Debian Linux Security Advisory 5585-1 - An important security issue was discovered in Chromium, which could result in the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5585-1                   security@debian.org  
https://www.debian.org/security/                           Andres Salomon  
December 21, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : chromium  
CVE ID         : CVE-2023-7024

An important security issue was discovered in Chromium, which could result  
in the execution of arbitrary code.

Google is aware that an exploit for CVE-2023-7024 exists in the wild.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 120.0.6099.129-1~deb11u1.

For the stable distribution (bookworm), this problem has been fixed in  
version 120.0.6099.129-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmWEtBwACgkQZF0CR8Nu  
djcwTRAAlSOMympmaRnt7wtj/PasL1BjxHxalhGYU5KxKugz8BmDZN2j+ulLg2c9  
SoJQCIT3RhUyNbWyZV3WKXjSBkn3kE4G/lplL9AIDTHAfy4yrqUo41ews7DMfPQ4  
oNVJhIqIGl+VTaX1zaH50hXJI2Ax294Uo986iGplWScYqnlkcWLNX5RWOtYQLrR7  
BjYzEFIoDouuF5w+7nXyy3nDJYeaBotz1eifayEVYul0k55ljGftzkW5EVrS8zVF  
MeSz0YrXNpqlV6SREVg6jouZxJdNUE1+X72j+dK9rAwR4gcZekcd1JOO+oFfRv86  
jwb3ui8oB3ZJ8K0EPswWK7trq/rFra2T50YvP4wpbwtQ5RG99z612cCgeHZYuLLY  
WW3qWK20lKWbhCwP2S7KXuNFZpVu2ddvj+y4MqMS16HlQyobvQR8obUpwtK1YZSe  
Ak88vaCUk/3ZrFSSggxQQIgSBKtWTLcL7wons5RELGrrowmGZPS+ajpsWtAvGlhJ  
S+QZWkpKlW2F92cl1md7R5zN5vAeVQqW6w20eDebbk4HLgGv6wqgEVNyRcQXUKh/  
3GqGvbuPAoo+gVqGybr+Efmb/xnZn2Y7/AbmjatjA3Iq2Z+NJNUBVahXeZ1s4b5U  
SuvktcJ0szrqOPYNNBkx35/5rSy6nb1KoStG4lvX8XMMese5Ty8=xniE  
-----END PGP SIGNATURE-----

Debian Security Advisory 5585-1

Debian Linux Security Advisory 5581-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or clickjacking.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5581-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffDecember 20, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : firefox-esrCVE ID         : CVE-2023-6856 CVE-2023-6857 CVE-2023-6858 CVE-2023-6859                  CVE-2023-6860 CVE-2023-6861 CVE-2023-6862 CVE-2023-6863                  CVE-2023-6864 CVE-2023-6865 CVE-2023-6867Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode, sandbox escape or clickjacking.For the oldstable distribution (bullseye), these problems have been fixedin version 115.6.0esr-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 115.6.0esr-1~deb12u1.We recommend that you upgrade your firefox-esr packages.For the detailed security status of firefox-esr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/firefox-esrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmWDPxAACgkQEMKTtsN8TjYfeRAAql+aZ6PpAM1Fq4Cp1IlvDQc8BYNuKrjn9/4xYgq/bAnQyRGj1I0viHP2dUdZl6CcndqE6NVgm1mYpCQ/TZJpwSSxnoXf46bB/lGNg17Cw7T8gWI5uUSs1K63UOYNMr8HlCF35qZpU0+TrsL+q3qRdkOQOxRLSFHNhxuUQ+44pUJYKDVg6vKjHU91oQEfjzmcgn2Z+tL/zyrt4s57XUGpZNm6Vmg/TUftXL5+CDodCNPRnIw0JBYWu2yfJ3tj6cuCw6jDAcAouAsDcd8CbK28Bf6h2zUossRGVjSfNWeoshK2qe9L3/wlQB62s0wrJ1MimP9k1y9xS4Iy85vf2BDDnVQBNgMR8mKnwt63Jhngpx8JW8oTbBKzx1oiEZkShw3CDWuCx7ooMnR8glwybPJqXMyZbt8H7dMO3IFEwD2dfNzVfwyEUq4JAOzCPasLEwCekXrTTxeZoYdTW4y8c5c4GEd9nvO8Hdk9iV/zbD1uhpgy0g6oQXciAzSH6Rm92u2+HPwNOFjZAJMOi9eyqtdj9PqwHZ1uraXhtqCz8peD/Sg+YZCAXt0lLyVM+WbQqJOyH5n1POeEHbEikv1iMLXRw+Vkkbzr3u9laTdQ9Yn1b/ZfVblG6/N+hhlLLXYBXyYfrU4L6DMTnUave299Cq1fb8RPWVefcqAv6DoQX0P1GHc==8/zE-----END PGP SIGNATURE-----

Debian Security Advisory 5581-1

Red Hat Security Advisory 2023-7886-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7886.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: tigervnc security updateAdvisory ID:        RHSA-2023:7886-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7886Issue date:         2023-12-20Revision:           03CVE Names:          CVE-2023-6377====================================================================Summary: An update for tigervnc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.Security Fix(es):* xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)* xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6377References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2253291https://bugzilla.redhat.com/show_bug.cgi?id=2253298

Red Hat Security Advisory 2023-7886-03

Red Hat Security Advisory 2023-7885-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7885.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: postgresql:15 security update  
Advisory ID:        RHSA-2023:7885-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7885  
Issue date:         2023-12-20  
Revision:           03  
CVE Names:          CVE-2023-5868  
====================================================================

Summary: 

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

* postgresql: MERGE fails to enforce UPDATE or SELECT row security policies (CVE-2023-39418)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5868

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2228111  
https://bugzilla.redhat.com/show_bug.cgi?id=2228112  
https://bugzilla.redhat.com/show_bug.cgi?id=2247168  
https://bugzilla.redhat.com/show_bug.cgi?id=2247169  
https://bugzilla.redhat.com/show_bug.cgi?id=2247170

Red Hat Security Advisory 2023-7885-03

Red Hat Security Advisory 2023-7884-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7884.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: postgresql:15 security update  
Advisory ID:        RHSA-2023:7884-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7884  
Issue date:         2023-12-20  
Revision:           03  
CVE Names:          CVE-2023-5868  
====================================================================

Summary: 

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

* postgresql: MERGE fails to enforce UPDATE or SELECT row security policies (CVE-2023-39418)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5868

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2228111  
https://bugzilla.redhat.com/show_bug.cgi?id=2228112  
https://bugzilla.redhat.com/show_bug.cgi?id=2247168  
https://bugzilla.redhat.com/show_bug.cgi?id=2247169  
https://bugzilla.redhat.com/show_bug.cgi?id=2247170

Red Hat Security Advisory 2023-7884-03

Red Hat Security Advisory 2023-7883-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7883.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: postgresql:15 security update  
Advisory ID:        RHSA-2023:7883-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7883  
Issue date:         2023-12-20  
Revision:           03  
CVE Names:          CVE-2023-5868  
====================================================================

Summary: 

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

* postgresql: MERGE fails to enforce UPDATE or SELECT row security policies (CVE-2023-39418)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5868

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2228111  
https://bugzilla.redhat.com/show_bug.cgi?id=2228112  
https://bugzilla.redhat.com/show_bug.cgi?id=2247168  
https://bugzilla.redhat.com/show_bug.cgi?id=2247169  
https://bugzilla.redhat.com/show_bug.cgi?id=2247170

Red Hat Security Advisory 2023-7883-03

Red Hat Security Advisory 2023-7612-03 - A new release of the Red Hat build of Quarkus is now available. This new release comes packed with a host of enhancements, bug fixes, and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7612.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat build of Quarkus 3.2.9 release and security updateAdvisory ID:        RHSA-2023:7612-03Product:            Red Hat build of QuarkusAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7612Issue date:         2023-12-20Revision:           03CVE Names:          CVE-2023-6394====================================================================Summary: A new release of the Red Hat build of Quarkus is now available. This new release comes packed with a host of enhancements, bug fixes, and security fixes.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.Description:This release of Red Hat build of Quarkus 3.2.9 includes security updates, bugfixes, and enhancements.Security Fix(es):* CVE-2023-39410 avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [quarkus-3.2]* CVE-2023-43642 snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact [quarkus-3.2]For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6394References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus&downloadType=distributions&version=3.2.9https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/3.2/https://access.redhat.com/articles/4966181#RHBQ_3_2_xhttps://bugzilla.redhat.com/show_bug.cgi?id=2241722https://bugzilla.redhat.com/show_bug.cgi?id=2242521https://issues.redhat.com/browse/QUARKUS-3339https://issues.redhat.com/browse/QUARKUS-3367https://issues.redhat.com/browse/QUARKUS-3563https://issues.redhat.com/browse/QUARKUS-3564https://issues.redhat.com/browse/QUARKUS-3565https://issues.redhat.com/browse/QUARKUS-3566https://issues.redhat.com/browse/QUARKUS-3567https://issues.redhat.com/browse/QUARKUS-3568https://issues.redhat.com/browse/QUARKUS-3569https://issues.redhat.com/browse/QUARKUS-3570https://issues.redhat.com/browse/QUARKUS-3571https://issues.redhat.com/browse/QUARKUS-3572https://issues.redhat.com/browse/QUARKUS-3573https://issues.redhat.com/browse/QUARKUS-3662https://issues.redhat.com/browse/QUARKUS-3663https://issues.redhat.com/browse/QUARKUS-3664https://issues.redhat.com/browse/QUARKUS-3665https://issues.redhat.com/browse/QUARKUS-3666https://issues.redhat.com/browse/QUARKUS-3667https://issues.redhat.com/browse/QUARKUS-3668https://issues.redhat.com/browse/QUARKUS-3669https://issues.redhat.com/browse/QUARKUS-3670https://issues.redhat.com/browse/QUARKUS-3671https://issues.redhat.com/browse/QUARKUS-3672https://issues.redhat.com/browse/QUARKUS-3673https://issues.redhat.com/browse/QUARKUS-3674https://issues.redhat.com/browse/QUARKUS-3675https://issues.redhat.com/browse/QUARKUS-3676https://issues.redhat.com/browse/QUARKUS-3677https://issues.redhat.com/browse/QUARKUS-3678https://issues.redhat.com/browse/QUARKUS-3679https://issues.redhat.com/browse/QUARKUS-3680https://issues.redhat.com/browse/QUARKUS-3681https://issues.redhat.com/browse/QUARKUS-3682https://issues.redhat.com/browse/QUARKUS-3683https://issues.redhat.com/browse/QUARKUS-3685https://issues.redhat.com/browse/QUARKUS-3686https://issues.redhat.com/browse/QUARKUS-3687https://issues.redhat.com/browse/QUARKUS-3688https://issues.redhat.com/browse/QUARKUS-3689https://issues.redhat.com/browse/QUARKUS-3690https://issues.redhat.com/browse/QUARKUS-3691https://issues.redhat.com/browse/QUARKUS-3692https://issues.redhat.com/browse/QUARKUS-3693https://issues.redhat.com/browse/QUARKUS-3694https://issues.redhat.com/browse/QUARKUS-3695https://issues.redhat.com/browse/QUARKUS-3696https://issues.redhat.com/browse/QUARKUS-3697https://issues.redhat.com/browse/QUARKUS-3698https://issues.redhat.com/browse/QUARKUS-3699https://issues.redhat.com/browse/QUARKUS-3700https://issues.redhat.com/browse/QUARKUS-3701https://issues.redhat.com/browse/QUARKUS-3702https://issues.redhat.com/browse/QUARKUS-3703https://issues.redhat.com/browse/QUARKUS-3704https://issues.redhat.com/browse/QUARKUS-3705https://issues.redhat.com/browse/QUARKUS-3706https://issues.redhat.com/browse/QUARKUS-3707https://issues.redhat.com/browse/QUARKUS-3708https://issues.redhat.com/browse/QUARKUS-3709https://issues.redhat.com/browse/QUARKUS-3710https://issues.redhat.com/browse/QUARKUS-3711https://issues.redhat.com/browse/QUARKUS-3712https://issues.redhat.com/browse/QUARKUS-3713https://issues.redhat.com/browse/QUARKUS-3714https://issues.redhat.com/browse/QUARKUS-3715https://issues.redhat.com/browse/QUARKUS-3716https://issues.redhat.com/browse/QUARKUS-3717https://issues.redhat.com/browse/QUARKUS-3718https://issues.redhat.com/browse/QUARKUS-3719https://issues.redhat.com/browse/QUARKUS-3720https://issues.redhat.com/browse/QUARKUS-3721https://issues.redhat.com/browse/QUARKUS-3722https://issues.redhat.com/browse/QUARKUS-3723https://issues.redhat.com/browse/QUARKUS-3724https://issues.redhat.com/browse/QUARKUS-3725https://issues.redhat.com/browse/QUARKUS-3726https://issues.redhat.com/browse/QUARKUS-3727https://issues.redhat.com/browse/QUARKUS-3728https://issues.redhat.com/browse/QUARKUS-3729https://issues.redhat.com/browse/QUARKUS-3730https://issues.redhat.com/browse/QUARKUS-3731https://issues.redhat.com/browse/QUARKUS-3732https://issues.redhat.com/browse/QUARKUS-3733https://issues.redhat.com/browse/QUARKUS-3734https://issues.redhat.com/browse/QUARKUS-3735https://issues.redhat.com/browse/QUARKUS-3736https://issues.redhat.com/browse/QUARKUS-3737https://issues.redhat.com/browse/QUARKUS-3738https://issues.redhat.com/browse/QUARKUS-3739https://issues.redhat.com/browse/QUARKUS-3740https://issues.redhat.com/browse/QUARKUS-3741https://issues.redhat.com/browse/QUARKUS-3742https://issues.redhat.com/browse/QUARKUS-3743https://issues.redhat.com/browse/QUARKUS-3744https://issues.redhat.com/browse/QUARKUS-3746https://issues.redhat.com/browse/QUARKUS-3747https://issues.redhat.com/browse/QUARKUS-3749https://issues.redhat.com/browse/QUARKUS-3750https://issues.redhat.com/browse/QUARKUS-3751https://issues.redhat.com/browse/QUARKUS-3752https://issues.redhat.com/browse/QUARKUS-3753https://issues.redhat.com/browse/QUARKUS-3754https://issues.redhat.com/browse/QUARKUS-3755https://issues.redhat.com/browse/QUARKUS-3756

Red Hat Security Advisory 2023-7612-03

A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world.
The activity cluster, which employs JavaScript web injections, is estimated to have led to at least 50,000 infected user sessions spanning North America, South America, Europe, and Japan.

A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world.

The activity cluster, which employs JavaScript web injections, is estimated to have led to at least 50,000 infected user sessions spanning North America, South America, Europe, and Japan.

IBM Security Trusteer said it detected the campaign in March 2023.

"Threat actors' intention with the web injection module is likely to compromise popular banking applications and, once the malware is installed, intercept the users' credentials in order to then access and likely monetize their banking information," security researcher Tal Langus said.

Attack chains are characterized by the use of scripts loaded from the threat actor-controlled server ("jscdnpack\[.\]com"), specifically targeting a page structure that's common to several banks. It's suspected the malware is delivered to targets by some other means, e.g., via phishing emails or malvertising.

When the victim visits a bank website, the login page is altered to incorporate malicious JavaScript capable of harvesting the credentials and one-time passwords (OTPs). The script is obfuscated to conceal its true intent.

UPCOMING WEBINAR

Beat AI-Powered Threats with Zero Trust - Webinar for Security Professionals

Traditional security measures won't cut it in today's world. It's time for Zero Trust Security. Secure your data like never before.

Join Now

"This web injection doesn't target banks with different login pages, but it does send data about the infected machine to the server and can easily be modified to target other banks," Langus said.

"The script's behavior is highly dynamic, continuously querying both the command-and-control (C2) server and the current page structure and adjusting its flow based on the information obtained."

The response from the server determines its next course of action, allowing it to erase traces of the injections, and insert fraudulent user interface elements to accept OTPs to bypass security protections as well as introduce an error message saying online banking services will be unavailable for a time period of 12 hours.

IBM said it's an attempt to dissuade the victims from logging in to their accounts, providing the threat actors with a window of opportunity to seize control of the accounts and perform unauthorized actions.

While the exact origins of the malware are presently not known, the indicators of compromise (IoCs) suggest a possible connection to a known stealer and loader family known as DanaBot, which has been propagated via malicious ads on Google Search and has acted as acted an initial access vector for ransomware.

"This sophisticated threat showcases advanced capabilities, particularly in executing man-in-the-browser attacks with its dynamic communication, web injection methods and the ability to adapt based on server instructions and current page state," Langus said.

The development comes as Sophos shed more light on a pig butchering scheme in which potential targets are lured into investing in a fake liquidity mining service, uncovering a broader set of scams that has netted the actors nearly $2.9 million worth of cryptocurrency this year as of November 15 from 90 victims.

"They appear to have been run by three separate threat activity groups using identical fraudulent decentralized finance ('DeFi') app sites, suggesting that they are part of or affiliated with a single \[Chinese\] organized crime ring," security researcher Sean Gallagher said.

According to data shared by Europol earlier this week, investment fraud and business e-mail compromise (BEC) fraud remain the most prolific online fraud schemes.

"A concerning threat around investment fraud is its use in combination with other fraud schemes against the same victims," the agency said.

"Investment fraud is sometimes linked to romance scams: criminals slowly build a relationship of trust with the victim and then convince them to invest their savings on fraudulent cryptocurrency trading platforms, leading to large financial losses."

On a related note, cybersecurity company Group-IB said it identified 1,539 phishing websites impersonating postal operators and delivery companies since the start of November 2023. They are suspected to be created for a single scam campaign.

In these attacks, users are sent SMS messages that mimic well-known postal services and are prompted to visit the counterfeit websites to enter their personal and payment details, citing urgent or failed deliveries.

The operation is also notable for incorporating various evasion methods to fly under the radar. This includes limiting access to the scam websites based on geographic locations, making sure that they work only on specific devices and operating systems, and shortening the duration for which they are live.

"The campaign affects postal brands in 53 countries," Group-IB said. "Most of the detected phishing pages target users in Germany (17.5%), Poland (13.7%), Spain (12.5%), U.K. (4.2%), Turkey (3.4%) and Singapore (3.1%)."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component `/presets/ssr-auth-chain.js`.

**blinksocks has weak encryption algorithms**

Moderate severity GitHub Reviewed Published Dec 21, 2023 to the GitHub Advisory Database • Updated Dec 21, 2023

GHSA-pqj5-37xf-x5gc: blinksocks has weak encryption algorithms

An issue was discovered in the bsock component of bcoin-org bcoin that allows remote attackers to obtain sensitive information via weak hashing algorithms in the component `\vendor\faye-websocket.js`.

**bsock uses weak hashing algorithms**

Moderate severity GitHub Reviewed Published Dec 21, 2023 to the GitHub Advisory Database • Updated Dec 21, 2023

Tag

#js