[CERT-daily] Tageszusammenfassung - 25.10.2023

Wed Oct 25 19:09:36 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 24-10-2023 18:00 − Mittwoch 25-10-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Citrix Bleed exploit lets hackers hijack NetScaler accounts ∗∗∗
---------------------------------------------
A proof-of-concept (PoC) exploit is released for the Citrix Bleed vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/citrix-bleed-exploit-lets-hackers-hijack-netscaler-accounts/


∗∗∗ Phishing-Masche: Klarstellung wegen Viren-Versands gefordert ∗∗∗
---------------------------------------------
Die Verbraucherzentralen warnen vor Betrugsmails, die Empfänger zu einer Klarstellung auffordern. Es seien Beschwerden wegen Malware-Versands eingegangen.
---------------------------------------------
https://www.heise.de/news/Phishing-Masche-Klarstellung-wegen-Viren-Versands-gefordert-9343487.html


∗∗∗ Exploitcode für Root-Lücke in VMware Aria Operations for Logs in Umlauf ∗∗∗
---------------------------------------------
In Umlauf befindlicher Exploitcode gefährdet VMwares Management-Plattform für Cloudumgebungen. Admins sollten jetzt Sicherheitsupdates installieren.
---------------------------------------------
https://www.heise.de/news/Exploitcode-fuer-Root-Luecke-in-VMware-Aria-Operations-for-Logs-in-Umlauf-9343519.html


∗∗∗ Webmailer Roundcube: Attacken auf Zero-Day-Lücke ∗∗∗
---------------------------------------------
Im Webmailer Roundcube missbrauchen Cyberkriminelle eine Sicherheitslücke, um verwundbare Einrichtungen anzugreifen. Ein Update schließt das Leck.
---------------------------------------------
https://www.heise.de/news/Webmailer-Roundcube-Attacken-auf-Zero-Day-Luecke-9343924.html


∗∗∗ Teils kritische Lücken in VMware vCenter Server und Cloud Foundation geschlossen ∗∗∗
---------------------------------------------
VMware hat aktualisierte Softwarepakete veröffentlicht, die mehrere Lücken in vCenter Server und Cloud Foundation abdichten. Eine gilt als kritisch.
---------------------------------------------
https://www.heise.de/news/Update-stopft-kritische-Luecke-in-VMware-vCenter-Server-und-Cloud-Foundation-9344041.html


∗∗∗ Nusuccess: Seriöse Marketingagentur oder unseriöses Schneeballsystem? ∗∗∗
---------------------------------------------
Die Nusuccess FZCO mit Sitz in Dubai – vormals mit Sitz in Kärnten – bezeichnet sich selbst als „weltweit renommierte Werbeagentur“. Welche Leistungen diese Firma tatsächlich erbringt, bleibt aber im besten Fall vage. Erfahrungsberichte deuten darauf hin, dass sie ihren Gewinn hauptsächlich durch den Verkauf von teuren „Franchise-Paketen“ erzielt. Was genau Inhalt dieser Franchise-Pakete sein soll, bleibt unklar.
---------------------------------------------
https://www.watchlist-internet.at/news/nusuccess-serioese-marketingagentur-oder-unserioeses-schneeballsystem/


∗∗∗ Social engineering: Hacking minds over bytes ∗∗∗
---------------------------------------------
In this blog, lets focus on the intersection of psychology and technology, where cybercriminals manipulate human psychology through digital means to achieve their objectives.
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/social-engineering-hacking-minds-over-bytes


∗∗∗ How to Secure the WordPress Login Page ∗∗∗
---------------------------------------------
Given that WordPress powers millions of websites worldwide, it’s no surprise that it’s a prime target for malicious activities ranging from brute force attacks and hacking attempts to unauthorized access — all of which can wreak havoc on your site’s functionality, damage reputation, or even result in lost revenue and sales. A common entry point often exploited by hackers is the WordPress login page, [...]
---------------------------------------------
https://blog.sucuri.net/2023/10/how-to-secure-the-wordpress-login-page.html


∗∗∗ The Rise of S3 Ransomware: How to Identify and Combat It ∗∗∗
---------------------------------------------
In todays digital landscape, around 60% of corporate data now resides in the cloud, with Amazon S3 standing as the backbone of data storage for many major corporations. Despite S3 being a secure service from a reputable provider, its pivotal role in handling vast amounts of sensitive data (customer personal information, financial data, intellectual property, etc.), provides a juicy target for threat actors. It remains susceptible to ransomware attacks which are often initiated using leaked access keys that have accidentally been exposed by human error and have access to the organization's buckets.
---------------------------------------------
https://thehackernews.com/2023/10/the-rise-of-s3-ransomware-how-to.html


∗∗∗ RT 5.0.5 and 4.4.7 Now Available ∗∗∗
---------------------------------------------
RT versions 5.0.5 and 4.4.7 are now available. In addition to some new features and bug fixes, these releases contain important security updates and are recommended for all RT users.
---------------------------------------------
https://bestpractical.com/blog/2023/10/rt-505-and-447-now-available


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Lücke in Cisco IOS XE: Auch Rockwell-Industrieswitches betroffen ∗∗∗
---------------------------------------------
Neben Cisco-eigenen Geräten sind auch Rockwell-Switches der Stratix-Serie für den Industrieeinsatz betroffen. Eine Fehlerbehebung steht noch aus.
---------------------------------------------
https://www.heise.de/news/Luecke-in-Cisco-IOS-XE-Auch-Rockwell-Industrieswitches-betroffen-9343547.html


∗∗∗ VMSA-2023-0023 ∗∗∗
---------------------------------------------
Synopsis: VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056) 
1. Impacted Products 
* VMware vCenter Server 
* VMware Cloud Foundation
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2023-0023.html


∗∗∗ Several Critical Vulnerabilities Patched in AI ChatBot Plugin for WordPress ∗∗∗
---------------------------------------------
On September 28, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for multiple vulnerabilities in AI ChatBot, a WordPress plugin with over 4,000 active installations. After making our initial contact attempt on September 28th, 2023, we received a response on September 29, 2023 and sent over our full disclosure details.
---------------------------------------------
https://www.wordfence.com/blog/2023/10/several-critical-vulnerabilities-patched-in-ai-chatbot-plugin-for-wordpress/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gst-plugins-bad1.0, openssl, roundcube, and xorg-server), Fedora (dotnet6.0, dotnet7.0, roundcubemail, and wordpress), Mageia (redis), Oracle (dnsmasq, python27:2.7, python3, tomcat, and varnish), Red Hat (python39:3.9, python39-devel:3.9), Slackware (mozilla and vim), SUSE (openssl-3, poppler, ruby2.5, and xen), and Ubuntu (.Net, linux-gcp-5.15, linux-gkeop-5.15, linux-intel-iotg-5.15, linux-starfive-6.2, mysql-5.7, ncurses, and openssl).
---------------------------------------------
https://lwn.net/Articles/948814/


∗∗∗ Movable Type vulnerable to cross-site scripting ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN39139884/


∗∗∗ TEM Opera Plus FM Family Transmitter 35.45 XSRF ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5800.php


∗∗∗ TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5799.php


∗∗∗ VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) Remote Denial Of Service ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5798.php


∗∗∗ AIX is vulnerable to sensitive information exposure due to Perl (CVE-2023-31484 and CVE-2023-31486) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7047272


∗∗∗ IBM QRadar SIEM includes components with known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7049133


∗∗∗ IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to weaker than expected security (CVE-2023-46158) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7058540


∗∗∗ IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to weaker than expected security (CVE-2023-46158) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7058536


∗∗∗ A vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Business Developer. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7059262

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily