[CERT-daily] Tageszusammenfassung - 10.01.2024

Wed Jan 10 18:26:31 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 09-01-2024 18:00 − Mittwoch 10-01-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Absenderdaten entschlüsselt: China hat wohl Apples Airdrop-Protokoll "geknackt" ∗∗∗
---------------------------------------------
Forensikern aus Peking ist es angeblich gelungen, Telefonnummern und E-Mail-Adressen von Airdrop-Absendern zu entschlüsseln.
---------------------------------------------
https://www.golem.de/news/absenderdaten-entschluesselt-china-hat-wohl-apples-airdrop-protokoll-geknackt-2401-181016.html


∗∗∗ Jenkins Brute Force Scans, (Tue, Jan 9th) ∗∗∗
---------------------------------------------
Our honeypots saw a number of scans for "/j_acegi_security_check" the last two days. This URL has not been hit much lately, but was hit pretty hard last March. The URL is associated with Jenkins, and can be used to brute force passwords.
---------------------------------------------
https://isc.sans.edu/diary/rss/30546


∗∗∗ Vorgaben der CISA: Mehr Sicherheit für die Microsoft-Cloud ∗∗∗
---------------------------------------------
Die Security-Vorgaben der CISA für die Microsoft-Cloud sind fertig. Wir zeigen, was hinter den Empfehlungen steckt und wo sie sich von MS und CIS unterscheiden.
---------------------------------------------
https://www.heise.de/-9591800.html


∗∗∗ Patchday Microsoft: Kerberos-Authentifizierung unter Windows verwundbar ∗∗∗
---------------------------------------------
Es sind wichtige Sicherheitsupdates für Azure, Office, Windows und Co. erschienen. Attacken können bevorstehen. Ein Bitlocker-Patch macht Probleme.
---------------------------------------------
https://www.heise.de/-9592648.html


∗∗∗ Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin ∗∗∗
---------------------------------------------
On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability makes it possible for unauthenticated threat actors to reset the API key used to authenticate to the mailer and view [...]
---------------------------------------------
https://www.wordfence.com/blog/2024/01/type-juggling-leads-to-two-vulnerabilities-in-post-smtp-mailer-wordpress-plugin/


∗∗∗ Siemens, Schneider Electric Release First ICS Patch Tuesday Advisories of 2024 ∗∗∗
---------------------------------------------
Industrial giants Siemens and Schneider Electric publish a total of 7 new security advisories addressing 22 vulnerabilities.
---------------------------------------------
https://www.securityweek.com/siemens-schneider-electric-release-first-ics-patch-tuesday-advisories-of-2024/


∗∗∗ Achtung: Vermehrt PayLife Phishing-Mails im Umlauf ∗∗∗
---------------------------------------------
Schützen Sie Ihre Kreditkartendaten und nehmen Sie sich vor Phishing-Mails im Namen von PayLife in Acht. Kriminelle behaupten in den E-Mails, dass Sie aufgrund der Verpflichtung zur Zwei-Faktor-Authentifizierung Schritte setzen und einem Link folgen müssen. Sie landen auf einer kaum als Fälschung erkennbaren Kopie der PayLife-Seite. Geben Sie dort keine Daten ein!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-vermehrt-paylife-phishing-mails-im-umlauf/


∗∗∗ ‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer ∗∗∗
---------------------------------------------
A well-designed operation is using a version of the infamous Mirai malware to secretly distribute cryptocurrency mining software, researchers said Wednesday. Calling it NoaBot, researchers at Akamai said the campaign has been active for about a year, and it has various quirks that complicate analysis of the malware and point to highly-skilled threat actors.
---------------------------------------------
https://therecord.media/mirai-based-botnet-spreading-akamai


∗∗∗ CISA Adds One Known Exploited Vulnerability to Catalog ∗∗∗
---------------------------------------------
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. 
CVE-2023-29357 Microsoft SharePoint Server Privilege Escalation Vulnerability 
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/01/10/cisa-adds-one-known-exploited-vulnerability-catalog


∗∗∗ Apache Applications Targeted by Stealthy Attacker ∗∗∗
---------------------------------------------
Researchers at Aqua Nautilus have uncovered a new attack targeting Apache Hadoop and Flink applications. This attack is particularly intriguing due to the attackers use of packers and rootkits to conceal the malware. The simplicity with which these techniques are employed presents a significant challenge to traditional security defenses.
---------------------------------------------
https://blog.aquasec.com/threat-alert-apache-applications-targeted-by-stealthy-attacker


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Security Advisories 2024-01-10 ∗∗∗
---------------------------------------------
Security Impact Rating: 1x Critical, 6x Medium
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2024%2F01%2F10&firstPublishedEndDate=2024%2F01%2F10&pageNum=1&isRenderingBugList=false


∗∗∗ Lenovo Security Advisories 2024-01-09 ∗∗∗
---------------------------------------------
- AMI MegaRAC Vulnerabilities 
- Lenovo XClarity Administrator (LXCA) Vulnerability 
- Lenovo Vantage Vulnerabilities 
- Lenovo Tablet Vulnerabilities 
- TianoCore EDK II BIOS Vulnerabilities
---------------------------------------------
https://support.lenovo.com/at/en/product_security/home


∗∗∗ Patchday Adobe: Mehrere Schwachstellen in Substance 3D Stager geschlossen ∗∗∗
---------------------------------------------
Adobes Anwendung zum Erstellen von 3D-Szenen Substance 3D Stager ist angreifbar. Eine fehlerbereinigte Version steht zum Download bereit.
---------------------------------------------
https://www.heise.de/-9592712.html


∗∗∗ Update für Google Chrome: Hochriskantes Sicherheitsleck abgedichtet ∗∗∗
---------------------------------------------
Google hat turnusgemäß den Webbrowser Chrome aktualisiert. Dabei haben die Entwickler eine als hohes Risiko eingestufte Sicherheitslücke gestopft.
---------------------------------------------
https://www.heise.de/-9592658.html


∗∗∗ Update gegen Rechteausweitung in FortiOS und FortiProxy ∗∗∗
---------------------------------------------
Fortinet warnt vor einem Fehler in der Rechteverwaltung von FortiOS und FortiProxy in HA Clustern. Bösartige Akteure können ihre Rechte ausweiten.
---------------------------------------------
https://www.heise.de/-9592816.html


∗∗∗ Webkonferenzen: Zoom-Sicherheitslücken ermöglichen Rechteausweitung ∗∗∗
---------------------------------------------
Zoom verteilt aktualisierte Videokonferenz-Software. Sie schließt eine Sicherheitslücke, durch die Angreifer ihre Rechte ausweiten können.
---------------------------------------------
https://www.heise.de/-9593000.html


∗∗∗ 2022-01 Security Bulletin: Junos OS Evolved: Telnet service may be enabled when it is expected to be disabled. (CVE-2022-22164) ∗∗∗
---------------------------------------------
Modification History 
2022-01-12: Initial Publication 
2024-01-10: updated the JSA with information on an additional PR which fixed some releases which were not completely fixed originally
---------------------------------------------
https://supportportal.juniper.net/s/article/2022-01-Security-Bulletin-Junos-OS-Evolved-Telnet-service-may-be-enabled-when-it-is-expected-to-be-disabled-CVE-2022-22164


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (libssh), Gentoo (FAAD2 and RedCloth), Red Hat (kpatch-patch and nss), SUSE (hawk2, LibreOffice, opera, and tar), and Ubuntu (glibc, golang-1.13, golang-1.16, linux-azure, linux-gkeop, monit, and postgresql-9.5).
---------------------------------------------
https://lwn.net/Articles/957340/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ SVD-2024-0104: Splunk User Behavior Analytics (UBA) Third-Party Package Updates ∗∗∗
---------------------------------------------
https://advisory.splunk.com//advisories/SVD-2024-0104


∗∗∗ SVD-2024-0103: Splunk Enterprise Security (ES) Third-Party Package Updates - January 2024 ∗∗∗
---------------------------------------------
https://advisory.splunk.com//advisories/SVD-2024-0103


∗∗∗ SVD-2024-0102: Denial of Service in Splunk Enterprise Security of the Investigations manager through Investigation creation ∗∗∗
---------------------------------------------
https://advisory.splunk.com//advisories/SVD-2024-0102


∗∗∗ SVD-2024-0101: Denial of Service of an Investigation in Splunk Enterprise Security through Investigation attachments ∗∗∗
---------------------------------------------
https://advisory.splunk.com//advisories/SVD-2024-0101

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily