[CERT-daily] Tageszusammenfassung - 15.11.2023

Wed Nov 15 18:08:32 CET 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 14-11-2023 18:00 − Mittwoch 15-11-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ IPStorm botnet with 23,000 proxies for malicious traffic dismantled ∗∗∗
---------------------------------------------
The U.S. Department of Justive announced today that Federal Bureau of Investigation took down the network and infrastructure of a botnet proxy service called IPStorm.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ipstorm-botnet-with-23-000-proxies-for-malicious-traffic-dismantled/


∗∗∗ The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses ∗∗∗
---------------------------------------------
At Fox-IT (part of NCC Group) identifying servers that host nefarious activities is a critical aspect of our threat intelligence. One approach involves looking for anomalies in responses of HTTP servers.
---------------------------------------------
https://blog.fox-it.com/2023/11/15/the-spelling-police-searching-for-malicious-http-servers-by-identifying-typos-in-http-responses/


∗∗∗ #StopRansomware: Rhysida Ransomware ∗∗∗
---------------------------------------------
This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors.
---------------------------------------------
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a


=====================
=  Vulnerabilities  =
=====================

∗∗∗ WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks ∗∗∗
---------------------------------------------
The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the sites database.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/wp-fastest-cache-plugin-bug-exposes-600k-wordpress-sites-to-attacks/


∗∗∗ Reptar: Intel-CPU-Schwachstelle ermöglicht Rechteausweitung und DoS ∗∗∗
---------------------------------------------
Entdeckt wurde die Schwachstelle von Google-Forschern. Sie basiert wohl auf der Art und Weise, wie Intel-CPUs redundante Präfixe verarbeiten.
---------------------------------------------
https://www.golem.de/news/reptar-intel-cpu-schwachstelle-ermoeglicht-rechteausweitung-und-dos-2311-179437.html


∗∗∗ Kein Patch verfügbar: VMware warnt vor kritischer Schwachstelle in Cloud Director ∗∗∗
---------------------------------------------
Die Schwachstelle ermöglicht es Angreifern, die Authentifizierung anfälliger VMware-Systeme zu umgehen und Schadcode einzuschleusen.
---------------------------------------------
https://www.golem.de/news/kein-patch-verfuegbar-vmware-warnt-vor-kritischer-schwachstelle-in-cloud-director-2311-179442.html


∗∗∗ Cloud-Schutzlösung: IBM Security Guardium vielfältig attackierbar ∗∗∗
---------------------------------------------
Die IBM-Entwickler haben viele Sicherheitslücken in verschiedenen Komponenten von Security Guardium geschlossen.
---------------------------------------------
https://www.heise.de/news/Cloud-Schutzloesung-IBM-Security-Guardium-vielfaeltig-attackierbar-9529390.html


∗∗∗ CacheWarp: Loch in Hardware-Verschlüsselung von AMD-CPUs ∗∗∗
---------------------------------------------
Der jetzt vorgestellte CacheWarp-Angriff überwindet die RAM-Verschlüsselung, mit der AMD-Prozessoren Cloud-Instanzen voneinander abschotten wollen.
---------------------------------------------
https://www.heise.de/news/CacheWarp-Loch-in-Hardware-Verschluesselung-von-AMD-CPUs-9528270.html


∗∗∗ Patchday Adobe: Schadcode-Lücken in Acrobat, Photoshop & Co. geschlossen ∗∗∗
---------------------------------------------
Adobe hat Sicherheitsupdates für 15 Anwendungen veröffentlicht. Im schlimmsten Fall können Angreifer eigenen Code auf Systemen ausführen.
---------------------------------------------
https://www.heise.de/news/Patchday-Adobe-Schadcode-Luecken-in-Acrobat-Photoshop-Co-geschlossen-9528732.html


∗∗∗ Patchday: SAP schließt eine kritische Sicherheitslücke ∗∗∗
---------------------------------------------
Der November-Patchday weicht vom gewohnten Umfang ab: Lediglich drei neue Sicherheitslücken behandelt SAP.
---------------------------------------------
https://www.heise.de/news/Patchday-SAP-schliesst-eine-kritische-Sicherheitsluecke-9528779.html


∗∗∗ Sicherheitsupdates: Access Points von Aruba sind verwundbar ∗∗∗
---------------------------------------------
Angreifer können Schadcode auf Acces Points von Aruba ausführen. Sicherheitspatches sind verfügbar.
---------------------------------------------
https://www.heise.de/news/Sicherheitsupdates-Acces-Points-von-Aruba-sind-verwundbar-9528912.html


∗∗∗ Patchday: Intel patcht sich durch sein Produkportfolio ∗∗∗
---------------------------------------------
Angreifer können mehrere Komponenten von Intel attackieren. In vielen Fällen sind DoS-Attacken möglich.
---------------------------------------------
https://www.heise.de/news/Patchday-Intel-patcht-sich-durch-sein-Produkportfolio-9529466.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libclamunrar and ruby-sanitize), Fedora (frr, roundcubemail, and webkitgtk), Mageia (freerdp and tomcat), Red Hat (avahi, bind, c-ares, cloud-init, container-tools:4.0, container-tools:rhel8, cups, dnsmasq, edk2, emacs, flatpak, fwupd, ghostscript, grafana, java-21-openjdk, kernel, kernel-rt, libfastjson, libmicrohttpd, libpq, librabbitmq, libreoffice, libreswan, libX11, linux-firmware, mod_auth_openidc:2.3, nodejs:20, opensc, perl-HTTP-Tiny, [...]
---------------------------------------------
https://lwn.net/Articles/951480/


∗∗∗ November-Patchday: Microsoft schließt 63 Sicherheitslücken ∗∗∗
---------------------------------------------
Fünf Anfälligkeiten sind als kritisch eingestuft. Davon betroffen sind alle unterstützten Versionen von Windows.
---------------------------------------------
https://www.zdnet.de/88412929/november-patchday-microsoft-schliesst-63-sicherheitsluecken/


∗∗∗ QNX-2023-001 Vulnerability in QNX Networking Stack Impacts BlackBerry QNX Software Development Platform ∗∗∗
---------------------------------------------
https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000112401


∗∗∗ ZDI-23-1636: NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1636/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Citrix Hypervisor Security Bulletin for CVE-2023-23583 and CVE-2023-46835 ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX583037/citrix-hypervisor-security-bulletin-for-cve202323583-and-cve202346835


∗∗∗ NVIDIA GPU Display Driver Advisory - October 2023 ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500588-NVIDIA-GPU-DISPLAY-DRIVER-ADVISORY-OCTOBER-2023


∗∗∗ NetApp SnapCenter Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500587-NETAPP-SNAPCENTER-PRIVILEGE-ESCALATION-VULNERABILITY


∗∗∗ AMD Radeon Graphics Kernel Driver Privilege Management Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500586-AMD-RADEON-GRAPHICS-KERNEL-DRIVER-PRIVILEGE-MANAGEMENT-VULNERABILITY


∗∗∗ AMD Graphics Driver Vulnerabilities- November, 2023 ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500583-AMD-GRAPHICS-DRIVER-VULNERABILITIES-NOVEMBER-2023


∗∗∗ Intel Graphics Driver Advisory ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500584-INTEL-GRAPHICS-DRIVER-ADVISORY


∗∗∗ Intel Rapid Storage Technology Software Advisory ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500585


∗∗∗ Multi-vendor BIOS Security Vulnerabilities (November 2023) ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500589-MULTI-VENDOR-BIOS-SECURITY-VULNERABILITIES-NOVEMBER-2023


∗∗∗ Fortinet Releases Security Updates for FortiClient and FortiGate ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/11/14/fortinet-releases-security-updates-forticlient-and-fortigate


∗∗∗ K000137584 : Linux kernel vulnerability CVE-2023-1829 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000137584


∗∗∗ K000137582 : BIND vulnerability CVE-2023-3341 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000137582

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily