CyberScotland Bulletin

Technical Bulletin January 2023

The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Section Microsoft Patch Tuesday

Microsoft Patch Tuesday

On January 10th, 2023, Microsoft released its latest Patch Tuesday updates, addressing a total of 98 security flaws across its various products.

One of the most critical vulnerabilities addressed in this round of updates is a privilege escalation flaw in the Windows Advanced Local Procedure Call (CVE-2023-21674, CVSS score: 8.8). This vulnerability, which has been observed in the wild, could be exploited to allow an attacker to gain SYSTEM privileges after escaping from a sandbox.

Other notable vulnerabilities addressed by these updates include further privilege escalation vulnerabilities in the Windows Credential manager (CVE-2023-21726, CVSS score: 7.8) and three others affecting the Print Spooler Component  (CVE-2023-21678CVE-2023-21760, and CVE-2023-21765).

As always, it’s highly recommended to apply these updates as soon as possible to secure your systems against potential attacks.

Section Linux malware exploits in multiple WordPress Plugins

Linux malware exploits in multiple WordPress Plugins

A new strain of Linux malware is targeting WordPress sites by exploiting vulnerabilities in 30 different plugins and themes, which include WP Live Chat Support, Yuzo Related Posts, Yellow Pencil Visual CSS Style Editor, and others.

Outdated versions of these plugins lack the crucial fixes to these vulnerabilities. The targeted web pages are injected with malicious JavaScript, causing users to be redirected to other sites when they click on any area of the attacked page.

WordPress users are recommended to keep all components of the platform up to date, including third-party add-ons. Users must make sure to use strong and unique logins and passwords to secure their accounts, and multi-factor authentication wherever possible.

Section JsonWebToken Library RCE flaw fixed

JsonWebToken Library RCE flaw fixed

Auth0 recently fixed a flaw in the jsonwebtoken library, widely used in over 22,000 projects and downloaded 10 million times per week, which could lead to remote code execution. The vulnerability, tracked as CVE-2022-23529 (CVSS Score: 7.6), affects all versions below 8.5.1 and was fixed in version 9.0.0.

Exploiting the vulnerability could allow an attacker to execute arbitrary code, access and manipulate data, and gain complete control of a web server.

Section API Vulnerabilities found in 16 Major Car Brands

API Vulnerabilities found in 16 Major Car Brands

A group of seven security researchers have discovered multiple vulnerabilities in vehicles from 16 car makers, including bugs that could allow control of various car functions including engine start/stop. They also found vulnerabilities that expose customer and employee information, and allow account takeover. The vulnerabilities were found in telematics and control systems and infrastructure.

The impacted car models include Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, and Toyota. Patches were released by manufacturers after being informed of the vulnerabilities in 2022.

CiSP – The Cyber Security Information Sharing Partnership

The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK […]

Read more CiSP – The Cyber Security Information Sharing Partnership in modal dialog

Scottish Information Sharing Network (SciNET Group)

SciNet is a community for Scottish Buisnesses to engage on CiSP. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and […]

Read more Scottish Information Sharing Network (SciNET Group) in modal dialog

Early Warning Service

The NCSC provides a free service to organisations to inform them of threats against their network. This service will notify you on all cyber attacks detected by the feed suppliers against your organisation and is designed to compliment your existing […]

Read more Early Warning Service in modal dialog
Scottish Business Resilience Centre
Back to top of the page