[CERT-daily] Tageszusammenfassung - 12.09.2023

Daily end-of-shift report team at cert.at
Tue Sep 12 19:09:54 CEST 2023


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 11-09-2023 18:00 − Dienstag 12-09-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ New WiKI-Eve attack can steal numerical passwords over WiFi ∗∗∗
---------------------------------------------
A new attack dubbed WiKI-Eve can intercept the cleartext transmissions of smartphones connected to modern WiFi routers and deduce individual numeric keystrokes at an accuracy rate of up to 90%, allowing numerical passwords to be stolen.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-wiki-eve-attack-can-steal-numerical-passwords-over-wifi/


∗∗∗ Free Download Manager backdoored – a possible supply chain attack on Linux machines ∗∗∗
---------------------------------------------
Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.
---------------------------------------------
https://securelist.com/backdoored-free-download-manager-linux-malware/110465/


∗∗∗ Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper ∗∗∗
---------------------------------------------
"A phishing email delivers the Word document as an attachment, presenting a deliberately blurred image and a counterfeit reCAPTCHA to lure the recipient into clicking on it," Fortinet FortiGuard Labs researcher Cara Lin said.
---------------------------------------------
https://thehackernews.com/2023/09/sophisticated-phishing-campaign.html


∗∗∗ Gefälschte Post-, DHL und UPS-Benachrichtigungen im Umlauf ∗∗∗
---------------------------------------------
Sie warten gerade auf ein Paket? Nehmen Sie Benachrichtigungen über den Lieferstatus genau unter die Lupe. Momentan kursieren viele betrügerische Infos. Per E-Mail oder SMS werden Sie informiert, dass noch Zollgebühren oder Versandkosten bezahlt werden müssen. Klicken Sie nicht auf den Link. Sie landen auf einer betrügerischen Seite, die Kreditkartendaten abgreift.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-post-dhl-und-ups-benachrichtigungen-im-umlauf/


∗∗∗ Das European Cyber Shield ∗∗∗
---------------------------------------------
Die EU will im Rahmen vom "Digital Europe Programme" mit Förderungen für die Vernetzung von SOCs die Sicherheit der EU stärken und das System über einen neuen "Cyber Solidarity Act" dauerhaft einrichten. Ich hab dazu im Rahmen des CSIRTs Network Meetings im Juni einen Vortrag gehalten, dessen Inhalt ich jetzt auf ein ausformuliertes Paper (auf Englisch) erweitert habe.
---------------------------------------------
https://cert.at/de/blog/2023/9/european-cyber-shield


∗∗∗ Persistent Threat: New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk ∗∗∗
---------------------------------------------
A new vulnerability has been discovered that could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations. This technique could be used to perform a Repojacking attack (hijacking popular repositories to distribute malicious code).
---------------------------------------------
https://checkmarx.com/blog/persistent-threat-new-exploit-puts-thousands-of-github-repositories-and-millions-of-users-at-risk/


∗∗∗ Deleting Your Way Into SYSTEM: Why Arbitrary File Deletion Vulnerabilities Matter ∗∗∗
---------------------------------------------
Windows arbitrary file deletion vulnerabilities should no longer be considered mere annoyances or tools for Denial-of-Service (DoS) attacks. Over the past couple of years, these vulnerabilities have matured into potent threats capable of unearthing a portal to full system compromise. This transformation is exemplified in CVE-2023-27470 (an arbitrary file deletion vulnerability in N-Able’s Take Control Agent with a CVSS Base Score of 8.8) demonstrating that what might initially seem innocuous can, in fact, expose unexpected weaknesses within your system.
---------------------------------------------
https://www.mandiant.com/resources/blog/arbitrary-file-deletion-vulnerabilities



=====================
=  Vulnerabilities  =
=====================

∗∗∗ NSO-Exploit: Apple fixt auch ältere Versionen von macOS, iOS und iPadOS ∗∗∗
---------------------------------------------
Nach Notfall-Updates für aktuelle Betriebssysteme schiebt Apple nun auch Patches für ältere Versionen nach. Man sollte flott aktualisieren.
---------------------------------------------
https://heise.de/-9301842


∗∗∗ Patchday: SAP schließt kritische Datenleak-Lücke in BusinessObjects ∗∗∗
---------------------------------------------
Es sind wichtige Sicherheitsupdates für SAP-Software erschienen. Admins sollten zeitnah handeln.
---------------------------------------------
https://heise.de/-9302399


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (node-cookiejar and orthanc), Oracle (firefox, kernel, and kernel-container), Red Hat (flac and httpd:2.4), Slackware (vim), SUSE (python-Django, terraform-provider-aws, terraform-provider-helm, and terraform-provider-null), and Ubuntu (c-ares, curl, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-raspi, and linux-ibm, linux-ibm-5.4).
---------------------------------------------
https://lwn.net/Articles/944263/


∗∗∗ ICS Patch Tuesday: Critical CodeMeter Vulnerability Impacts Several Siemens Products ∗∗∗
---------------------------------------------
ICS Patch Tuesday: Siemens has released 7 new advisories and Schneider Electric has released 1 new advisory.
---------------------------------------------
https://www.securityweek.com/ics-patch-tuesday-critical-codemeter-vulnerability-impacts-several-siemens-products/


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2023-0008 ∗∗∗
---------------------------------------------
CVE identifiers: CVE-2023-28198, CVE-2023-32370,CVE-2023-40397.
---------------------------------------------
https://webkitgtk.org/security/WSA-2023-0008.html


∗∗∗ Google Chrome 116.0.5845.187/.188 fixt kritische Schwachstelle ∗∗∗
---------------------------------------------
Google hat zum 11. September 2023 Updates des Google Chrome Browsers 116 im Stable und Extended Channel für Mac, Linux und Windows freigegeben. Es sind Sicherheitsupdates, die ausgerollt werden und eine Schwachstelle (Einstufung als "kritisch") beseitigen sollen.
---------------------------------------------
https://www.borncity.com/blog/2023/09/11/google-chrome-116-0-5845-187-188-fixt-kritische-schwachstelle/


∗∗∗ Fujitsu Software Infrastructure Manager ∗∗∗
---------------------------------------------
An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and storage of authorization credentials in cleartext.
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-02


∗∗∗ Sicherheitsupdates in Foxit PDF Reader 2023.2 und Foxit PDF Editor 2023.2 verfügbar ∗∗∗
---------------------------------------------
https://www.foxit.com/de/support/security-bulletins.html


∗∗∗ Hitachi Energy Lumada APM Edge ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-01


∗∗∗ Multiple vulnerabilities in OpenSSL affect AIX ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7031625


∗∗∗ Control Access issues in PCOMM ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7031707


∗∗∗ Multiple Security vulnerabilities in IBM Java in FileNet Content Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7001699


∗∗∗ A vulnerability in FasterXML Jackson Core may affect IBM Robotic Process Automation and result in an application crash (IBM X-Force ID: 256137). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7031716


∗∗∗ IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable could provide weaker than expected security. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7031051


∗∗∗ Vulnerability in Open JDK affecting Rational Functional Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7031729


∗∗∗ IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules tough-cookie and semver (CVE-2023-26136, CVE-2022-25883). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7031733


∗∗∗ IBM Cloud Pak for Security includes components with multiple known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7031754

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list