Welcome to our 6th Weekly Security News. We’ve gathered the most speculative cyber security news for you. Keep reading to learn details about this week’s security news and protect yourself proactively.
See you next week!
Table of Contents
On December 7, 2022, GitHub discovered that a series of repositories used in the planning and development of GitHub Desktop and Atom were accessed by unknown threat actors without authorization. After a comprehensive investigation, it was announced that the services were not at risk, and no unauthorized changes were made to these projects as a result of this unauthorized access.
As a result of the unauthorized access, a number of encrypted code signing certificates for GitHub Desktop and Atom applications were leaked. The certificates are password-protected, and no evidence of malicious use has been observed so far. However, if the password of the certificates is decrypted, the threat actor can act as if they have been officially created by GitHub by signing unofficial applications with these certificates.
They will cancel the open certificates used for GitHub Desktop and Atom
As a preventive measure, GitHub announced that they will cancel the open certificates used for GitHub Desktop and Atom applications. This cancellation of certificates will make some versions of GitHub Desktop for Mac and Atom invalid. However, this edit will not affect GitHub Desktop for Windows. The following versions of GitHub Desktop for Mac will be removed from use on February 2:
- 1.2
- 1.1
- 1.0
- 0.8
- 0.7
- 0.6
- 0.5
- 0.4
- 0.3
- 0.2
GitHub Atom will also stop serving the following versions on February 2:
- 63.1
- 63.0
It is recommended that users switch to previous versions of the applications that are not affected by the breach to continue using GitHub Desktop and Atom.
A recently patched critical Remote Code Execution (RCE) vulnerability in the Adobe Acrobat Reader DC software has been identified with the publication of proof-of-concept (PoC) exploitation code.
The security vulnerability, coded as CVE-2023-21608, arises from a Use-After-Free error that could cause arbitrary code execution in a current user session. The threat actor could exploit this security vulnerability by convincing users to open a specially crafted document, allowing them to use the user’s privileges to execute arbitrary code on the system or cause the application to crash.
Adobe Released the Security Bulletin for Adobe Acrobat Reader
Adobe recently patched the vulnerability through a security bulletin, but shortly after the release of the update, Hacksysteam security research announced the publication of PoC code targeting the exploitation of CVE-2023-21608 vulnerability. To avoid being targeted by attacks that could be carried out using the vulnerability and exploitation code, it is recommended that users who are using vulnerable Adobe Acrobat Reader DC versions upgrade to the current version where the vulnerability has been fixed.
A critical security vulnerability has been identified in IBM WebSphere Application Server that can cause remote code execution by threat actors.
The security vulnerability (coded as CVE-2023-23477) is caused by an incorrect authentication that occurs during data processing. A remote threat actor can execute random code on the targeted system by sending specially prepared data to the server.
IBM released a security bulletin
This vulnerability affects versions of IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server 8.5. IBM has released updates to fix the vulnerability. To avoid being targeted in attacks that can be carried out using the vulnerability, it is recommended that users of the following versions of the IBM WebSphere Application Server apply the latest updates immediately:
For IBM WebSphere Application Server users who use versions between 9.0.0.0 and 9.0.5.7:
- Apply Fix Pack 9.0.5.8 or a later version.
For IBM WebSphere Application Server users who use versions between 8.5.0.0 and 8.5.5.19:
- Apply Fix Pack 8.5.5.20 or later versions.
A critical security vulnerability has been detected in the Jira Service Management Server and Data Center solutions developed by Atlassian.
The vulnerability, coded as CVE-2023-22501, is caused by a faulty authentication control. The threat actor can exploit this vulnerability by using a specially prepared request to impersonate another user and gain access to a Jira Service Management session. The vulnerability affects the following versions:
- 3.0
- 3.1
- 3.2
- 4.0
- 4.1
- 5.0
Atlassian solved the vulnerability for Jira Service Management Server and Data Center
The vulnerability is resolved in versions 5.3.3, 5.4.2, 5.5.1, 5.6.0, and later. It is recommended that users of vulnerable versions upgrade promptly to a version that resolves the vulnerability.
