[CERT-daily] Tageszusammenfassung - 23.08.2023

Wed Aug 23 18:26:22 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 22-08-2023 18:00 − Mittwoch 23-08-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Schwachstellen im Web-Interface machen Aruba Orchestrator angreifbar ∗∗∗
---------------------------------------------
Angreifer können Arubas SD-WAN-Managementlösung EdgeConnect SD-WAN Orchestrator attackieren.
---------------------------------------------
https://heise.de/-9282524


∗∗∗ CISA warnt vor Angriffen auf Veeam-Backup-Sicherheitslücke ∗∗∗
---------------------------------------------
Die Cybersicherheitsbehörde CISA warnt vor aktuell laufenden Angriffen auf eine Veeam-Backup-Schwachstelle. Updates stehen bereit.
---------------------------------------------
https://heise.de/-9282365


∗∗∗ Die beliebteste WLAN-Glühbirne auf Amazon lässt Hacker in euer Netzwerk ∗∗∗
---------------------------------------------
Die TP-Link Tapo L530E hat Sicherheitslücken, mit denen sich Fremde Zugriff auf euer WLAN und damit auch auf die Geräte darin verschaffen können.
---------------------------------------------
https://futurezone.at/produkte/wlan-lampe-gluehbrine-amazon-hacker-tp-link-tapo-l530e/402566333


∗∗∗ Vorsicht: Gefälschte Versionen von Google Bard verbreiten Malware ∗∗∗
---------------------------------------------
Achtung vor Fake-Werbung mit Google Bard: Hinter den Links befindet sich Malware.
---------------------------------------------
https://futurezone.at/digital-life/google-bard-malware-faelschungen-fake-software-warnung/402566711


∗∗∗ More Exotic Excel Files Dropping AgentTesla, (Wed, Aug 23rd) ∗∗∗
---------------------------------------------
Excel is an excellent target for attackers. The Microsoft Office suite is installed on millions of computers, and people trust these files. If we have the classic xls, xls, xlsm file extensions, Excel supports many others! Just check your local registry: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/30150


∗∗∗ Lateral movement: A conceptual overview ∗∗∗
---------------------------------------------
I think it would help a lot of those people to look at lateral movement from a conceptual point of view, instead of trying to understand all the techniques and ways in which lateral movement is achieved. [...] The goal is to hopefully enable more people to learn about how they can restructure or design their environments to be more resilient against lateral movement.
---------------------------------------------
https://diablohorn.com/2023/08/22/lateral-movement-a-conceptual-overview/


∗∗∗ Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders. ∗∗∗
---------------------------------------------
In large metropolitan areas, tourists are often easy to spot because theyre far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior.
---------------------------------------------
https://krebsonsecurity.com/2023/08/tourists-give-themselves-away-by-looking-up-so-do-most-network-intruders/


∗∗∗ Hackergruppe CosmicBeetle verbreitet Ransomware in Europa ∗∗∗
---------------------------------------------
Gruppe verwendet das Toolset Spacecolon, um Ransomware unter ihren Opfern zu verbreiten und Lösegeld zu erpressen.
---------------------------------------------
https://www.zdnet.de/88411341/hackergruppe-cosmicbeetle-verbreitet-ransomware-in-europa/


∗∗∗ NVMe: New Vulnerabilities Made Easy ∗∗∗
---------------------------------------------
As vulnerability researchers, our primary mission is to find as many vulnerabilities as possible with the highest severity as possible. Finding vulnerabilities is usually challenging. But could there be a way, in some cases, to reach the same results with less effort?
---------------------------------------------
https://www.cyberark.com/resources/threat-research-blog/nvme-new-vulnerabilities-made-easy


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mediawiki and qt4-x11), Fedora (java-17-openjdk, linux-firmware, and python-yfinance), Red Hat (kernel, kpatch-patch, and subscription-manager), SUSE (evolution, janino, kernel, nodejs16, nodejs18, postgresql15, qt6-base, and ucode-intel), and Ubuntu (inetutils).
---------------------------------------------
https://lwn.net/Articles/942514/


∗∗∗ Google Chrome 116.0.5845.110/.111 Sicherheitsupdates ∗∗∗
---------------------------------------------
Google hat zum 22. August 2023 Updates des Google Chrome Browsers 116 im Stable Channel für Mac, Linux und Windows freigegeben. Es sind Sicherheitsupdates, die in den kommenden Wochen ausgerollt werden und 5 Schwachstellen (Einstufung als "hoch") beseitigen soll.
---------------------------------------------
https://www.borncity.com/blog/2023/08/23/google-chrome-116-0-5845-110-111-sicherheitsupdates/


∗∗∗ CVE-2022-40609 may affect IBM Java shipped with IBM CICS TX Standard ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028405


∗∗∗ CVE-2022-40609 may affect IBM Java shipped with IBM CICS TX Advanced ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028403


∗∗∗ CVE-2022-40609 may affect IBM Java shipped with IBM TXSeries for Multiplatforms ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028404


∗∗∗ Multiple vulnerabilities may affect IBM Semeru Runtime ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028407


∗∗∗ AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH (CVE-2023-40371 and CVE-2023-38408) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028420

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily