[CERT-daily] Tageszusammenfassung - 03.07.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 30-06-2023 18:00 − Montag 03-07-2023 18:00
Handler:     Robert Waldner
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Beware: New RustBucket Malware Variant Targeting macOS Users ∗∗∗
---------------------------------------------
"This variant of RustBucket, a malware family that targets macOS systems, adds persistence capabilities not previously observed," Elastic Security Labs researchers said in a report published this week, adding it's "leveraging a dynamic network infrastructure methodology for command-and-control."
---------------------------------------------
https://thehackernews.com/2023/07/beware-new-rustbucket-malware-variant.html


∗∗∗ Entschlüsselungstool: Sicherheitsforscher knacken Akira-Ransomware ∗∗∗
---------------------------------------------
Stimmten die Voraussetzungen, können Opfer des Erpressungstrojaner Akira ohne Lösegeld zu zahlen auf ihre Daten zugreifen.
---------------------------------------------
https://heise.de/-9204932


∗∗∗ Vorsicht vor Malvertising: Fake-WinSCP-Tool verbreitet BackCat-Ransomware ∗∗∗
---------------------------------------------
Die Hintermänner des Verschlüsselungstrojaners BlackCat (aka ALPHV) setzen auf einen weiteren Verbreitungsweg.
---------------------------------------------
https://heise.de/-9204958


∗∗∗ Vorsicht vor gefälschten Polizei-Mails ∗∗∗
---------------------------------------------
Aktuell geben sich Kriminelle per E-Mail als Polizei aus. Im Mail steht, dass Sie in der Anlage Ihre Einberufung finden und innerhalb von 48 Stunden antworten müssen. Ansonsten droht Ihnen eine Festnahme. Ignorieren Sie dieses E-Mail, es handelt sich um Betrug!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschten-polizei-mails/


∗∗∗ CVE-2023-20864: Remote Code Execution in VMware Aria Operations for Logs ∗∗∗
---------------------------------------------
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Jonathan Lein and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in VMware Aria Operations for Logs (formerly vRealize).
---------------------------------------------
https://www.zerodayinitiative.com/blog/2023/6/29/cve-2023-20864-remote-code-execution-in-vmware-aria-operations-for-logs



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdates: Schadcode-Attacken auf HP-LaserJet-Pro-Drucker möglich ∗∗∗
---------------------------------------------
Mehrere LaserJet-Pro-Modelle von HP sind verwundbar. Sicherheitsupdates schaffen Abhilfe.
---------------------------------------------
https://heise.de/-9205846


∗∗∗ WP AutoComplete 1.0.4 - Unauthenticated SQLi ∗∗∗
---------------------------------------------
The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection.
---------------------------------------------
https://www.exploit-db.com/exploits/51560


∗∗∗ Sicherheitsupdate: Attacken auf WordPress-Plug-in Ultimate Member ∗∗∗
---------------------------------------------
Derzeit nutzen Angreifer eine kritische Lücke im WordPress-Plug-in Ultimate Member aus. Der Anbieter rät zu einem zügigen Update.
---------------------------------------------
https://heise.de/-9204916


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cups, gst-plugins-bad1.0, gst-plugins-base1.0, gst-plugins-good1.0, python3.7, and yajl), Fedora (chromium, kubernetes, pcs, and webkitgtk), Scientific Linux (open-vm-tools), SUSE (iniparser, keepass, libvirt, prometheus-ha_cluster_exporter, prometheus-sap_host_exporter, rekor, terraform-provider-aws, terraform-provider-helm, and terraform-provider-null), and Ubuntu (python-reportlab and vim).
---------------------------------------------
https://lwn.net/Articles/937189/


∗∗∗ Root-Zugang zu Smarthome-Server Loxone Miniserver Go Gen. 2 (SySS-2023-004/-012/-013) ∗∗∗
---------------------------------------------
Durch verschiedene Schwachstellen kann ein Administrator Betriebssystemzugriff auf dem Loxone Miniserver Go im Kontext des root-Benutzers erreichen.
---------------------------------------------
https://www.syss.de/pentest-blog/root-zugang-zu-smarthome-server-loxone-miniserver-go-gen-2-syss-2023-004/-012/-013


∗∗∗ Multiple Vulnerabilities including Unauthenticated Remote Code Execution in Siemens A8000 ∗∗∗
---------------------------------------------
The vendor provides a patch which should be installed immediately. Customers should update to CPCI85 V05 or later version (https://support.industry.siemens.com/cs/ww/en/view/109804985/). - Unauthenticated Remote Code Execution (CVE-2023-28489) - Authenticated Command Injection (CVE-2023-33919) - Hard-coded Root Password (CVE-2023-33920) - Console Login via UART (CVE-2023-33921)
---------------------------------------------
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-siemens-a8000/


∗∗∗ Multiple vulnerabilities in SoftEther VPN and PacketiX VPN ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN64316789/


∗∗∗ ZDI-23-894: NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-894/


∗∗∗ ZDI-23-893: NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-893/


∗∗∗ WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 – Authentication Bypass ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2023070002


∗∗∗ Watson CP4D Data Stores is vulnerable to Golang Go to a denial of service (CVE-2022-1962) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009053


∗∗∗ Watson CP4D Data Stores is vulnerable to Golang Go is vulnerable to HTTP request smuggling(CVE-2022-1705) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009055


∗∗∗ Watson AI Gateway for Cloud Pak for Data is vulnerable to an Ajv (aka Another JSON Schema Validator) could allow a remote attacker to execute arbitrary code on the system (CVE-2020-15366) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009061


∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to xml2js abitrary code execution vulnerability(CVE-2023-0842) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009049


∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js http-cache-semantics module denial of service ( CVE-2022-25881) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009051


∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Envoy security bypass ( CVE-2023-27488) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009057


∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable ConfigObj denial of service ( CVE-2023-26112) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009059


∗∗∗ IBM Connect:Direct Web Services vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-2455) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009293


∗∗∗ IBM Connect:Direct Web Services vulnerable to sensitive information exposure due to PostgreSQL (CVE-2022-41862) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009295


∗∗∗ IBM Security Key Lifecycle Manager is vulnerable to Incorrect Permission Assignment for Critical Resource (CVE-2018-1750) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/733311


∗∗∗ Multiple Vulnerabilities in CloudPak for Watson AIOPs ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7007837


∗∗∗ Multiple vulnerabilities of Apache Groovy (groovy-all-2.3.11.jar) have affected APM JBoss and APM WebLogic Agent [CVE-202-17521, CVE-2016-6814, CVE-2015-3253] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009323


∗∗∗ Multiple vulnerabilities of Apache Ant (ant-1.7.0.jar, ant-1.8.4.jar) have affected APM JBoss, APM WebLogic and APM SAP NetWeaver Java Stack Agents. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009321


∗∗∗ Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects APM Agents for Monitoring ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009327


∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operand is vulnerable to DOS/loss of integrity/confidentiality [CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009333


∗∗∗ Watson CP4D Data Stores is vulnerable to Golang Go to a denial of service (CVE-2022-1962) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009053


∗∗∗ Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Application Server April 2023 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009353

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily