[CERT-daily] Tageszusammenfassung - 29.09.2023

Daily end-of-shift report team at cert.at
Fri Sep 29 18:41:05 CEST 2023


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 28-09-2023 18:00 − Freitag 29-09-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Version 1.0: Ungepatchte Schwachstellen im Mail Transfer Agent Exim ∗∗∗
---------------------------------------------
Der Open Source Mail Transfer Agent (MTA) Exim weist mehrere schwerwiegende ungepatchte Schwachstellen auf. Besonders kritisch ist eine Buffer Overflow Schwachstelle in der SMTP-Implementierung, CVE-2023-42115, die einer entfernten, unauthorisierten angreifenden Person gegebenenfalls das Ausführen von Code mit Rechten des Service Accounts, mit dem Exim betrieben wird, ermöglicht. Sie erreicht daher eine CVSS-Bewertung von 9.8 ("kritisch").
---------------------------------------------
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2023/2023-266613-1032.pd


∗∗∗ Betrifft unzählige Anwendungen: Zero-Day-Schwachstelle in VP8-Videokodierung ∗∗∗
---------------------------------------------
Google hat mal wieder eine Zero-Day-Schwachstelle in Chrome gepatcht. Neben gängigen Webbrowsern sind aber auch viele andere Apps betroffen.
---------------------------------------------
https://www.golem.de/news/betrifft-unzaehlige-anwendungen-zero-day-schwachstelle-in-vp8-videokodierung-2309-178082.html


∗∗∗ Dringend patchen: Schwachstelle mit maximalem Schweregrad in WS_FTP ∗∗∗
---------------------------------------------
Der Entwickler der Datentransfersoftware Moveit hat erneut kritische Schwachstellen behoben - dieses Mal in der Serveranwendung WS_FTP.
---------------------------------------------
https://www.golem.de/news/dringend-patchen-schwachstelle-mit-maximalem-schweregrad-in-ws-ftp-2309-178097.html


∗∗∗ Important release of LibreOffice 7.6.2 Community and LibreOffice 7.5.7 Community with key security fix ∗∗∗
---------------------------------------------
The Document Foundation is releasing LibreOffice 7.6.2 Community and LibreOffice 7.5.7 Community ahead of schedule to address a security issue known as CVE 2023-4863, which originates in a widely used code library known as libwebp, created by Google more than a decade ago to render the then-new WebP graphics format.
---------------------------------------------
https://blog.documentfoundation.org/blog/2023/09/26/lo-762-and-lo-757/


∗∗∗ Jetzt patchen! Angreifer haben Netzwerkgeräte von Cisco im Visier ∗∗∗
---------------------------------------------
Cisco hat unter anderem eine kritische Lücke in Catalyst SD-WAN geschlossen. Außerdem gibt es Sicherheitsupdates für weitere Produkte.
---------------------------------------------
https://www.heise.de/-9320947.html


∗∗∗ Balkonkraftwerke: Hoymiles schließt Sicherheitslücken ∗∗∗
---------------------------------------------
Der Wechselrichterhersteller hat die Lücken in der API geschlossen – das haben wir verifiziert. Im Gespräch gelobte Hoymiles Besserung.
---------------------------------------------
https://www.heise.de/-9321291.html


∗∗∗ Malicious ad served inside Bings AI chatbot ∗∗∗
---------------------------------------------
Users looking for software downloads may be tricked into visiting malicious websites via their interaction with Bing Chat.
---------------------------------------------
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot


∗∗∗ Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks ∗∗∗
---------------------------------------------
Hackers have set their sights on CVE-2023-34468, an RCE vulnerability in Apache NiFi that impacts thousands of organizations.
---------------------------------------------
https://www.securityweek.com/hackers-set-sights-on-apache-nifi-flaw-that-exposes-many-organizations-to-attacks/


∗∗∗ Oktober ist Cyber Security Month: Tipps und Veranstaltungen ∗∗∗
---------------------------------------------
Im Oktober dreht sich alles um Cyber-Sicherheit. Machen auch Sie mit und nutzen Sie das vielfältige Angebot. Wir zeigen Ihnen, wie Sie Ihre Kenntnisse zu Phishing, Randsomeware und Co. verbessern.
---------------------------------------------
https://www.watchlist-internet.at/news/oktober-ist-cyber-security-month-tipps-und-veranstaltungen/


∗∗∗ Betrügerisches EP-Gewinnspiel wird massenhaft per SMS verschickt ∗∗∗
---------------------------------------------
„Gratulation an die EP Electronic Gewinner”. Dieser Text steht in einer SMS, die derzeit massenhaft von Kriminellen verschickt wird. Besonders perfid: In der SMS werden auch die Namen der angeblichen Gewinner:innen genannt. Selbst wenn Ihr Name in der SMS auftaucht, sollten Sie nicht auf den mitgeschickten Link klicken! Betrüger:innen versuchen Sie in die Abo-Falle zu locken.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerisches-ep-gewinnspiel-wird-massenhaft-per-sms-verschickt/


∗∗∗ CL0P Seeds ^_- Gotta Catch Em All! ∗∗∗
---------------------------------------------
CL0P is distributing ransomware data via torrents. We investigate this new method, including seeds we’ve tracked — disguising victims with Pokemon. Catch them all!
---------------------------------------------
https://unit42.paloaltonetworks.com/cl0p-group-distributes-ransomware-data-with-torrents/


∗∗∗ Phishing via Dropbox ∗∗∗
---------------------------------------------
A burgeoning attack involving Dropbox is making the rounds. In the first two weeks of September, we saw 5,440 of these attacks. Hackers are using Dropbox to create fake login pages that eventually lead to a credential harvesting page. It’s yet another example of how hackers are utilizing legitimate services in what we call BEC 3.0 attacks. Business Email Compromise 3.0 attacks refer to the usage of legitimate sites—like Dropbox—to send and host phishing material.
---------------------------------------------
https://blog.checkpoint.com/harmony-email/phishing-via-dropbox/


∗∗∗ Analysis of Time-to-Exploit Trends: 2021-2022 ∗∗∗
---------------------------------------------
Mandiant Intelligence analyzed 246 vulnerabilities that were exploited between 2021 and 2022. Sixty-two percent (153) of the vulnerabilities were first exploited as zero-day vulnerabilities. The number of exploited vulnerabilities each year continues to increase, while the overall times-to-exploit (TTEs) we are seeing are decreasing. Exploitation of a vulnerability is most likely to occur before the end of the first month following the release of a patch.
---------------------------------------------
https://www.mandiant.com/resources/blog/time-to-exploit-trends-2021-2022



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, jetty9, and vim), Gentoo (Fish, GMP, libarchive, libsndfile, Pacemaker, and sudo), Oracle (nodejs:16 and nodejs:18), Red Hat (virt:av and virt-devel:av), Slackware (mozilla), SUSE (chromium, firefox, Golang Prometheus, iperf, libqb, and xen), and Ubuntu (linux-raspi).
---------------------------------------------
https://lwn.net/Articles/945965/


∗∗∗ Security Vulnerability fixed in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox for Android 118.1.0, Firefox Focus for Android 118.1.0, and Thunderbird 115.3.1. ∗∗∗
---------------------------------------------
CVE-2023-5217: Heap buffer overflow in libvpx 
Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/


∗∗∗ Vulnerabilities in node.js affect Cloud Pak Sytem [CVE-2023-28154, CVE-2022-46175, CVE-2022-3517] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7038776


∗∗∗ IBM Instana Observability is vulnerable to arbitrary code execution ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7041863


∗∗∗ IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-toolset and amicontained ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7039373


∗∗∗ Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Go CVE-2023-29409 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7032246


∗∗∗ Vulnerabilities in XStream library affects IBM Engineering Test Management (ETM) (CVE-2022-40151) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7042166


∗∗∗ Vulnerabilities in xercesImpl library affects IBM Engineering Test Management (ETM) (CVE-2022-23437) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7042167


∗∗∗ The IBM\u00ae Engineering Lifecycle Engineering product is affected as Java deserialization filters (JEP 290) ignored during IBM ORB deserialization (CVE-2022-40609) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7042172


∗∗∗ Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-44730, CVE-2022-44729) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7042170


∗∗∗ Multiple vulnerabilities in IBM Storage Defender \u2013 Data Protect ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7040913

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list