[CERT-daily] Tageszusammenfassung - 24.11.2023

Fri Nov 24 18:19:07 CET 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 23-11-2023 18:00 − Freitag 24-11-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Building your first metasploit exploit ∗∗∗
---------------------------------------------
This post outlines the process I followed to transform the authenticated Remote Code Execution (RCE) vulnerability in PRTG, identified as CVE-2023-32781, into a Metasploit exploit. The focus here is on the development of the exploit itself, rather than the steps for exploiting the RCE. For specific details on the vulnerability, please refer to the corresponding post titled PRTG Remote Code Execution.
---------------------------------------------
https://baldur.dk/blog/writing-metasploit-exploit.html


∗∗∗ OpenSSL 3.2 implementiert TCP-Nachfolger QUIC ∗∗∗
---------------------------------------------
Das Transportprotokoll QUIC nimmt mit OpenSSL Fahrt auf: Die Open-Source-Kryptobibliothek implementiert es in der neuen Version 3.2 – zumindest teilweise.
---------------------------------------------
https://www.heise.de/-9538866.html


∗∗∗ Synology schließt Pwn2Own-Lücke in Router-Manager-Firmware ∗∗∗
---------------------------------------------
Im Betriebssystem für Synology-Router haben IT-Forscher beim Pwn2Own-Wettbewerb Sicherheitslücken aufgedeckt. Ein Update schließt sie.
---------------------------------------------
https://www.heise.de/-9538922.html


∗∗∗ Telekopye: Chamber of Neanderthals’ secrets ∗∗∗
---------------------------------------------
Insight into groups operating Telekopye bots that scam people in online marketplaces
---------------------------------------------
https://www.welivesecurity.com/en/eset-research/telekopye-chamber-neanderthals-secrets/


∗∗∗ Atomic Stealer: Mac-Malware täuscht Nutzer mit angeblichen Browser-Updates ∗∗∗
---------------------------------------------
Die Updates bieten die Cyberkriminellen über kompromittierte Websites an. Atomic Stealer hat es unter anderem auf Passwörter in Apple iCloud Keychain abgesehen.
---------------------------------------------
https://www.zdnet.de/88413104/atomic-stealer-mac-malware-taeuscht-nutzer-mit-angeblichen-browser-updates/


∗∗∗ Trend Micro Apex One Service Pack 1 Critical Patch (build 12534) ∗∗∗
---------------------------------------------
Kurzer Hinweis für Nutzer von Trend Micro Apex One für Windows. Der Hersteller hat zum Service Pack 1 den Critical Patch (build 12534) veröffentlicht (danke an den Leser für den Hinweis). Dieser Patch enthält eine Reihe von Korrekturen und Erweiterungen [...]
---------------------------------------------
https://www.borncity.com/blog/2023/11/23/trend-micro-apex-one-service-pack-1-critical-patch-build-12534/


∗∗∗ Intel Arc und Iris Xe Grafiktreiber 31.0.101.4972 fixt Office-Probleme (Nov. 2023) ∗∗∗
---------------------------------------------
Noch ein kleiner Nachtrag von dieser Woche, den ich mal separat herausziehe. Intel hat ein Update seiner Intel Arc und Iris Xe Grafiktreiber auf die Version 31.0.101.4972 veröffentlich. Dieses Update soll eine Reihe von Problemen (z.B bei Starfield (DX12) beheben.
---------------------------------------------
https://www.borncity.com/blog/2023/11/24/intel-arc-und-iris-xe-grafiktreiber-31-0-101-4972-fixt-office-probleme-nov-2023/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Advisory: TunnelCrack Vulnerabilities in VPN Clients ∗∗∗
---------------------------------------------
CVE(s): CVE-2023-36672, CVE-2023-35838, CVE-2023-36673, CVE-2023-36671 
Product(s): Sophos Connect Client 2.0 
Workaround: Yes
---------------------------------------------
https://www.sophos.com/en-us/security-advisories/sophos-sa-20231124-tunnelcrack


∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (November 13, 2023 to November 19, 2023) ∗∗∗
---------------------------------------------
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 126 vulnerabilities disclosed in 102 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 [...]
---------------------------------------------
https://www.wordfence.com/blog/2023/11/wordfence-intelligence-weekly-wordpress-vulnerability-report-november-13-2023-to-november-19-2023/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, gnutls28, intel-microcode, and tor), Fedora (chromium, microcode_ctl, openvpn, and vim), Gentoo (LinuxCIFS utils, SQLite, and Zeppelin), Oracle (c-ares, container-tools:4.0, dotnet7.0, kernel, kernel-container, nodejs:20, open-vm-tools, squid:4, and tigervnc), Red Hat (samba and squid), Slackware (mozilla), SUSE (fdo-client, firefox, libxml2, maven, maven-resolver, sbt, xmvn, poppler, python-Pillow, squid, strongswan, and xerces-c), and Ubuntu (apache2, firefox, glusterfs, nghttp2, poppler, python2.7, python3.5, python3.6, tiff, and zfs-linux).
---------------------------------------------
https://lwn.net/Articles/952602/


∗∗∗ ActiveMQ-5.18.2 RCE-shell-reverse-Metasploit ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2023110026

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily