[CERT-daily] Tageszusammenfassung - 25.08.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 24-08-2023 18:00 − Freitag 25-08-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Auch Antivirensoftware: Winrar-Schwachstelle betrifft Hunderte weitere Programme ∗∗∗
---------------------------------------------
Nicht nur alte Winrar-Versionen sind für eine jüngst gepatchte Sicherheitslücke anfällig, sondern auch zahlreiche weitere Anwendungen.
---------------------------------------------
https://www.golem.de/news/auch-antivirensoftware-winrar-schwachstelle-betrifft-hunderte-weitere-programme-2308-177086.html


∗∗∗ FBI-Warnung: Barracuda ESG-Appliances noch immer bedroht, umgehend entfernen ∗∗∗
---------------------------------------------
Das FBI warnt vor den Barracuda-ESG-Schwachstellen, die Ende Mai bekannt wurden. Es geht davon aus, dass alle Geräte kompromittiert seien.
---------------------------------------------
https://heise.de/-9284695


∗∗∗ „Mammutjagd“ auf Online-Marktplätze ∗∗∗
---------------------------------------------
Mit dem Toolset "Telekopye" können auch technisch wenig versierte Hacker auf Online-Marktplätzen Jagd auf ahnungslose Käufer – im Gauner-Slang "Mammut" - machen.
---------------------------------------------
https://www.zdnet.de/88411400/mammutjagd-auf-online-marktplaetze/


∗∗∗ Jupiter X Core WordPress plugin could let hackers hijack sites ∗∗∗
---------------------------------------------
Two vulnerabilities affecting some version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow hijacking accounts and uploading files without authentication.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/jupiter-x-core-wordpress-plugin-could-let-hackers-hijack-sites/


∗∗∗ Python Malware Using Postgresql for C2 Communications, (Fri, Aug 25th) ∗∗∗
---------------------------------------------
For modern malware, having access to its C2 (Command and control) is a crucial point. There are many ways to connect to a C2 server using tons of protocols, but today, HTTP remains very common because HTTP is allowed on most networks...
---------------------------------------------
https://isc.sans.edu/diary/rss/30158


∗∗∗ Playing Dominos with Moodles Security (1/2) ∗∗∗
---------------------------------------------
This is the first blog in a two-part series where we will present our findings on a Moodle security audit we conducted. We were drawn to researching the security aspect of the framework due to its popularity, with the goal of contributing to a safer internet. In this first article, we demonstrate how an unauthenticated attacker can leverage a vulnerability with a supposedly low impact to gain full control over the Moodle instance.
---------------------------------------------
https://www.sonarsource.com/blog/playing-dominos-with-moodles-security-1/


∗∗∗ A broken marriage. Abusing mixed vendor Kerberos stacks ∗∗∗
---------------------------------------------
*nix based servers and services can be joined to Active Directory networks in the same way as their Windows counterparts. This is usually facilitated through the MIT or Heimdal Kerberos stacks. Kerberos is designed as an authentication-based protocol therefore authorisation decisions are implemented independently to the Kerberos protocol itself. Due to this, different vendor stacks behave differently on how authorisation decisions are made.
---------------------------------------------
https://www.pentestpartners.com/security-blog/a-broken-marriage-abusing-mixed-vendor-kerberos-stacks/


∗∗∗ A Beginner’s Guide to Adversary Emulation with Caldera ∗∗∗
---------------------------------------------
The target audience for this blog post is individuals who have a basic understanding of cybersecurity concepts and terminology and looking to expand their knowledge on adversary emulation. This post delves into the details of adversary emulation with the Caldera framework exploring the benefits it offers.
---------------------------------------------
https://blog.nviso.eu/2023/08/25/a-beginners-guide-to-adversary-emulation-with-caldera/


∗∗∗ Analysis of MS-SQL Server Proxyjacking Cases ∗∗∗
---------------------------------------------
AhnLab Security Emergency response Center (ASEC) has recently discovered cases of proxyjacking targeting poorly managed MS-SQL servers. Publicly accessible MS-SQL servers with simple passwords are one of the main attack vectors used when targeting Windows systems. Typically, threat actors target poorly managed MS-SQL servers and attempt to gain access through brute force or dictionary attacks. If successful, they install malware on the infected system.
---------------------------------------------
https://asec.ahnlab.com/en/56350/


∗∗∗ Stories from the SOC - Unveiling the stealthy tactics of Aukill malware ∗∗∗
---------------------------------------------
On April 21st, 2023, AT&T Managed Extended Detection and Response (Managed XDR) investigated an attempted ransomware attack on one of our clients, a home improvement business. The investigation revealed the attacker used AuKill malware on the clients print server to disable the servers installed endpoint detection and response (EDR) solution by brute-forcing an administrator account and downgrading a driver to a vulnerable version.
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-silent-sabotage-unveiling-the-stealthy-tactics-of-aukill-malware



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Maxon Cinema 4D SKP File Parsing vulnerabilities ∗∗∗
---------------------------------------------
CVSS Score: 7.8 
CVE-2023-40482, CVE-2023-40483, CVE-2023-40486, CVE-2023-40485, CVE-2023-40484, CVE-2023-40488, CVE-2023-4049[0], CVE-2023-40491, CVE-2023-40487, CVE-2023-40489 
Mitigation: Given the nature of the [vulnerabilities], the only salient mitigation strategy is to restrict interaction with the application.
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/


∗∗∗ (0Day) LG Simple Editor vulnerabilities ∗∗∗
---------------------------------------------
CVSS Scores: 6.5-9.8 
CVE-2023-40502, CVE-2023-40513, CVE-2023-40514, CVE-2023-40515, CVE-2023-40492, CVE-2023-40493, CVE-2023-40494, CVE-2023-40495, CVE-2023-40496, CVE-2023-40497, CVE-2023-40498, CVE-2023-40499, CVE-2023-40500, CVE-2023-40503, CVE-2023-40503, CVE-2023-40504, CVE-2023-40505, CVE-2023-40506, CVE-2023-40507, CVE-2023-40508, CVE-2023-40509, CVE-2023-40510, CVE-2023-40511, CVE-2023-40512, CVE-2023-40501, CVE-2023-40516 
[...] they do not have plans to fix the [vulnerabilities]
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/


∗∗∗ (0Day) LG SuperSign Media Editor vulnerabilities ∗∗∗
---------------------------------------------
CVSS Scores: 5.3-7.5 
CVE-2023-40517, CVE-2023-41181 
The vendor states that they do not have plans to fix the [vulnerabilities] now or in the future. [...] Given the nature of the [vulnerabilities], the only salient mitigation strategy is to restrict interaction with the application.
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/


∗∗∗ QNap: [Vulnerabilities] in QTS and QuTS hero ∗∗∗
---------------------------------------------
CVE-2023-34971, CVE-2023-34973, CVE-2023-34972 
Affected products: QTS 5.1.0, 5.0.1, 4.5.4; QuTS hero h5.1.0, h4.5.4 
We have already fixed the [vulnerabilities] in the following operating system versions: * QTS 5.1.0.2444 build 20230629 and later * QTS 5.0.1.2425 build 20230609 and later * QTS 4.5.4.2467 build 20230718 and later * QuTS hero h5.1.0.2424 build 20230609 and later * QuTS hero h4.5.4.2476 build 20230728 and later
---------------------------------------------
https://www.qnap.com/en-us/security-advisories?ref=security_advisory_details


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (tryton-server), Fedora (youtube-dl), SUSE (clamav and krb5), and Ubuntu (cjose and fastdds).
---------------------------------------------
https://lwn.net/Articles/942766/


∗∗∗ ZDI-23-1224: LG LED Assistant updateFile Directory Traversal Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-23-1224/


∗∗∗ ZDI-23-1223: LG LED Assistant thumbnail Directory Traversal Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-23-1223/


∗∗∗ ZDI-23-1222: LG LED Assistant setThumbnailRc Directory Traversal Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-23-1222/


∗∗∗ ZDI-23-1221: LG LED Assistant upload Directory Traversal Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-23-1221/


∗∗∗ IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-30435, CVE-2023-30436, CVE-2023-30437) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028506


∗∗∗ ISC BIND on IBM i is vulnerable to denial of service due to a memory usage flaw (CVE-2023-2828) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7017974


∗∗∗ Multiple vulnerabilities found in IBM Java which is shipped with IBM Intelligent Operations Center(CVE-2022-21541, CVE-2022-21540) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028934


∗∗∗ IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service due to [CVE-2023-26115] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028936


∗∗∗ IBM Spectrum Copy Data Management uses weaker than expected cryptographic algorithms ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028841

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily