[CERT-daily] Tageszusammenfassung - 26.01.2024

Fri Jan 26 18:22:12 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 25-01-2024 18:00 − Freitag 26-01-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Über Push-Benachrichtigungen: Prominente iOS-Apps spähen heimlich Gerätedaten aus ∗∗∗
---------------------------------------------
Zu den Datensammlern zählen wohl iOS-Apps namhafter Onlinedienste wie Tiktok, Facebook, Instagram, Threads, Linkedin, Bing und X.
---------------------------------------------
https://www.golem.de/news/ueber-push-benachrichtigungen-prominente-ios-apps-spaehen-heimlich-geraetedaten-aus-2401-181574.html


∗∗∗ MFA war inaktiv: Microsoft deckt auf, wie Hacker an interne Mails kamen ∗∗∗
---------------------------------------------
Die Angreifer haben laut Microsoft zuerst einen Testaccount mit inaktiver MFA infiltriert - unter Einsatz einer Proxy-Infrastruktur.
---------------------------------------------
https://www.golem.de/news/mfa-war-inaktiv-microsoft-deckt-auf-wie-hacker-an-interne-mails-kamen-2401-181593.html


∗∗∗ Präparierte URL kann für Juniper-Firewalls und Switches gefährlich werden ∗∗∗
---------------------------------------------
Entwickler von Juniper haben in Junos OS mehrere Sicherheitslücken geschlossen. Noch sind aber nicht alle Updates verfügbar.
---------------------------------------------
https://www.heise.de/-9609333.html


∗∗∗ Verwirrend: Internet-Domain fritz.box zeigt NFT-Galerie statt Router-Verwaltung ∗∗∗
---------------------------------------------
Bereits vor einer Woche haben Unbekannte die Domain "fritz.box" für sich registriert. Ihr Vorhaben ist unklar, Fritz-Besitzer sollten sich vorsehen.
---------------------------------------------
https://www.heise.de/-9610149.html


∗∗∗ Blackwood hackers hijack WPS Office update to install malware ∗∗∗
---------------------------------------------
A previously unknown advanced threat actor tracked as Blackwood is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/blackwood-hackers-hijack-wps-office-update-to-install-malware/


∗∗∗ Midnight Blizzard: Guidance for responders on nation-state attack ∗∗∗
---------------------------------------------
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access.
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/


∗∗∗ A Batch File With Multiple Payloads, (Fri, Jan 26th) ∗∗∗
---------------------------------------------
Windows batch files (.bat) are often seen by people as very simple but they can be pretty complex or.. contain interesting encoded payloads! I found one that contains multiple payloads decoded and used by a Powershell process. The magic is behind how comments can be added to such files.
---------------------------------------------
https://isc.sans.edu/diary/rss/30592


∗∗∗ Erbschaft per SMS: Ignorieren Sie diese betrügerische Nachricht ∗∗∗
---------------------------------------------
Immer wieder warnen wir vor E-Mails, in denen Betrüger:innen das große Geld versprechen: Millionengewinne, eine Spende oder eine Erbschaft sollen die Empfänger:innen plötzlich reich machen. Aktuell setzen Kriminelle jedoch nicht nur auf E-Mails, sondern auch auf SMS, um mit potenziellen Opfern in Kontakt zu treten. Danach läuft die Masche wie gewohnt ab: Mit Angeboten, die zu schön sind, um wahr zu sein, werden gutgläubige Opfer um ihr Geld gebracht.
---------------------------------------------
https://www.watchlist-internet.at/news/erbschaft-per-sms-ignorieren-sie-diese-betruegerische-nachricht/


∗∗∗ Assessing and mitigating supply chain cybersecurity risks ∗∗∗
---------------------------------------------
Blindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk management
---------------------------------------------
https://www.welivesecurity.com/en/business-security/assessing-mitigating-cybersecurity-risks-supply-chain/


∗∗∗ Cybersecurity for Industrial Control Systems: Best practices ∗∗∗
---------------------------------------------
Network segmentation, software patching, and continual threats monitoring are key cybersecurity best practices for Industrial Control Systems (ICS).
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/cybersecurity-for-industrial-control-systems-best-practices


∗∗∗ Guidance: Assembling a Group of Products for SBOM ∗∗∗
---------------------------------------------
Today, CISA published Guidance on Assembling a Group of Products created by the Software Bill of Materials (SBOM) Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to advance and refine SBOM and ultimately promote adoption. Specifically, software producers often need to assemble and test products together before releasing them to customers.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/01/26/guidance-assembling-group-products-sbom


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Unified Communications Products Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
Version 1.1 - Updated list of affected products and products confirmed not vulnerable.
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm


∗∗∗ Jenkins CLI PoC CVE-2024-23897 ∗∗∗
---------------------------------------------
Remote Code Execution: Jenkins CLI arbitrary read (CVE-2024-23897 applies to versions below 2.442 and LTS 2.426.3)
---------------------------------------------
https://github.com/gquere/pwn_jenkins/blob/master/README.md#jenkins-cli-arbitrary-read-cve-2024-23897-applies-to-versions-below-2442-and-lts-24263


∗∗∗ Microsoft Edge 121 unterstützt moderne Codecs und stopft Sicherheitslecks ∗∗∗
---------------------------------------------
Microsoft hat den Webbrowser Edge in Version 121 herausgegeben. Sie stopft eine kritische Sicherheitslücke und liefert Support für AV1-Videos.
---------------------------------------------
https://www.heise.de/-9609475.html


∗∗∗ Diesmal bitte patchen: Security-Update behebt kritische Schwachstelle in GitLab ∗∗∗
---------------------------------------------
GitLab 16.x enthält fünf Schwachstellen, von denen eine als kritisch eingestuft ist. Patchen ist nicht selbstverständlich, wie jüngst eine Untersuchung zeigte.
---------------------------------------------
https://www.heise.de/-9609319.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (xorg-server), Fedora (chromium, dotnet8.0, firefox, freeipa, and thunderbird), Red Hat (avahi, c-ares, curl, edk2, expat, freetype, frr, git, gnutls, grub2, kernel, kernel-rt, libcap, libfastjson, libssh, libtasn1, libxml2, linux-firmware, ncurses, oniguruma, openssh, openssl, perl-HTTP-Tiny, protobuf-c, python-urllib3, python3, python3.9, rpm, samba, shadow-utils, sqlite, tcpdump, tomcat, and virt:rhel and virt-devel:rhel modules), SUSE (cpio, jasper, rear23a, thunderbird, and xorg-x11-server), and Ubuntu (jinja2, kernel, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency-hwe-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-oem-6.1, and mariadb, mariadb-10.3, mariadb-10.6).
---------------------------------------------
https://lwn.net/Articles/959640/


∗∗∗ 2024-01 Reference Advisory: Junos OS and Junos OS Evolved: Impact of Terrapin SSH Attack (CVE-2023-48795) ∗∗∗
---------------------------------------------
https://supportportal.juniper.net/s/article/2024-01-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Impact-of-Terrapin-SSH-Attack-CVE-2023-48795


∗∗∗ 2024-01 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web have been addressed ∗∗∗
---------------------------------------------
https://supportportal.juniper.net/s/article/2024-01-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-have-been-addressed


∗∗∗ Security Vulnerabilities fixed in Focus for iOS 122 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2024-03/


∗∗∗ Open redirect in parameter might affect IBM Storage Defender Data Protect. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7106918


∗∗∗ AIX is vulnerable to a denial of service (CVE-2023-5678, CVE-2023-6129, CVE-2023-6237) and an attacker may obtain sensitive information (CVE-2023-5363) due to OpenSSL ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7111837


∗∗∗ IBM Sterling Connect:Direct for UNIX is vulnerable to multiple issues due to Eclipse Jetty. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7111880


∗∗∗ Vulnerabilities in GNU Binutils, Bootstrap, PortSmash, Node.js, and libarchive might affect IBM Storage Defender Data Protect. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7091980


∗∗∗ Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-22006, CVE-2023-22036 & CVE-2023-22049) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7112089


∗∗∗ IBM Security Directory Integrator affected by multiple vulnerabilities affecting IBM Java SDK ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7047118

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily