[CERT-daily] Tageszusammenfassung - 02.01.2024

Tue Jan 2 18:11:16 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 29-12-2023 18:00 − Dienstag 02-01-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK ∗∗∗
---------------------------------------------
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information.
---------------------------------------------
https://thehackernews.com/2023/12/cert-ua-uncovers-new-malware-wave.html


∗∗∗ Neue Lücke in altem E-Mail-Protokoll: SMTP smuggling ∗∗∗
---------------------------------------------
Sicherheitsforscher haben eine Schwäche im Simple Mail Transfer Protocol (SMTP) entdeckt. Sie hebt das Fälschen des Absenders auf ein neues Niveau.
---------------------------------------------
https://www.heise.de/-9584467


∗∗∗ Ransomware: Fehler in Black-Basta-Programmierung ermöglicht Entschlüsselungstool ∗∗∗
---------------------------------------------
Unter bestimmten Bedingungen kann das kostenlose Entschlüsselungstool Black Basta Buster Opfern des Erpressungstrojaners Black Basta helfen.
---------------------------------------------
https://www.heise.de/-9584846


∗∗∗ New DLL Search Order Hijacking Technique Targets WinSxS Folder ∗∗∗
---------------------------------------------
Attackers can abuse a new DLL search order hijacking technique to execute code in applications within the WinSxS folder.
---------------------------------------------
https://www.securityweek.com/new-dll-search-order-hijacking-technique-targets-winsxs-folder/


∗∗∗ Domain (in)security: the state of DMARC ∗∗∗
---------------------------------------------
This blog discusses the state of DMARC, the role that DMARC plays in email authentication, and why it should be a key component of your email security solution.
---------------------------------------------
https://www.bitsight.com/blog/domain-insecurity-state-dmarc


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise ∗∗∗
---------------------------------------------
In this post I describe the 18 vulnerabilities that I discovered in PandoraFMS Enterprise v7.0NG.767 available at https://pandorafms.com. PandoraFMS is an enterprise scale network monitoring and management application which provides systems administrators with a central ‘hub’ to monitor and manipulate the state of computers (agents) deployed across the network.
---------------------------------------------
https://research.nccgroup.com/2024/01/02/technical-advisory-multiple-vulnerabilities-in-pandorafms-enterprise/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ansible, asterisk, cjson, firefox-esr, kernel, libde265, libreoffice, libspreadsheet-parseexcel-perl, php-guzzlehttp-psr7, thunderbird, tinyxml, and xerces-c), Fedora (podman-tui, proftpd, python-asyncssh, squid, and xerces-c), Mageia (libssh and proftpd), and SUSE (deepin-compressor, gnutls, gstreamer, libreoffice, opera, proftpd, and python-pip).
---------------------------------------------
https://lwn.net/Articles/956521/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Gentoo (Joblib), Red Hat (firefox and thunderbird), SUSE (gstreamer-plugins-bad, libssh2_org, and webkit2gtk3), and Ubuntu (firefox and thunderbird).
---------------------------------------------
https://lwn.net/Articles/956568/


∗∗∗ Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7103673


∗∗∗ Multiple vulnerabilities affect IBM Storage Scale Hadoop Connector ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7104389


∗∗∗ IBM Maximo Application Suite uses axios-0.25.0.tgz which is vulnerable to CVE-2023-45857 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7104391


∗∗∗ IBM Maximo Application Suite uses WebSphere Liberty which is vulnerable to CVE-2023-46158, CVE-2023-44483 and CVE-2023-44487 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7104390


∗∗∗ Vulnerabilities in Apache Ant affect IBM Operations Analytics - Log Analysis (CVE-2020-11023, CVE-2020-23064, CVE-2020-11022) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7104401


∗∗∗ Multiple vulnerabilities in Golang Go affect Cloud Pak System ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7037900

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily