- Mozilla Releases Security Update for Thunderbird 102.9.1
- Samba Releases Security Updates for Multiple Versions of Samba
- Supply Chain Attack Against 3CXDesktopApp
- Apple Releases Security Updates for Multiple Products
_______________________________
Mozilla Releases Security Update for Thunderbird 102.9.1
Situation:
Mozilla has released a security update to address vulnerabilities in Thunderbird 102.9.1.
Problem:
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Implication:
If not addressed, an attacker could install programs and make modifications within the computer system. As a result, companies can have their business operations halted.
Need:
We encourage users and administrators to review Mozilla’s Thunderbird 102.9.1 security advisory for more information and apply the necessary updates.
Additional Resources:
Mozilla Releases Security Update for Thunderbird 102.9.1:
https://www.cisa.gov/news-events/alerts/2023/03/31/mozilla-releases-security-update-thunderbird-10291
Mozilla Foundation Security Advisory 2023-12:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-12/
________________________________
Samba Releases Security Updates for Multiple Versions of Samba
Situation:
The Samba Team has released security updates addressing vulnerabilities in multiple versions of Samba.
Problem:
- Microsoft’s implementation imposes a restriction that this may only happen over an encrypted connection; however Samba does not have this restriction currently, meaning any unencrypted connections are allowed if configured correctly in order for authentication purposes.
- When implementing the Validated dnsHostName permission check in Samba’s Active Directory DC, a flaw was discovered where the case of deleting a dnsHostName value for a computer in a Samba domain (CVE-2022-32743) was incorrectly handled. This meant that with versions of Samba 4.17 and later, it became possible for authenticated but otherwise unprivileged users to delete any LDAP attribute value from the dnsHostName attribute on an object without having proper permissions or privileges to do so. This posed serious security risks as malicious actors could exploit this vulnerability to gain access and make changes they were not authorized for.
- Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
Implication:
An attacker could exploit these vulnerabilities to take control of an affected system.
Need:
We encourage users and administrators to review the following announcements and apply the necessary updates:
Additional Resources:
Samba Releases Security Updates for Multiple Versions of Samba:
https://www.cisa.gov/news-events/alerts/2023/03/31/samba-releases-security-updates-multiple-versions-samba
CVE-2023-0225.html:
https://www.samba.org/samba/security/CVE-2023-0225.html
CVE-2023-0922.html:
https://www.samba.org/samba/security/CVE-2023-0922.html
CVE-2023-0614.html:
https://www.samba.org/samba/security/CVE-2023-0614.html
________________________________
Supply Chain Attack Against 3CXDesktopApp
Situation:
CISA is aware of open-source reports describing a supply chain attack against 3CX software and their customers.
Problem:
According to the reports, 3CXDesktopApp — a voice and video conferencing app — was trojanized, potentially leading to multi-staged attacks against users employing the vulnerable app.
Implication:
If disregarded, the malicious activity can claim user accounts of millions. Potentially leaking out personal and financial information.
Need:
CISA urges users and organizations to review the following reports for more information, and hunt for the listed indicators of compromise (IOCs) for potential malicious activity:
- SentinelOne: SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack
- DesktopApp: 3CX DesktopApp Security Alert
Additional Resources:
Supply Chain Attack Against 3CXDesktopApp:
https://www.cisa.gov/news-events/alerts/2023/03/30/supply-chain-attack-against-3cxdesktopapp
SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack:
https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
3CX DesktopApp Security Alert:
https://www.3cx.com/blog/news/desktopapp-security-alert/
Hackers compromise 3CX desktop app in a supply chain attack:
https://www.bleepingcomputer.com/news/security/hackers-compromise-3cx-desktop-app-in-a-supply-chain-attack/
________________________________
Apple Releases Security Updates for Multiple Products
Situation:
Apple has released security updates to address vulnerabilities in multiple products
Problem:
An attacker could exploit some of these vulnerabilities to take control of an affected device.
Implication:
If the following issues aren’t addressed, companies’ using the notable Apple products can lose the ability to maintain their services and suffer financial hardships.
Need:
CISA encourages users and administrators to review the following advisories and apply the necessary updates:
macOS Ventura 13.3
Safari 16.4
Studio Display Firmware Update 16.4
iOS 15.7.4 and iPadOS 15.7.4
tvOS 16.4
macOS Big Sur 11.7.5
iOS 16.4 and iPadOS 16.4
macOS Monterey 12.6.4
watchOS 9.4
Additional Resources:
Apple Releases Security Updates for Multiple Products:
https://www.cisa.gov/news-events/alerts/2023/03/28/apple-releases-security-updates-multiple-products
macOS Ventura 13.3:
https://support.apple.com/en-us/HT213670
Safari 16.4:
https://support.apple.com/en-us/HT213671
Studio Display Firmware Update 16.4:
https://support.apple.com/en-us/HT213672
iOS 15.7.4 and iPadOS 15.7.4:
https://support.apple.com/en-us/HT213673
tvOS 16.4
https://support.apple.com/en-us/HT213674
macOS Big Sur 11.7.5
https://support.apple.com/en-us/HT213675
iOS 16.4 and iPadOS 16.4
https://support.apple.com/en-us/HT213676
macOS Monterey 12.6.4
https://support.apple.com/en-us/HT213677
watchOS 9.4
https://support.apple.com/en-us/HT213678