[CERT-daily] Tageszusammenfassung - 07.08.2023

Mon Aug 7 19:41:12 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 04-08-2023 18:00 − Montag 07-08-2023 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers ∗∗∗
---------------------------------------------
Vulnerable Redis services have been targeted by a "new, improved, dangerous" variant of a malware called SkidMap thats engineered to target a wide range of Linux distributions. "The malicious nature of this malware is to adapt to the system on which it is executed," Trustwave security researcher Radoslaw Zdonczyk said in an analysis published last week.
---------------------------------------------
https://thehackernews.com/2023/08/new-skidmap-redis-malware-variant.html


∗∗∗ New 'Deep Learning Attack' Deciphers Laptop Keystrokes with 95% Accuracy ∗∗∗
---------------------------------------------
A group of academics has devised a "deep learning-based acoustic side-channel attack" that can be used to classify laptop keystrokes that are recorded using a nearby phone with 95% accuracy. "When trained on keystrokes recorded using the video conferencing software Zoom, an accuracy of 93% was achieved, a new best for the medium," researchers Joshua Harrison, Ehsan Toreini, and Maryam Mehrnezhad said in a new study published last week.
---------------------------------------------
https://thehackernews.com/2023/08/new-deep-learning-attack-deciphers.html


∗∗∗ Technical Summary of Observed Citrix CVE-2023-3519 Incidents ∗∗∗
---------------------------------------------
The Shadowserver Foundation and trusted partners have observed three different malicious campaigns that have exploited CVE-2023-3519, a code injection vulnerability rated CVSS 9.8 critical in Citrix NetScaler ADC and NetScaler Gateway. [...] Please ensure you follow the detection and hunting steps provided for signs of possible compromise and webshell presence.
---------------------------------------------
https://www.shadowserver.org/news/technical-summary-of-observed-citrix-cve-2023-3519-incidents/


∗∗∗ Security-Bausteine, Teil 5: Vier Stufen – Risiko und Security Levels ∗∗∗
---------------------------------------------
Das Einrichten des IT-Schutzes bedeutet häufig langwierige Prozesse. Abhilfe schaffen die Security Levels zum Absichern gegen potenzielle Angreiferklassen.
---------------------------------------------
https://heise.de/-9220500


∗∗∗ Vernetzte Geräte: EU gewährt Aufschub für höhere Cybersicherheit ∗∗∗
---------------------------------------------
Die EU wollte Hersteller von Smartphones, Wearables & Co. ab 2024 zu deutlich mehr IT-Sicherheit und Datenschutz verpflichten. Doch jetzt gibt es Aufschub.
---------------------------------------------
https://heise.de/-9235663


∗∗∗ Zutatenliste: BSI stellt Regeln zum Absichern der Software-Lieferkette auf ∗∗∗
---------------------------------------------
Das BSI hat eine Richtlinie für Software Bills of Materials (SBOM) herausgegeben. Solche Übersichtslisten sollen Sicherheitsdebakeln wie Log4J entgegenwirken.
---------------------------------------------
https://heise.de/-9235853


∗∗∗ Visualizing Qakbot Infrastructure Part II: Uncharted Territory ∗∗∗
---------------------------------------------
A Data-Driven Approach Based on Analysis of Network Telemetry - In this blog post, we will provide an update on our high-level analysis of...
---------------------------------------------
https://www.team-cymru.com/post/visualizing-qakbot-infrastructure-part-ii-uncharted-territory


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Kritische RCE-Schwachstelle CVE-2023-39143 in PaperCut vor Version 22.1.3 ∗∗∗
---------------------------------------------
Wer die Druck-Management-Lösung Papercut MF/NG im Einsatz hat, sollte das Produkt dringend patchen. Eine gerade bekannt gewordene kritische RCE-Schwachstelle CVE-2023-39143 ermöglicht die Übernahme der PaperCut-Server. Der Anbieter hat bereits einen entsprechenden Sicherheitspatch zum Beseitigen der Schwachstelle veröffentlicht.
---------------------------------------------
https://www.borncity.com/blog/2023/08/05/kritische-rce-schwachstelle-cve-2023-39143-in-papercut-vor-version-22-1-3/


∗∗∗ Sicherheitsupdates: Angreifer können Drucker von HP und Samsung attackieren ∗∗∗
---------------------------------------------
Einige Drucker-Modelle von HP und Samsung sind verwundbar. Sicherheitsupdates lösen das Problem.
---------------------------------------------
https://heise.de/-9236703


∗∗∗ VU#947701: Freewill Solutions IFIS new trading web application vulnerable to unauthenticated remote code execution ∗∗∗
---------------------------------------------
Freewill Solutions IFIS new trading web application version 20.01.01.04 is vulnerable to unauthenticated remote code execution. Successful exploitation of this vulnerability allows an attacker to run arbitrary shell commands on the affected host. [...] The CERT/CC is currently unaware of a practical solution to this problem. [...] We have not received a statement from the vendor.
---------------------------------------------
https://kb.cert.org/vuls/id/947701


∗∗∗ ZDI-23-1017: Extreme Networks AP410C Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Extreme Networks AP410C routers. Authentication is not required to exploit this vulnerability.
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-23-1017/


∗∗∗ Triangle MicroWorks SCADA Data Gateway: Multiple Vulnerabilities ∗∗∗
---------------------------------------------
CVE: CVE-2023-39458, CVE-2023-39459, CVE-2023-39460, CVE-2023-39461, CVE-2023-39462, CVE-2023-39463, CVE-2023-39464, CVE-2023-39465, CVE-2023-39466, CVE-2023-39467, CVE-2023-39468, CVE-2023-39457 CVSS Scores: <= 9.8 See also https://www.zerodayinitiative.com/advisories/published/
---------------------------------------------
https://www.trianglemicroworks.com/products/scada-data-gateway/whats-new


∗∗∗ CVE-2023-35082 - Vulnerability affecting EPMM and MobileIron Core ∗∗∗
---------------------------------------------
On 2 August 2023 at 10:00 MDT, Ivanti reported CVE-2023-35082. This vulnerability, which was originally discovered in MobileIron Core had not been previously identified as a vulnerability [...] Ivanti has continued its investigation and has found additional paths to exploiting CVE-2023-35082 depending on configuration of the Ivanti Endpoint Manager Mobile (EPMM) appliance. This impacts all versions of EPMM 11.10, 11.9 and 11.8 and MobileIron Core 11.7 and below.
---------------------------------------------
https://www.ivanti.com/blog/vulnerability-affecting-mobileiron-core-11-2-and-older


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (burp, chromium, ghostscript, openimageio, pdfcrack, python-werkzeug, thunderbird, and webkit2gtk), Fedora (amanda, libopenmpt, llhttp, samba, seamonkey, and xen), Red Hat (thunderbird), Slackware (mozilla and samba), and SUSE (perl-Net-Netmask, python-Django1, trytond, and virtualbox).
---------------------------------------------
https://lwn.net/Articles/940682/


∗∗∗ AUMA: SIMA Master Station affected by WRECK vulnerability ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-028/


∗∗∗ AUMA: Reflected Cross-Site Scripting Vulnerability in SIMA Master Stations ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-027/


∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2023-27554) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7020515


∗∗∗ An unauthorized attacker who has obtained an IBM Watson IoT Platform security authentication token can use it to impersonate an authorized platform user (CVE-2023-38372) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7020635


∗∗∗ ISC BIND on IBM i is vulnerable to denial of service due to a memory usage flaw (CVE-2023-2828) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7017974


∗∗∗ IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to FasterXML jackson-databind [CVE-2022-42003, CVE-2022-42004] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7020695


∗∗∗ IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to JetBrains Kotlin weak security [CVE-2022-24329] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7020659


∗∗∗ IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to JCommander [X-Force ID: 221124] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7020636


∗∗∗ Timing Oracle in RSA Decryption issue may affect GSKit shipped with IBM CICS TX Standard ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7022413


∗∗∗ Timing Oracle in RSA Decryption issue may affect GSKit shipped with IBM CICS TX Advanced ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7022414


∗∗∗ A vulnerability has been identified in the IBM Storage Scale GUI where a remote authenticated user can execute commands (CVE-2023-33201) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7022431

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily