[CERT-daily] Tageszusammenfassung - 03.10.2023

Tue Oct 3 18:11:24 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 02-10-2023 18:00 − Dienstag 03-10-2023 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ AVM: Fritzbox-Schwachstelle wohl ohne Fernzugriff ausnutzbar ∗∗∗
---------------------------------------------
Seit Anfang September verteilt AVM Sicherheitsupdates für die Fritzbox. Inzwischen gibt es weitere Informationen zur gepatchten Schwachstelle.
---------------------------------------------
https://www.golem.de/news/avm-fritzbox-schwachstelle-wohl-ohne-fernzugriff-ausnutzbar-2310-178153.html


∗∗∗ Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more) ∗∗∗
---------------------------------------------
Researchers have identified the exfiltration infrastructure of a LockBit affiliate while investigating a LockBit extortion incident that occurred in Q3 2023.
---------------------------------------------
https://securityaffairs.com/151862/breaking-news/exfiltration-infrastructure.html


∗∗∗ BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums ∗∗∗
---------------------------------------------
Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023.
---------------------------------------------
https://securityaffairs.com/151869/malware/bunnyloader-maas.html


∗∗∗ Security researchers believe mass exploitation attempts against WS_FTP have begun ∗∗∗
---------------------------------------------
Security researchers have spotted what they believe to be a "possible mass exploitation" of vulnerabilities in Progress Softwares WS_FTP Server.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2023/10/02/ws_ftp_update/


∗∗∗ Cloudflare Protection Bypass Vulnerability on Threat Actors’ Radar ∗∗∗
---------------------------------------------
Researchers have identified two mechanisms that hinge on the assumption that traffic originating from Cloudflare towards the origin server is inherently trustworthy, while traffic from other origins should be blocked.
---------------------------------------------
https://socradar.io/cloudflare-protection-bypass-vulnerability-on-threat-actors-radar/


∗∗∗ Drei Fragen und Antworten: Der beste Schutz für das Active Directory ∗∗∗
---------------------------------------------
Bis zu 90 Prozent aller Angriffe bedienen sich Microsofts Active Directory – es ist der Hebel, um die eigene Sicherheit zu verbessern. Wir zeigen, wie das geht.
---------------------------------------------
https://www.heise.de/news/Drei-Fragen-und-Antworten-Der-beste-Schutz-fuer-das-Active-Directory-9323431.html?wt_mc=rss.red.ho.ho.atom.beitrag.beitrag


∗∗∗ Exim-Lücke: Erste Patches laufen ein ∗∗∗
---------------------------------------------
Nach verschiedenen Kommunikationspannen hat das Exim-Team kritische Sicherheitslücken im beliebten Mailserver behoben. Debian verteilt bereits Updates.
---------------------------------------------
https://www.heise.de/news/Exim-Luecke-Erste-Patches-laufen-ein-9323709.html?wt_mc=rss.red.ho.ho.atom.beitrag.beitrag


∗∗∗ Angriffe auf ältere Android-Geräte: Lücke in Mali-GPU nur teilweise geschlossen ∗∗∗
---------------------------------------------
Aufgrund mehrerer Schwachstellen im Treiber der Grafikeinheit Mali sind unter anderem Smartphone-Modelle von Samsung und Xiaomi verwundbar.
---------------------------------------------
https://www.heise.de/news/Angriffe-auf-aeltere-Android-Geraete-Luecke-in-Mali-GPU-nur-teilweise-geschlossen-9323856.html


∗∗∗ Booking.com: Achtung bei „fehlgeschlagener Zahlung“ oder „Verifikation Ihrer Zahlungsinfos“ ∗∗∗
---------------------------------------------
Fälle, in denen Unterkünfte über booking.com gebucht wurden und Buchende anschließend zur Verifikation ihrer Zahlungen oder zu einer neuerlichen Zahlung aufgefordert werden, häufen sich aktuell. Vorsicht ist geboten, denn die Aufforderungen stammen von Kriminellen, die sich Zugang zu den Buchungsdaten verschaffen konnten und es nun auf das Geld der Hotelgäste abgesehen haben!
---------------------------------------------
https://www.watchlist-internet.at/news/bookingcom-achtung-bei-fehlgeschlagener-zahlung-oder-verifikation-ihrer-zahlungsinfos/


∗∗∗ Fortinet Labs Uncovers Series of Malicious NPM Packages Stealing Data ∗∗∗
---------------------------------------------
FortiGuard Labs has uncovered a series of malicious packages concealed within NPM (Node Package Manager), the primary software repository for JavaScript developers. The researchers utilized a dedicated system designed to detect nefarious open-source packages across multiple ecosystems, including PyPI and NPM. 
---------------------------------------------
https://www.hackread.com/fortinet-labs-malicious-npm-packages-steal-data/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Microsoft Edge, Teams get fixes for zero-days in open-source libraries ∗∗∗
---------------------------------------------
Microsoft released emergency security updates for Edge, Teams, and Skype to patch two zero-day vulnerabilities in open-source libraries used by the three products. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-teams-get-fixes-for-zero-days-in-open-source-libraries/


∗∗∗ Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers ∗∗∗
---------------------------------------------
Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/qualcomm-says-hackers-exploit-3-zero-days-in-its-gpu-dsp-drivers/


∗∗∗ Jetzt patchen! Ransomware schlüpft durch kritische TeamCity-Lücke ∗∗∗
---------------------------------------------
Angreifer nutzen eine Sicherheitslücke des Software-Distributionssystems TeamCity aus, das weltweit über 30.000 Firmen wie Citibank, HP und Nike einsetzen.
---------------------------------------------
https://www.heise.de/news/Jetzt-patchen-Ransomware-schluepft-durch-kritische-TeamCity-Luecke-9323844.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (exim4), Fedora (firecracker, rust-aes-gcm, rust-axum, rust-tokio-tungstenite, rust-tungstenite, and rust-warp), Gentoo (nvidia-drivers), Mageia (chromium-browser-stable, glibc, and libwebp), Red Hat (kernel), SUSE (ghostscript and python3), and Ubuntu (firefox, libtommath, libvpx, and thunderbird).
---------------------------------------------
https://lwn.net/Articles/946313/


∗∗∗ Mattermost security updates Desktop app v5.5.1 and Mobile app v2.8.1 released ∗∗∗
---------------------------------------------
We’re informing you about a Mattermost security update, which addresses the vulnerability CVE-2023-4863 of the third-party library libwebp which was affecting the Desktop app and the Mobile iOS app. We highly recommend that you apply the update. The security update is available for Mattermost dot releases Desktop app v5.5.1 and Mobile app v2.8.1.
---------------------------------------------
https://mattermost.com/blog/mattermost-security-updates-desktop-app-v5-5-1-and-mobile-app-v2-8-1-released/


∗∗∗ K000137090 : Node.js vulnerabilities CVE-2018-12121, CVE-2018-12122, and CVE-2018-12123 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000137090?utm_source=f5support&utm_medium=RSS


∗∗∗ K000137093 : Node.js vulnerabilities CVE-2018-7167, CVE-2018-12115, and CVE-2018-12116 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000137093?utm_source=f5support&utm_medium=RSS


∗∗∗ The IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit are vulnerable to a server-side request forgery due to Apache Batik (CVE-2022-44730, CVE-2022-44729) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7043490


∗∗∗ Vulnerabilities in Node.js affect IBM Voice Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7043727


∗∗∗ IBM App Connect Enterprise is vulnerable to a denial of service due to Google Protocol Buffer protobuf-cpp (CVE-2022-1941) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7045071


∗∗∗ Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7035373


∗∗∗ Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7035370


∗∗∗ Multiple vulnerabilities in the IBM Java Runtime affects IBM Rational ClearCase. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7035371


∗∗∗ A vulnerability in libcURL affect IBM Rational ClearCase. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7035382


∗∗∗ IBM Spectrum Symphony openssl 1.1.1 End of Life ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7045753


∗∗∗ IBM\u00ae Db2\u00ae is vulnerable to information disclosure due to improper privilege management when certain federation features are used. (CVE-2023-29256) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010573

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily