[CERT-daily] Tageszusammenfassung - 01.08.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 31-07-2023 18:00 − Dienstag 01-08-2023 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Hackers steal Signal, WhatsApp user data with fake Android chat app ∗∗∗
---------------------------------------------
Hackers are using a fake Android app named SafeChat to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-steal-signal-whatsapp-user-data-with-fake-android-chat-app/


∗∗∗ European Bank Customers Targeted in SpyNote Android Trojan Campaign ∗∗∗
---------------------------------------------
Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023."The spyware is distributed through email phishing or smishing campaigns and the fraudulent activities are executed with a combination of remote access trojan (RAT) capabilities and vishing attack," [..]
---------------------------------------------
https://thehackernews.com/2023/08/european-bank-customers-targeted-in.html


∗∗∗ BSI-Magazin: Neue Ausgabe erschienen ∗∗∗
---------------------------------------------
In der neuen Ausgabe seines Magazins „Mit Sicherheit“ beleuchtet das Bundesamt für Sicherheit in der Informationstechnik (BSI) aktuelle Themen der Cybersicherheit. Im Fokus steht der digitale Verbraucherschutz.
---------------------------------------------
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2023/230731_BSI-Magazin_2023_01.html


∗∗∗ Kaufen Sie nicht in diesen betrügerischen Online-Apotheken ein! ∗∗∗
---------------------------------------------
Ob Schlaftabletten, Schmerz- oder Potzenmittel: Betrügerische Online-Apotheken setzen auf eine breite Produktpalette und bieten verschreibungspflichtige Medikamente ohne Rezept an. Aktuell stoßen wir auf zahlreiche solcher betrügerischen Versandapotheken. Die bestellten Waren werden oftmals gar nicht geliefert und wenn doch, müssen Konsument:innen mit wirkungslosen oder sogar mit gesundheitsschädigenden Fälschungen rechnen.
---------------------------------------------
https://www.watchlist-internet.at/news/kaufen-sie-nicht-in-diesen-betruegerischen-online-apotheken-ein/


∗∗∗ Tuesday August 8th 2023 Security Releases ∗∗∗
---------------------------------------------
The Node.js project will release new versions of the 16.x, 18.x and 20.x releases lines on or shortly after, Tuesday August 8th 2023 in order to address:
* 3 high severity issues.
* 2 medium severity issues.
* 2 low severity issues.
---------------------------------------------
https://nodejs-9c1r4fxv8-openjs.vercel.app/en/blog/vulnerability/august-2023-security-releases



=====================
=  Vulnerabilities  =
=====================

∗∗∗ TacJS - Moderately critical - Cross site scripting - SA-CONTRIB-2023-029 ∗∗∗
---------------------------------------------
Security risk: Moderately critical
This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied text leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability is mitigated by the fact that an attacker needs additional permissions. 
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-029


∗∗∗ Expandable Formatter - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-028 ∗∗∗
---------------------------------------------
Security risk: Moderately critical
This module enables you to render a field in an expandable/collapsible region. The module doesn't sufficiently sanitize the field content when displaying it to an end user. This vulnerability is mitigated by the fact that an attacker must have a role capable of creating content that uses the field formatter.
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-028


∗∗∗ Libraries UI - Moderately critical - Access bypass - SA-CONTRIB-2023-027 ∗∗∗
---------------------------------------------
Security risk: Moderately critical
This module enables a UI to display all libraries provided by modules and themes on the Drupal site. The module doesn't sufficiently protect the libraries reporting page. It curently is using the 'access content' permission and not a proper administrative/access permission.
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-027


∗∗∗ OpenSSL version 3.1.2 released ∗∗∗
---------------------------------------------
Major changes between OpenSSL 3.1.1 and OpenSSL 3.1.2 [1 Aug 2023]
- Fix excessive time spent checking DH q parameter value ([CVE-2023-3817])
- Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446])
- Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])
---------------------------------------------
https://www.openssl.org/news/openssl-3.1-notes.html


∗∗∗ OpenSSL version 3.0.10 released ∗∗∗
---------------------------------------------
Major changes between OpenSSL 3.0.9 and OpenSSL 3.0.10 [1 Aug 2023]
- Fix excessive time spent checking DH q parameter value ([CVE-2023-3817])
- Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446])
- Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])
---------------------------------------------
https://www.openssl.org/news/openssl-3.0-notes.html


∗∗∗ OpenSSL version 1.1.1v released ∗∗∗
---------------------------------------------
Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [1 Aug 2023]
- Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
- Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
---------------------------------------------
https://www.openssl.org/news/openssl-1.1.1-notes.html


∗∗∗ Xen Security Advisory 436 v1 (CVE-2023-34320) - arm: Guests can trigger a deadlock on Cortex-A77 ∗∗∗
---------------------------------------------
Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity. [..] A (malicious) guest that doesnt include the workaround for erratum 1508412 could deadlock the core. This will ultimately result to a deadlock of the system.
---------------------------------------------
https://lists.xenproject.org/archives/html/xen-announce/2023-08/msg00000.html


∗∗∗ SVD-2023-0702: Unauthenticated Log Injection In Splunk SOAR ∗∗∗
---------------------------------------------
Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action.
---------------------------------------------
https://advisory.splunk.com//advisories/SVD-2023-0702


∗∗∗ WebToffee Addresses Authentication Bypass Vulnerability in Stripe Payment Plugin for WooCommerce WordPress Plugin ∗∗∗
---------------------------------------------
Description: Stripe Payment Plugin for WooCommerce <= 3.7.7 – Authentication Bypass
Affected Plugin: Stripe Payment Plugin for WooCommerce
Plugin Slug: payment-gateway-stripe-and-woocommerce-integration
Affected Versions: <= 3.7.7
Fully Patched Version: 3.7.8
CVE ID: CVE-2023-3162
CVSS Score: 9.8 (Critical)
---------------------------------------------
https://www.wordfence.com/blog/2023/08/webtoffee-addresses-authentication-bypass-vulnerability-in-stripe-payment-plugin-for-woocommerce-wordpress-plugin/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (tiff), Fedora (curl), Red Hat (bind, ghostscript, iperf3, java-1.8.0-ibm, nodejs, nodejs:18, openssh, postgresql:15, and samba), Scientific Linux (iperf3), Slackware (mozilla and seamonkey), SUSE (compat-openssl098, gnuplot, guava, openssl-1_0_0, pipewire, python-requests, qemu, samba, and xmltooling), and Ubuntu (librsvg, openjdk-8, openjdk-lts, openjdk-17, openssh, rabbitmq-server, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/939917/


∗∗∗ Security Vulnerabilities fixed in Firefox 116 ∗∗∗
---------------------------------------------
Impact high: CVE-2023-4045, CVE-2023-4046, CVE-2023-4047, CVE-2023-4048, CVE-2023-4049, CVE-2023-4050
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/


∗∗∗ IBM Cloud Pak for Security includes components with multiple known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7015859


∗∗∗ IBM Cloud Pak for Security includes components with multiple known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7015865


∗∗∗ IBM App Connect Enterprise Certified Container operator and operands are vulnerable to arbitrary code execution due to [CVE-2023-29402] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7015871


∗∗∗ IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Google PubSub nodes are vulnerable to arbitrary code execution due to [CVE-2023-36665] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7015873


∗∗∗ IBM Robotic Process Automation for Cloud Pak is vulnerable to cross-protocol attacks due to sendmail (CVE-2021-3618) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7013521


∗∗∗ Vulnerabilities in Node.js affects IBM Voice Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7013909


∗∗∗ IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to use of IBM SDK Java Technology Edition, Version 8 (CVE-2023-21967, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7015879


∗∗∗ IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl-libs, libssh, libarchive, sqlite and go-toolset ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7016688


∗∗∗ Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7016660


∗∗∗ IBM PowerVM Novalink is vulnerable because RESTEasy could allow a local authenticated attacker to gain elevated privileges on the system, caused by the creation of insecure temp files in the File. (CVE-2023-0482) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7016690


∗∗∗ IBM PowerVM Novalink is vulnerable because An unspecified vulnerability in Oracle Java SE. (CVE-2023-21930) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7016696


∗∗∗ IBM PowerVM Novalink is vulnerable because GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer overflow. (CVE-2023-28867) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7016698


∗∗∗ Multiple Vulnerabilities in Rational Synergy 7.2.2.5 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7014913


∗∗∗ Vulnerability in Rational Change 5.3.2 Fix Pack 05 and earlier versions. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7014915


∗∗∗ Multiple Vulnerabilities in Rational Change 5.3.2 Fix Pack 05 and earlier versions. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7014917


∗∗∗ Multiple Vulnerabilities in Rational Synergy 7.2.2 Fix Pack 05 and earlier versions. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7014919


∗∗∗ The IBM Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to spoofing - CVE-2022-39161 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010669


∗∗∗ The IBM Engineering Lifecycle Engineering product using IBM WebSphere Application Server traditional is vulnerable to an XML External Entity (XXE) Injection vulnerability - CVE-2023-27554 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7016810


∗∗∗ CVE-2022-40609 affects IBM SDK, Java Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7017032


∗∗∗ The IBM Engineering Lifecycle Engineering products using IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks. (CVE-2023-30441) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7015777


∗∗∗ IBM Cloud Pak for Security includes components with multiple known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7015859


∗∗∗ IBM Cloud Pak for Security includes components with multiple known vulnerabilities (CVE-2023-24998 , CVE-2022-31129) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7015061


∗∗∗ IBM Robotic Process Automation is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes (CVE-2023-23476) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7017490


∗∗∗ Decision Optimization for Cloud Pak for Data is vulnerable to a server-side request forgery (CVE-2023-28155). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7017586


∗∗∗ IBM Event Streams is affected by a vulnerability in Node.js Request package (CVE-2023-28155) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7017628


∗∗∗ IBM Event Streams is affected by a vulnerability in Golang Go (CVE-2023-29406) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7017634


∗∗∗ ​APSystems Altenergy Power Control ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-213-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily