[CERT-daily] Tageszusammenfassung - 14.08.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 11-08-2023 18:00 − Montag 14-08-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ MaginotDNS attacks exploit weak checks for DNS cache poisoning ∗∗∗
---------------------------------------------
A team of researchers from UC Irvine and Tsinghua University has developed a new powerful cache poisoning attack named MaginotDNS, that targets Conditional DNS (CDNS) resolvers and can compromise entire TLDs top-level domains.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/maginotdns-attacks-exploit-weak-checks-for-dns-cache-poisoning/


∗∗∗ Phishing with hacked sites ∗∗∗
---------------------------------------------
Scammers are hacking websites powered by WordPress and placing phishing pages inside hidden directories. We share some statistics and tips on recognizing a hacked site.
---------------------------------------------
https://securelist.com/phishing-with-hacked-sites/110334/


∗∗∗ Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping ∗∗∗
---------------------------------------------
Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zooms Zero Touch Provisioning (ZTP) that could be potentially exploited by a malicious attacker to conduct remote attacks. "An external attacker who leverages the vulnerabilities discovered in AudioCodes Ltd.'s desk phones and Zoom's Zero Touch Provisioning feature can gain full remote control of the devices," SySS security researcher Moritz Abrell said in an analysis published Friday.
---------------------------------------------
https://thehackernews.com/2023/08/zoom-ztp-audiocodes-phones-flaws.html


∗∗∗ Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability ∗∗∗
---------------------------------------------
E-commerce sites using Adobes Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.
---------------------------------------------
https://thehackernews.com/2023/08/ongoing-xurum-attacks-on-e-commerce.html


∗∗∗ HAK5 BashBunny USB Gadget IoC Removal ∗∗∗
---------------------------------------------
StealthBunny is a tool designed to modify HAK5s BashBunny USB gadget kernel driver to remove possible indicators of compromise.
---------------------------------------------
https://github.com/emptynebuli/StealthBunny


∗∗∗ Microsofts Cloud-Hack: Überprüfung durch US Cyber Safety Review Board ∗∗∗
---------------------------------------------
Die Cybervorfälle der letzten Monate haben die US-Sicherheitsbehörden aufgeschreckt. Nun will sich das US Cyber Safety Review Board (CSRB) den Hack der Microsoft Cloud durch die mutmaßlich chinesische Hackergruppe Storm-0558 genauer ansehen. Der Fall war im Juli 2023 bekannt geworden und hatte wegen der Umstände Wellen geschlagen.
---------------------------------------------
https://www.borncity.com/blog/2023/08/12/microsofts-cloud-hack-berprfung-durch-us-cyber-safety-review-board/


∗∗∗ Whats New in CVSS v4 ∗∗∗
---------------------------------------------
The standard has been improved over time with the release of v1 in Feb. 2005, v2 in June 2007, and v3 in June 2015. The current version (v3.1) debuted in June 2019. Version 4 is slated for release on October 1, 2023.
---------------------------------------------
https://www.rapid7.com/blog/post/2023/08/14/whats-new-in-cvss-v4/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VU#127587: Python Parsing Error Enabling Bypass CVE-2023-24329 ∗∗∗
---------------------------------------------
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
---------------------------------------------
https://kb.cert.org/vuls/id/127587


∗∗∗ Schwachstelle in Sync 3: Infotainmentsystem von Ford ermöglicht Angriff via Wi-Fi ∗∗∗
---------------------------------------------
Das in vielen Ford-Modellen genutzte Infotainmentsystem Sync 3 hat eine Schwachstelle, durch die Angreifer böswilligen Code ausführen können.
---------------------------------------------
https://www.golem.de/news/schwachstelle-in-sync-3-infotainmentsystem-von-ford-ermoeglicht-angriff-via-wi-fi-2308-176722.html


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gst-plugins-ugly1.0, libreoffice, linux-5.10, netatalk, poppler, and sox), Fedora (chromium, ghostscript, java-1.8.0-openjdk-portable, java-11-openjdk, java-11-openjdk-portable, java-17-openjdk-portable, java-latest-openjdk-portable, kernel, linux-firmware, mingw-python-certifi, ntpsec, and php), Oracle (.NET 6.0, .NET 7.0, 15, 18, bind, bind9.16, buildah, cjose, curl, dbus, emacs, firefox, go-toolset and golang, go-toolset:ol8, grafana, iperf3, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, libcap, libeconf, libssh, libtiff, libxml2, linux-firmware, mod_auth_openidc:2.3, nodejs, nodejs:16, nodejs:18, open-vm-tools, openssh, postgresql:12, postgresql:13, python-requests, python27:2.7, python3, python38:3.8 and python38-devel:3.8, python39:3.9 and python39-devel:3.9, ruby:2.7, samba, sqlite, systemd, thunderbird, virt:ol and virt-devel:rhel, and webkit2gtk3), SUSE (docker, java-1_8_0-openj9, kernel, kernel-firmware, libyajl, nodejs14, openssl-1_0_0, poppler, and webkit2gtk3), and Ubuntu (golang-yaml.v2, intel-microcode, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux-oem-6.1, pygments, and pypdf2).
---------------------------------------------
https://lwn.net/Articles/941587/


∗∗∗ F5: K000135795 : Downfall Attacks CVE-2022-40982 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000135795


∗∗∗ F5: K000135831 : Node.js vulnerability CVE-2023-32067 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000135831


∗∗∗ A vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Scale packaged in IBM Elastic Storage System (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7025515


∗∗∗ Multiple Linux Kernel vulnerabilities may affect IBM Elastic Storage System ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7025507


∗∗∗ IBM Elastic Storage System is affected by a vulnerability in OpenSSL (CVE-2022-4450) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7025510


∗∗∗ Postgresql JDBC drivers shipped with IBM Security Verify Access have a vulnerability (CVE-2022-41946) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7014261


∗∗∗ IBM GSKit as shipped with IBM Security Verify Access has fixed a reported vulnerability (CVE-2023-32342) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7014259


∗∗∗ Security Vulnerabilities fixed in IBM Security Verify Access (CVE-2022-40303) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009741


∗∗∗ Apache Log4j Vulnerability affects Cloud Pak for Data (CVE-2021-44228) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6529302


∗∗∗ IBM PowerVM Novalink is vulnerable because flaw was found in IBM SDK, Java Technology Edition, which could allow a remote attacker to execute arbitrary code on the system caused by an unsafe deserialization flaw. (CVE-2022-40609) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7026380


∗∗∗ Kafka nodes in IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to snappy-java (CVE-2023-34453, CVE-2023-34455, CVE-2023-34454). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7026403


∗∗∗ IBM ELM affected as Java deserialization filters (JEP 290) ignored during IBM ORB deserialization (CVE-2022-40609) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7026536


∗∗∗ Vulnerability in IBM Java SDK affects WebSphere Service Registry and Repository (CVE-2022-40609) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7026489


∗∗∗ Security Vulnerabilities in JRE and Java packages affect IBM Voice Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7026553

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily