[CERT-daily] Tageszusammenfassung - 05.12.2023

Tue Dec 5 18:58:03 CET 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 04-12-2023 18:00 − Dienstag 05-12-2023 18:00
Handler:     Robert Waldner
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Unpatched Loytec Building Automation Flaws Disclosed 2 Years After Discovery ∗∗∗
---------------------------------------------
Industrial cybersecurity firm TXOne Networks has disclosed the details of 10 unpatched vulnerabilities discovered by its researchers in building automation products made by Austrian company Loytec more than two years ago.
---------------------------------------------
https://www.securityweek.com/unpatched-loytec-building-automation-flaws-disclosed-2-years-after-discovery/


∗∗∗ BlueNoroff: new Trojan attacking macOS users ∗∗∗
---------------------------------------------
BlueNoroff has been attacking macOS users with a new loader that delivers unknown malware to the system.
---------------------------------------------
https://securelist.com/bluenoroff-new-macos-malware/111290/


∗∗∗ Zarya Hacktivists: More than just Sharepoint., (Mon, Dec 4th) ∗∗∗
---------------------------------------------
Zarya isn't exactly the type of threat you should be afraid of, but it is sad how these groups can still be effective due to organizations exposing unpatched or badly configured systems to the internet. Most of the attacks sent by Zarya will not succeed even if they hit a vulnerable system. For some added protection, you may consider blocking some of the Aeza network's traffic after ensuring that this network hosts no critical resources you need. Aeza uses ASN 210644.
---------------------------------------------
https://isc.sans.edu/diary/rss/30450


∗∗∗ Warning for iPhone Users: Experts Warn of Sneaky Fake Lockdown Mode Attack ∗∗∗
---------------------------------------------
A new "post-exploitation tampering technique" can be abused by malicious actors to visually deceive a target into believing that their Apple iPhone is running in Lockdown Mode when its actually not and carry out covert attacks.
---------------------------------------------
https://thehackernews.com/2023/12/warning-for-iphone-users-experts-warn.html


∗∗∗ Sicherheitslücke in iOS 16 soll angeblich leichteres Auslesen ermöglichen ∗∗∗
---------------------------------------------
In Moskau streiten sich zwei Forensikfirmen wegen gestohlenem Programmcode. Dieser aber offenbart eine mögliche neue Sicherheitslücke im iPhone-Betriebssystem.
---------------------------------------------
https://www.heise.de/-9548725


∗∗∗ OSINT. What can you find from a domain or company name ∗∗∗
---------------------------------------------
To help OPSEC people I thought it might be useful to go over some of the key things that can be found using domain and company names.
---------------------------------------------
https://www.pentestpartners.com/security-blog/osint-what-can-you-find-from-a-domain-or-company-name/


∗∗∗ Viele Beschwerden zu luckyluna.de ∗∗∗
---------------------------------------------
luckyluna.de bietet handgezeichnete Tierportraits. Sie laden ein Foto Ihres Tieres hoch, es wird gezeichnet und Sie erhalten das Bild entweder digital oder auf einer Leinwand – so zumindest das Versprechen. Verärgerte Kund:innen beschweren sich aber, dass die Bilder nicht handgezeichnet sind, sondern die „handgefertigten Portraits“ nur mit Hilfe eines Bildbearbeitungsprogramms erstellt werden.
---------------------------------------------
https://www.watchlist-internet.at/news/viele-beschwerden-zu-luckylunade/


∗∗∗ Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers ∗∗∗
---------------------------------------------
This CSA provides network defenders with tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and methods to detect and protect against similar exploitation.
---------------------------------------------
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Patchday Android: Android 11, 12, 13 und 14 für Schadcode-Attacken anfällig ∗∗∗
---------------------------------------------
Angreifer können Android-Smartphones und -Tablets verschiedener Hersteller ins Visier nehmen. Für einige Geräte gibt es Sicherheitsupdates.
---------------------------------------------
https://www.heise.de/-9548839


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (roundcube), Fedora (java-latest-openjdk), Mageia (libqb), SUSE (python-Django1), and Ubuntu (request-tracker4).
---------------------------------------------
https://lwn.net/Articles/953783/


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2023-0011 ∗∗∗
---------------------------------------------
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE identifiers: CVE-2023-42916, CVE-2023-42917.
---------------------------------------------
https://webkitgtk.org/security/WSA-2023-0011.html


∗∗∗ Security updates for Ivanti Connect Secure and Ivanti Policy Secure ∗∗∗
---------------------------------------------
We are reporting the Ivanti Connect Secure issues as CVE-2023-39340, CVE-2023-41719 and CVE-2023-41720, and Ivanti Policy Secure issue as CVE-2023-39339. We encourage customers to download the latest releases of ICS and IPS to remediate the issues.
---------------------------------------------
https://www.ivanti.com/blog/security-updates-for-ivanti-connect-secure-and-ivanti-policy-secure


∗∗∗ SonicWall SSL-VPN SMA100 Version 10.x Is Affected By Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018


∗∗∗ Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Packet Validation Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-Y88QOm77


∗∗∗ Wago: Vulnerabilities in IEC61850 Server / Telecontrol ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-044/


∗∗∗ Wago: Vulnerability in Smart Designer Web-Application ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-045/


∗∗∗ CODESYS: Multiple products affected by WIBU Codemeter vulnerability ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-035/


∗∗∗ CODESYS: OS Command Injection Vulnerability in multiple CODESYS Control products ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-066/


∗∗∗ Pilz : WIBU Vulnerabilitiy in multiple Products (Update A) ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-033/


∗∗∗ Pilz: Electron Vulnerabilities in PASvisu and PMI v8xx ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-059/


∗∗∗ Pilz: Multiple products prone to libwebp vulnerability ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-048/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-339-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily