security/critical-rce-flaws-found-in-solarwinds-access-audit-solution/
VMSA-2023-0021
CVSSv3 Range: 8.1
Issue Date: 2023-10-19
CVE(s): CVE-2023-34051, CVE-2023-34052
Synopsis:
VMware Aria Operations for Logs updates address multiple vulnerabilities. (CVE-2023-34051, CVE-2023-34052)
Impacted Products
Aria Operations for Logs
Introduction
Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
https://www.vmware.com/security/advisories/VMSA-2023-0021.html
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967
Description of Problem
Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).
https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967
Múltiples vulnerabilidades en Moodle
Fecha 18/10/2023
Importancia 4 - Alta
Recursos Afectados
Las siguientes versiones de Moodle se ven afectadas:
desde 4.2 hasta 4.2.2,
desde 4.1 hasta 4.1.5,
desde 4.0 hasta 4.0.10,
desde 3.11 hasta 3.11.16,
desde 3.9 hasta 3.9.23
versiones anteriores sin soporte.
Descripción
Varios investigadores han reportado 4 vulnerabilidades de severidad alta y varias bajas que se pueden consultar en la web de avisos de Moodle.
Solución
Actualizar a las versiones 4.2.3, 4.1.6, 4.0.11, 3.11.17 y 3.9.24.
http://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-moodle-2
Actualizaciones críticas en Oracle (octubre 2023)
Fecha 18/10/2023
Importancia 5 - Crítica
http://www.incibe.es/incibe-cert/alerta-temprana/avisos/actualizaciones-criticas-en-oracle-octubre-2023
SONICOS AFFECTED BY MULTIPLE VULNERABILITIES
Advisory ID SNWLID-2023-0012
First Published 2023-10-17
Workaround true
Status Applicable
CVE CVE-2023-39276, CVE-2023-39277, CVE-2023-39278, CVE-2023-39279, CVE-2023-39280, CVE-2023-41711, CVE-2023-41712, CVE-2023-41713, CVE-2023-41715
CWE CWE-121, CWE-259, CWE-269
CVSS v3 7.7
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012
https://twitter.com/MsftSecIntel/status/1711871732644970856
Читать полностью…
Apple fixes iOS Kernel zero-day vulnerability on older iPhones
Apple has published security updates for older iPhones and iPads to backport patches released one week ago, addressing two zero-day vulnerabilities exploited in attacks.
"Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6," the company said in an advisory.
The first zero-day (tracked as CVE-2023-42824) is a privilege escalation vulnerability caused by a weakness in the XNU kernel that can let local attackers elevate privileges on vulnerable iPhones and iPads.
https://www.bleepingcomputer.com/news/security/apple-fixes-ios-kernel-zero-day-vulnerability-on-older-iphones/
Fortinet Releases Security Updates for Multiple Products
Release DateOctober 11, 2023
https://www.cisa.gov/news-events/alerts/2023/10/11/fortinet-releases-security-updates-multiple-products
Citrix Releases Security Updates for Multiple Products
Release DateOctober 10, 2023
Citrix has released security updates to address vulnerabilities affecting multiple products. A malicious cyber actor can exploit one of these vulnerabilities take control of an affected system.
https://www.cisa.gov/news-events/alerts/2023/10/10/citrix-releases-security-updates-multiple-products
Múltiples vulnerabilidades en productos Cisco
Fecha 09/10/2023
Importancia 5 - Crítica
Recursos Afectados
Emergency Responder, versiones 12.5(1)SU4 y 14SU3;
Prime Collaboration Deployment, versión 14SU3;
Unified CM and Unified CM SME, versiones 12.5(1)SU7 y 14SU3;
Unified CM IM&P, versiones 12.5(1)SU7 y 14SU3;
Unity Connection, versión 14SU3.
Descripción
Unas pruebas internas de seguridad realizadas por Cisco revelaron 2 vulnerabilidades, una de severidad crítica y otra alta, cuya explotación podría permitir a un atacante, remoto y no autenticado, iniciar sesión en un dispositivo afectado utilizando credenciales de root o elevar el uso de CPU provocando retrasos en el procesamiento de las llamadas.
Solución
Actualizar los productos afectados a las versiones correctoras indicadas en el apartado "Fixed Releases" de cada aviso.
http://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-productos-cisco
Atlassian Releases Security Advisory for Confluence Data Center and Server
Release DateOctober 05, 2023
Atlassian released a security advisory to address a vulnerability affecting Confluence Data Center and Confluence Server. A remote cyber threat actor could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review the following advisory and apply the necessary updates: CVE-2023-22515 - Privilege Escalation Vulnerability in Confluence Data Center and Server.
https://www.cisa.gov/news-events/alerts/2023/10/05/atlassian-releases-security-advisory-confluence-data-center-and-server
This advisory has been updated since the initial publication.
Collapse
Clarified Confluence versions prior to 8.0.0 are not affected.
04 Oct 2023 2:20 PM UTC (Coordinated Universal Time, +0 hours)
Edited group name in Threat detection section to the correct one - confluence-administrators
05 Oct 2023 8.30 AM UTC (Coordinated Universal Time, +0 hours)
Clarified Category as Broken Access Control to align with OWASP definition.
05 Oct 2023 9:35 PM UTC (Coordinated Universal Time, +0 hours)
https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html