[CERT-daily] Tageszusammenfassung - 15.09.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 14-09-2023 18:00 − Freitag 15-09-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ What is Secure Shell (SSH) & How to Use It: Security & Best Practices ∗∗∗
---------------------------------------------
In this blog post, we’re going to delve deeper into what Secure Shell (SSH) is, how it operates, and why it’s useful. We’ll cover everything from the basics of connecting with SSH to common commands and best practices for ensuring secure communications and file transfers.
---------------------------------------------
https://blog.sucuri.net/2023/09/what-is-secure-shell-ssh-how-to-use-it-security-best-practices.html


∗∗∗ A detailed analysis of the Money Message Ransomware ∗∗∗
---------------------------------------------
The threat actor group, Money Message ransomware, first appeared in March 2023, demanding million-dollar ransoms from its targets. Its configuration, which contains the services and processes to stop a ransomware attack, can be found at the end of the executable. The ransomware creates a mutex and deletes the Volume Shadow Copies using vssadmin.exe.
---------------------------------------------
https://resources.securityscorecard.com/research/analysis-money-message-ransomware


∗∗∗ Mehr Sicherheit für (Open-)Sourcecode: OpenSSF veröffentlicht Leitfaden ∗∗∗
---------------------------------------------
Ein Leitfaden der Open Source Security Foundation zeigt Tools und Best Practices zum Absichern von Code auf Versionsverwaltungsplattformen auf.
---------------------------------------------
https://www.heise.de/-9306112.html


∗∗∗ Watch out, this LastPass email with "Important information about your account" is a phish ∗∗∗
---------------------------------------------
The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email.
---------------------------------------------
https://www.malwarebytes.com/blog/news/2023/09/nasty-lastpass-phish


∗∗∗ Threat Group Assessment: Turla (aka Pensive Ursa) ∗∗∗
---------------------------------------------
Pensive Ursa was chosen to be the main focus for the 2023 MITRE ATT&CK evaluation. MITRE has described Turla as being “known for their targeted intrusions and innovative stealth.” The results of this evaluation, including Palo Alto Networks scoring, will be published in late September 2023.
---------------------------------------------
https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/


∗∗∗ Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety ∗∗∗
---------------------------------------------
UNC3944 is a financially motivated threat cluster that has persistently used phone-based social engineering and SMS phishing campaigns (smshing) to obtain credentials to gain and escalate access to victim organizations. At least some UNC3944 threat actors appear to operate in underground communities, such as Telegram and underground forums, which they may leverage to acquire tools, services, and/or other support to augment their operations.
---------------------------------------------
https://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-ransomware



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Jetzt patchen! Sicherheitslösungen von Fortinet als Sicherheitsrisiko ∗∗∗
---------------------------------------------
Mehrere Produkte von Fortinet sind verwundbar. Sicherheitsupdates schaffen Abhilfe.
---------------------------------------------
https://www.heise.de/-9306543.html


∗∗∗ Management-Controller Lenovo XCC: Angreifer können Passwörter manipulieren ∗∗∗
---------------------------------------------
Der Computerhersteller Lenovo hat in XClarity Controller mehrere Sicherheitslücken geschlossen.
---------------------------------------------
https://www.heise.de/-9304734.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (c-ares and samba), Fedora (borgbackup, firefox, and libwebp), Oracle (.NET 6.0 and kernel), Slackware (libwebp), SUSE (chromium and firefox), and Ubuntu (atftp, dbus, gawk, libssh2, libwebp, modsecurity-apache, and mutt).
---------------------------------------------
https://lwn.net/Articles/944581/


∗∗∗ QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7032220


∗∗∗ Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to HTTP header injection due to Go CVE-2023-29406 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7032249


∗∗∗ Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to bypassing security restrictions due to multiple Node.js vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7032238


∗∗∗ IBM Virtualization Engine TS7700 is susceptible to a denial of service due to use of Apache Commons FileUpload (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7031979


∗∗∗ Due to use of Golang Go, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7032901


∗∗∗ Multiple vulnerabilities in jackson-databind affect IBM Application Performance Management products ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7032899


∗∗∗ IBM Operational Decision Manager August 2023 - Multiple CVEs addressed ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7032928


∗∗∗ Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7029387


∗∗∗ CVE-2023-24539, CVE-2023-29400, CVE-2023-29403, CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to Go affect IBM CICS TX Standard 11.1 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7033006


∗∗∗ CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to Go affect IBM CICS TX Advanced 11.1 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7033004


∗∗∗ Vulnerabilities in Golang, openSSH and openJDK might affect IBM Spectrum Copy Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7029389


∗∗∗ Vulnerabilities in snappy-java might affect IBM Spectrum Copy Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7029381


∗∗∗ Vulnerabilities in cURL libcurl might affect IBM Spectrum Copy Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7029380

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily