[CERT-daily] Tageszusammenfassung - 24.01.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 23-01-2024 18:00 − Mittwoch 24-01-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Firefox: Passkey-Unterstützung und Sicherheitsfixes ∗∗∗
---------------------------------------------
Die Version 122 von Firefox kann mit Passkeys umgehen. Außerdem schließen die Entwickler darin wie in Firefox ESR und Thunderbird 115.7 Sicherheitslecks.
---------------------------------------------
https://www.heise.de/-9606909


∗∗∗ "Mother of all Breaches": 26 Milliarden altbekannte Datensätze ∗∗∗
---------------------------------------------
Was die Entdecker als "Mutter aller Lücken" bezeichnen, entpuppt sich laut dem "Have I Been Pwned"- Gründer Troy Hunt als Sammlung längst bekannter Daten.
---------------------------------------------
https://www.heise.de/-9604882


∗∗∗ Trello API abused to link email addresses to 15 million accounts ∗∗∗
---------------------------------------------
An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/trello-api-abused-to-link-email-addresses-to-15-million-accounts/


∗∗∗ Cybercrime’s Silent Operator: The Unraveling of VexTrio’s Malicious Network Empire ∗∗∗
---------------------------------------------
VexTrio is a massive and complex malicious TDS (traffic direction system) organization. It has a network of more than 60 affiliates that divert traffic into VexTrio, while it also operates its own TDS network. While aspects of the operation have been discovered and analyzed by different researchers, the core network has remained largely unknown.
---------------------------------------------
https://www.securityweek.com/cybercrimes-silent-operator-the-unraveling-of-vextrios-malicious-network-empire/


∗∗∗ Orca Flags Dangerous Google Kubernetes Engine Misconfiguration ∗∗∗
---------------------------------------------
A misconfiguration in Google Kubernetes Engine (GKE) could allow attackers to take over Kubernetes clusters and access sensitive information, according to a warning from cloud security startup Orca Security. The issue is related to the privileges granted to users in the system:authenticated group, which includes all users with a Google account, although it could be mistakenly believed to include only verified identities. 
---------------------------------------------
https://www.securityweek.com/orca-flags-dangerous-google-kubernetes-engine-misconfiguration/


∗∗∗ PC- und Online-Gamer:innen: Vorsicht beim Account-Handel über Marktplätze! ∗∗∗
---------------------------------------------
Aktuell erreichen uns immer wieder Meldungen zu betrügerischen Angeboten im Gaming-Bereich auf Marktplätzen wie difmark.com oder in diversen Internet-Foren. Kriminelle bieten dort unter anderem Gaming-Accounts und Nutzungsprofile an. Das Problem: Diese dürften laut Nutzungsbedingungen eigentlich gar nicht verkauft werden und Sperren sind möglich. Auch nach erfolgreichen Käufen lauern noch Fallen, durch die Spielende plötzlich durch die Finger schauen können.
---------------------------------------------
https://www.watchlist-internet.at/news/pc-und-online-gamerinnen-vorsicht-beim-account-handel-ueber-marktplaetze/


∗∗∗ Update #3: Kritische Sicherheitslücken in Ivanti Connect Secure und Ivanti Policy Secure - aktiv ausgenützt ∗∗∗
---------------------------------------------
Update #3: 24. Jänner 2024: Mandiant und Volexity berichten davon, Exploits gegen diese Sicherheitslücken bereits Anfang Dezember 2023 beobachtet zu haben. Es empfiehlt sich daher, gegebenenfalls den Zeitraum etwaiger Untersuchungen auf stattgefundene Angriffsversuche zumindest bis inklusive Dezember 2023 auszudehnen.
---------------------------------------------
https://cert.at/de/warnungen/2024/1/kritische-sicherheitslucken-in-ivanti-connect-secure-und-ivanti-policy-secure-aktiv-ausgenutzt



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Fortra GoAnywhere MFT: Kritische Lücke macht Angreifer zu Admins ∗∗∗
---------------------------------------------
Jetzt patchen! Es ist Exploitcode für die Dateiübertragungslösung Fortra GoAnywhere MFT in Umlauf.
---------------------------------------------
https://www.heise.de/-9606659


∗∗∗ Codeschmuggel-Lücke in HPE Oneview ∗∗∗
---------------------------------------------
Mehrere Sicherheitslücken in der IT-Infrastrukturverwaltung HPE Oneview ermöglichen Angreifern, etwa Schadcode einzuschleusen. Updates stehen bereit.
---------------------------------------------
https://www.heise.de/-9607490


∗∗∗ Chrome-Update dichtet 17 Sicherheitslecks ab ∗∗∗
---------------------------------------------
Googles Entwickler aktualisieren den Chrome-Webbrowser und schließen 17 Sicherheitslücken darin. Einige ermöglichen wohl Codeschmuggel.
---------------------------------------------
https://www.heise.de/-9606618


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (jinja2, openjdk-11, ruby-httparty, and xorg-server), Fedora (ansible-core and mingw-jasper), Gentoo (GOCR, Ruby, and sudo), Oracle (gstreamer-plugins-bad-free, java-17-openjdk, java-21-openjdk, python-cryptography, and xorg-x11-server), Red Hat (kernel, kernel-rt, kpatch-patch, LibRaw, python-pillow, and python-pip), Slackware (mozilla), SUSE (python-Pillow, rear118a, and redis7), and Ubuntu (libapache-session-ldap-perl and pycryptodome).
---------------------------------------------
https://lwn.net/Articles/959325/


∗∗∗ Cisco Unified Communications Products Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. CVE-2024-20253, CVSS Score: Base 9.9
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm


∗∗∗ Cisco Unity Connection Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-xss-9TFuu5MS


∗∗∗ Cisco Small Business Series Switches Stacked Reload ACL Bypass Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-bus-acl-bypass-5zn9hNJk


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ High Severity Arbitrary File Upload Vulnerability Patched in File Manager Pro WordPress Plugin ∗∗∗
---------------------------------------------
https://www.wordfence.com/blog/2024/01/high-severity-arbitrary-file-upload-vulnerability-patched-in-file-manager-pro-wordpress-plugin/


∗∗∗ APsystems Energy Communication Unit (ECU-C) Power Control Software ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-01


∗∗∗ CISA Adds One Known Exploited Vulnerability to Catalog ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/01/24/cisa-adds-one-known-exploited-vulnerability-catalog

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily