[CERT-daily] Tageszusammenfassung - 04.10.2023

Wed Oct 4 18:28:42 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 03-10-2023 18:00 − Mittwoch 04-10-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Sicherheitswarnung: Schwachstellen in Qualcomm-Treibern werden aktiv ausgenutzt ∗∗∗
---------------------------------------------
Mehrere Schwachstellen in Qualcomm-Treibern gefährden Smartphones und Tablets weltweit. Patches sind vorhanden - zumindest bei den Herstellern.
---------------------------------------------
https://www.golem.de/news/sicherheitswarnung-schwachstellen-in-qualcomm-treibern-werden-aktiv-ausgenutzt-2310-178174.html


∗∗∗ Looney Tunables: Schwachstelle in C-Bibliothek gefährdet Linux-Systeme ∗∗∗
---------------------------------------------
Eine Pufferüberlauf-Schwachstelle im dynamischen Lader von glibc ermöglicht es Angreifern, auf Linux-Systemen Root-Rechte zu erlangen.
---------------------------------------------
https://www.golem.de/news/looney-tunables-schwachstelle-in-c-bibliothek-gefaehrdet-linux-systeme-2310-178180.html


∗∗∗ Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement ∗∗∗
---------------------------------------------
Microsoft security researchers recently identified an attack where attackers attempted to move laterally to a cloud environment through a SQL Server instance. The attackers initially exploited a SQL injection vulnerability in an application within the target’s environment to gain access and elevated permissions to a Microsoft SQL Server instance deployed in an Azure Virtual Machine (VM).
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/


∗∗∗ Optimizing WordPress: Security Beyond Default Configurations ∗∗∗
---------------------------------------------
Default configurations in software are not always the most secure. For example, you might buy a network-attached home security camera from your friendly neighborhood electronics store. While these are handy to keep an eye on your property from the comfort of your phone, they also typically come shipped with a default username and password. And since they are connected to the web, they can be accessed from anywhere. Attackers know this, [...]
---------------------------------------------
https://blog.sucuri.net/2023/10/optimizing-wordpress-security-beyond-default-configurations.html


∗∗∗ Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch ∗∗∗
---------------------------------------------
Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, has coined the vulnerabilities ShellTorch. "These vulnerabilities [...] can lead to a full chain Remote Code Execution (RCE), leaving countless thousands of services and end-users — including some of the world's largest companies — open to unauthorized access and insertion of malicious AI models, and potentially a full server takeover," [...]
---------------------------------------------
https://thehackernews.com/2023/10/warning-pytorch-models-vulnerable-to.html


∗∗∗ Patchday: Attacken auf Android 11, 12 und 13 beobachtet ∗∗∗
---------------------------------------------
Unter anderem Google hat wichtige Sicherheitsupdates für Android-Geräte veröffentlicht. Zwei Lücken haben Angreifer bereits im Visier.
---------------------------------------------
https://www.heise.de/-9324125.html


∗∗∗ Linux tries to dump Windows notoriously insecure RNDIS protocol ∗∗∗
---------------------------------------------
Here we go again. Linux developers are trying, once more, to rid Linux of Microsofts Remote Network Driver Interface Specification. Heres why its complicated.
---------------------------------------------
https://www.zdnet.com/home-and-office/networking/linux-tries-to-dump-windows-notoriously-insecure-rndis-protocol/


∗∗∗ Five Misconfigurations Threatening Your AWS Environment Today ∗∗∗
---------------------------------------------
In the ever-expanding realm of AWS, with over 200 services at your disposal, securing your cloud account configurations and mastering complex environments can feel like an overwhelming challenge. To help you prioritize and root them out, we’ve put together a guide for AWS configurations that are most commonly overlooked. Here are five of the top misconfigurations that could be lurking in your AWS environment right now.
---------------------------------------------
https://blog.aquasec.com/five-misconfigurations-threatening-your-aws-environment-today


=====================
=  Vulnerabilities  =
=====================

∗∗∗ CVE-2023-22515 - Privilege Escalation Vulnerability in Confluence Data Center and Server ∗∗∗
---------------------------------------------
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
---------------------------------------------
https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (glibc, postgresql-11, and thunderbird), Fedora (openmpi, pmix, prrte, and slurm), Gentoo (glibc and libvpx), Oracle (kernel), Red Hat (kernel), Slackware (libX11 and libXpm), SUSE (firefox, kernel, libeconf, libqb, libraw, libvpx, libX11, libXpm, mdadm, openssl-1_1, poppler, postfix, python311, rubygem-puma, runc, and vim), and Ubuntu (freerdp2, glibc, grub2-signed, grub2-unsigned, libx11, libxpm, linux-intel-iotg, linux-intel-iotg-5.15, linux-oracle, linux-oracle-5.15, and mozjs102).
---------------------------------------------
https://lwn.net/Articles/946496/


∗∗∗ New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks ∗∗∗
---------------------------------------------
Supermicro has released BMC IPMI firmware updates to address multiple vulnerabilities impacting select motherboard models.
---------------------------------------------
https://www.securityweek.com/new-supermicro-bmc-vulnerabilities-could-expose-many-servers-to-remote-attacks/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily