Microsoft research uncovers new Zerobot capabilities.

Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things (IoT) devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow. Recent trends have shown that operators are redeploying malware for a variety of distributions and objectives, modifying existing botnets to scale operations and add as many devices as possible to their infrastructure.

https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/

Patch now: Serious Linux kernel security hole uncovered.

The Zero Day Initiative originally rated this Linux 5.15 in-kernel SMB server, ksmbd, bug a perfectly awful 10.

https://www.zdnet.com/article/patch-now-serious-linux-kernel-security-hole-uncovered/

https://www.zerodayinitiative.com/advisories/ZDI-22-1690/

LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all.

Popular password management company LastPass has been under the pump this year, following a network intrusion back in August 2022.

https://nakedsecurity.sophos.com/2022/12/23/lastpass-finally-admits-they-did-steal-your-password-vaults-after-all/

Múltiples vulnerabilidades en productos Netgear

Fecha de publicación: 29/12/2022
Identificador: INCIBE-2022-1071
Importancia: 5 - Crítica

Recursos afectados:
CAX30, versiones de firmware anteriores a 1.4.11.2.

Descripción:
Netgear ha publicado múltiples avisos de seguridad, entre los que destaca uno de severidad crítica que afecta al producto CAX30.

Solución:
Actualizar el firmware de CAX30 a la versión 1.4.11.2.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-23

Boletín de seguridad de Android de enero de 2023

Fecha de publicación: 04/01/2023
Identificador: INCIBE-2023-0001
Importancia: 5 - Crítica

Descripción:
El boletín de Android relativo a enero de 2023 soluciona múltiples vulnerabilidades de severidad crítica y alta, que afectan al sistema operativo Android, así como a múltiples componentes, y que podrían permitir a un atacante realizar una escalada de privilegios, ejecución remota de código (RCE) o provocar una denegación de servicio (DoS).

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-android-enero-2023

Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.

If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022).

$ pip3 uninstall -y torch torchvision torchaudio torchtriton
$ pip3 cache purge

PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary. This is what is known as a supply chain attack and directly affects dependencies for packages that are hosted on public package indices.

https://pytorch.org/blog/compromised-nightly-dependency/#how-to-check-if-your-python-environment-is-affected

FortiADC - command injection in web interface.

IR Number: FG-IR-22-061
Date: Jan 3, 2023

Severity: High
CVSSv3 Score: 8.6

Impact: Execute unauthorized code or commands

Summary

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests.

Affected Products

FortiADC version 7.0.0 through 7.0.2
FortiADC version 6.2.0 through 6.2.3
FortiADC version 6.1.0 through 6.1.6
FortiADC version 6.0.0 through 6.0.4
FortiADC version 5.4.0 through 5.4.5

https://www.fortiguard.com/psirt/FG-IR-22-061

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

Adobe Acrobat and Reader APSB23-01
Adobe InDesign APSB23-07
Adobe InCopy APSB23-08
Adobe Dimension APSB23-10

https://www.cisa.gov/uscert/ncas/current-activity/2023/01/10/adobe-releases-security-updates-multiple-products

Microsoft Releases January 2023 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/2023-Jan

Actualización de seguridad de SAP de enero de 2023

Fecha de publicación: 11/01/2023
Identificador: INCIBE-2023-0007
Importancia: 5 - Crítica

Descripción:
SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual.

Solución:
Visitar el portal de soporte de SAP e instalar las actualizaciones o los parches necesarios, según indique el fabricante.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-enero-2023

Actively Exploiting Critical "Control Web Panel" RCE Vulnerability

Control Web Panel or CentOS Web Panel - CVE-2022-44877

Base Score: 9.8 CRITICAL

Description
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

https://nvd.nist.gov/vuln/detail/CVE-2022-44877


Current Versions: CWP6: 0.9.8.943 (EOL) / CWP7: 0.9.8.1148
CWP for CentOS 7 is recommended version.
CWP7+ compatible with CentOS Linux 8, CentOS Stream, Alma Linux , Rocky Linux and Oracle Linux

https://control-webpanel.com/changelog#1669855527714-450fb335-6194

Múltiples vulnerabilidades en productos de Cisco

Fecha de publicación: 12/01/2023
Identificador: INCIBE-2023-0009
Importancia: 5 - Crítica

Recursos afectados:
Cisco RV Series Small Business Routers:
RV016 Multi-WAN VPN,
RV042 Dual WAN VPN,
RV042G Dual Gigabit WAN VPN,
RV082 Dual WAN VPN.
IP Phone 7800 y 8800 Series.
Cisco Industrial Network Director (IND).
Cisco BroadWorks Application Delivery Platform Device Management Software.
Cisco BroadWorks Xtended Services Platform.

Descripción:
Cisco ha publicado 6 vulnerabilidades, 1 de severidad crítica, 3 alta y 2 medias, que afectan a varios productos.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-85

Drupal Releases Security Update to Address Vulnerability in Private Taxonomy Terms

Drupal has released a security update to address a vulnerability affecting private vocabulary modules for Drupal 8.x. An unauthorized user could exploit this vulnerability to bypass access permissions to create, modify, and delete private vocabulary terms.

CISA encourages users and administrators to review Drupal’s security advisory SA-CONTRIB-2023-001 and apply the necessary update.

https://www.cisa.gov/uscert/ncas/current-activity/2023/01/12/drupal-releases-security-update-address-vulnerability-private

Juniper Networks Releases Security Updates for Multiple Products

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Juniper Networks’ security advisories page and apply the necessary updates.

https://www.cisa.gov/uscert/ncas/current-activity/2023/01/12/juniper-networks-releases-security-updates-multiple-products

Actualizaciones críticas en Oracle (enero 2023)

Fecha de publicación: 18/01/2023
Identificador: INCIBE-2023-0019
Importancia: 5 - Crítica

Descripción:
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos.

Solución:
Aplicar los parches correspondientes, según los productos afectados. La información para descargar las actualizaciones puede obtenerse del boletín de seguridad publicado por Oracle.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizaciones-criticas-oracle-enero-2023

Múltiples vulnerabilidades en GitLab

Fecha de publicación: 18/01/2023
Identificador: INCIBE-2023-0020
Importancia: 5 - Crítica

Recursos afectados:
Versiones anteriores a 15.7.5, 15.6.6 y 15.5.9 de GitLab Community Edition (CE) y Enterprise Edition (EE). Todos los tipos de despliegue (omnibus, source code, helm chart, etc.) están afectados.

Descripción:
GitLab ha informado de dos vulnerabilidades que afectan a GitLab Community Edition (CE) y Enterprise Edition (EE) que permitirían en ambos casos un desbordamiento de enteros, lo que podría provocar una ejecución remota de código.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-gitlab-3

Edición arbitraria de ficheros con sudo

Fecha de publicación: 19/01/2023
Identificador: INCIBE-2023-0022
Importancia: 4 - Alta

Recursos afectados:
Versiones de Sudo 1.8.0 a 1.9.12p1, ambas incluidas.

Descripción:
Se ha conocido un fallo en la opción -e de sudo (también conocida como sudoedit), que permite a un usuario malicioso con privilegios de sudoedit editar archivos arbitrarios, pudiendo permitir una escalada de privilegios.

Solución:
Se recomienda actualizar a la versión 1.9.12p2

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/edicion-arbitraria-ficheros-sudo

Vulnerabilidad crítica en Drupal

Fecha de publicación: 19/01/2023
Identificador: INCIBE-2023-0023
Importancia: 5 - Crítica

Recursos afectados:
Versiones comprendidas entre la 8.0.0 (incluida) hasta la 9.4.10 (no incluida).
Versiones comprendidas entre la 9.5.0 (incluida) hasta la 9.5.2 (no incluida).
Versiones comprendidas entre la 10.0.0 (incluida) hasta la 10.0.2 (no incluida).

Descripción:
El equipo de seguridad de Drupal ha publicado una actualización para Drupal 10.0, 9.5 y 9.4 que corrige una vulnerabilidad crítica en el núcleo.

Solución:
Se recomienda actualizar a la última versión:
Para Drupal 10.0, actualiza a Drupal 10.0.2.
Para Drupal 9.5, actualiza a Drupal 9.5.2.
Para Drupal 9.4, actualiza a Drupal 9.4.10.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-critica-drupal

Researchers found a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure.

https://securityaffairs.com/141007/hacking/microsoft-azure-emojideploy-rce.html

EmojiDeploy: Smile! Your Azure web service just got RCE’d ._.

Ermetic's research team discovered a remote code execution vulnerability affecting Azure cloud services and other cloud sovereigns including Function Apps, App Service and Logic Apps.

https://ermetic.com/blog/azure/emojideploy-smile-your-azure-web-service-just-got-rced

Cisco Unified Communications Manager SQL Injection Vulnerability

Advisory ID:
cisco-sa-cucm-sql-rpPczR8n

First Published:
2023 January 18 16:00 GMT
Version 1.0: Final

Workarounds: No workarounds available
Cisco Bug IDs:
CSCwb37205 CSCwb37563
CVE-2023-20010

CVSS Score: Base 8.1


Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

Vulnerable Products
This vulnerability affects the following Cisco products:

Unified CM
Unified CM SME
For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n