[CERT-daily] Tageszusammenfassung - 06.07.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 05-07-2023 18:00 − Donnerstag 06-07-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Silentbob Campaign: Cloud-Native Environments Under Attack ∗∗∗
---------------------------------------------
The activity, dubbed Silentbob in reference to an AnonDNS domain set up by the attacker, is said to be linked to the infamous cryptojacking group tracked as TeamTNT, citing overlaps in tactics, techniques, and procedures (TTPs). Alternatively, it could be the work of an "advanced copycat."
---------------------------------------------
https://thehackernews.com/2023/07/silentbob-campaign-cloud-native.html


∗∗∗ Flutter Restrictions Bypass ∗∗∗
---------------------------------------------
This article investigates the Flutter framework ​(Google, n.d.)​ and the methods for bypassing its detections on iOS. CyberCX have also published the scripts used for this bypass for other mobile application security researchers to use in their workflow on our GitHub.
---------------------------------------------
https://blog.cybercx.co.nz/flutter-restrictions-bypass


∗∗∗ TeamsPhisher: Tool automatisiert Angriffe auf Teams-Schwachstelle ∗∗∗
---------------------------------------------
Über eine Schwachstelle in Teams können Angreifer Malware unterjubeln. Ein jetzt veröffentlichtes Tool macht diese Attacken noch einfacher.
---------------------------------------------
https://heise.de/-9208677


∗∗∗ Wie steht’s eigentlich um Emotet? ∗∗∗
---------------------------------------------
Eine kurze Zusammenfassung zur aktuellen Situation um Emotet seit dessen "Comeback".
---------------------------------------------
https://www.welivesecurity.com/deutsch/2023/07/06/wie-stehts-eigentlich-um-emotet/


∗∗∗ How to delete saved addresses and credit cards in Firefox for improved security and privacy ∗∗∗
---------------------------------------------
If youre looking to get the most out of Firefox security and privacy, you might consider not only deleting all saved addresses and credit cards but also disabling the autofill option.
---------------------------------------------
https://www.zdnet.com/article/how-to-delete-saved-addresses-and-credit-cards-in-firefox-for-improved-security-and-privacy/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ MOVEit Transfer: Service Pack schließt weitere kritische Lücke ∗∗∗
---------------------------------------------
Mit dem Service Pack für MOVEit Transfer im Juli schließt Progress weitere Sicherheitslücken. Eine davon stuft der Hersteller als kritisch ein. (CVE-2023-36932, CVE-2023-36933, CVE-2023-36934)
---------------------------------------------
https://heise.de/-9208451


∗∗∗ MOVEit Transfer 2020.1 (12.1) Service Pack (July 2023) ∗∗∗
---------------------------------------------
CVE-2023-36934 (CRITICAL): SQL Injection CVE-2023-36932 (HIGH): multiple SQL injections CVE-2023-36933 (HIGH): unhandled exception
---------------------------------------------
https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023


∗∗∗ Stackrot: Kernel-Schwachstelle ermöglicht Rechteausweitung unter Linux ∗∗∗
---------------------------------------------
Durch eine Sicherheitslücke im Speichermanagement-Subsystem des Linux-Kernels können Angreifer potenziell erweiterte Rechte erlangen. 
---------------------------------------------
https://www.golem.de/news/stackrot-kernel-schwachstelle-erlaubt-rechteausweitung-unter-linux-2307-175618.html


∗∗∗ Patchday: Vielfältige Attacken auf Android 11, 12 und 13 möglich ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für verschiedene Android-Versionen. Im schlimmsten Fall könnte Schadcode auf Geräte gelangen.
---------------------------------------------
https://heise.de/-9208524


∗∗∗ Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a full chain ∗∗∗
---------------------------------------------
In all, Cisco Talos is releasing 22 security advisories today, nine of which have a CVSS score greater than 8, associated with 69 CVEs.
---------------------------------------------
https://blog.talosintelligence.com/talos-discovers-17-vulnerabilities-in-milesight/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (golang-yaml.v2, kernel, and mediawiki), Fedora (kernel and picocli), SUSE (bind and python-sqlparse), and Ubuntu (cpdb-libs).
---------------------------------------------
https://lwn.net/Articles/937481/


*** IBM Security Bulletins ***
---------------------------------------------
IBM i, IBM Rational Functional Tester, IBM Security Verify Access, IBM Cloud Pak, IBM Match 360, IBM Watson, IBM Integration Designer, IBM Sterling Connect:Direct File Agent, IBM Operations Analytics and TADDM.
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic ∗∗∗
---------------------------------------------
Cisco says a high-severity vulnerability in Nexus 9000 series switches could allow attackers to intercept and modify encrypted traffic. Tracked as CVE-2023-20185, the issue impacts the ACI multi-site CloudSec encryption feature of the Nexus 9000 switches that are configured in application centric infrastructure (ACI) mode – typically used in data centers for controlling physical and virtual networks.
---------------------------------------------
https://www.securityweek.com/vulnerability-in-cisco-enterprise-switches-allows-attackers-to-modify-encrypted-traffic/


∗∗∗ Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX


∗∗∗ Cisco Webex Meetings Web UI Vulnerabilities ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sxsscsrf-2L24bBx6


∗∗∗ Cisco Duo Authentication Proxy Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-auth-info-JgkSWBLz


∗∗∗ Cisco BroadWorks Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXW


∗∗∗ ZDI-23-896: D-Link DAP-2622 DDP Change ID Password Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-896/


∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (June 26, 2023 to July 2, 2023) ∗∗∗
---------------------------------------------
https://www.wordfence.com/blog/2023/07/wordfence-intelligence-weekly-wordpress-vulnerability-report-june-26-2023-to-july-2-2023/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily