It was discovered that JOSE for C/C++ AES GCM decryption routine incorrectly
uses the Tag length from the actual Authentication Tag provided in the JWE.
An attacker could use this to cause a denial of service (system crash) or
might expose sensitive information.
kubernetes-1.27.5-1.fc39
Updates to Kubernetes for F38 and F39. Security fixes for CVE-2023-3955 and CVE-2023-3676. Related update for rawhide already in stable. Update for F37 is currently in COPR at https://copr.fedorainfracloud.org/coprs/buckaroogeek/copr-k8s-1.25/ due to golang blocker.
kubernetes-1.26.8-1.fc38
Updates to Kubernetes for F38 and F39. Security fixes for CVE-2023-3955 and CVE-2023-3676. Related update for rawhide already in stable. Update for F37 is currently in COPR at https://copr.fedorainfracloud.org/coprs/buckaroogeek/copr-k8s-1.25/ due to golang blocker.
What is WinRAR?
WinRAR is a popular utility tool for file compression/decompression and archive management.
What is the Attack?
CVE-2023-38831 is an arbitrary code execution vulnerability that affects WinRAR before version 6.23. The vulnerability allows threat actors to create a zip file that contains a folder and a file with the same filename. Opening (some refer to this as “viewing”) the file launches a malicious script in the folder.
Why is this Significant?
This is significant because WinRAR is widely used and CVE-2023-38831 was reportedly exploited as a 0-day in April 2023. As a result, multiple malware families have reportedly been deployed. FortiGuard Labs strongly recommends all users of WinRAR to update to the latest version of WinRAR as soon as possible.
What is the Vendor Solution?
The vendor has released WinRAR version 6.23 that includes a fix for CVE-2023-38831.
What FortiGuard Coverage is available?
FortiGuard Labs has the following AV signatures against the files reportedly used in attacks involving CVE-2023-38831:
W32/Darkme.A!tr
W32/NDAoF
PossibleThreat.DU
W32/VB_AGen.EX!tr
W32/ETCH!tr
NSIS/Injector.15D3!tr
PossibleThreat.FORTIEDR.H
W32/PossibleThreat
Malicious_Behavior.SB
Webfiltering blocks all reported network IOCs.
What is Adobe ColdFusion?
Adobe ColdFusion is a commercial rapid web-application and mobile applications development platform.
What is the Attack?
CVE-2023-26359 and CVE-2023-26360 are deserialization of untrusted data vulnerabilities that affect Adobe ColdFusion. Successful exploitation of the vulnerabilities could allow unauthenticated attackers to achieve arbitrary code execution.
CVE-2023-26359 has a CVSS score of 9.8 and is rated critical by Adobe. CVE-2023-26360 has a CVSS score of 8.6 and is rated critical by Adobe.
Why is this Significant?
This is significant because both CVE-2023-26359 and CVE-2023-26360 are on the CISA’s Known Exploited Vulnerabilities (KEV) catalog, which means that the vulnerabilities have been observed to be exploited in the field. Therefore, FortiGuard Labs strongly advises to see vendor advisory and apply patches to Adobe Coldfusion if not already done.
What is the Vendor Solution?
The patch is available for both CVE-2023-26359 and CVE-2023-26360.
What FortiGuard Coverage is available?
FortiGuard Labs has an IPS signature “Adobe.ColdFusion.ToTemplateProxy.Insecure.Deserialization” in place for CVE-2023-26360.
FortiGuard Labs is currently investigating protection for CVE-2023-26359. We’ll update this Threat Signal when new information becomes available.
For a full comprehensive lists of protections from FortiGuard Labs, please visit the Outbreak Alert page for further details.
What is Citrix Content Collaboration?
Citrix Content Collaboration is a security-focused collaboration, content sharing and synchronization service from Citrix for the enterprise.
What is the Attack?
CVE-2023-24489 is a directory traversal vulnerability that affects Citrix Systems ShareFile StorageZones Controller prior to 5.11.24.
The vulnerability is due to improper validation of user input in the ProcessRawPostedFile function. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could allow an attacker to save files to an arbitrary file path under the web root directory, which could lead to the execution of arbitrary code.
The vulnerability has a CVSS score of 9.1 and is rated critical by Citrix.
Why is this Significant?
This is significant because CISA added CVE-2023-24489 to the Known Exploited Vulnerabilities catalog on August 16, 2023, indicating that an attempted or successful exploitation has been observed. Therefore, FortiGuard Labs advises all users of the service to apply the patch as soon as possible.
What is the Vendor Solution?
Citrix released relevant updates in June, 2023.
What FortiGuard Coverage is available?
FortiGuard Labs has an IPS signature “C Citrix.ShareFile.SZC.ProcessRawPostedFile.Directory.Traversal” in place for CVE-2023-24489.
A London court has found two British teens responsible for a spree of high profile hacks, including one that saw the leaking of source code and videos of Rockstar Games’s as-yet unreleased “Grand Theft Auto 6.”
Read more in my article on the Hot for Security blog.
It was discovered that Fast DDS incorrectly handled certain inputs.
A remote attacker could possibly use this issue to cause a denial of
service and information exposure. This issue only affected Ubuntu
22.04 LTS. (CVE-2021-38425)
It was discovered that Fast DDS incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash.
(CVE-2023-39534, CVE-2023-39945, CVE-2023-39946, CVE-2023-39947,
CVE-2023-39948, CVE-2023-39949)
Between Monday and Tuesday, the FBI has traced approximately 1580 stolen Bitcoins
After a series of high-profile cryptocurrency hacks, the state-sponsored North Korean Lazarus Group is poised to cash out millions of dollars.
Read more in my article on the Tripwire State of Security blog.
