[Precaución] Solicitud de aplicación de parche al confirmar un ataque que aprovecha la vulnerabilidad de Trend Micro Apex Central (CVE-2022-26871)

Hemos confirmado un ataque que aprovecha la vulnerabilidad (CVE-2022-26871) en Trend Micro Apex Central.
Hemos preparado un parche, así que aplique el último programa lo antes posible.



■ Productos objetivo
Trend Micro Apex Central (Apex Central) Compilación: Menos de 6016
Trend Micro Apex Central como servicio (Apex Central parte funcional de Apex One SaaS; en adelante, Apex Central SaaS) Compilación: menos de 202203

https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435

CISA Releases Security Advisories for Rockwell Automation Products

Original release date: March 31, 2022

CISA has released two Industrial Controls Systems Advisories (ICSAs) detailing vulnerabilities in Rockwell Automation products. An attacker could exploit these vulnerabilities to inject code on affected system.

CISA encourages users and administrators to review ICSA-22-090-05: Rockwell Automation Logix Controllers and ICSA-22-090-07: Rockwell Automation Studio 5000 Logix Designer for more information and to apply the necessary mitigations and detection method.

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/31/cisa-releases-security-advisories-rockwell-automation-products

Critical SQL injection flaw fixed in Rapid7’s Nexpose vulnerability scanner.

Attacks could be mounted via manipulation of query operators in search criteria

Rapid7 has patched a critical SQL injection vulnerability in Nexpose, its on-premises vulnerability management software.

The flaw, which has a CVSS rating of 9.8, arose because valid search operators were not defined, according to the CVE description for the bug, which is tracked as CVE-2022-0757.

Consequently, attackers can inject SQL code after manipulating the ‘ALL’ or ‘ANY’ filter query operators in the SearchCriteria.

This issue affects all versions of Nexpose – alternately known as Security Console – up to and including 6.6.128.

https://portswigger.net/daily-swig/critical-sql-injection-flaw-fixed-in-rapid7s-nexpose-vulnerability-scanner

This new ransomware targets data visualization tool Jupyter Notebook.

https://www.zdnet.com/article/this-new-ransomware-targets-data-visualization-tool-jupyter-notebook/

Zlib data compressor fixes 17-year-old security bug – patch, errrm, now.

https://nakedsecurity.sophos.com/2022/03/29/zlib-data-compressor-fixes-17-year-old-security-bug-patch-errr-now/

Raw Image Extension Remote Code Execution Vulnerability

CVE-2022-23295

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23295

Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices

[...]
The flaw has been assigned the identifier CVE-2022-0342 and is rated 9.8 out of 10 for severity. Credited with reporting the bug are Alessandro Sgreccia from Tecnical Service Srl and Roberto Garcia H and Victor Garcia R from Innotec Security.
[...]

https://thehackernews.com/2022/03/zyxel-releases-patches-for-critical-bug.html

About the security content of iOS 15.4.1 and iPadOS 15.4.1

Impact: An application may be able to execute arbitrary code with kernel privileges.

https://support.apple.com/en-us/HT213219

About the security content of macOS Monterey 12.3.1

Impact: An application may be able to execute arbitrary code with kernel privileges

https://support.apple.com/en-us/HT213220

Múltiples vulnerabilidades en productos Netgear

Fecha de publicación: 01/04/2022
Importancia: 5 - Crítica

Descripción:
Netgear ha publicado 12 vulnerabilidades, de severidad crítica, presentes en múltiples de sus productos.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-19

Múltiples vulnerabilidades en GitLab

Fecha de publicación: 01/04/2022
Importancia: 5 - Crítica

Recursos afectados:
Todas las versiones de:
GitLab CE/EE,
GitLab Omnibus,
GitLab Charts,
GitLab Pages.
Descripción:
GitLab ha publicado 17 vulnerabilidades: 1 de severidad crítica, 2 de severidad elevada, 9 de severidad media y 5 de severidad baja, por las que un atacante podría acceder a credenciales, ejecutar una vulnerabilidad tipo Cross-Site Scripting (XSS), acceder al token de registro y variables de entorno o causar una denegación de servicio entre otros.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-gitlab

GitLab addresses critical account hijack bug.

https://portswigger.net/daily-swig/gitlab-addresses-critical-account-hijack-bug

CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell)

https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/

Spring Releases Security Updates Addressing "Spring4Shell" and Spring Cloud Function Vulnerabilities

Original release date: April 01, 2022

https://www.cisa.gov/uscert/ncas/current-activity/2022/04/01/spring-releases-security-updates-addressing-spring4shell-and

VMSA-2022-0010

CVSSv3 Range: 9.8
Issue Date: 2022-04-02
Updated On: 2022-04-02 (Initial Advisory)
CVE(s): CVE-2022-22965

Synopsis:
VMware Response to Spring Framework Remote Code Execution Vulnerability, aka Spring4Shell (CVE-2022-22965)

Impacted Products
VMware Tanzu Application Service for VMs
VMware Tanzu Operations Manager
VMware Tanzu Kubernetes Grid Integrated Edition (TKGI)

https://www.vmware.com/security/advisories/VMSA-2022-0010.html

CVE-2022-26871 Detail

NVD Published Date: 03/29/2022
NVD Last Modified: 03/30/2022
Source: Trend Micro, Inc.

Description
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2022-26871

Boletín de seguridad de Android de abril de 2022

Fecha de publicación: 05/04/2022
Importancia: 4 - Alta

Recursos afectados:
Android Open Source Project (AOSP):

Versiones 10, 11, 12 y 12L.
Descripción:
El boletín mensual de Android de abril de 2022 soluciona 3 vulnerabilidades de severidad alta que afectan al sistema, y que podrían permitir a un cibedelincuente la escalada remota de privilegios, sin necesidad de privilegios de ejecución adicionales ni interacción por parte del usuario, y la divulgación de información.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/boletin-seguridad-android-abril-2022

https://t.me/sysadmin24x7/4927
Actualización de contenido sobre vulnerabilidad

VMSA-2022-0010.1

CVSSv3 Range: 9.8
Issue Date: 2022-04-02

Updated On: 2022-04-06

CVE(s): CVE-2022-22965

Synopsis:
VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)

Impacted Products
VMware Tanzu Application Service for VMs
VMware Tanzu Operations Manager
VMware Tanzu Kubernetes Grid Integrated Edition (TKGI)

https://www.vmware.com/security/advisories/VMSA-2022-0010.html

Vulnerabilidad SQLi en FortiWAN de Fortinet

Fecha de publicación: 06/04/2022
Importancia: 5 - Crítica

Recursos afectados:
FortiWAN 4.5.8 y anteriores.

Descripción:
Giuseppe Cocomazzi, del equipo Fortinet Product Security, ha descubierto esta vulnerabilidad crítica que podría permitir a un atacante ejecutar código o comandos no autorizados.

Solución:
Actualizar a FortiWAN 4.5.9 o superior.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-sqli-fortiwan-fortinet

VMSA-2022-0011

CVSSv3 Range: 5.3-9.8
Issue Date: 2022-04-06

CVE(s): CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961

Synopsis:
VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.

Impacted Products:
VMware Workspace ONE Access (Access)
VMware Identity Manager (vIDM)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager

https://www.vmware.com/security/advisories/VMSA-2022-0011.html