[CERT-daily] Tageszusammenfassung - 28.11.2023

Tue Nov 28 18:42:16 CET 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 27-11-2023 18:00 − Dienstag 28-11-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access ∗∗∗
---------------------------------------------
Cybersecurity researchers have detailed a "severe design flaw" in Google Workspaces domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges.
---------------------------------------------
https://thehackernews.com/2023/11/design-flaw-in-google-workspace-could.html


∗∗∗ LostTrust Ransomware ∗∗∗
---------------------------------------------
The LostTrust ransomware family has a fairly small victim pool and has compromised victims earlier this year. The encryptor has similar characteristcs to the MetaEncryptor ransomware family including code flow and strings which indicates that the encryptor is a variant from the original MetaEncryptor source.
---------------------------------------------
https://www.shadowstackre.com/analysis/losttrust


∗∗∗ Slovenian power company hit by ransomware ∗∗∗
---------------------------------------------
Slovenian power generation company Holding Slovenske Elektrarne (HSE) has been hit by ransomware and has had some of its data encrypted. The attack HSE is a state-owned company that controls numerous hydroelectric, thermal and coal-fired power plants. The company has declined to share any details about the cyber intrusion, but has confirmed that operation of its power plants has not been affected.
---------------------------------------------
https://www.helpnetsecurity.com/2023/11/28/slovenian-power-company-ransomware/


∗∗∗ Exploitation of Critical ownCloud Vulnerability Begins ∗∗∗
---------------------------------------------
Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure.
---------------------------------------------
https://www.securityweek.com/exploitation-of-critical-owncloud-vulnerability-begins/


∗∗∗ Webinar: Sicheres Online-Shopping ∗∗∗
---------------------------------------------
Darf ich Artikel immer zurücksenden und wie lange habe ich dafür Zeit? Was ist das Rücktrittsrecht und welche Zahlungsmethoden gelten als sicher? Dieses Webinar gibt rechtliche Tipps und Infos zum sicheren Online-Einkauf. Nehmen Sie kostenlos teil: Montag, 11. Dezember 2023, 18:30 - 20:00 Uhr via zoom
---------------------------------------------
https://www.watchlist-internet.at/news/webinar-sicheres-online-shopping-2/


∗∗∗ Betrügerische Plattform für Sportwetten: xxwin.bet ∗∗∗
---------------------------------------------
xxwin.bet ist eine betrügerische Online-Plattform für Sportwetten. Die Plattform wird meist in fragwürdigen Telegram-Kanälen empfohlen. Wenn Sie dort einzahlen, verlieren Sie Ihr Geld, denn die Plattform zahlt keine Gewinne aus.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-plattform-fuer-sportwetten-xxwinbet/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Missing Certificate Validation & User Enumeration in Anveo Mobile App and Server ∗∗∗
---------------------------------------------
The Anveo Mobile App (Windows version) does not validate server certificates and therefore enables man-in-the-middle attacks. The Anveo Server is also vulnerable against user enumeration because of different error messages for existing vs. non-existing users. The vendor was unresponsive and did not reply to our communication attempts and even deleted our comment to request a contact on LinkedIn, see the timeline section further below.
---------------------------------------------
https://sec-consult.com/vulnerability-lab/advisory/missing-certificate-validation-user-enumeration/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cryptojs, fastdds, mediawiki, and minizip), Fedora (chromium, kubernetes, and thunderbird), Mageia (lilypond, mariadb, and packages), Red Hat (firefox, linux-firmware, and thunderbird), SUSE (compat-openssl098, gstreamer-plugins-bad, squashfs, squid, thunderbird, vim, and xerces-c), and Ubuntu (libtommath, linux-intel-iotg, linux-intel-iotg-5.15, linux-oracle, perl, and python3.8, python3.10, python3.11).
---------------------------------------------
https://lwn.net/Articles/953099/


∗∗∗ Critical Vulnerability Found in Ray AI Framework ∗∗∗
---------------------------------------------
Tracked as CVE-2023-48023, the bug exists because Ray does not properly enforce authentication on at least two of its components, namely the dashboard and client. A remote attacker can abuse this issue to submit or delete jobs without authentication. Furthermore, the attacker could retrieve sensitive information and execute arbitrary code, Bishop Fox says. 
---------------------------------------------
https://www.securityweek.com/critical-vulnerability-found-in-ray-ai-framework/


∗∗∗ Zyxel security advisory for multiple vulnerabilities in firewalls and APs ∗∗∗
---------------------------------------------
CVEs: CVE-2023-35136, CVE-2023-35139, CVE-2023-37925, CVE-2023-37926, CVE-2023-4397, CVE-2023-4398, CVE-2023-5650, CVE-2023-5797, CVE-2023-5960
---------------------------------------------
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps


∗∗∗ Joomla: [20231101] - Core - Exposure of environment variables ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/919-20231101-core-exposure-of-environment-variables.html


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ FESTO: Multiple products affected by WIBU Codemeter vulnerability ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-036/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily