=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 02-03-2023 18:00 − Freitag 03-03-2023 18:00
Handler: Robert Waldner
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ FBI and CISA warn of increasing Royal ransomware attack risks ∗∗∗
---------------------------------------------
CISA and the FBI have issued a joint advisory highlighting the increasing threat behind ongoing Royal ransomware attacks targeting many U.S. critical infrastructure sectors, including healthcare, communications, and education.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-increas…
∗∗∗ Persistence Techniques That Persist ∗∗∗
---------------------------------------------
In this blog post, we will focus on how malware can achieve persistence by abusing the Windows Registry. Specifically, we will focus on lesser-known techniques, many of which have been around since the days of Windows XP and are just as effective today on Windows 10 and 11.
---------------------------------------------
https://www.cyberark.com/resources/threat-research-blog/persistence-techniq…
∗∗∗ NIST Cybersecurity Framework 2.0: Aktualisierte Leitlinien gegen Cybercrime ∗∗∗
---------------------------------------------
Weil sich die IT-Angriffslandschaft stetig ändert, hat das US-amerikanische Institute of Standards and Technology sein Cybersecurity-Framework aktualisiert.
---------------------------------------------
https://heise.de/-7534206
∗∗∗ FAQ: Welche Cyberangriffe es gibt und wie sich Risiken vermeiden lassen ∗∗∗
---------------------------------------------
Cyberangriffe können jeden betreffen, doch mit ein paar einfachen Maßnahmen können Sie Ihr persönliches Risiko zumindest minimieren.
---------------------------------------------
https://heise.de/-7523370
∗∗∗ Thousands of Websites Hijacked Using Compromised FTP Credentials ∗∗∗
---------------------------------------------
Cybersecurity startup Wiz warns of a widespread redirection campaign in which thousands of websites have been compromised using legitimate FTP credentials.
---------------------------------------------
https://www.securityweek.com/thousands-of-websites-hijacked-using-compromis…
∗∗∗ Of Degens and Defrauders: Using Open-Source Investigative Tools to Investigate Decentralized Finance Frauds and Money Laundering. (arXiv:2303.00810v1 [cs.CR]) ∗∗∗
---------------------------------------------
This study demonstrates how open-source investigative tools can extract transaction-based evidence that could be used in a court of law to prosecute DeFi frauds. Additionally, we investigate how these funds are subsequently laundered.
---------------------------------------------
http://arxiv.org/abs/2303.00810
=====================
= Vulnerabilities =
=====================
∗∗∗ IBM Security Bulletins 2023-03-03 ∗∗∗
---------------------------------------------
IBM Cloud Pak, IBM Financial Transaction Manager, Operations Dashboard, IBM App Connect Enterprise Certified Container, IBM Sterling Connect:Express, IBM HTTP Server, IBM Spectrum Control, IBM Aspera Faspex, IBM SAN, IBM Storwize, IBM Spectrum Virtualize, IBM FlashSystem, IBM Maximo, IBM WebSphere Remote Server, IBM Business Automation Workflow, Rational Functional Tester.
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
∗∗∗ Schadcode-Attacken auf HPE Serviceguard unter Linux möglich ∗∗∗
---------------------------------------------
Die Entwickler haben in Serviceguard for Linux von HPE drei Sicherheitslücken geschlossen. Abgesicherte Version stehen zum Download bereit.
---------------------------------------------
https://heise.de/-7534361
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (linux-5.10 and node-css-what), SUSE (gnutls, google-guest-agent, google-osconfig-agent, nodejs10, nodejs14, nodejs16, opera, pkgconf, python-cryptography, python-cryptography-vectors, rubygem-activesupport-4_2, thunderbird, and tpm2-0-tss), and Ubuntu (git, kernel, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-ibm, linux-lowlatency, linux-oracle, linux-azure-fde, linux-oem-5.14, linux-oem-5.17, linux-oem-6.0, linux-oem-6.1, php7.0, python-pip, ruby-rack, spip, and sudo).
---------------------------------------------
https://lwn.net/Articles/925060/
∗∗∗ Lücken in Intel-CPUs: Microsoft veröffentlicht außerplanmäßiges Sicherheitsupdate ∗∗∗
---------------------------------------------
Es soll insgesamt vier Lücken stopfen. Die Schwachstellen sind allerdings schon seit Juni 2022 bekannt. Betroffen sind Windows 10, Windows 11 und Windows Server.
---------------------------------------------
https://www.zdnet.de/88407530/luecken-in-intel-cpus-microsoft-veroeffentlic…
∗∗∗ [R1] Nessus Version 10.5.0 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2023-09
∗∗∗ BOSCH-SA-931197: Vulnerability in routers FL MGUARD and TC MGUARD ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-931197.html
∗∗∗ SonicOS SSLVPN Improper Restriction of Excessive MFA Attempts Vulnerability ∗∗∗
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0005
∗∗∗ SonicOS Unauthenticated Stack-Based Buffer Overflow Vulnerability ∗∗∗
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0004
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 01-03-2023 18:00 − Donnerstag 02-03-2023 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ YARA: Detect The Unexpected ..., (Thu, Mar 2nd) ∗∗∗
---------------------------------------------
He has strings to detected any embedded file, and strings to detect embedded PNG files, JPEG files, ...
So, in YARA, how can you use this to detect OneNote files that contain embedded files, but are not images? The trick is to count and compare string occurrences.
---------------------------------------------
https://isc.sans.edu/diary/rss/29598
∗∗∗ SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics ∗∗∗
---------------------------------------------
The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system.
---------------------------------------------
https://thehackernews.com/2023/03/sysupdate-malware-strikes-again-with.html
∗∗∗ This Hacker Tool Can Pinpoint a DJI Drone Operators Exact Location ∗∗∗
---------------------------------------------
Every DJI quadcopter broadcasts its operators position via radio—unencrypted. Now, a group of researchers has learned to decode those coordinates.
---------------------------------------------
https://www.wired.com/story/dji-droneid-operator-location-hacker-tool/
∗∗∗ Helping Cyber Defenders “Decide” to Use MITRE ATT&CK ∗∗∗
---------------------------------------------
Since the Cybersecurity and Infrastructure Security Agency (CISA) announced its first edition of Best Practices for MITRE ATT&CK Mapping nearly two years ago, the ATT&CK framework has evolved, expanded, and improved its ability to support more than just optimized cyber threat intelligence to the cybersecurity community. To match these advances, CISA recently published a second edition of our mapping guide and today announces a new accompaniment to the guide, CISA’s Decider tool.
---------------------------------------------
https://www.cisa.gov/news-events/news/helping-cyber-defenders-decide-use-mi…
∗∗∗ Application SecurityCase StudiesCloud Native SecurityVulnerabilities Gitpod remote code execution 0-day vulnerability via WebSockets ∗∗∗
---------------------------------------------
This article walks us through a current Snyk Security Labs research project focusing on cloud based development environments (CDEs) — which resulted in a full workspace takeover on the Gitpod platform and extended to the user’s SCM account. The issues here have been responsibly disclosed to Gitpod and were resolved within a single working day
---------------------------------------------
https://snyk.io/blog/gitpod-remote-code-execution-vulnerability-websockets/
∗∗∗ CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks ∗∗∗
---------------------------------------------
The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) detailing activity and key findings from a recent CISA red team assessment—in coordination with the assessed organization—to provide network defenders recommendations for improving their organizations cyber posture.
---------------------------------------------
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a
∗∗∗ Tainted Love: A Systematic Review of Online Romance Fraud. (arXiv:2303.00070v1 [cs.HC]) ∗∗∗
---------------------------------------------
Romance fraud involves cybercriminals engineering a romantic relationship ononline dating platforms. It is a cruel form of cybercrime whereby victims areleft heartbroken, often facing financial ruin. We characterise the literarylandscape on romance fraud, advancing the understanding of researchers andpractitioners by systematically reviewing and synthesising contemporaryqualitative and quantitative evidence.
---------------------------------------------
http://arxiv.org/abs/2303.00070
∗∗∗ Dishing Out DoS: How to Disable and Secure the Starlink User Terminal. (arXiv:2303.00582v1 [cs.CR]) ∗∗∗
---------------------------------------------
Satellite user terminals are a promising target for adversaries seeking totarget satellite communication networks. Despite this, many protectionscommonly found in terrestrial routers are not present in some user terminals.As a case study we audit the attack surface presented by the Starlinkrouters admin interface, using fuzzing to uncover a denial of service attackon the Starlink user terminal.
---------------------------------------------
http://arxiv.org/abs/2303.00582
=====================
= Vulnerabilities =
=====================
∗∗∗ Group control for forums - Critical - Access bypass - SA-CONTRIB-2023-008 ∗∗∗
---------------------------------------------
Project: Group control for forums
Security risk: Critical
Description: This module enables you to associate Forums as Group 1.x content and use Group access permissions. Previous versions of the module incorrectly set node access on creation, and did not correctly restrict access to lists of forum topics. Solution: Install the latest version
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-008
∗∗∗ Thunder - Moderately critical - Access bypass - SA-CONTRIB-2023-007 ∗∗∗
---------------------------------------------
Project: Thunder
Security risk: Moderately critical
Description: Thunder is a Drupal distribution for professional publishing. The thunder distribution ships the thunder_gqls module which provides a graphql interface.The module doesnt sufficiently check access when serving user data via graphql leading to an access bypass vulnerability
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-007
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (git), Debian (spip), Fedora (epiphany), Mageia (binwalk, chromium-browser-stable, crmsh, emacs, libraw, libtiff, nodejs, pkgconf, tar, and vim), Oracle (kernel and systemd), SUSE (emacs, kernel, nrpe, and rubygem-activerecord-4_2), and Ubuntu (c-ares, git, postgresql-12, postgresql-14, and sox).
---------------------------------------------
https://lwn.net/Articles/924922/
∗∗∗ Kritische Sicherheitslücken in ArubaOS - Updates teilweise verfügbar ∗∗∗
---------------------------------------------
Da Angreifende auf betroffenen Geräten beliebigen Code ausführen können, sind alle auf diesen Geräten befindlichen und darüber erreichbaren Daten gefährdet. Da es sich um Netzwerkkomponenten handelt, sind auch Szenarien denkbar wo darüber fliessende Daten gelesen, beeinträchtigt und/oder verändert werden können.
---------------------------------------------
https://cert.at/de/warnungen/2023/3/kritische-sicherheitslucken-in-arubaos-…
∗∗∗ Better Social Sharing Buttons - Less critical - Cross Site Scripting - SA-CONTRIB-2023-006 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-006
∗∗∗ ABB: Improper authentication vulnerability in S+ Operations (CVE ID: CVE-2023-0228) ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=7PAA0…
∗∗∗ IBM Cognos Command Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6590487
∗∗∗ IBM Maximo Asset Management is vulnerable to stored cross-site scripting (CVE-2022-35645) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959353
∗∗∗ IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to stored cross-site scripting (CVE-2022-35645) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959355
∗∗∗ IBM Spectrum Symphony is vulnerable to Host header injection ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959369
∗∗∗ IBM Planning Analytics Workspace is affected by vulnerabilties (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957836
∗∗∗ There is a vulnerability in Apache SOAP used by IBM Maximo Asset Management (CVE-2022-40705) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959357
∗∗∗ There is a security vulnerability in Apache SOAP used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-40705) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959359
∗∗∗ Persistent cross-site scripting vulnerability affect IBM Business Automation Workflow - CVE-2023-22860 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958691
∗∗∗ Vulnerability in bind affects IBM Integrated Analytics System [CVE-2022-2795] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959567
∗∗∗ IBM Cloud Pak for Network Automation v2.4.4 fixes multiple security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959583
∗∗∗ There is a vulnerability in Eclipse Jetty used by IBM Maximo Asset Management (CVE-2022-2047) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959601
∗∗∗ IBM SDK, Java Technology Edition Quarterly CPU - Oct 2022 - Includes Oracle October 2022 CPU and IBM Java - OpenJ9 CVE-2022-3676 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959625
∗∗∗ IBM Security Guardium is affected by the following vulnerabilities [CVE-2022-39166, CVE-2022-34917, CVE-2022-42889] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6848317
∗∗∗ IBM Security Guardium is affected by a redshift-jdbc42-2.0.0.3.jar vulnerability (CVE-2022-41828) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6956299
∗∗∗ Operations Dashboard is vulnerable to denial of service and response splitting due to vulnerabilities in Netty (CVE-2022-41881 and CVE-2022-41915) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959639
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 28-02-2023 18:00 − Mittwoch 01-03-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ TPM-2.0-Spezifikationen: Angreifer könnten Schadcode auf TPM schmuggeln ∗∗∗
---------------------------------------------
In die Spezifikation der TPM-2.0-Referenzbibliothek haben sich Fehler eingeschlichen. Angreifer könnten verwundbaren Implementierungen eigenen Code unterjubeln.
---------------------------------------------
https://heise.de/-7531171
∗∗∗ Finish him! Kostenloses Entschlüsselungstool besiegt MortalKombat-Ransomware ∗∗∗
---------------------------------------------
Kaum hat der Erpressungstrojaner MortalKombat das Licht der Welt erblickt, holen Sicherheitsforscher zum finalen Schlag aus.
---------------------------------------------
https://heise.de/-7531337
∗∗∗ Gefälschter PayLife-Login in Anzeigen bei Google-Suche! ∗∗∗
---------------------------------------------
PayLife-User:innen aufgepasst: Kriminelle schalten aktuell Werbung auf Google, welche auf eine gefälschte PayLife-Website führt. Ein kleiner Tippfehler reicht aus, um die betrügerische Werbung als erstes Ergebnis angezeigt zu bekommen. Wer die eigenen Login-Daten auf der Phishing-Seite eingibt, ermöglicht es den Kriminellen, Zahlungen zu tätigen. Das Geld ist verloren!
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschter-paylife-login-in-anzeig…
∗∗∗ The dangers from across browser-windows ∗∗∗
---------------------------------------------
Beim Durchsuchen des Webs versucht Ihr Browser, Sie bestmöglich zu schützen, aber manchmal scheitert er daran, wenn er nicht ordnungsgemäß von der Website angewiesen wird, die Sie besuchen. Einer der wichtigsten Sicherheitsmechanismen des Browsers ist die Same-Origin Policy [1][2][3] (SOP), die einschränkt, wie Skripte und Dokumente aus einer Ursprungsquelle mit Ressourcen und Dokumenten aus einer [...]
---------------------------------------------
https://certitude.consulting/blog/de/the-dangers-from-across-browser-window…
∗∗∗ BlackLotus UEFI-Bootkit überwindet Secure Boot in Windows 11 ∗∗∗
---------------------------------------------
Sicherheitsforscher von ESET haben eine BlackLotus getaufte Malware in freier Wildbahn entdeckt, die sich des UEFI bemächtigt. BlackLotus dürfte die erste UEFI-Bootkit-Malware in freier Wildbahn sein, die Secure Boot unter Windows 11 (und wohl auch Windows 10) aushebeln kann.
---------------------------------------------
https://www.borncity.com/blog/2023/03/01/blacklotus-uefi-bootkit-berwindet-…
∗∗∗ CISA: ZK Java Framework RCE Flaw Under Active Exploit ∗∗∗
---------------------------------------------
The flaw, which drew attention in October when it was found in ConnectWise products, could pose a significant risk to the supply chain if not patched immediately.
---------------------------------------------
https://www.darkreading.com/risk/cisa-zk-java-framework-rce-flaw-under-acti…
∗∗∗ SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft ∗∗∗
---------------------------------------------
The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL, that resulted in stolen proprietary data. The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary software and credentials.
---------------------------------------------
https://sysdig.com/blog/cloud-breach-terraform-data-theft/
∗∗∗ DNS abuse: Advice for incident responders ∗∗∗
---------------------------------------------
What DNS abuse techniques are employed by cyber adversaries and which organizations can help incident responders and security teams detect, mitigate and prevent them? The DNS Abuse Techniques Matrix published by FIRST provides answers.
---------------------------------------------
https://www.helpnetsecurity.com/2023/03/01/dns-abuse-advice-for-incident-re…
∗∗∗ Google Cloud Platform allows data exfiltration without a (forensic) trace ∗∗∗
---------------------------------------------
Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving obvious forensic traces of the malicious activity in GCP’s storage access logs, Mitiga researchers have discovered. [...] In short, the main problem is that GCP’s basic storage logs – which are, by the way, not enabled by default – use the same description/event (objects.get) for [...]
---------------------------------------------
https://www.helpnetsecurity.com/2023/03/01/gcp-data-exfiltration/
∗∗∗ Making New Connections – Leveraging Cisco AnyConnect Client to Drop and Run Payloads ∗∗∗
---------------------------------------------
The Cisco AnyConnect client has received a fair amount of scrutiny from the security community over the years, with a particular focus on leveraging the vpnagent.exe service for privilege escalation. A while ago, we started to look at whether AnyConnect could be used to deliver payloads during red team engagements [...]
---------------------------------------------
https://research.nccgroup.com/2023/03/01/making-new-connections-leveraging-…
∗∗∗ The Level of Human Engagement Behind Automated Attacks ∗∗∗
---------------------------------------------
Even automated attacks are driven by humans, but the level of engagement we observed may surprise you! When the human or an organization behind an automated attack shows higher levels of innovation and sophistication in their attack tactics, the danger increases dramatically as they are no longer simply employing an opportunistic “spray and pray” strategy, but rather more highly evolved strategies that are closer to a so-called targeted attack.
---------------------------------------------
https://www.gosecure.net/blog/2023/02/28/the-level-of-human-engagement-behi…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (multipath-tools and syslog-ng), Fedora (gnutls and guile-gnutls), Oracle (git, httpd, lua, openssl, php, python-setuptools, python3.9, sudo, tar, and vim), Red Hat (kpatch-patch), Scientific Linux (git), SUSE (compat-openssl098, glibc, openssl, postgresql13, python-Django, webkit2gtk3, and xterm), and Ubuntu (awstats, expat, firefox, gnutls28, lighttpd, php7.2, php7.4, php8.1, python-pip, and tar).
---------------------------------------------
https://lwn.net/Articles/924794/
∗∗∗ Critical Vulnerabilities Patched in ThingWorx, Kepware IIoT Products ∗∗∗
---------------------------------------------
Several ThingWorx and Kepware products are affected by two vulnerabilities that can be exploited for DoS attacks and unauthenticated remote code execution. The post Critical Vulnerabilities Patched in ThingWorx, Kepware IIoT Products appeared first on SecurityWeek.
---------------------------------------------
https://www.securityweek.com/critical-vulnerabilities-patched-in-thingworx-…
∗∗∗ Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco Webex App for Web Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco Unified Intelligence Center Vulnerabilities ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ TPM 2.0 Vulnerabilities ∗∗∗
---------------------------------------------
https://support.lenovo.com/product_security/PS500551-TPM-20-VULNERABILITIES
∗∗∗ Nuvoton TPM Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://support.lenovo.com/product_security/PS500550-NUVOTON-TPM-DENIAL-OF-…
∗∗∗ Malicious IKEv2 packet by authenticated peer can cause libreswan to restart ∗∗∗
---------------------------------------------
https://libreswan.org/security/CVE-2023-23009/CVE-2023-23009.txt
∗∗∗ [R1] Stand-alone Security Patch Available for Tenable.sc version 5.23.1: SC-202303.1-5 ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2023-08
∗∗∗ [R1] Stand-alone Security Patch Available for Tenable.sc version 6.0.0: SC-202303.1-6 ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2023-07
∗∗∗ IBM Planning Analytics and IBM Planning Analytics Workspace are affected by a security vulnerability in IBM WebSphere Application Server Liberty (CVE-2022-34165) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6856457
∗∗∗ DataPower Operator vulnerable to Denial of Service (CVE-2022-41724) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958490
∗∗∗ Financial Transaction Manager for Digital Payments, High Value Payments and Corporate Payment Services are impacted by multiple vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958504
∗∗∗ Security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager (CVE-2022-22389, CVE-2022-25313, CVE-2022-25236, CVE-2022-25314, CVE-2022-25315, CVE-2022-25235 and CVE-2022-22390) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959019
∗∗∗ Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959033
∗∗∗ IBM Sterling Connect:Express for UNIX is affected by multiple vulnerabilities in OpenSSL ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6958701
∗∗∗ IBM MQ Blockchain bridge is vulnerable to multiple issues within protobuf-java-core (CVE-2022-3510, CVE-2022-3509) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957688
∗∗∗ IBM MQ is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. (CVE-2022-43902) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957686
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily