[CERT-daily] Tageszusammenfassung - 11.07.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 10-07-2023 18:00 − Dienstag 11-07-2023 18:00
Handler:     Stephan Richter
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Exploit für Root-Lücke in VMware Aria Operations for Logs aufgetaucht ∗∗∗
---------------------------------------------
Teils kritische Sicherheitslücken in VMware Aria Operations for Logs stopfen Updates aus dem April. Jetzt ist Exploit-Code aufgetaucht, der eine Lücke angreift.
---------------------------------------------
https://heise.de/-9212276


∗∗∗ Fake-E-Mail einer EU-Förderung über 850.000 Euro im Umlauf ∗∗∗
---------------------------------------------
Aktuell kursiert ein gefälschtes E-Mail über eine EU-Förderung von 850.000 Euro. Der Zuschuss wurde angeblich für Unternehmen, Start-ups und Einzelpersonen mit innovativen Ideen entwickelt. Wer das Geld beantragen will, muss persönliche Daten an eine E-Mail-Adresse senden. Das Angebot ist aber Fake, antworten Sie nicht und verschieben Sie das E-Mail in Ihren Spam-Ordner.
---------------------------------------------
https://www.watchlist-internet.at/news/fake-e-mail-einer-eu-foerderung-ueber-850000-euro-im-umlauf/


∗∗∗ Roots of Trust are difficult ∗∗∗
---------------------------------------------
The phrase "Root of Trust" turns up at various points in discussions about verified boot and measured boot, and to a first approximation nobody is able to give you a coherent explanation of what it means[1]. The Trusted Computing Group has a fairly wordy definition, but (a) its a lot of words and (b) I dont like it, so instead Im going to start by defining a root of trust as "A thing that has to be trustworthy for anything else on your computer to be trustworthy".
---------------------------------------------
https://mjg59.dreamwidth.org/66907.html


∗∗∗ It’s Raining Phish and Scams – How Cloudflare Pages.dev and Workers.dev Domains Get Abused ∗∗∗
---------------------------------------------
As they say, when it rains, it pours. Recently, we observed more than 3,000 phishing emails containing phishing URLs abusing services at workers.dev and pages.dev domains.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/its-raining-phish-and-scams-how-cloudflare-pages-dev-and-workers-dev-domains-get-abused/


∗∗∗ Critical Foswiki Vulnerablities: A Logic Error Turned Remote Code Execution ∗∗∗
---------------------------------------------
We love open-source software. In context of our mission #moresecurity, Christian Pöschl, security consultant and penetration tester at usd HeroLab had a look at Foswiki as a research project. In this blog post, we summarize the journey to discover the functionality of Foswiki and identify multiple vulnerabilities, which ultimately allowed us to elevate privileges from a freshly registered user to full remote code execution on the server. All vulnerabilities were reported to the developers according to our Responsible Disclosure Policy.
---------------------------------------------
https://herolab.usd.de/en/critical-foswiki-vulnerablities-a-logic-error-turned-remote-code-execution/


∗∗∗ Cybercriminals Evolve Antidetect Tooling for Mobile OS-Based Fraud ∗∗∗
---------------------------------------------
Cybercriminals continue to evolve their tactics, techniques, and procedures (TTPs) to defraud the customers of online banking, payment systems, advertising networks, and online marketplaces worldwide. Resecurity has observed a rising trend involving threat actors increased use of specialized mobile Android OS device spoofing tools. These tools enable fraudsters to impersonate compromised account holders and bypass anti-fraud controls effectively.
---------------------------------------------
https://www.resecurity.com/blog/article/cybercriminals-evolve-antidetect-tooling-for-mobile-os-based-fraud


∗∗∗ Lowering the Bar(d)? Check Point Research’s security analysis spurs concerns over Google Bard’s limitations ∗∗∗
---------------------------------------------
Check Point Research (CPR) releases an analysis of Google’s generative AI platform ‘Bard’, surfacing several scenarios where the platform permits cybercriminals’ malicious efforts. Check Point Researchers were able to generate phishing emails, malware keyloggers and basic ransomware code.
---------------------------------------------
https://blog.checkpoint.com/security/lowering-the-bard-check-point-researchs-security-analysis-spurs-concerns-over-google-bards-limitations/


∗∗∗ MISP 2.4.173 released with various bugfixes and improvements ∗∗∗
---------------------------------------------
We have added a new functionality allowing administrators to enable user self-service for forgotten passwords. When enabled, users will have an additional link below the login screen, allowing them to enter their e-mails and receive a token that can be used to reset their passwords.
---------------------------------------------
https://github.com/MISP/MISP/releases/tag/v2.4.173


∗∗∗ Unveiling the secrets: Exploring whitespace steganography for secure communication ∗∗∗
---------------------------------------------
In the realm of data security, there exists a captivating technique known as whitespace steganography. Unlike traditional methods of encryption, whitespace steganography allows for the hiding of sensitive information within whitespace characters, such as spaces, tabs, and line breaks.
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/unveiling-the-secrets-exploring-whitespace-steganography-for-secure-communication


∗∗∗ Defend Against the Latest Active Directory Certificate Services Threats ∗∗∗
---------------------------------------------
To help security professionals understand the complexities of AD CS and how to mitigate its abuse, Mandiant has published a hardening guide that focuses on the most impactful AD CS attack techniques and abuse scenarios we are seeing on the frontlines of the latest breaches and attacks.
---------------------------------------------
https://www.mandiant.com/blog/resources/defend-ad-cs-threats



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Zero-Day für Safari geschlossen - Update: Zurückgezogen ∗∗∗
---------------------------------------------
Apple hat Montagabend eine schnelle Aktualisierung für seinen Browser ausgespielt. Betroffen von der offenbar bereits ausgenutzten Lücke: Macs und Mobilgeräte. [...] Apple hat die RSR-Updates für Mac, iPhone und iPad mittlerweile zurückgezogen. Grund ist offenbar, dass es verschiedene Websites gab, die nach dem Update Warnmeldungen ausspucken, dass der aktualisierte Safari-Browser "nicht mehr" unterstützt werde. Apple hat im User-Agent-String ein
---------------------------------------------
https://heise.de/-9212228


∗∗∗ Patchday: SAP warnt vor 16 Sicherheitslücken in der Business-Software ∗∗∗
---------------------------------------------
Am Juli-Patchday hat SAP 16 Sicherheitsmeldungen zur Geschäfts-Software aus dem Unternehmen veröffentlicht. Updates dichten auch eine kritische Lücke ab.
---------------------------------------------
https://heise.de/-9213319


∗∗∗ ABB: 2023-02-10 (**Updated 2023-07-10**) - Cyber Security Advisory - Drive Composer multiple vulnerabilities ∗∗∗
---------------------------------------------
Updated to reflect the latest version 2.8.2 of Drive Composer (both Entry and pro) where vulnerability CVE-2022-35737 has been resolved. Originally this vulnerability had not been resolved when this advisory was published alongside Drive Composer 2.8.1.
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A7957


∗∗∗ Siemens Security Advisories ∗∗∗
---------------------------------------------
Siemens has released 5 new and 12 updated Security Advisories. (CVSS Scores ranging from 5.3 to 10)
---------------------------------------------
https://new.siemens.com/global/en/products/services/cert.html?d=2023-07


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mediawiki and node-tough-cookie), Red Hat (bind, kernel, kpatch-patch, and python38:3.8, python38-devel:3.8), SUSE (kernel, nextcloud-desktop, and python-tornado), and Ubuntu (dwarves-dfsg and thunderbird).
---------------------------------------------
https://lwn.net/Articles/937879/


∗∗∗ CVE-2023-29298: Adobe ColdFusion Access Control Bypass ∗∗∗
---------------------------------------------
Rapid7 discovered an access control bypass vulnerability affecting Adobe ColdFusion that allows an attacker to access the administration endpoints.
---------------------------------------------
https://www.rapid7.com/blog/post/2023/07/11/cve-2023-29298-adobe-coldfusion-access-control-bypass/


∗∗∗ Technicolor: VU#913565: Hard-coded credentials in Technicolor TG670 DSL gateway router ∗∗∗
---------------------------------------------
https://kb.cert.org/vuls/id/913565


∗∗∗ Mozilla: Security Vulnerabilities fixed in Firefox 115.0.2 and Firefox ESR 115.0.2 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2023-26/


∗∗∗ Lenovo: NVIDIA Display Driver Advisory - June 2023 ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500566-NVIDIA-DISPLAY-DRIVER-ADVISORY-JUNE-2023


∗∗∗ Panasonic Control FPWin Pro7 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-03


∗∗∗ Rockwell Automation Enhanced HIM ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-01


∗∗∗ ​Sensormatic Electronics iSTAR ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02


∗∗∗ TADDM affected by multiple vulnerabilities due to IBM Java and its runtime ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009499


∗∗∗ IBM Db2 with Federated configuration is vulnerable to arbitrary code execution. (CVE-2023-35012) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010747


∗∗∗ IBM Robotic Process Automation is vulnerable to disclosure of server version information (CVE-2023-35900) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010895


∗∗∗ IBM Sterling Connect:Express for UNIX browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010921


∗∗∗ IBM Sterling Connect:Express for UNIX is vulnerable to server-side request forgery (SSRF) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010923


∗∗∗ IBM Sterling Connect:Express uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010925


∗∗∗ Vulnerability of System.Text.Encodings.Web.4.5.0 .dll has afftected to .NET Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010945


∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple vulnerabilities in Python ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7011035


∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple vulnerabilities in Perl ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7011033


∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to GNU Libtasn1 information disclosure vulnerability [CVE-2021-46848] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7011037


∗∗∗ Vulnerabilities have been identified in OpenSSL, Apache HTTP Server and other system libraries shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7006449

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily