[CERT-daily] Tageszusammenfassung - 14.09.2023

Thu Sep 14 18:36:33 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 13-09-2023 18:00 − Donnerstag 14-09-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Windows 11 ‘ThemeBleed’ RCE bug gets proof-of-concept exploit ∗∗∗
---------------------------------------------
Security researcher Gabe Kirkpatrick has made a proof-of-concept (PoC) exploit available for CVE-2023-38146, aka "ThemeBleed," which enables attackers to trigger arbitrary remote code execution if the target opens a specially crafted .theme file.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/windows-11-themebleed-rce-bug-gets-proof-of-concept-exploit/


∗∗∗ Top 10 Facts About MOVEit Breach ∗∗∗
---------------------------------------------
This breach exposed the vulnerabilities inherent in some of the world’s most trusted platforms and highlighted the audacity and capabilities of modern cybercriminals. Furthermore, becoming the primary attack vector for the Cl0p ransomware group, it has led to many other attacks.
---------------------------------------------
https://socradar.io/top-10-facts-about-moveit-breach/


∗∗∗ Column-Level Encryption 101: What is It, implementation & Benefits ∗∗∗
---------------------------------------------
By encrypting individual columns of data, organizations can limit access to the data, reduce the potential damage of a breach and help ensure the privacy of their customers information. In this post, we will explore the power of column-level encryption for data security. So let’s dive in.
---------------------------------------------
https://www.piiano.com/blog/column-level-encryption


∗∗∗ Uncursing the ncurses: Memory corruption vulnerabilities found in library ∗∗∗
---------------------------------------------
Microsoft has discovered a set of memory corruption vulnerabilities in a library called ncurses, which provides APIs that support text-based user interfaces (TUI). Released in 1993, the ncurses library is commonly used by various programs on Portable Operating System Interface (POSIX) operating systems, including Linux, macOS, and FreeBSD.
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2023/09/14/uncursing-the-ncurses-memory-corruption-vulnerabilities-found-in-library/


∗∗∗ PSA: Ongoing Webex malvertising campaign drops BatLoader ∗∗∗
---------------------------------------------
A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco's brand and is displayed first when performing a Google search.
---------------------------------------------
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/ongoing-webex-malvertising-drops-batloader


∗∗∗ QR-Code in E-Mails von vermeintlichen Lieferanten führt zu Phishing-Seite ∗∗∗
---------------------------------------------
Aktuell ist ein besonders perfides Phishing-Mail im Umlauf: Unternehmen werden von ihnen bekannten Lieferanten kontaktiert, die ein Angebot per QR-Code übermitteln. Zumindest wird das in der Nachricht behauptet. Tatsächlich führt das Scannen des QR-Codes auf eine Phishing-Seite. Kriminelle versuchen dabei, an die Zugangsdaten für das Microsoft-Konto der Mitarbeiter:innen zu kommen.
---------------------------------------------
https://www.watchlist-internet.at/news/qr-code-in-e-mails-von-vermeintlichen-lieferanten-fuehrt-zu-phishing-seite/


∗∗∗ Vorsicht vor Phishing-E-Mails von "oesterreich.gv.at" & "a-trust.at" ∗∗∗
---------------------------------------------
Momentan befinden sich zahlreiche Phishing-Nachrichten von vermeintlich vertrauenswürdigen Absendern in Umlauf. Die Nachrichten versprechen angebliche Rückerstattungen von Oesterreich.gv.at. Klicken Sie nicht auf die Links, Ihre Daten werden gestohlen!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-phishing-e-mails-von-oesterreichgvat-a-trustat/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ FortiGuard PSIRT Advisories ∗∗∗
---------------------------------------------
Fortiguard Labs have released 12 Advisories for FortiADC, FortiAPs, FortiAP-U, FortiClient-EMS, FortiManager & FortiAnalyzer, FortiOS & FortiProxy, FortiPresence, FortiSIEM, FortiTester and FortiWeb. (Severity: 3x High, 8x Medium, 1x Low)
---------------------------------------------
https://fortiguard.fortinet.com/psirt?date=2023&product=FortiWeb,FortiSIEM,FortiClientEMS,FortiTester,FortiAP-S,FortiAP-U,FortiPresence,FortiManager,FortiOS-6K7K,FortiOS,FortiAnalyzer,FortiAnalyzer-BigData,FortiADC


∗∗∗ Siemens hat mit 14.09.2023 weitere 2 Security Advisories veröffentlicht ∗∗∗
---------------------------------------------
SSA-646240: Sensitive Information Disclosure in SIMATIC PCS neo Administration Console (5.5), SSA-357182: Local Privilege Escalation Vulnerability in Spectrum Power 7 (8.2)
---------------------------------------------
https://www.siemens.com/global/en/products/services/cert.html#SecurityPublications


∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023) ∗∗∗
---------------------------------------------
Last week, there were 107 vulnerabilities disclosed in 89 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week.
---------------------------------------------
https://www.wordfence.com/blog/2023/09/wordfence-intelligence-weekly-wordpress-vulnerability-report-september-4-2023-to-september-10-2023/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, libwebp, ruby-loofah, and ruby-rails-html-sanitizer), Fedora (open-vm-tools and salt), Oracle (.NET 7.0, dmidecode, flac, gcc, httpd:2.4, keylime, libcap, librsvg2, and qemu-kvm), Red Hat (.NET 6.0 and .NET 7.0), Slackware (libarchive and mozilla), SUSE (chromium and kernel), and Ubuntu (curl, firefox, ghostscript, open-vm-tools, postgresql-9.5, and thunderbird).
---------------------------------------------
https://lwn.net/Articles/944481/


∗∗∗ Drupal: Mail Login - Critical - Access bypass - SA-CONTRIB-2023-045 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-045


∗∗∗ Rockwell Automation Pavilion8 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-07


∗∗∗ Palo Alto: CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent (Severity: MEDIUM) ∗∗∗
---------------------------------------------
https://security.paloaltonetworks.com/CVE-2023-3280


∗∗∗ Palo Alto: CVE-2023-38802 PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software (Severity: HIGH) ∗∗∗
---------------------------------------------
https://security.paloaltonetworks.com/CVE-2023-38802


∗∗∗ : PostgreSQL Vulnerability Affects IBM Connect:Direct Web Service (CVE-2023-39417) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7032120


∗∗∗ CISA Adds Three Known Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/09/13/cisa-adds-three-known-vulnerabilities-catalog

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily