[CERT-daily] Tageszusammenfassung - 24.07.2023

Mon Jul 24 18:27:48 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 21-07-2023 18:00 − Montag 24-07-2023 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Eine einfache Aktion beugt Telefonbetrug vor ∗∗∗
---------------------------------------------
Betrüger*innen nutzen gezielt Telefonbücher, um ihre Opfer zu identifizieren. In Visier rücken dabei vor allem ältere Menschen.
---------------------------------------------
https://futurezone.at/digital-life/telefonbetrug-vorbeugen-spam-sperren-blockieren-telefonbuch/402533182


∗∗∗ Security baseline for Microsoft Edge version 115 ∗∗∗
---------------------------------------------
We are pleased to announce the security review for Microsoft Edge, version 115!  We have reviewed the new settings in Microsoft Edge version 115 and determined that there are no additional security settings that require enforcement. The Microsoft Edge version 114 security baseline continues to be our recommended configuration which can be downloaded from the Microsoft Security Compliance Toolkit.
---------------------------------------------
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-115/ba-p/3882420


∗∗∗ Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks ∗∗∗
---------------------------------------------
Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, [...]
---------------------------------------------
https://thehackernews.com/2023/07/critical-zero-days-in-atera-windows.html


∗∗∗ TETRA Radio Code Encryption Has a Flaw: A Backdoor ∗∗∗
---------------------------------------------
A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.
---------------------------------------------
https://www.wired.com/story/tetra-radio-encryption-backdoor/


∗∗∗ Microsofts gestohlener Schlüssel mächtiger als vermutet ∗∗∗
---------------------------------------------
Ein gestohlener Schlüssel funktionierte möglicherweise nicht nur bei Exchange Online, sondern war eine Art Masterkey für große Teile der Mircrosoft-Cloud.
---------------------------------------------
https://heise.de/-9224640


∗∗∗ Achtung Fake-Shop: vailia-parfuemerie.com ∗∗∗
---------------------------------------------
Bei Vailia Parfümerie finden Sie günstige Kosmetikprodukte und Parfüms. Der Online-Shop macht zwar einen professionellen Eindruck, liefert aber keine Ware. Wenn Sie Ihre Kreditkartendaten als Zahlungsmethode angegeben haben, kommt es entweder zu nicht genehmigten Abbuchungen oder Ihre Daten werden für einen Betrugsversuch zu einem späteren Zeitpunkt missbraucht.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-fake-shop-vailia-parfuemeriecom/


∗∗∗ Palo Alto Networks warnt vor P2P-Wurm für Cloud-Container-Umgebungen ∗∗∗
---------------------------------------------
Die neue Malware ist mindestens seit rund zwei Wochen im Umlauf. Sie nimmt eine bekannte Schwachstelle in der Datenbankanwendung Redis ins Visier.
---------------------------------------------
https://www.zdnet.de/88410715/palo-alto-networks-warnt-vor-p2p-wurm-fuer-cloud-container-umgebungen/


∗∗∗ Sicherheit: Die AES 128/128 Cipher Suite sollte am IIS deaktiviert werden ∗∗∗
---------------------------------------------
Kurzer Informationssplitter aus dem Bereich der Sicherheit, der Administratoren eines Internet Information-Server (IIS) im Windows-Umfeld interessieren könnte.
---------------------------------------------
https://www.borncity.com/blog/2023/07/22/sicherheit-die-aes-128-128-cipher-suite-sollte-am-iis-deaktiviert-werden/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Zenbleed (CVE-2023-20593) - If you remove the first word from the string "hello world", what should the result be? ∗∗∗
---------------------------------------------
This is the story of how we discovered that the answer could be your root password! [..] AMD have released an microcode update for affected processors. Your BIOS or Operating System vendor may already have an update available that includes it. Workaround: It is highly recommended to use the microcode update. If you can’t apply the update for some reason, there is a software workaround: you can set the chicken bit DE_CFG. This may have some performance cost.
---------------------------------------------
https://lock.cmpxchg8b.com/zenbleed.html


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (webkit2gtk), Fedora (curl, dotnet6.0, dotnet7.0, ghostscript, kernel-headers, kernel-tools, libopenmpt, openssh, and samba), Mageia (virtualbox), Red Hat (java-1.8.0-openjdk and java-11-openjdk), and Scientific Linux (java-1.8.0-openjdk and java-11-openjdk).
---------------------------------------------
https://lwn.net/Articles/939059/


∗∗∗ Atlassian Patches Remote Code Execution Vulnerabilities in Confluence, Bamboo ∗∗∗
---------------------------------------------
Atlassian patches high-severity remote code execution vulnerabilities in Confluence and Bamboo products.
---------------------------------------------
https://www.securityweek.com/atlassian-patches-remote-code-execution-vulnerabilities-in-confluence-bamboo/


∗∗∗ AMI MegaRAC SP-X BMC Redfish Vulnerabilities ∗∗∗
---------------------------------------------
https://support.lenovo.com/product_security/PS500570-AMI-MEGARAC-SP-X-BMC-REDFISH-VULNERABILITIES


∗∗∗ Multiple vulnerabilities affect the embedded Content Navigator in Business Automation Workflow - CVE-2023-24998, 254437 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7013897


∗∗∗ Vulnerability in IBM Java Runtime affects Host On-Demand ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7014039


∗∗∗ Vulnerability in IBM Java Runtime affects Host On-Demand ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7014057


∗∗∗ IBM App Connect for Manufacturing is vulnerable to a denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7014181


∗∗∗ IBM App Connect Enterprise is vulnerable to a remote authenticated attacker due to Node.js (CVE-2023-23920) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7014193


∗∗∗ IBM Sterling Connect:Direct File Agent is vulnerable to a buffer overflow and unspecified vulnerabilities in IBM Runtime Environment Java Technology Edition (CVE-2023-21930, CVE-2023-21939, CVE-2023-21967, CVE-2023-21968) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009987


∗∗∗ Multiple security vulnerabilities have been identified in IBM WebSphere Application Server which is a component of IBM Operations Analytics Predictive Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7013889


∗∗∗ IBM Storage Protect Server is vulnerable to denial of service due to Golang Go ( CVE-2023-24534 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7014223


∗∗∗ IBM Storage Protect Server is vulnerable to sensitive information disclosure due to IBM GSKit ( CVE-2023-32342 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7014225

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily