US-CERT Vulnerability Summary for the Week of March 20, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
Daily Threat Intelligence – March 31 – 2023
Email inboxes of NATO, diplomats, and government and military officials are being targeted by an APT group whose operations appear to be in support of Russian and Belarussian geopolitical goals.…
Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability
The advanced persistent threat (APT) actor known as Winter Vivern is now targeting officials in Europe and the U.S. as part of an ongoing cyber espionage campaign. "TA473 since at…
Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam
The Cyber Police of Ukraine, in collaboration with law enforcement officials from Czechia, has arrested several members of a cybercriminal gang that set up phishing sites to target European users.…
Deep Dive Into 6 Key Steps to Accelerate Your Incident Response
Organizations rely on Incident response to ensure they are immediately aware of security incidents, allowing for quick action to minimize damage. They also aim to avoid follow on attacks or…
3CX Supply Chain Attack — Here’s What We Know So Far
Enterprise communications software maker 3CX on Thursday confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack. The version numbers include…
LockBit 3.0 Ransomware Victim: okcu[.]edu
LockBit 3.0 Ransomware NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers…
LockBit 3.0 Ransomware Victim: groupe-seche[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers…
LockBit 3.0 Ransomware Victim: statravel[.]de
LockBit 3.0 Ransomware NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers…
LockBit 3.0 Ransomware Victim: hacla[.]org [part 2]
LockBit 3.0 Ransomware NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers…
LockBit 3.0 Ransomware Victim: theus-industries[.]fr
LockBit 3.0 Ransomware NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers…
lambdaisland/uri security bypass | CVE-2023-28628
NAME__________lambdaisland/uri security bypassPlatforms Affected:lambdaisland/uri lambdaisland/uri 1.13.95Risk Level:5.4Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________lambdaisland/uri could allow a remote attacker to bypass security restrictions, caused by a flaw with authority-regex function returns the wrong authority. By…
WordPress Ping Optimizer Plugin for WordPress cross-site request forgery | CVE-2022-30705
NAME__________WordPress Ping Optimizer Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress WordPress Ping Optimizer Plugin for WordPress 2.35.1.2.3Risk Level:6.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________WordPress Ping Optimizer Plugin for WordPress is vulnerable to cross-site request…
IEEE 802.11 spoofing | CVE-2022-47522
NAME__________IEEE 802.11 spoofingPlatforms Affected:IEEE 802.11Risk Level:7.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________IEEE 802.11 could allow a remote attacker to conduct spoofing attacks, caused by an improper implemented authentication schemes flaw in the Packet Routing…
Apple macOS Ventura, iOS and iPadOS information disclosure | CVE-2023-23527
NAME__________Apple macOS Ventura, iOS and iPadOS information disclosurePlatforms Affected:Apple macOS Ventura 13.2 Apple iOS 16.3 Apple iPadOS 16.3Risk Level:6.2Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple macOS Ventura, iOS and iPadOS could allow a local…
Apple macOS Ventura, iOS and iPadOS security bypass | CVE-2023-23532
NAME__________Apple macOS Ventura, iOS and iPadOS security bypassPlatforms Affected:Apple macOS Ventura 13.2 Apple iOS 16.3 Apple iPadOS 16.3Risk Level:7.7Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Apple macOS Ventura iOS and iPadOS could allow a local…
RouterOS denial of service | CVE-2023-24094
NAME__________RouterOS denial of servicePlatforms Affected:Risk Level:5.3Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________RouterOS is vulnerable to a denial of service, caused by memory corruption in the bridge2 component. By sending specially-crafted packers,…
Apple macOS Ventura, iOS and iPadOS security bypass | CVE-2023-27932
NAME__________Apple macOS Ventura, iOS and iPadOS security bypassPlatforms Affected:Apple macOS Ventura 13.2 Apple iOS 16.3 Apple iPadOS 16.3Risk Level:6.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Apple macOS Ventura iOS and iPadOS could allow a remote…
Ruijie Networks RG-EW1200G PRO, Ruijie Networks RG-EW1800GX PRO, and Ruijie Networks RG-EW3200GX PRO command execution | CVE-2023-27796
NAME__________Ruijie Networks RG-EW1200G PRO, Ruijie Networks RG-EW1800GX PRO, and Ruijie Networks RG-EW3200GX PRO command executionPlatforms Affected:Risk Level:6.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________Ruijie Networks RG-EW1200G PRO, Ruijie Networks RG-EW1800GX PRO, and Ruijie…
Hitachi SDM600 privilege escalation | CVE-2022-3685
NAME__________Hitachi SDM600 privilege escalationPlatforms Affected:Hitachi Energy SDM600Risk Level:7.5Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Hitachi SDM600 could allow a local authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request,…
JetBrains TeamCity cross-site scripting | CVE-2022-48427
NAME__________JetBrains TeamCity cross-site scriptingPlatforms Affected:Risk Level:4.6Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________JetBrains TeamCity is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Pending changes and Changes tabs. A remote…
Hitachi SDM600 security bypass | CVE-2022-3686
NAME__________Hitachi SDM600 security bypassPlatforms Affected:Hitachi Energy SDM600Risk Level:4.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Hitachi SDM600 could allow a remote attacker to bypass security restrictions, caused by a flaw in API permission check mechanism. By…
F5 NGINX Ingress Controller information disclosure | CVE-2023-1550
NAME__________F5 NGINX Ingress Controller information disclosurePlatforms Affected:F5 NGINX Agent 2.23.2Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________F5 NGINX Ingress Controller could allow a remote authenticated attacker to obtain sensitive information, caused by inserting sensitive…
JetBrains TeamCity cross-site scripting | CVE-2022-48426
NAME__________JetBrains TeamCity cross-site scriptingPlatforms Affected:Risk Level:4.6Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________JetBrains TeamCity is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Perforce connection settings. A remote authenticated attacker…