[CERT-daily] Tageszusammenfassung - 22.08.2023

Tue Aug 22 18:10:05 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 21-08-2023 18:00 − Dienstag 22-08-2023 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Sneaky Amazon Google ad leads to Microsoft support scam ∗∗∗
---------------------------------------------
A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks up their browser.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/sneaky-amazon-google-ad-leads-to-microsoft-support-scam/


∗∗∗ Akira ransomware targets Cisco VPNs to breach organizations ∗∗∗
---------------------------------------------
Theres mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal, and eventually encrypt data.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/akira-ransomware-targets-cisco-vpns-to-breach-organizations/


∗∗∗ Security review for Microsoft Edge version 116 ∗∗∗
---------------------------------------------
We are pleased to announce the security review for Microsoft Edge, version 116!   We have reviewed the new settings in Microsoft Edge version 116 and determined that there are no additional security settings that require enforcement. The Microsoft Edge version 114 security baseline continues to be our recommended configuration which can be downloaded from the Microsoft Security Compliance Toolkit.
---------------------------------------------
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-review-for-microsoft-edge-version-116/ba-p/3905425


∗∗∗ New Variant of XLoader macOS Malware Disguised as OfficeNote Productivity App ∗∗∗
---------------------------------------------
A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote.""The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg," SentinelOne security researchers Dinesh Devadoss and Phil Stokes said in a Monday analysis.
---------------------------------------------
https://thehackernews.com/2023/08/new-variant-of-xloader-macos-malware.html


∗∗∗ CISA, NSA, and NIST Publish Factsheet on Quantum Readiness ∗∗∗
---------------------------------------------
Today, [CISA, NSA, NIST] released a joint factsheet, Quantum-Readiness: Migration to Post-Quantum Cryptography (PQC), to inform organizations—especially those that support Critical Infrastructure—of the impacts of quantum capabilities, and to encourage the early planning for migration to post-quantum cryptographic standards by developing a Quantum-Readiness Roadmap.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/08/21/cisa-nsa-and-nist-publish-factsheet-quantum-readiness


∗∗∗ Exploitation of Openfire CVE-2023-32315 ∗∗∗
---------------------------------------------
This vulnerability has flown under the radar on the defensive side of the industry. CVE-2023-32315 has been exploited in the wild, but you won’t find it in the CISA KEV catalog. There has also been minimal discussion about indicators of compromise and very few detections (although to their credit, Ignite Realtime put out patches and a great mitigation guide back in May).
---------------------------------------------
https://vulncheck.com/blog/openfire-cve-2023-32315


∗∗∗ Kritische Sicherheitslücke in Ivanti Sentry wird bereits missbraucht ∗∗∗
---------------------------------------------
Ivanti schließt in Sentry, vormals MobileIron Sentry, eine kritische Sicherheitslücke. Sie wird bereits angegriffen.
---------------------------------------------
https://heise.de/-9278280


∗∗∗ Facebook: Vorsicht vor Fake-Gewinnspielen von Kronehit und Radio Arabella ∗∗∗
---------------------------------------------
Kriminelle erstellen auf Facebook Fake-Profile von österreichischen Radiomoderator:innen. Betroffen sind aktuell Melanie See von Radio Arabella und Christian Mederitsch von Kronehit. Auf den Fake-Profilen werden betrügerische Gewinnspiele verbreitet. „Gewinner:innen“ werden per Kommentar benachrichtigt und müssen dann einen Link aufrufen oder dem Fake-Profil eine Privatnachricht schreiben. Melden Sie das Fake-Gewinnspiel und antworten Sie nicht!
---------------------------------------------
https://www.watchlist-internet.at/news/facebook-vorsicht-vor-fake-gewinnspielen-von-kronehit-und-radio-arabella/


∗∗∗ This AI-generated crypto invoice scam almost got me, and Im a security pro ∗∗∗
---------------------------------------------
Even a tech pro can fall for a well-laid phishing trap. Heres what happened to me - and how you can avoid a similar fate, too.
---------------------------------------------
https://www.zdnet.com/article/this-ai-generated-crypto-invoice-scam-almost-got-me-and-im-a-security-pro/#ftag=RSSbaffb68


∗∗∗ Verbraucherzentrale warnt vor Fake-Paypal-Betrugsanrufen ∗∗∗
---------------------------------------------
Ich nehme mal die Warnung vor einer Betrugsmasche hier mit im Blog auf, vor der die Verbraucherzentrale Baden-Württemberg aktuell warnt. Betrüger versuchen wohl über Call Center Opfer in Deutschland mit Schockanrufen über den Tisch zu ziehen.
---------------------------------------------
https://www.borncity.com/blog/2023/08/22/verbraucherzentrale-warnt-vor-fake-paypal-betrugsanrufen/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ TP-Link smart bulbs can let hackers steal your WiFi password ∗∗∗
---------------------------------------------
Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Links Tapo app, which could allow attackers to steal their targets WiFi password.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/tp-link-smart-bulbs-can-let-hackers-steal-your-wifi-password/


∗∗∗ McAfee Security Bulletin – McAfee Safe Connect update fixes Privilege Escalation vulnerability (CVE-2023-40352) ∗∗∗
---------------------------------------------
This Security Bulletin describes a vulnerability in a McAfee program, and provides ways to remediate (fix) the issue or mitigate (minimize) its impact.
---------------------------------------------
https://www.mcafee.com/support/?articleId=TS103462&page=shell&shell=article-view


∗∗∗ Hitachi Energy AFF66x ∗∗∗
---------------------------------------------
CVSS v3 9.6
Successful exploitation of these vulnerabilities could allow an attacker to compromise availability, integrity, and confidentiality of the targeted devices.
CVE-2021-43523, CVE-2020-13817, CVE-2020-11868, CVE-2019-11477, CVE-2022-3204, CVE-2018-18066
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-234-01


∗∗∗ Rockwell Automation ThinManager ThinServer ∗∗∗
---------------------------------------------
CVSS v3 9.8
Rockwell Automation reports this vulnerability affects the following versions of ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software
CVE-2023-2914, CVE-2023-2915, CVE-2023-2917
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-234-03


∗∗∗ Trane Thermostats ∗∗∗
---------------------------------------------
CVSS v3 6.8 
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as root using a specially crafted filename.
CVE-2023-4212
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-234-02


∗∗∗ Jetzt patchen! Angreifer schieben Schadcode durch Lücke in Adobe ColdFusion ∗∗∗
---------------------------------------------
Angreifer attackieren Adobes Middleware ColdFusion. Sicherheitsupdates sind verfügbar.
---------------------------------------------
https://heise.de/-9278446


∗∗∗ K000135921 : Python urllib.parse vulnerability CVE-2023-24329 ∗∗∗
---------------------------------------------
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
---------------------------------------------
https://my.f5.com/manage/s/article/K000135921?utm_source=f5support&utm_medium=RSS


∗∗∗ Critical Privilege Escalation Vulnerability in Charitable WordPress Plugin Affects Over 10,000 sites ∗∗∗
---------------------------------------------
After providing full disclosure details, the developer released a patch on August 17, 2023. We would like to commend the WP Charitable Team for their prompt response and timely patch, which was released in just one day.
We urge users to update their sites with the latest patched version of Charitable, which is version 1.7.0.13 at the time of this writing, as soon as possible.
---------------------------------------------
https://www.wordfence.com/blog/2023/08/critical-privilege-escalation-vulnerability-in-charitable-wordpress-plugin-affects-over-10000-sites/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (intel-microcode, lxc, and zabbix), Fedora (clamav), SUSE (python-configobj), and Ubuntu (clamav).
---------------------------------------------
https://lwn.net/Articles/942405/


∗∗∗ IBM Robotic Process Automation is vulnerable to exposure of sensitive information in application logs (CVE-2023-38732) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028221


∗∗∗ IBM Robotic Process Automation is vulnerable to information disclosure of script content (CVE-2023-40370) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028218


∗∗∗ Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028226


∗∗∗ IBM Robotic Process Automation is vulnerable to sensitive information disclosure in installation logs (CVE-2023-38733) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028223


∗∗∗ A vulnerability in urlib3 affects IBM Robotic Process Automation for Cloud Pak which may result in CRLF injection (CVE-2020-26137). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028229


∗∗∗ Multiple security vulnerabilities in .NET may affect IBM Robotic Process Automation for Cloud Pak (CVE-2023-24936, CVE-2023-29337, CVE-2023-33128) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028228


∗∗∗ IBM Robotic Process Automation is vulnerable to incorrect privilege assignment when importing user from an LDAP directory (CVE-2023-38734). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028227


∗∗∗ AWS SDK for Java as used by IBM QRadar SIEM is vulnerable to path traversal (CVE-2022-31159) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7027598


∗∗∗ IBM Decision Optimization for Cloud Pak for Data is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6551376


∗∗∗ IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6551326


∗∗∗ IBM Informix JDBC Driver Is Vulnerable to Remote Code Execution (CVE-2023-27866) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7007615


∗∗∗ Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2022-21282, CVE-2022-21296, CVE-2022-21299) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6565069


∗∗∗ A Unspecified Java Vulnerability is affecting Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2021-35550) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6594121


∗∗∗ Vulnerabilities in Linux kernel, libssh, and Java can affect IBM Spectrum Protect Plus ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028316


∗∗∗ Vulnerabilities in Oracle Java and the IBM Java SDK (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968 and CVE-2023-21937 ) affect Power HMC ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028209


∗∗∗ Multiple Vulnerabilities in IBM\u00ae Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2023 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028350

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily