[CERT-daily] Tageszusammenfassung - 07.09.2023

Daily end-of-shift report team at cert.at
Thu Sep 7 18:56:48 CEST 2023


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 06-09-2023 18:00 − Donnerstag 07-09-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Next-Generation Context Aware Password Cracking ∗∗∗
---------------------------------------------
TLDR; Using ChatGPT, an attacker can generate a list of password guesses based on the context of the target such as a company’s description or social media accounts.
---------------------------------------------
https://medium.com/@doctoreww/next-generation-context-aware-password-cracking-39b65e3aa976


∗∗∗ Cisco warnt vor teils kritischen Lücken und liefert Updates für mehrere Produkte ∗∗∗
---------------------------------------------
In mehreren Cisco-Produkten lauern Sicherheitslücken, die Updates schließen sollen. Eine gilt sogar als kritisch.
---------------------------------------------
https://heise.de/-9297182


∗∗∗ FreeWorld ransomware attacks MSSQL—get your databases off the Internet ∗∗∗
---------------------------------------------
When we think of ransomware and brute force password guessing attacks, we normally think of RDP, but recent research from Securonix reminds us that anything secured with a password and exposed to the internet is of interest to cybercriminals.
---------------------------------------------
https://www.malwarebytes.com/blog/news/2023/09/freeworld-ransomware-attacks-via-mssql-take-your-databases-off-the-internet


∗∗∗ Ozempic, Wegovy & Co: Vorsicht vor Fake-Shops mit „Schlankheitsmitteln“ ∗∗∗
---------------------------------------------
Diabetes-Medikamente wie Ozempic, Saxenda oder Metformin sind seit einiger Zeit von Lieferengpässen betroffen. Der Grund: Elon Musk, Kim Kardashian und andere Prominente nutzen diese und ähnliche Medikamente zum Abnehmen, der Hype dieser „Abnehmspritzen“ ließ nicht lange auf sich warten. Ein Trend, den sich auch Kriminelle zunutze machen. Sie bieten die eigentlich verschreibungspflichtigen Medikamente in Fake-Shops als Schlankheitsmittel an.
---------------------------------------------
https://www.watchlist-internet.at/news/ozempic-wegovy-co-vorsicht-vor-fake-shops-mit-schlankheitsmitteln/


∗∗∗ A classification of CTI Data feeds ∗∗∗
---------------------------------------------
We at CERT.at process and share a wide selection of cyber threat intelligence (CTI) as part of our core mission as Austria’s hub for IT security information. Right now, we are involved in two projects that involve the purchase of commercial CTI. I encountered some varying views on what CTI is and what one should do with the indicators of compromise (IoCs) that are part of a CTI feed. This blog post describes my view on this topic.
---------------------------------------------
https://cert.at/en/blog/2023/9/cti-data-feeds


∗∗∗ Cybercriminals target graphic designers with GPU miners ∗∗∗
---------------------------------------------
Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware including PhoenixMiner and lolMiner on infected machines.
---------------------------------------------
https://blog.talosintelligence.com/cybercriminals-target-graphic-designers-with-gpu-miners/


∗∗∗ CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells ∗∗∗
---------------------------------------------
This Cybersecurity Advisory has been updated with new tactics, techniques, and procedures (TTPs) as well as indicators of compromise (IOCs) received from an additional victim and trusted third parties.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/09/06/cisa-releases-update-threat-actors-exploiting-citrix-cve-2023-3519-implant-webshells


∗∗∗ MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 ∗∗∗
---------------------------------------------
CISA received 4 files for analysis from an incident response engagement conducted at an Aeronautical Sector organization [..] CISA has provided indicators of compromise (IOCs) and YARA rules for detection within this Malware Analysis Report (MAR).
---------------------------------------------
https://www.cisa.gov/news-events/analysis-reports/ar23-250a



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Aruba-Controller und -Gateways mit hochriskanten Sicherheitslücken ∗∗∗
---------------------------------------------
Für Aruba-Controller und -Gateways der Serien 9000 und 9200 gibt es Updates, die hochriskante Sicherheitslücken schließen.
---------------------------------------------
https://heise.de/-9297925


∗∗∗ Cisco Security Advisories 2023-09-06 - 2023-09-06 ∗∗∗
---------------------------------------------
Cisco has released 6 security advisories: (1x Critical, 1x High, 4x Medium)
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2023%2F09%2F06&firstPublishedEndDate=2023%2F09%2F06


∗∗∗ Sicherheitsupdates: Unbefugte Zugriffe auf TP-Link-Router möglich ∗∗∗
---------------------------------------------
Angreifer können verschiedene Router von TP-Link attackieren und im schlimmsten Fall eigene Befehle auf Geräten ausführen.
---------------------------------------------
https://heise.de/-9297306


∗∗∗ 2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution ∗∗∗
---------------------------------------------
Update - September 5th 2023: A new variant of the SRX upload vulnerability has been published by external researchers (CVE-2023-36851). All fixes listed under Solution below break the RCE chain
---------------------------------------------
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution


∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (August 28, 2023 to September 3, 2023) ∗∗∗
---------------------------------------------
Last week, there were 64 vulnerabilities disclosed in 61 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week.
---------------------------------------------
https://www.wordfence.com/blog/2023/09/wordfence-intelligence-weekly-wordpress-vulnerability-report-august-28-2023-to-september-3-2023/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (erofs-utils, htmltest, indent, libeconf, netconsd, php-phpmailer6, tinyexr, and vim), Red Hat (firefox), and Ubuntu (linux-aws, linux-aws-5.15, linux-ibm-5.15, linux-oracle, linux-oracle-5.15, linux-azure, linux-azure-fde-5.15, linux-gke, linux-gkeop, linux-intel-iotg-5.15, linux-raspi, linux-oem-6.1, linux-raspi, linux-raspi-5.4, shiro, and sox).
---------------------------------------------
https://lwn.net/Articles/943856/


∗∗∗ CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed) ∗∗∗
---------------------------------------------
CVE-2023-4528 affects all versions of JSCAPE MFT Server prior to version 2023.1.9 on all platforms (Windows, Linux, and MacOS). See the JSCAPE advisory for more information [..] CVE-2023-4528 has been addressed in JSCAPE version 2023.1.9 which is now available for customer deployment.
---------------------------------------------
https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/


∗∗∗ CISA Releases Four Industrial Control Systems Advisories ∗∗∗
---------------------------------------------
ICSA-23-250-01 Dover Fueling Solutions MAGLINK LX Console (CVSS v3 9.1), 
ICSA-23-250-02 Phoenix Contact TC ROUTER and TC CLOUD CLIENT (CVSS v3 9.6), 
ICSA-23-250-03 Socomec MOD3GP-SY-120K (CVSS v3 10.0), 
ICSA-23-157-01 Delta Electronics CNCSoft-B DOPSoft (Update) (CVSS v3 7.8)
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/09/07/cisa-releases-four-industrial-control-systems-advisories


∗∗∗ Drupal: WebProfiler - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-044 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-044


∗∗∗ Drupal: highlight.php - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-043 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-043


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list