[CERT-daily] Tageszusammenfassung - 05.07.2023

Wed Jul 5 18:10:20 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 04-07-2023 18:00 − Mittwoch 05-07-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Email crypto phishing scams: stealing from hot and cold crypto wallets ∗∗∗
---------------------------------------------
Here is how email phishing scams targeting hot and cold crypto wallets, such as Trezor and Ledger, work.
---------------------------------------------
https://securelist.com/hot-and-cold-cryptowallet-phishing/110136/


∗∗∗ Jetzt patchen! Über 335.000 SSL-VPN-Interfaces von Fortinet attackierbar ∗∗∗
---------------------------------------------
Sicherheitsforscher warnen vor weiteren Attacken auf eine kritische Lücke in FortiOS. Patches zum Schließen der Schwachstelle sind seit Wochen verfügbar.
---------------------------------------------
https://heise.de/-9206478


∗∗∗ Verbaucherzentralen warnen vor personalisiertem Phishing ∗∗∗
---------------------------------------------
Seit Anfang der Woche landen viele Phishingmails mit persönlicher Anrede betreffend der ING in Postfächern von Internetnutzern, warnen die Verbraucherzentralen.
---------------------------------------------
https://heise.de/-9207386


∗∗∗ TEMU Shopping App und temu.com: Problematische Angebote aus China ∗∗∗
---------------------------------------------
Wer sich aktuell durch Social Media bewegt, kommt kaum an Werbeschaltungen für die Shopping App TEMU vorbei. Die Plattform mit Sitz in Dublin und ihrem Ursprung in China startet aktuell eine Offensive auf den österreichischen und deutschen Markt. Die Produkte bei TEMU sind teils unfassbar günstig und für viele verlockend. Möglich ist das aber vor allem durch fragwürdige Geschäftspraktiken, teils mangelhafte Produkte und Nicht-Einhaltung rechtlicher Vorgaben.
---------------------------------------------
https://www.watchlist-internet.at/news/temu-shopping-app-und-temucom-problematische-angebote-aus-china/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Path traversal bypass & Denial of service in Kyocera TASKalfa 4053ci printer ∗∗∗
---------------------------------------------
CVE Number: CVE-2023-34259, CVE-2023-34260, CVE-2023-34261
Kyocera TASKalfa 4053ci printers are vulnerable to multiple vulnerabilities. The path traversal vulnerability can be used to access arbitrary files on the filesystem, even files that require root privileges. Also, the path traversal vulnerability can be used to conduct a denial-of-service (DoS). Due the username enumeration vulnerability, it is possible to identify valid user accounts.
---------------------------------------------
https://sec-consult.com/vulnerability-lab/advisory/path-traversal-bypass-denial-of-service-in-kyocera-printer/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (firefox and python-reportlab), Slackware (mozilla), SUSE (dnsdist, grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, pyt, kernel, kubernetes1.18, libdwarf, python311, qt6-base, rmt-server, and virtualbox), and Ubuntu (containerd, firefox, and python-django).
---------------------------------------------
https://lwn.net/Articles/937368/


∗∗∗ The "StackRot" kernel vulnerability ∗∗∗
---------------------------------------------
Ruihan Li has discloseda significant vulnerability introduced into the 6.1 kernel: A flaw was found in the handling of stack expansion in the Linux kernel 6.1 through 6.4, aka "Stack Rot". The maple tree, responsible for managing virtual memory areas, can undergo node replacement without properly acquiring the MM write lock, leading to use-after-free issues. An unprivileged local user could use this flaw to compromise the kernel and escalate their privileges.
---------------------------------------------
https://lwn.net/Articles/937377/


∗∗∗ Frauscher: Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-011/


∗∗∗ IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker and denial of service due to Guava (CVE-2020-8908, CVE-2018-10237). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009535


∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-35890) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009537


∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to xml2js abitrary code execution vulnerability(CVE-2023-0842) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009049


∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool\/OMNIbus WebGUI (CVE-2023-35890) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009625


∗∗∗ Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool\/OMNIbus WebGUI - April 2023 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009627


∗∗∗ A security vulnerability has been identified in WebSphere Application Server traditional shipped with IBM Intelligent Operations Center(CVE-2023-35890) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009635


∗∗∗ IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker and denial of service due to Guava (CVE-2020-8908, CVE-2018-10237). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009535


∗∗∗ IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-35890) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7007857

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily