Ruby on Rails apps vulnerable to data theft through Ransack search.

Several applications were vulnerable to brute-force attacks; hundreds more could be at risk

Poor integration of the Ransack library into Ruby on Rails (RoR) applications could allow attackers to steal information from backend databases, security firm Positive Security has warned.

https://portswigger.net/daily-swig/ruby-on-rails-apps-vulnerable-to-data-theft-through-ransack-search

Critical Vulnerability Impacts Over 120 Lexmark Printers.

[...]
The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices, which could be exploited to execute arbitrary code.

https://www.securityweek.com/critical-vulnerability-impacts-over-120-lexmark-printers/

Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms.

https://unit42.paloaltonetworks.com/kubernetes-privilege-escalation/

Massive Microsoft 365 outage caused by WAN router IP change.

https://www.bleepingcomputer.com/news/microsoft/massive-microsoft-365-outage-caused-by-wan-router-ip-change/

Vulnerabilidad que afecta a los dispositivos QNAP

Fecha de publicación: 30/01/2023
Importancia: 5 - Crítica

Recursos afectados:
Dispositivos de QNAP con versiones:
QTS 5.0.1;
QuTS hero h5.0.1.
Descripción:
QNAP ha detectado una vulnerabilidad de severidad crítica que afecta a los dispositivos detallados anteriormente.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidad-afecta-los-dispositivos-qnap

Ejecución remota de código en múltiples productos ManageEngine

Fecha de publicación: 31/01/2023
Identificador: INCIBE-2023-0033
Importancia: 5 - Crítica

Descripción:
El investigador Khoadha, de Viettel Cyber Security, ha reportado a través del programa bug bounty del fabricante, una vulnerabilidad de severidad crítica que podría permitir a un atacante, no autenticado, ejecutar código arbitrario en múltiples productos de ManageEngine cuando se cumplen los criterios sobre SAML SSO citados anteriormente.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-multiples-productos-manageengine

https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html

VMSA-2023-0001.1

CVSSv3 Range: 5.3-9.8
Issue Date:2023-01-24
Updated On:2023-01-31

CVE(s):
CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711

Impacted Products
VMware vRealize Log Insight

https://www.vmware.com/security/advisories/VMSA-2023-0001.html

VMSA-2023-0002

CVSSv3 Range:6.5
Issue Date:2023-01-31

CVE(s):
CVE-2023-20856

Synopsis:
VMware vRealize Operations (vROps) update addresses a CSRF bypass vulnerability (CVE-2023-20856)

Impacted Products
VMware vRealize Operations (vROps)

https://www.vmware.com/security/advisories/VMSA-2023-0002.html

.NET Framework Information Disclosure Vulnerability
CVE-2022-41064

Released: Nov 8, 2022
Last updated: Feb 1, 2023

v3.0
In the Security Updates table, added .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 installed on supported editions of Windows Server 2016 and Windows 10 version 1607 as these versions of Windows with .NET Framework AND 4.6.2/4.7/4.7.1/4.7.2 installed are affected by this vulnerability. Customers running these versions of .NET Framework should install the November 2022 security updates to be protected from this vulnerability.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064

Vulnerabilidad de inyección de comandos en Cisco IOx

Fecha de publicación: 02/02/2023
Identificador: INCIBE-2023-0036
Importancia: 4 - Alta

Recursos afectados:
La vulnerabilidad afecta a los siguientes productos de Cisco, siempre y cuando cuenten con la función Cisco IOx activada y no tengan soporte nativo de docker:
Dispositivos Cisco que cuenten con el software Cisco IOS XE.
Dispositivos Cisco que cuenten con una versión de software vulnerable:
800 Series Industrial ISRs;
Catalyst Access Points (COS-APs);
CGR1000 Compute Modules;
IC3000 Industrial Compute Gateways (versión de software inferior a la 1.2.1);
IR510 WPAN Industrial Routers.
Para más información acerca de las versiones concretas de software vulnerables, visitar el siguiente aviso.

Descripción:
Sam Quinn y Kasimir Schulz, del Centro de Investigación Avanzada de Trellix, han reportado una vulnerabilidad de severidad alta, que podría permitir a un atacante remoto, no autenticado, ejecutar comandos arbitrarios como root.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-comandos-cisco-iox

VMSA-2023-0003

CVSSv3 Range: 7.8
Issue Date: 2023-02-02
CVE(s): CVE-2023-20854

Synopsis:
VMware Workstation update addresses an arbitrary file deletion vulnerability (CVE-2023-20854)

Impacted Products
VMware Workstation

https://www.vmware.com/security/advisories/VMSA-2023-0003.html

Password-stealing “vulnerability” reported in KeePass – bug or feature?

It’s been a newsworthy few weeks for password managers – those handy utilities that help you come up with a different password for every website you use, and then to keep track of them all.

https://nakedsecurity.sophos.com/2023/02/01/password-stealing-vulnerability-reported-in-keypass-bug-or-feature/

New HeadCrab malware infects 1,200 Redis servers to mine Monero.

New stealthy malware designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021 to build a botnet that mines for Monero cryptocurrency.

https://www.bleepingcomputer.com/news/security/new-headcrab-malware-infects-1-200-redis-servers-to-mine-monero/

GitHub code-signing certificates stolen (but will be revoked this week)

https://nakedsecurity.sophos.com/2023/01/31/github-code-signing-certificates-stolen-but-will-be-revoked-this-week/

Vulnerabilidad zero-day en AWS Glue

https://unaaldia.hispasec.com/2023/02/vulnerabilidad-zero-day-en-aws-glue.html?utm_source=rss&utm_medium=rss&utm_campaign=vulnerabilidad-zero-day-en-aws-glue

Cisco Releases Security Advisories for Multiple Products

Cisco released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.

https://www.cisa.gov/uscert/ncas/current-activity/2023/02/02/cisco-releases-security-advisories-multiple-products

Apigee Edge - Moderately critical - Access bypass -

SA-CONTRIB-2023-005
Project: Apigee Edge
Date: 2023-February-01

Security risk:
Moderately critical 13∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:All
Vulnerability: Access bypass

Description:
The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal.

Previous module versions did not support entity query level access checking, which could have led to information disclosure or access bypass in various places.

https://www.drupal.org/sa-contrib-2023-005

A HIGH-SEVERITY BUG IN F5 BIG-IP CAN LEAD TO CODE EXECUTION AND DOS

The flaw affects the following versions of BIG-IP:

F5 BIG-IP 17.0.0
F5 BIG-IP 16.1.2.2 – 16.1.3
F5 BIG-IP 15.1.5.1 – 15.1.8
F5 BIG-IP 14.1.4.6 – 14.1.5
F5 BIG-IP 13.1.5
“The most likely impact of a successful attack is to crash the server process. A skilled attacker could potentially develop a remote code execution exploit, which would run code on the F5 BIG-IP device as the root user.” continues Rapid7’s advisory.

https://securityaffairs.com/141728/security/f5-big-ip-bug.html

https://my.f5.com/manage/s/article/K000130415

Fallo de autenticación en productos Jira de Atlassian

Fecha de publicación: 03/02/2023
Identificador: INCIBE-2023-0039
Importancia: 5 - Crítica

Descripción:
Atlassian ha notificado una vulnerabilidad crítica de fallo de autenticación en Jira Service Management Server y Data Center, que podría permitir a un atacante suplantar a otro usuario y obtener acceso a una instancia de Jira Service Management.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/fallo-autenticacion-productos-jira-atlassian

OpenSSH fixes double-free memory bug that’s pokable over the network.

The open source operating system distribution OpenBSD is well-known amongst sysadmins, especially those who manage servers, for its focus on security over speed, features and fancy front-ends.

https://nakedsecurity.sophos.com/2023/02/03/openssh-fixes-double-free-memory-bug-thats-pokable-over-the-network/

Vulnerabilidad 0day en un plugin de Prestashop

Fecha de publicación: 06/02/2023
Importancia: 3 - Media

Recursos afectados:
Plugin M4 PDF para sitios web Prestashop, versiones 3.2.3 y anteriores.

Descripción:
Se han detectado dos vulnerabilidades de tipo 0day, una de criticidad media y otra de criticidad baja, que afectan al Plugin M4 PDF para sitios web Prestashop.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidad-0day-plugin-prestashop