[CERT-daily] Tageszusammenfassung - 21.09.2023

Thu Sep 21 18:18:49 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 20-09-2023 18:00 − Donnerstag 21-09-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Free Download Manager releases script to check for Linux malware ∗∗∗
---------------------------------------------
The developers of Free Download Manager (FDM) have published a script to check if a Linux device was infected through a recently reported supply chain attack.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/free-download-manager-releases-script-to-check-for-linux-malware/


∗∗∗ P2PInfect botnet activity surges 600x with stealthier malware variants ∗∗∗
---------------------------------------------
The P2PInfect botnet worm is going through a period of highly elevated activity volumes starting in late August and then picking up again in September 2023.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/p2pinfect-botnet-activity-surges-600x-with-stealthier-malware-variants/


∗∗∗ LUCR-3: Scattered Spider Getting SaaS-y in the Cloud ∗∗∗
---------------------------------------------
LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property (IP) for extortion. LUCR-3 targets Fortune 2000 companies across various sectors to include but not limited to Software, Retail, Hospitality, Manufacturing, and Telecoms.
---------------------------------------------
https://permiso.io/blog/lucr-3-scattered-spider-getting-saas-y-in-the-cloud


∗∗∗ Remote Code Execution in Tutanota Desktop due to Code Flaw ∗∗∗
---------------------------------------------
In this article, we explained how an innocent-looking mistake in the code could significantly impact the security of an application. We showed how we found a Cross-Site Scripting vulnerability in Tutanota, a popular end-to-end encrypted webmail service, and explained how an attacker could have exploited the flaw to execute arbitrary code on a victims system.
---------------------------------------------
https://www.sonarsource.com/blog/remote-code-execution-in-tutanota-desktop-due-to-code-flaw/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Drupal core - Critical - Cache poisoning - SA-CORE-2023-006 ∗∗∗
---------------------------------------------
This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected.
---------------------------------------------
https://www.drupal.org/sa-core-2023-006


∗∗∗ MOVEit Transfer: Schwachstellen ermöglichen Angreifern Datenschmuggel ∗∗∗
---------------------------------------------
Neue MOVEit Transfer-Versionen schließen teils hochriskante Sicherheitslücken. IT-Verantwortliche sollten sie zügig installieren.
---------------------------------------------
https://www.heise.de/-9312162


∗∗∗ Sicherheitsupdate: Passwort-Lücke bedroht Nagios XI ∗∗∗
---------------------------------------------
Angreifer können die Server-Monitoring-Lösung Nagios XI attackieren. Eine dagegen abgesicherte Version ist verfügbar.
---------------------------------------------
https://www.heise.de/-9312331


∗∗∗ Sicherheitsupdate: Authentifizierung von HPE OneView umgehbar ∗∗∗
---------------------------------------------
Die IT-Infrastrukturmanagementlösung OneView von HPE ist verwundbar. Der Entwickler hat zwei kritische Sicherheitslücken geschlossen.
---------------------------------------------
https://www.heise.de/-9312816


∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023) ∗∗∗
---------------------------------------------
Last week, there were 55 vulnerabilities disclosed in 46 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 15 Vulnerability Researchers that contributed to WordPress Security last week.
---------------------------------------------
https://www.wordfence.com/blog/2023/09/wordfence-intelligence-weekly-wordpress-vulnerability-report-september-11-2023-to-september-17-2023/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (frr and libyang), Fedora (golang-github-prometheus-exporter-toolkit, golang-github-xhit-str2duration, golang-gopkg-alecthomas-kingpin-2, libpano13, and open-vm-tools), Oracle (firefox, frr, and thunderbird), Red Hat (dmidecode, kernel, kernel-rt, kpatch-patch, libwebp: critical, linux-firmware, mariadb:10.3, ncurses, postgresql:15, and virt:rhel and virt-devel:rhel), Scientific Linux (firefox, open-vm-tools, and thunderbird), SUSE (binutils, bluez, chromium, curl, gcc7, go1.20, go1.21, grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, pyt, gstreamer-plugins-good, kernel, libcares2, libxml2, mdadm, mutt, and python-brotlipy), and Ubuntu (indent, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-oem-6.0, linux-oem-6.1, and memcached).
---------------------------------------------
https://lwn.net/Articles/945073/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mutt, netatalk, and python2.7), Fedora (chromium, golang-github-prometheus-exporter-toolkit, golang-github-xhit-str2duration, and golang-gopkg-alecthomas-kingpin-2), Oracle (dmidecode, frr, libwebp, open-vm-tools, and thunderbird), Red Hat (libwebp and open-vm-tools), SUSE (cups, frr, mariadb, openvswitch3, python39, qemu, redis7, rubygem-rails-html-sanitizer, and skopeo), and Ubuntu (bind9, cups, and libppd).
---------------------------------------------
https://lwn.net/Articles/945173/


∗∗∗ Synology-SA-23:13 SRM ∗∗∗
---------------------------------------------
A vulnerability allow remote attackers to bypass security constraint via a susceptible version of Synology Router Manager (SRM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_23_13


∗∗∗ ISC Releases Security Advisories for BIND 9 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/09/21/isc-releases-security-advisories-bind-9


∗∗∗ Frauscher: Multiple Vulnerabilities in FDS101 ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-038/


∗∗∗ Rockwell Automation FactoryTalk View Machine Edition ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-06


∗∗∗ Rockwell Automation Connected Components Workbench ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-05


∗∗∗ Rockwell Automation Select Logix Communication Modules ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-04


∗∗∗ Delta Electronics DIAScreen ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-03


∗∗∗ Real Time Automation 460 Series ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-01


∗∗∗ IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963075


∗∗∗ IBM Virtualization Engine TS7700 is susceptible to a denial of service due to use of Apache Commons FileUpload (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7031979


∗∗∗ Vulnerabilities in CKEditor library affects IBM Engineering Test Management (ETM) (CVE-2021-32809, CVE-2021-37695) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7037094


∗∗∗ Multiple vulnerabilities in IBM Java SDK affects IBM Storage Scale ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7037135


∗∗∗ IBM Events Operator is affected by a denial of service in OpenSSL (CVE-2023-0215). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7037162


∗∗∗ A vulnerability in Red Hat Enterprise Linux may affect IBM Robotic Process Automation for Cloud Pak and result in elevated privileges (CVE-2023-3899). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7037164


∗∗∗ IBM Events Operator is affected by a denial of service in OpenSSL (CVE-2022-4450). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7037167


∗∗∗ IBM Events Operator is vulnerable to a denial of service in OpenSSL (CVE-2023-0286) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7037165


∗∗∗ Vulnerability in node.js package may affect IBM Storage Scale GUI (CVE-2022-25883) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7037185

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily