[CERT-daily] Tageszusammenfassung - 13.09.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 12-09-2023 18:00 − Mittwoch 13-09-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Patchday: Angriffe mittels präparierter PDF-Dateien auf Adobe Acrobat ∗∗∗
---------------------------------------------
Adobe hat in Acrobat und Reader, Connect und Experience Manager mehrere Sicherheitslücken geschlossen.
---------------------------------------------
https://heise.de/-9303487


∗∗∗ Notfallpatch sichert Firefox und Thunderbird gegen Attacken ab ∗∗∗
---------------------------------------------
Mozilla hat in seinen Webbrowsern und seinem Mailclient eine Sicherheitslücke geschlossen, die Angreifer bereits ausnutzen.
---------------------------------------------
https://heise.de/-9303536


∗∗∗ Microsoft Security Update Summary (12. September 2023) ∗∗∗
---------------------------------------------
Am 12. September 2023 hat Microsoft Sicherheitsupdates für Windows-Clients und -Server, für Office- sowie für weitere Produkte – veröffentlicht. Die Sicherheitsupdates beseitigen 61 CVE-Schwachstellen, zwei sind 0-day Schwachstellen. Nachfolgend findet sich ein kompakter Überblick über diese Updates [...]
---------------------------------------------
https://www.borncity.com/blog/2023/09/13/microsoft-security-update-summary-12-september-2023/


∗∗∗ Threat landscape for industrial automation systems. Statistics for H1 2023 ∗∗∗
---------------------------------------------
In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%.
---------------------------------------------
https://securelist.com/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2023/110605/


∗∗∗ Malware distributor Storm-0324 facilitates ransomware access ∗∗∗
---------------------------------------------
The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool [...]
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2023/09/12/malware-distributor-storm-0324-facilitates-ransomware-access/


∗∗∗ Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints ∗∗∗
---------------------------------------------
Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities were released on August 23, 2023, [...]
---------------------------------------------
https://thehackernews.com/2023/09/alert-new-kubernetes-vulnerabilities.html


∗∗∗ OpenSSL 1.1.1 reaches end of life for all but the well-heeled ∗∗∗
---------------------------------------------
$50k to breathe new life into its corpse. The rest of us must move on to OpenSSL 3.0 
OpenSSL 1.1.1 has reached the end of its life, making a move to a later version essential for all, bar those with extremely deep pockets.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2023/09/12/openssl_111_end_of_life/


∗∗∗ macOS Info-Stealer Malware ‘MetaStealer’ Targeting Businesses ∗∗∗
---------------------------------------------
The MetaStealer macOS information stealer has been targeting businesses to exfiltrate keychain and other valuable information.
---------------------------------------------
https://www.securityweek.com/macos-info-stealer-malware-metastealer-targeting-businesses/


∗∗∗ How Next-Gen Threats Are Taking a Page From APTs ∗∗∗
---------------------------------------------
Cybercriminals are increasingly trying to find ways to get around security, detection, intelligence and controls as APTs start to merge with conventional cybercrime.
---------------------------------------------
https://www.securityweek.com/how-next-gen-threats-are-taking-a-page-from-apts/


∗∗∗ How Three Letters Brought Down UK Air Traffic Control ∗∗∗
---------------------------------------------
The UK bank holiday weekend at the end of August is a national holiday in which it sometimes seems the entire country ups sticks and makes for somewhere with a beach. This year though, many of them couldn’t, because the country’s NATS air traffic system went down and stranded many to grumble in the heat of a crowded terminal. At the time it was blamed on faulty flight data, but news now emerges that the data which brought down an entire country’s air traffic control may have not been faulty at all.
---------------------------------------------
https://hackaday.com/2023/09/13/how-three-letters-brought-down-uk-air-traffic-control/


∗∗∗ 3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack ∗∗∗
---------------------------------------------
Attackers resorted to new ransomware after deployment of LockBit was blocked on targeted network.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/threat-intelligence/3am-ransomware-lockbit


∗∗∗ White House urging dozens of countries to publicly commit to not pay ransoms ∗∗∗
---------------------------------------------
The U.S. National Security Council (NSC) is urging the governments of all countries participating in the International Counter Ransomware Initiative (CRI) to issue a joint statement announcing they will not pay ransoms to cybercriminals, according to three sources with knowledge of the plans.
---------------------------------------------
https://therecord.media/counter-ransomware-initiative-members-ransom-payments-statement


∗∗∗ September 2023 release of new Exchange Server CVEs (resolved by August 2023 Security Updates) ∗∗∗
---------------------------------------------
You may have noticed there were several new Exchange Server CVEs that were released today (a part of September 2023 ‘Patch Tuesday’). If you haven’t yet, you can go to the Security Update Guide and filter on Exchange Server under Product Family to review CVE information. The CVEs released today were actually addressed in the August 2023 Exchange Server Security Update (SU). Due to the timing of validation of those fixes and release dates, we decided to release the CVEs as a part of September 2023 ‘Patch Tuesday’ release cycle. We know that many customers are accustomed to checking for Microsoft security releases on the second Tuesday of every month, and we did not want these CVEs to go unnoticed.
---------------------------------------------
https://techcommunity.microsoft.com/t5/exchange-team-blog/september-2023-release-of-new-exchange-server-cves-resolved-by/ba-p/3924063



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (e2guardian), Fedora (libeconf), Red Hat (dmidecode, kernel, kernel-rt, keylime, kpatch-patch, libcap, librsvg2, linux-firmware, and qemu-kvm), Slackware (mozilla), SUSE (chromium and shadow), and Ubuntu (cups, dotnet6, dotnet7, file, flac, and ruby-redcloth).
---------------------------------------------
https://lwn.net/Articles/944354/


∗∗∗ BSRT-2023-001 Vulnerabilities in Management Console and Self Service Impact AtHoc Server ∗∗∗
---------------------------------------------
https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000112406


∗∗∗ VU#347067: Multiple BGP implementations are vulnerable to improperly formatted BGP updates ∗∗∗
---------------------------------------------
https://kb.cert.org/vuls/id/347067


∗∗∗ PHP Shopping Cart-4.2 Multiple-SQLi ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2023090037


∗∗∗ Cisco IOS XR Software Compression ACL Bypass Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-comp3acl-vGmp6BQ3


∗∗∗ Cisco IOS XR Software Image Verification Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-L9zOkBz5


∗∗∗ Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB


∗∗∗ Cisco IOS XR Software Model-Driven Programmability Behavior with AAA Authorization ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-info-GXp7nVcP


∗∗∗ Cisco IOS XR Software Connectivity Fault Management Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-cfm-3pWN8MKt


∗∗∗ Cisco IOS XR Software Access Control List Bypass Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnx-acl-PyzDkeYF


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ K000136157 : sssd vulnerability CVE-2022-4254 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000136157?utm_source=f5support&utm_medium=RSS


∗∗∗ Trumpf: Multiple Products affected by WIBU Codemeter Vulnerability ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-031/


∗∗∗ Elliptic Labs Virtual Lock Sensor Vulnerability ∗∗∗
---------------------------------------------
https://support.lenovo.com/product_security/PS500576-ELLIPTIC-LABS-VIRTUAL-LOCK-SENSOR-VULNERABILITY


∗∗∗ Lenovo XClarity Controller (XCC) Vulnerabilities ∗∗∗
---------------------------------------------
https://support.lenovo.com/product_security/PS500578


∗∗∗ Intel Dynamic Tuning Technology Advisory ∗∗∗
---------------------------------------------
https://support.lenovo.com/product_security/PS500577-INTEL-DYNAMIC-TUNING-TECHNOLOGY-ADVISORY

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily