Microsoft Releases December 2022 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec

Apple Releases Security Updates for Multiple Products

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:
iCloud for Windows 14.1
Safari 16.2
macOS Monterey 12.6.2
macOS Big Sur 11.7.2
tvOS 16.2
watchOS 9.2
iOS 15.7.2 and iPadOS 15.7.2
iOS 16.2 and iPadOS 16.2
macOS Ventura 13.1

https://www.cisa.gov/uscert/ncas/current-activity/2022/12/13/apple-releases-security-updates-multiple-products

VMSA-2022-0032

CVSSv3 Range: 5.3-7.2
Issue Date: 2022-12-13
CVE(s): CVE-2022-31700, CVE-2022-31701

Synopsis:
VMware Workspace ONE Access and Identity Manager updates address multiple vulnerabilities (CVE-2022-31700, CVE-2022-31701).

Impacted Products
VMware Workspace ONE Access (Access)
VMware Identity Manager (vIDM)
VMware Cloud Foundation (Cloud Foundation)

Introduction
Multiple vulnerabilities were privately reported to VMware. Updates are available to address this vulnerability in affected VMware products.

https://www.vmware.com/security/advisories/VMSA-2022-0032.html

Actualización de seguridad de SAP de diciembre de 2022

Fecha de publicación: 14/12/2022
Identificador: INCIBE-2022-1055
Importancia: 5 - Crítica

Recursos afectados:
SAP Business Client, versiones 6.5, 7.0 y 7.70;
SAP BusinessObjects Business Intelligence Platform, versiones 420 y 430;
SAP NetWeaver Process Integration, versión 7.50;
SAP Commerce, versiones 1905, 2005, 2105, 2011 y 2205;
SAP NetWeaver Process Integration, versión 7.50;
SAPBASIS, versiones 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790 y 791;
SAP Business Planning y Consolidation, versiones SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300 y CPMBPC 810;
SAP BusinessObjects Business Intelligence Platform (Program Objects) versiones 420 y 430;
SAP Commerce Webservices 2.0 (Swagger UI), versiones 1905, 2005, 2105, 2011 y 2205;
SAPUI5, versiones 754, 755, 756, 757 y CLIENT RUNTIME, versiones –600, 700, 800, 900 y 1000;
El resto de productos afectados se pueden consultar en SAP Security Patch Day – Diciembre 2022.

Descripción:
SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-diciembre-2022

https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10

Múltiples vulnerabilidades que afectan a productos de TIBCO

Fecha de publicación: 14/12/2022
Identificador: INCIBE-2022-1054
Importancia: 5 - Crítica

Recursos afectados:
TIBCO JasperReports Server, versiones 8.0.2 y anteriores.
Servidor TIBCO JasperReports, versión 8.1.0.
TIBCO JasperReports Server - Community Edition, versiones 8.1.0 y anteriores.
TIBCO JasperReports Server - Developer Edition, versiones 8.1.0 y anteriores.
TIBCO JasperReports Server para AWS Marketplace, versiones 8.0.2 y anteriores.
TIBCO JasperReports Server para AWS Marketplace, versión 8.1.0.
TIBCO JasperReports Server para Microsoft Azure, versiones 8.0.2 y anteriores.
TIBCO JasperReports Server para Microsoft Azure, versión 8.1.0.

Descripción:
TIBCO ha detectado 3 vulnerabilidades: 2 de severidad crítica y 1 de severidad alta que podrían permitir a un atacante con privilegios de administrador y acceso a la red, ejecutar código de forma remota o un ataque XSS en el sistema afectado.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-afectan-productos-tibco

Akamai WAF bypassed via Spring Boot to trigger RCE.

Akamai issued an update to resolve the flaw several months ago

A researcher has disclosed a technique that bypassed Akamai web application firewalls (WAF) running Spring Boot, potentially leading to remote code execution (RCE).

[...]
Akamai response
When approached for comment, Akamai told The Daily Swig that the bypass was only possible as the researchers used an old version of the Akamai WAF protection engine.

A patch was issued on July 25, 2022. As a result, customers running the latest engine version are not at risk of exploitation.
[...]

https://portswigger.net/daily-swig/akamai-waf-bypassed-via-spring-boot-to-trigger-rce

VMSA-2021-0025.6

CVSSv3 Range: 7.1
Issue Date: 2021-11-10
Updated On: 2022-12-15
CVE(s): CVE-2021-22048

Synopsis:
VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)

https://www.vmware.com/security/advisories/VMSA-2021-0025.html

VMSA-2022-0034

CVSSv3 Range: 4.4-7.2
Issue Date: 2022-12-15
Updated On: 2022-12-15 (Initial Advisory)
CVE(s): CVE-2022-31707, CVE-2022-31708

Synopsis:
VMware vRealize Operations (vROps) updates address privilege escalation vulnerabilities (CVE-2022-31707, CVE-2022-31708)

Impacted Products
VMware vRealize Operations (vROps)

Introduction
Multiple vulnerabilities in VMware vRealize Operations (vROps) were privately reported to VMware. Patches and updates are available to remediate these vulnerabilities in affected VMware products.

https://www.vmware.com/security/advisories/VMSA-2022-0034.html

Samba Releases Security Updates
Original release date: December 16, 2022

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Samba security announcements and apply the necessary updates.
CVE-2022-38023
CVE-2022-37966
CVE-2022-37967
CVE-2022-45141

https://www.cisa.gov/uscert/ncas/current-activity/2022/12/16/samba-releases-security-updates

Múltiples vulnerabilidades en productos Netgear

Fecha de publicación: 19/12/2022
Identificador: INICBE-2022-1060
Importancia: 5 - Crítica

Recursos afectados:
Routers NETGEAR Nighthawk WiFi6, versiones anteriores a la v1.0.9.90.

Descripción:
Se han detectado 3 vulnerabilidades que podrían permitir a un atacante ejecutar comandos arbitrarios en el dispositivo sin autenticación.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-22

Cisco lanza 29 parches de seguridad: 5 críticos y 17 altos en la última semana

https://unaaldia.hispasec.com/2022/12/cisco-lanza-29-parches-de-seguridad-5-criticos-y-17-altos-en-la-ultima-semana.html?utm_source=rss&utm_medium=rss&utm_campaign=cisco-lanza-29-parches-de-seguridad-5-criticos-y-17-altos-en-la-ultima-semana

#CCNNovedades Ya están disponibles las ponencias y talleres de las #XVIJornadasCCNCERT y #IVJornadasCiberdefensaESPDEFCERT 📽️Lista de reproducción: https://t.co/htEfnIgBlT https://t.co/4Dd2XjBaJ7

New STEPPY#KAVACH Attack Campaign Likely Targeting Indian Government: Technical Insights and Detection Using Securonix.

The Securonix Threat Research team has recently identified a new malicious attack campaign related to a malicious threat actor (MTA) tracked by Securonix as STEPPY#KAVACH targeting victims likely associated with the Indian government.

https://www.securonix.com/blog/new-steppykavach-attack-campaign/

Microsoft research uncovers new Zerobot capabilities.

Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things (IoT) devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow. Recent trends have shown that operators are redeploying malware for a variety of distributions and objectives, modifying existing botnets to scale operations and add as many devices as possible to their infrastructure.

https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/

Patch now: Serious Linux kernel security hole uncovered.

The Zero Day Initiative originally rated this Linux 5.15 in-kernel SMB server, ksmbd, bug a perfectly awful 10.

https://www.zdnet.com/article/patch-now-serious-linux-kernel-security-hole-uncovered/

https://www.zerodayinitiative.com/advisories/ZDI-22-1690/

LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all.

Popular password management company LastPass has been under the pump this year, following a network intrusion back in August 2022.

https://nakedsecurity.sophos.com/2022/12/23/lastpass-finally-admits-they-did-steal-your-password-vaults-after-all/

Múltiples vulnerabilidades en productos Netgear

Fecha de publicación: 29/12/2022
Identificador: INCIBE-2022-1071
Importancia: 5 - Crítica

Recursos afectados:
CAX30, versiones de firmware anteriores a 1.4.11.2.

Descripción:
Netgear ha publicado múltiples avisos de seguridad, entre los que destaca uno de severidad crítica que afecta al producto CAX30.

Solución:
Actualizar el firmware de CAX30 a la versión 1.4.11.2.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-23

Boletín de seguridad de Android de enero de 2023

Fecha de publicación: 04/01/2023
Identificador: INCIBE-2023-0001
Importancia: 5 - Crítica

Descripción:
El boletín de Android relativo a enero de 2023 soluciona múltiples vulnerabilidades de severidad crítica y alta, que afectan al sistema operativo Android, así como a múltiples componentes, y que podrían permitir a un atacante realizar una escalada de privilegios, ejecución remota de código (RCE) o provocar una denegación de servicio (DoS).

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-android-enero-2023

Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.

If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022).

$ pip3 uninstall -y torch torchvision torchaudio torchtriton
$ pip3 cache purge

PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary. This is what is known as a supply chain attack and directly affects dependencies for packages that are hosted on public package indices.

https://pytorch.org/blog/compromised-nightly-dependency/#how-to-check-if-your-python-environment-is-affected

FortiADC - command injection in web interface.

IR Number: FG-IR-22-061
Date: Jan 3, 2023

Severity: High
CVSSv3 Score: 8.6

Impact: Execute unauthorized code or commands

Summary

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests.

Affected Products

FortiADC version 7.0.0 through 7.0.2
FortiADC version 6.2.0 through 6.2.3
FortiADC version 6.1.0 through 6.1.6
FortiADC version 6.0.0 through 6.0.4
FortiADC version 5.4.0 through 5.4.5

https://www.fortiguard.com/psirt/FG-IR-22-061