Daily June 2023

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - 16.06.2023
by Daily end-of-shift report 16 Jun '23

16 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 15-06-2023 18:00 − Freitag 16-06-2023 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Another RAT Delivered Through VBS, (Fri, Jun 16th) ∗∗∗ --------------------------------------------- VBS looks popular these days. After the last Didier's diary, I found another interesting script. It started with an email that referenced a fake due invoice. The invoice icon pointed to a URL. Usually, such URLs display a fake login page asking for credentials. Not this time. --------------------------------------------- https://isc.sans.edu/diary/rss/29956 ∗∗∗ Demystifying Website Hacktools: Types, Threats, and Detection ∗∗∗ --------------------------------------------- When we think about website malware, visible infection symptoms most often come to mind: unwanted ads or pop-ups, redirects to third party sites, or spam keywords in search results. However, in some cases these very symptoms are the results of hacktools, a diverse and often insidious category of software designed to exploit vulnerabilities and compromise website security. --------------------------------------------- https://blog.sucuri.net/2023/06/demystifying-website-hacktools-types-threat… ∗∗∗ ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC ∗∗∗ --------------------------------------------- The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actors capabilities.The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling. --------------------------------------------- https://thehackernews.com/2023/06/chameldoh-new-linux-backdoor-utilizing.ht… ===================== = Vulnerabilities = ===================== ∗∗∗ FortiOS & FortiProxy: authenticated user null pointer dereference in SSL-VPN ∗∗∗ --------------------------------------------- A NULL pointer dereference vulnerability in SSL-VPN may allow an authenticated remote attacker to trigger a crash of the SSL-VPN service via crafted requests. CVE: CVE-2023-33306 --------------------------------------------- https://fortiguard.fortinet.com/psirt/FG-IR-23-015 ∗∗∗ Microsoft ODBC and OLE DB Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable). --------------------------------------------- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349 ∗∗∗ Microsoft OLE DB Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. --------------------------------------------- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, openjdk-17, and wireshark), Fedora (iniparser, mariadb, mingw-glib2, perl-HTML-StripScripts, php, python3.7, and syncthing), Oracle (.NET 6.0, c-ares, kernel, nodejs, and python3.9), Slackware (libX11), SUSE (amazon-ssm-agent and chromium), and Ubuntu (gsasl, libx11, and sssd). --------------------------------------------- https://lwn.net/Articles/934939/ ∗∗∗ Mattermost security updates 7.10.3 / 7.9.5 / 7.8.7 (ESR) released ∗∗∗ --------------------------------------------- We’re informing you about a Mattermost security update, which addresses low- to medium-level severity vulnerabilities. --------------------------------------------- https://mattermost.com/blog/mattermost-security-updates-7-10-3-7-9-5-7-8-7-… ∗∗∗ Weitere kritische Sicherheitslücke in MOVEit Transfer - Workaround und Patches verfügbar ∗∗∗ --------------------------------------------- In MOVEit Transfer wurde eine weitere kritische Sicherheitslücke entdeckt. Auswirkungen Da es sich um eine SQL-Injection - Schwachstelle handelt, ist davon auszugehen dass alle auf betroffenen Systemen hinterlegten Daten gefährdet sind. --------------------------------------------- https://cert.at/de/warnungen/2023/6/weitere-kritische-sicherheitslucke-in-m… ∗∗∗ CISA Releases Fourteen Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- * SUBNET PowerSYSTEM Center * Advantech WebAccessSCADA * Siemens SICAM Q200 Devices * Siemens SIMOTION * Siemens SIMATIC WinCC * Siemens TIA Portal * Siemens SIMATIC WinCC V7 * Siemens SIMATIC STEP 7 and Derived Products * Siemens Solid Edge * Siemens SIMATIC S7-1500 TM MFP BIOS * Siemens SIMATIC S7-1500 TM MFP Linux Kernel * Siemens SINAMICS Medium Voltage Products * Siemens SICAM A8000 Devices * Siemens Teamcenter Visualization and JT2Go --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/15/cisa-releases-fourteen-i… ∗∗∗ Multiple vulnerabilities in Panasonic AiSEG2 ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN19748237/ ∗∗∗ ZDI-23-879: (0Day) Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-879/ ∗∗∗ ZDI-23-878: (0Day) Ashlar-Vellum Cobalt AR File Parsing Uninitialized Memory Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-878/ ∗∗∗ ZDI-23-877: (0Day) Ashlar-Vellum Cobalt IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-877/ ∗∗∗ ZDI-23-876: (0Day) Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-876/ ∗∗∗ ZDI-23-875: (0Day) Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-875/ ∗∗∗ ZDI-23-874: (0Day) Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-874/ ∗∗∗ ZDI-23-873: (0Day) Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-873/ ∗∗∗ ZDI-23-872: (0Day) Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-872/ ∗∗∗ ZDI-23-871: (0Day) Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-871/ ∗∗∗ ZDI-23-870: (0Day) Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-870/ ∗∗∗ ZDI-23-869: (0Day) Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-869/ ∗∗∗ ZDI-23-868: (0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-868/ ∗∗∗ ZDI-23-867: (0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-867/ ∗∗∗ ZDI-23-866: (0Day) Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-866/ ∗∗∗ ZDI-23-865: (0Day) Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-865/ ∗∗∗ ZDI-23-864: (0Day) Ashlar-Vellum Cobalt Out-Of-Bounds Access Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-864/ ∗∗∗ ZDI-23-863: (0Day) Ashlar-Vellum Cobalt Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-863/ ∗∗∗ ZDI-23-862: (0Day) Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-862/ ∗∗∗ ZDI-23-861: (0Day) Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-861/ ∗∗∗ ZDI-23-860: (0Day) Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-860/ ∗∗∗ ZDI-23-859: (0Day) Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-859/ ∗∗∗ CVE-2023-32027 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027 ∗∗∗ CVE-2023-29356 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356 ∗∗∗ CVE-2023-32025 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025 ∗∗∗ CVE-2023-32026 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026 ∗∗∗ Multiple vulnerabilities in Curl affect PowerSC ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004263 ∗∗∗ There is a security vulnerability in AWS SDK for Java used by Maximo Asset Management (CVE-2022-31159) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7002345 ∗∗∗ IBM SPSS Modeler is vulnerabile to SSL private key exposure (CVE-2023-33842) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004299 ∗∗∗ Vulnerability of xmlbeans-2.6.0.jar has affected APM DataPower agent. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004599 ∗∗∗ Vulnerabilities of Apache commons codec (commons-codec-1.6.jar) have affected APM NetApp Storage and APM File Gateway Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004597 ∗∗∗ IBM Cloud Pak for Security includes components with multiple known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004655 ∗∗∗ IBM Cloud Pak for Security includes components with multiple known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004653 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.06.2023
by Daily end-of-shift report 15 Jun '23

15 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 14-06-2023 18:00 − Donnerstag 15-06-2023 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Microsoft: Windows Kernel CVE-2023-32019 fix is disabled by default ∗∗∗ --------------------------------------------- Microsoft has released an optional fix to address a Kernel information disclosure vulnerability affecting systems running multiple Windows versions, including the latest Windows 10, Windows Server, and Windows 11 releases. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-windows-kernel-cve… ∗∗∗ Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway ∗∗∗ --------------------------------------------- A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway (ESG) appliances since October 2022."UNC4841 is an espionage actor behind this wide-ranging campaign in support of the Peoples Republic of China," Google-owned Mandiant said in a new report published today, [...] --------------------------------------------- https://thehackernews.com/2023/06/chinese-unc4841-group-exploits-zero-day.h… ∗∗∗ Hardware Hacking to Bypass BIOS Passwords ∗∗∗ --------------------------------------------- This article serves as a beginner’s hardware hacking journey, performing a BIOS password bypass on Lenovo laptops. We identify what the problem is, how to identify a vulnerable chip, how to bypass a vulnerable chip, and finally, analyse why this attack works and ways that it can be prevented. --------------------------------------------- https://blog.cybercx.co.nz/bypassing-bios-password ∗∗∗ Reverse Engineering Terminator aka Zemana AntiMalware/AntiLogger Driver ∗∗∗ --------------------------------------------- Recently, a threat actor (TA) known as SpyBot posted a tool, on a Russian hacking forum, that can terminate any antivirus/Endpoint Detection & Response (EDR/XDR) software. [..] While I’ve seen a lot of material from the defensive community (they were fast on this one) about the detection mechanism, IOCs, prevention policies and intelligence, I feel some other, perhaps more interesting vulnerable code paths in this driver were not explored nor discussed. --------------------------------------------- https://voidsec.com/reverse-engineering-terminator-aka-zemana-antimalware-a… ∗∗∗ Sicherheitsupdates: Attacken auf Pixel-Smartphones von Google gesichtet ∗∗∗ --------------------------------------------- Google hat etliche Sicherheitslücken in Pixel-Smartphones mit Android 13 geschlossen. Eine Lücke gilt als kritisch. --------------------------------------------- https://heise.de/-9188302 ∗∗∗ Eset schließt Sicherheitslücken in Virenscannern für Linux und Mac ∗∗∗ --------------------------------------------- Aufgrund einer hochriskanten Sicherheitslücke in Esets Virenschutz für Linux und Mac können Angreifer ihre Rechte ausweiten. Updates stehen bereit. --------------------------------------------- https://heise.de/-9188823 ∗∗∗ Kritisches Leck: Codeschmuggel auf mehr als 50 HP Laserjet MFP-Modelle möglich ∗∗∗ --------------------------------------------- HP warnt vor einer kritischen Sicherheitslücke in mehr als 50 HP (Enterprise) Laserjet MFP-Modellen. Angreifer aus dem Netz können Schadcode einschleusen. --------------------------------------------- https://heise.de/-9188162 ∗∗∗ WhatsApp Backups im Visier von Android GravityRAT ∗∗∗ --------------------------------------------- ESET-Forscher analysierten eine aktualisierte Version der Android-Spyware GravityRAT, die WhatsApp-Backup-Dateien stiehlt und Befehle zum Löschen von Dateien empfangen kann. --------------------------------------------- https://www.welivesecurity.com/deutsch/2023/06/15/whatsapp-backups-im-visie… ∗∗∗ Android Malware Impersonates ChatGPT-Themed Applications ∗∗∗ --------------------------------------------- Android malware posing as ChatGPT-themed apps targets mobile users. We report on instances of this attack vector, identifying two distinct types. --------------------------------------------- https://unit42.paloaltonetworks.com/android-malware-poses-as-chatgpt/ ∗∗∗ Unternehmen von LinkedIn-Betrugsfällen betroffen ∗∗∗ --------------------------------------------- Beliebteste Betrugsform sind Kontaktanfragen von einer unbekannten Person mit einem verdächtigen Link in der Nachricht. --------------------------------------------- https://www.zdnet.de/88409942/unternehmen-von-linkedin-betrugsfaellen-betro… ∗∗∗ CISA and NSA Release Joint Guidance on Hardening Baseboard Management Controllers (BMCs) ∗∗∗ --------------------------------------------- Today, CISA, together with the National Security Agency (NSA), released a Cybersecurity Information Sheet (CSI), highlighting threats to Baseboard Management Controller (BMC) implementations and detailing actions organizations can use to harden them. BMCs are trusted components designed into a computers hardware that operate separately from the operating system (OS) and firmware to allow for remote management and control, even when the system is shut down. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/14/cisa-and-nsa-release-joi… ∗∗∗ Gut gemachter Phishing-Versuch mit Malware im Namen Microsofts ∗∗∗ --------------------------------------------- Ein Blog-Leser hat mich auf einen gut gemachten Phishing-Versuch per E-Mail aufmerksam gemacht, der das Thema Multifactor-Authentifizierung (MFA) aufgreift. Dabei wird suggeriert, dass die Mail von Microsoft selbst stammt (es wird eine Sub-Domain von Microsoft benutzt) und die Leute agieren [...] --------------------------------------------- https://www.borncity.com/blog/2023/06/15/gut-gemachter-phishing-versuch-mit… ∗∗∗ Hijacking S3 Buckets: New Attack Technique Exploited in the Wild by Supply Chain Attackers ∗∗∗ --------------------------------------------- Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones. --------------------------------------------- https://checkmarx.com/blog/hijacking-s3-buckets-new-attack-technique-exploi… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-23-858: (0Day) Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-23-858/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (webkit2gtk), Fedora (python-django-filter and qt), Mageia (cups, firefox/nss, httpie, thunderbird, and webkit2), Red Hat (.NET 6.0, .NET 7.0, c-ares, firefox, jenkins and jenkins-2-plugins, nodejs, nodejs:18, python3, python3.11, python3.9, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (frr, opensc, python3, and rekor), and Ubuntu (c-ares, glib2.0, libcap2, linux-intel-iotg-5.15, pano13, and requests). --------------------------------------------- https://lwn.net/Articles/934802/ ∗∗∗ Vulnerabilities in Samba ∗∗∗ --------------------------------------------- The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba, including vulnerabilities related to RC4 encryption. If exploited, some of these vulnerabilities allow an attacker to take control of an affected system. --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-23-05 ∗∗∗ Windows PowerShell PS1 Trojan File RCE ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2023060031 ∗∗∗ Office Hours - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-020 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2023-020 ∗∗∗ CVE-2023-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication (Severity: MEDIUM) ∗∗∗ --------------------------------------------- https://security.paloaltonetworks.com/CVE-2023-0010 ∗∗∗ CVE-2023-0009 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability (Severity: MEDIUM) ∗∗∗ --------------------------------------------- https://security.paloaltonetworks.com/CVE-2023-0009 ∗∗∗ IBM Sterling Partner Engagement Manager is vulnerable to CSS injection due to Swagger UI (CVE-2019-17495) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004151 ∗∗∗ IBM Sterling Partner Engagement Manager vulnerable to buffer overflow due to OpenJDK (CVE-2023-2597) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004153 ∗∗∗ IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote sensitive information exposure due to IBM GSKit (CVE-2023-32342) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004175 ∗∗∗ A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2022-39161] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004183 ∗∗∗ Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase ( CVE-2023-24966, CVE-2022-39161, CVE-2023-27554, CVE-2023-24998) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004187 ∗∗∗ A vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Scale (CVE-2023-24998) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004199 ∗∗∗ IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Kubernetes, curl and systemd ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004197 ∗∗∗ IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from curl, go and apr-util ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6999605 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.06.2023
by Daily end-of-shift report 14 Jun '23

14 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Dienstag 13-06-2023 18:00 − Mittwoch 14-06-2023 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft: Windows 10 21H2 has reached end of servicing ∗∗∗ --------------------------------------------- Multiple editions of Windows 10 21H2 have reached their end of service (EOS) in this months Patch Tuesday, as Microsoft reminded customers today. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-21h2-h… ∗∗∗ Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits ∗∗∗ --------------------------------------------- At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service.All seven repositories, which are still available as of writing, claim to be a proof-of-concept (PoC) exploit for purported zero-day flaws in Discord, Google Chrome, and Microsoft Exchange Server, --------------------------------------------- https://thehackernews.com/2023/06/fake-researcher-profiles-spread-malware.h… ∗∗∗ Shampoo: A New ChromeLoader Campaign ∗∗∗ --------------------------------------------- Recently HP Wolf Security detected a new malware campaign built around a new malicious ChromeLoader extension called Shampoo. [..] Its goal is to install a malicious extension in Google Chrome that is used for advertising. Older versions of ChromeLoader have a particularly complex infection chain, starting with the victim downloading malicious ISO files from websites hosting illegal content. --------------------------------------------- https://www.bromium.com/shampoo-a-new-chromeloader-campaign/ ∗∗∗ VMware ESXi Zero-Day Used [..] to Perform Privileged Guest Operations on Compromised Hypervisors ∗∗∗ --------------------------------------------- This blog post describes an expanded understanding of the attack path seen in Figure 1 and highlights the implications of both the zero-day vulnerability (CVE-2023-20867) and VMCI communication sockets the attacker leveraged to complete their goal. [Note: Patch verfügbar, siehe VMSA-2023-0013: "VMware Tools update addresses Authentication Bypass vulnerability"] --------------------------------------------- https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass ∗∗∗ Pre-announcement of BIND 9 security issues scheduled for disclosure 21 June 2023 ∗∗∗ --------------------------------------------- As part of our policy of pre-notification of upcoming security releases, we are writing to inform you that the June 2023 BIND 9 maintenance releases that will be published on Wednesday, 21 June will contain patches for security vulnerabilities affecting stable BIND 9 release branches. --------------------------------------------- https://lists.isc.org/pipermail/bind-announce/2023-June/001234.html ∗∗∗ Booking.com-Betrug: Unterkünfte stornieren Buchungen und verlangen externe Zahlungen! ∗∗∗ --------------------------------------------- Auf booking.com scheinen Kriminelle eine neue Betrugsmethode für sich entdeckt zu haben. Sie bieten eine Unterkunft mit Zahlung vor Ort und kostenloser Stornierung an. Bucht jemand die Unterkunft, wird diese kurz darauf storniert. Außerhalb der booking.com-Kommunikationskanäle verspricht man nach „Verifikation des Zahlungsmittels“ einen neuerlichen Buchungsabschluss. --------------------------------------------- https://www.watchlist-internet.at/news/bookingcom-betrug-unterkuenfte-storn… ∗∗∗ U.S. and International Partners Release Comprehensive Cyber Advisory on LockBit Ransomware ∗∗∗ --------------------------------------------- This joint advisory is a comprehensive resource with common tools; exploitations; and tactics, techniques, and procedures (TTPs) used by LockBit affiliates, along with recommended mitigations for organizations to reduce the likelihood and impact of future ransomware incidents. --------------------------------------------- https://www.cisa.gov/news-events/news/us-and-international-partners-release… ===================== = Vulnerabilities = ===================== ∗∗∗ WordPress Stripe payment plugin bug leaks customer order details ∗∗∗ --------------------------------------------- The WooCommerce Stripe Gateway plugin for WordPress was found to be vulnerable to a bug that allows any unauthenticated user to view order details placed through the plugin. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-stripe-payment-plu… ∗∗∗ Webbrowser: Neue Chrome-Version schließt kritische Schwachstelle ∗∗∗ --------------------------------------------- Im Webbrowser Chrome von Google klafft eine kritische Sicherheitslücke. Updates zum Schließen stehen bereit. Chrome-Nutzer sollten sie zügig installieren. --------------------------------------------- https://heise.de/-9186834 ∗∗∗ Webkonferenz-Software: Mehrere hochriskante Lücken in Zoom gestopft ∗∗∗ --------------------------------------------- Die Entwickler der Webkonferenz-Software Zoom haben zwölf Sicherheitsmeldungen veröffentlicht. Zum Abdichten der Schwachstellen liefern sie Aktualisierungen. --------------------------------------------- https://heise.de/-9186898 ∗∗∗ WordPress-Shops mit WooCommerce-Plug-in: Angreifer könnten Kundendaten einsehen ∗∗∗ --------------------------------------------- Aufgrund einer Schwachstelle sind persönliche Kundendaten in WordPress-Shopwebsites nicht optimal geschützt. Admins sollten zügig handeln. --------------------------------------------- https://heise.de/-9187447 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ffmpeg, owslib, php7.4, and php8.2), Fedora (ntp-refclock, php, and python3.7), Red Hat (c-ares, firefox, and thunderbird), SUSE (kernel, openldap2, and tomcat), and Ubuntu (binutils, dotnet6, dotnet7, node-fetch, and python-tornado). --------------------------------------------- https://lwn.net/Articles/934619/ ∗∗∗ SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates ∗∗∗ --------------------------------------------- SAP has released eight new security notes on June 2023 Security Patch Day, including two that address high-severity vulnerabilities.The post SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates appeared first on SecurityWeek. --------------------------------------------- https://www.securityweek.com/sap-patches-high-severity-vulnerabilities-with… ∗∗∗ ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities ∗∗∗ --------------------------------------------- ICS Patch Tuesday: Siemens and Schneider Electric have published more than a dozen advisories addressing over 200 vulnerabilities.The post ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities appeared first on SecurityWeek. --------------------------------------------- https://www.securityweek.com/ics-patch-tuesday-siemens-addresses-over-180-t… ∗∗∗ Windows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490 ∗∗∗ --------------------------------------------- CTX559370 NewWindows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490Applicable Products : Citrix Virtual Apps and Desktops --------------------------------------------- https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-deli… ∗∗∗ Fortinet Releases June 2023 Vulnerability Advisories ∗∗∗ --------------------------------------------- Fortinet has released its June 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the Fortinet June 2023 Vulnerability Advisories page for more information and apply the necessary updates. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/13/fortinet-releases-june-2… ∗∗∗ Adobe Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.Experience Manager APSB23-31Commerce APSB23-35Animate APSB23-36Substance 3D Designer APSB23-39 --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/13/adobe-releases-security-… ∗∗∗ Tuesday June 20 2023 Security Releases ∗∗∗ --------------------------------------------- The Node.js project will release new versions of the 16.x, 18.x and 20.x releases lines on or shortly after, Tuesday June 20 2023 in order to address: 7 medium severity issues, 3 high severity issues, OpenSSL security updates, c-ares 22th May security updates --------------------------------------------- https://nodejs.org/en/blog/vulnerability/june-2023-security-releases ∗∗∗ Microsoft Releases June 2023 Security Updates ∗∗∗ --------------------------------------------- Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review Microsoft’s June 2023 Security Update Guide and Deployment Information and apply the necessary updates. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/13/microsoft-releases-june-… ∗∗∗ IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6999317 ∗∗∗ IBM Security Guardium is affected by multiple Oracle\u00ae MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6981105 ∗∗∗ IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6981101 ∗∗∗ IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7000021 ∗∗∗ IBM Security Guardium is affected by FasterXML jackson-databind vulnerabilities (CVE-2020-25649, X-Force ID 217968) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6573001 ∗∗∗ IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTTP request smuggling in Apache Tomcat (CVE-2022-42252). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003581 ∗∗∗ IBM Cloud Pak for Security includes components with multiple known vulnerabilities (CVE-2023-0286, CVE-2023-23931) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003815 ∗∗∗ A vulnerability in Certifi package may affect IBM Storage Scale (CVE-2022-23491) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003817 ∗∗∗ IBM App Connect for Healthcare is affected by multiple Apache vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6999671 ∗∗∗ Apache Commons FileUpload vulnerability affects IBM Financial Transaction Manager (CVE-2023-24998) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003827 ∗∗∗ TADDM is vulnerable to a denial of service due to vulnerability in Castor Library ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003861 ∗∗∗ Multiple Vulnerabilities of Apache HttpClient have affected APM Linux KVM Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003887 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.06.2023
by Daily end-of-shift report 13 Jun '23

13 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Montag 12-06-2023 18:00 − Dienstag 13-06-2023 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away ∗∗∗ --------------------------------------------- Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs. --------------------------------------------- https://arstechnica.com/?p=1947319 ∗∗∗ Passwort-Manager Bitwarden: Master-Schlüssel war für alle lesbar ∗∗∗ --------------------------------------------- Der Passwort-Manager Bitwarden unterstützt die Authentifizierung mit Windows Hello. Bis vor Kurzem war darüber der Master-Schlüssel für alle auslesbar. --------------------------------------------- https://heise.de/-9184586 ∗∗∗ BSI veröffentlicht Version 1.0.1 des TLS-Testtools TaSK ∗∗∗ --------------------------------------------- Nach der Veröffentlichung einer Beta-Version im Januar hat das BSI in der neuen Version weitere Funktionalitäten eingefügt. Die Version ist funktionsfähig für TLS-Server, TLS-Clients sowie für weitere Fachanwendungen wie beispielsweise eID-Clients, eID-Server oder auch E-Mail-Server. --------------------------------------------- https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldunge… ∗∗∗ Vorsicht vor zu günstigen „La Sportiva“-Produkten ∗∗∗ --------------------------------------------- Der Berg und die Fake-Angebote im Internet rufen. Aktuell werden uns vermehrt Fake-Shops der Outdoor-Marke „La Sportiva“ gemeldet. Aufmerksam auf die Schnäppchen werden Kund:innen vor allem durch Werbung auf Facebook, Instagram und Co. Ist der Preis zu schön, um wahr zu sein, handelt es sich um Fake. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-zu-guenstigen-la-sporti… ∗∗∗ Inside Win32k Exploitation: Background on Implementations of Win32k and Exploitation Methodologies ∗∗∗ --------------------------------------------- This is part one of a series that will cover Win32k internals and exploitation in general using these two vulnerabilities (CVE-2022-21882, CVE-2021-1732) and their related proof-of-concept (PoC) exploits as examples. --------------------------------------------- https://unit42.paloaltonetworks.com/win32k-analysis-part-1/ ∗∗∗ Are smartphone thermal cameras sensitive enough to uncover PIN codes? ∗∗∗ --------------------------------------------- I started out thinking that these cameras were gimmicks, but theyve become an important tool in the toolbox. Heres why - and a little test. --------------------------------------------- https://www.zdnet.com/home-and-office/are-smartphone-thermal-cameras-sensit… ===================== = Vulnerabilities = ===================== ∗∗∗ Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571) ∗∗∗ --------------------------------------------- Product Name: System.Linq.Dynamic.Core Affected versions 1.0.7.10 to 1.2.25 CVE: CVE-2023-32571 CVSSv3.1 base score 9.1 Users can execute arbitrary code and commands where user input is passed to Dynmic Linq methods such as .Where(...), .All(...), .Any(...) and .OrderBy(...). --------------------------------------------- https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code… ∗∗∗ TYPO3 Security Advisories ∗∗∗ --------------------------------------------- several vulnerabilities have been found in the following third party TYPO3 extensions: "Faceted Search" (ke_search) "ipandlanguageredirect" (ipandlanguageredirect) "Canto Extension" (canto_extension) For further information on the issues, please read the related advisories TYPO3-EXT-SA-2023-004, TYPO3-EXT-SA-2023-005 and TYPO3-EXT-SA-2023-006 --------------------------------------------- https://typo3.org/help/security-advisories ∗∗∗ New Siemens Security Advisories ∗∗∗ --------------------------------------------- TIA Portal, SIMOTION, SIMATIC WinCC, Teamcenter Visualization and JT2Go, CPCI85 Firmware of SICAM A8000 Devices, SIMATIC S7-1500 TM MFP V1.0, SICAM Q200 Devices, SIMATIC WinCC V7, Integrated SCALANCE S615 of SINAMICS Medium Voltage Products, in SIMATIC STEP 7 V5.x and Derived Products, Solid Edge --------------------------------------------- https://new.siemens.com/global/en/products/services/cert.html#SecurityPubli… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (vim), Fedora (kernel), Oracle (emacs, firefox, python3, and qemu), SUSE (firefox, java-1_8_0-ibm, and libwebp), and Ubuntu (firefox, glusterfs, and sniproxy). --------------------------------------------- https://lwn.net/Articles/934492/ ∗∗∗ Synology-SA-23:08 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to obtain user credential via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_23_08 ∗∗∗ Synology-SA-23:07 DSM ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to obtain user credential via a susceptible version of Synology DiskStation Manager (DSM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_23_07 ∗∗∗ Synology-SA-23:06 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to read arbitrary files via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_23_06 ∗∗∗ Synology-SA-23:05 DSM ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to read arbitrary files via a susceptible version of Synology DiskStation Manager (DSM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_23_05 ∗∗∗ ShareFile StorageZones Controller Security Update for CVE-2023-24489 ∗∗∗ --------------------------------------------- A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24. [..] All customer-managed ShareFile storage zones controllers versions prior to the latest version 5.11.24 have been blocked to protect our customers. Customers will be able to reinstate the storage zones controller once the update to 5.11.24 is applied. --------------------------------------------- https://support.citrix.com/article/CTX559517/sharefile-storagezones-control… ∗∗∗ Kritische Sicherheitslücke in Fortinet FortiOS und FortiProxy SSL-VPN Produkten - aktiv ausgenutzt, Updates verfügbar ∗∗∗ --------------------------------------------- 13. Juni 2023 Beschreibung Fortinet hat eine Warnung herausgegeben, dass in den SSL-VPN - Komponenten der Produkte FortiOS und FortiProxy eine kritische Sicherheitslücke besteht, die auch bereits aktiv ausgenutzt wird, und stellt erste entsprechende Updates bereit. CVE-Nummer(n): CVE-2023-27997 CVSSv3 Score: 9.2 Auswirkungen Unauthentisierte Angreifer:innen können durch Ausnutzen der Lücke beliebigen Code auf betroffenen Geräten ausführen. Da diese Geräte --------------------------------------------- https://cert.at/de/warnungen/2023/6/kritische-sicherheitslucke-in-fortinet-… ∗∗∗ CISA Releases Four Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- - ICSA-23-164-01 Datalogics Library Third-Party - ICSA-23-164-02 Rockwell Automation FactoryTalk Services Platform - ICSA-23-164-03 Rockwell Automation FactoryTalk Edge Gateway - ICSA-23-164-04 Rockwell Automation FactoryTalk Transaction Manager --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/13/cisa-releases-four-indus… ∗∗∗ Chatwork Desktop Application (Mac) vulnerable to code injection ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN96828492/ ∗∗∗ PHOENIX CONTACT: FL MGUARD affected by two vulnerabilities ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-010/ ∗∗∗ 2023-06-12: Cyber Security Advisory - ABB Relion REX640 Cyber Security Improvements ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423&Language… ∗∗∗ VMSA-2023-0013 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2023-0013.html ∗∗∗ System Management Module (SMM) v1 and v2 / Fan Power Controller (FPC) Vulnerabilities ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500565-SYSTEM-MANAGEMENT-MODUL… ∗∗∗ Lenovo XClarity Administrator (LXCA) Vulnerabilities ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500564-LENOVO-XCLARITY-ADMINIS… ∗∗∗ IBM Content Navigator is vulnerable to DoS due to Apache Commons FileUpload (CVE-2023-24998) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7002807 ∗∗∗ Multiple vulnerabilities in IBM Semeru Runtime affect z\/Transaction Processing Facility ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003337 ∗∗∗ Vulnerability of Apache Thrift (libthrift-0.12.0.jar ) have affected APM WebSphere Application Server Agent and APM SAP NetWeaver Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003479 ∗∗∗ Vulnerability of Google Gson (gson-2.8.2.jar ) have affected APM WebSphere Application Server Agent and APM SAP NetWeaver Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003477 ∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2023-26283) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003495 ∗∗∗ Multiple Vulnerabilities of Jackson-Mapper-asl have affected APM Linux KVM Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003497 ∗∗∗ IBM Workload Scheduler is potentially affected by multiple vulnerabilities in OpenSSL (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003501 ∗∗∗ IBM Workload Scheduler is potentially affected by a vulnerability in OpenSSL causing system crash (CVE-2022-4450) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003511 ∗∗∗ IBM Workload Scheduler potentially affected by a vulnerability in SnakeYaml (CVE-2022-1471) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003513 ∗∗∗ OpenPages with Watson has addressed Node.js vulnerability (CVE-2022-32213) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003313 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.06.2023
by Daily end-of-shift report 12 Jun '23

12 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Freitag 09-06-2023 18:00 − Montag 12-06-2023 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fortinet: SSL-VPN-Lücke ermöglicht Codeschmuggel ∗∗∗ --------------------------------------------- Fortinet hat Updates für das FortiOS-Betriebssystem veröffentlicht. Sie schließen eine Sicherheitslücke im SSL-VPN, die das Einschleusen von Schadcode erlaubt. --------------------------------------------- https://heise.de/-9184284 ∗∗∗ Passwort-Manager Bitwarden: Biometrischer Schlüssel war für alle lesbar ∗∗∗ --------------------------------------------- Der Passwort-Manager Bitwarden unterstützt die Authentifizierung mit Windows Hello. Bis vor kurzem war der biometrische Schlüssel in Windows für alle auslesbar. --------------------------------------------- https://heise.de/-9184586 ∗∗∗ New MOVEit Vulnerabilities Found as More Zero-Day Attack Victims Come Forward ∗∗∗ --------------------------------------------- Researchers discover new MOVEit vulnerabilities related to the zero-day, just as more organizations hit by the attack are coming forward. --------------------------------------------- https://www.securityweek.com/new-moveit-vulnerabilities-found-as-more-zero-… ∗∗∗ Exploit released for MOVEit RCE bug used in data theft attacks ∗∗∗ --------------------------------------------- Horizon3 security researchers have released proof-of-concept (PoC) exploit code for a remote code execution (RCE) bug in the MOVEit Transfer managed file transfer (MFT) solution abused by the Clop ransomware gang in data theft attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/exploit-released-for-moveit-… ∗∗∗ Strava heatmap feature can be abused to find home addresses ∗∗∗ --------------------------------------------- Researchers at the North Carolina State University Raleigh have discovered a privacy risk in the Strava apps heatmap feature that could lead to identifying users home addresses. --------------------------------------------- https://www.bleepingcomputer.com/news/security/strava-heatmap-feature-can-b… ∗∗∗ Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency ∗∗∗ --------------------------------------------- Kaspersky researchers share insight into multistage DoubleFinger loader attack delivering GreetingGhoul cryptocurrency stealer and Remcos RAT. --------------------------------------------- https://securelist.com/doublefinger-loader-delivering-greetingghoul-cryptoc… ∗∗∗ Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer ∗∗∗ --------------------------------------------- Security researchers have warned about an "easily exploitable" flaw in the Microsoft Visual Studio installer that could be abused by a malicious actor to impersonate a legitimate publisher and distribute malicious extensions."A threat actor could impersonate a popular publisher and issue a malicious extension to compromise a targeted system," Varonis researcher Dolev Taler said. --------------------------------------------- https://thehackernews.com/2023/06/researchers-uncover-publisher-spoofing.ht… ∗∗∗ Bypassing Android Biometric Authentication ∗∗∗ --------------------------------------------- Cryptography and authentication issues are not only present in apps with a low number of downloads, but also in very popular apps. Furthermore, this affects also apps that aim to provide a high level of data protection, since they handle sensitive data that should be kept safe. [..] However, it is important to stress that to be able to perform a bypass, an attacker needs root permissions on the device of the victim or is able to talk the victim into installing a modified version of an app [..] --------------------------------------------- https://sec-consult.com/blog/detail/bypassing-android-biometric-authenticat… ∗∗∗ Circumventing inotify Watchdogs ∗∗∗ --------------------------------------------- Recently I’ve been building rudimentary file monitoring tools to get better at Golang, and build faux-watchdog programs for research at Arch Cloud Labs. Through this experimentation, I’ve identified some interesting gaps in the inotify subsystem that are new to me, but are well documented in the Linux man pages. This blog post will explore how to circumvent read detections implemented by inotify. --------------------------------------------- https://www.archcloudlabs.com/projects/inotify/ ∗∗∗ Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures ∗∗∗ --------------------------------------------- We are the first to provide an in-depth analysis of Office Open XML (OOXML) Signatures, the Ecma/ISO standard that all Microsoft Office applications use. Our analysis reveals major discrepancies between the structure of office documents and the way digital signatures are verified. These discrepancies lead to serious security flaws in the specification and in the implementation. As a result, we discovered five new attack classes. --------------------------------------------- https://www.usenix.org/system/files/sec23summer_235-rohlmann-prepub.pdf ∗∗∗ Defeating Windows DEP With A Custom ROP Chain ∗∗∗ --------------------------------------------- This article explains how to write a custom ROP (Return Oriented Programming) chain to bypass Data Execution Prevention (DEP) on a Windows 10 system. DEP makes certain parts of memory (e.g., the stack) used by an application non-executable. This means that overwriting EIP with a “JMP ESP” (or similar) instruction and then freely executing [...] --------------------------------------------- https://research.nccgroup.com/2023/06/12/defeating-windows-dep-with-a-custo… ∗∗∗ Instagram: Vorsicht vor gefälschter „Meta“-Nachricht ∗∗∗ --------------------------------------------- Ein Fake-Profil von Meta schreibt Ihnen auf Instagram. Angeblich haben Sie gegen das Urheberrecht verstoßen. Sie werden aufgefordert, ein Widerrufsformular auszufüllen, sonst wird das Konto gesperrt. Der Link zum Formular befindet sich gleich in der Nachricht. Vorsicht: Diese Nachricht ist Fake. Kriminelle stehlen Ihre Zugangsdaten und erpressen Sie im Anschluss. --------------------------------------------- https://www.watchlist-internet.at/news/instagram-vorsicht-vor-gefaelschter-… ∗∗∗ Varonis warnt vor nicht mehr genutzten Salesforce-Sites ∗∗∗ --------------------------------------------- Sicherheitsforscher von Varonis sind auf ein Problem in Verbindung mit Salesforce-Sites gestoßen, die verwaist sind und nicht mehr genutzt werden. Die Sicherheitsforscher der Varonis Threat Labs haben entdeckt, dass unsachgemäß deaktivierte Salesforce-Sites, sogenannte Ghost Sites, weiterhin aktuelle Daten abrufen und für Angreifer zugänglich sind: Durch Manipulation des Host-Headers können Cyberkriminelle Zugang zu sensiblen personenbezogenen Daten und Geschäftsinformationen erhalten. --------------------------------------------- https://www.borncity.com/blog/2023/06/10/varonis-warnt-vor-nicht-mehr-genut… ∗∗∗ OAuth2 Security Best Current Practices ∗∗∗ --------------------------------------------- Die IETF hat zum 6. Juni 2023 ein Dokument "OAuth2 Security Best Current Practices" aktualisiert. Das Dokument beschreibt die derzeit beste Sicherheitspraxis für OAuth 2.0. Es aktualisiert und erweitert das OAuth 2.0-Sicherheitsbedrohungsmodell. --------------------------------------------- https://www.borncity.com/blog/2023/06/11/oauth2-security-best-current-pract… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (pypdf2 and thunderbird), Fedora (chromium, dbus, mariadb, matrix-synapse, sympa, and thunderbird), Scientific Linux (python and python3), SUSE (chromium, gdb, and openldap2), and Ubuntu (jupyter-core, requests, sssd, and vim). --------------------------------------------- https://lwn.net/Articles/934456/ ∗∗∗ WordPress Theme Workreap 2.2.2 Unauthenticated Upload Leading to Remote Code Execution ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2023060012 ∗∗∗ ASUS Router RT-AX3000 vulnerable to using sensitive cookies without Secure attribute ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN34232595/ ∗∗∗ Security Vulnerabilities fixed in Thunderbird 102.12 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2023-21/ ∗∗∗ This Power System update is being released to address CVE-2023-25683 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7002721 ∗∗∗ IBM Content Navigator is vulnerable to DoS due to Apache Commons FileUpload (CVE-2023-24998) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7002807 ∗∗∗ IBMid credentials may be exposed when directly downloading code onto IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Spectrum Virtualize products [CVE-2023-27870] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6985697 ∗∗∗ Vulnerability in requests-2.27.1.tar.gz affects IBM Integrated Analytics System [CVE-2023-32681] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003185 ∗∗∗ Vulnerability in bottle-0.12.16 affects IBM Integrated Analytics System [CVE-2020-28473] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003195 ∗∗∗ Vulnerability in bottle-0.12.16 affects IBM Integrated Analytics System [CVE-2022-31799] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003201 ∗∗∗ Vulnerability in certifi-2018.4.16 affects IBM Integrated Analytics System [ CVE-2022-23491] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003205 ∗∗∗ IBM Cloud Kubernetes Service is affected by two containerd security vulnerabilities (CVE-2023-28642) (CVE-2023-27561) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7001317 ∗∗∗ Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7000903 ∗∗∗ IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to GraphQL Java (CVE-2023-28867) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003247 ∗∗∗ IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service due to GraphQL Java (CVE-2023-28867) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003245 ∗∗∗ IBM App Connect Enterprise Certified Container operands that use the Snowflake connector are vulnerable to arbitrary code execution due to [CVE-2023-34232] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003259 ∗∗∗ IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to arbitrary code execution due to PostgreSQL (CVE-2023-2454) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003279 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.06.2023
by Daily end-of-shift report 09 Jun '23

09 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 07-06-2023 18:00 − Freitag 09-06-2023 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Barracuda Email Security Gateway Appliance (ESG) sofort austauschen! ∗∗∗ --------------------------------------------- Noch ein kurzes Thema, welche wegen Feiertag etwas liegen geblieben ist. Der Hersteller Barracuda fordert Administratoren seiner Email Security Gateway Appliance (ESG) auf, die Geräte sofort auszutauschen. Hintergrund ist eine Schwachstelle in den ESG-Modellen, die zwar Ende Mai 2025 gepatcht werden sollte. Das scheint aber nicht zu wirken und der Hersteller ruft zum Austausch auf. --------------------------------------------- https://www.borncity.com/blog/2023/06/08/barracuda-email-security-gateway-a… ∗∗∗ CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances ∗∗∗ --------------------------------------------- Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway (ESG) appliances. --------------------------------------------- https://www.rapid7.com/blog/post/2023/06/08/etr-cve-2023-2868-total-comprom… ∗∗∗ Royal ransomware gang adds BlackSuit encryptor to their arsenal ∗∗∗ --------------------------------------------- The Royal ransomware gang has begun testing a new encryptor called BlackSuit that shares many similarities with the operations usual encryptor. --------------------------------------------- https://www.bleepingcomputer.com/news/security/royal-ransomware-gang-adds-b… ∗∗∗ Detecting and mitigating a multi-stage AiTM phishing and BEC campaign ∗∗∗ --------------------------------------------- Microsoft Defender Experts observed a multi-stage adversary-in-the-middle (AiTM) and business email compromise (BEC) attack targeting banking and financial services organizations over two days. This attack originated from a compromised trusted vendor, involved AiTM and BEC attacks across multiple supplier/partner organizations for financial fraud, and did not use a reverse proxy like typical AiTM attacks. --------------------------------------------- https://www.microsoft.com/en-us/security/blog/2023/06/08/detecting-and-miti… ∗∗∗ Undetected PowerShell Backdoor Disguised as a Profile File, (Fri, Jun 9th) ∗∗∗ --------------------------------------------- PowerShell remains an excellent way to compromise computers. Many PowerShell scripts found in the wild are usually obfuscated. Most of the time, this helps to have the script detected by fewer antivirus vendors. Yesterday, I found a script that scored 0/59 on VT! Lets have a look at it. --------------------------------------------- https://isc.sans.edu/diary/rss/29930 ∗∗∗ Clop Ransomware Likely Sitting on MOVEit Transfer Vulnerability (CVE-2023-34362) Since 2021 ∗∗∗ --------------------------------------------- On June 5, 2023, the Clop ransomware group publicly claimed responsibility for exploitation of a zero-day vulnerability in the MOVEit Transfer secure file transfer web application (CVE-2023-34362). [...] Kroll forensic review has also identified activity indicating that the Clop threat actors were likely experimenting with ways to exploit this particular vulnerability as far back as 2021. --------------------------------------------- https://www.kroll.com/en/insights/publications/cyber/clop-ransomware-moveit… ∗∗∗ MSSQL linked servers: abusing ADSI for password retrieval ∗∗∗ --------------------------------------------- When we talk about Microsoft SQL Server linked servers, we usually think of links to another SQL Server instances. However, this is only one of the multiple available options, so today we are going to delve into the Active Directory Service Interfaces (ADSI) provider, which allows querying the AD using the LDAP protocol. --------------------------------------------- https://www.tarlogic.com/blog/linked-servers-adsi-passwords/ ∗∗∗ Sicherheitsupdates Cisco: Angreifer könnten Passwörter beliebiger Nutzer ändern ∗∗∗ --------------------------------------------- Unter anderem Cisco Expressway Series und Adaptive Security Appliance sind verwundbar. Admins sollten die Software aktualisieren. --------------------------------------------- https://heise.de/-9180829 ∗∗∗ Minecraft-Modifikationspakete mit Fractureiser-Malware verseucht ∗∗∗ --------------------------------------------- Minecraftspieler aufgepasst: Auf den legitimen Portalen Bukkit und CurseForge sind infizierte Modifikationen aufgetaucht. --------------------------------------------- https://heise.de/-9182068 ∗∗∗ Schadcode-Attacken auf Netzwerk-Monitoringlösung von VMware möglich ∗∗∗ --------------------------------------------- Es gibt ein wichtiges Sicherheitsupdate für VMware Aria Operations for Networks. Admins sollten zeitnah handeln. --------------------------------------------- https://heise.de/-9181036 ∗∗∗ Android-Viren: Trickreich vor Nutzern versteckt ∗∗∗ --------------------------------------------- Die Virenanalysten von Bitdefender sind beim Test einer Schutzkomponente auf Android-Malware gestoßen, die sich trickreich auf dem Smartphone versteckt. --------------------------------------------- https://heise.de/-9182008 ∗∗∗ Asylum Ambuscade: Crimeware oder Cyberspionage? ∗∗∗ --------------------------------------------- Ein seltsamer Fall eines Bedrohungsakteurs an der Grenze zwischen Crimeware und Cyberspionage. --------------------------------------------- https://www.welivesecurity.com/deutsch/2023/06/08/asylum-ambuscade-crimewar… ∗∗∗ SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint ∗∗∗ --------------------------------------------- A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint. --------------------------------------------- https://www.securityweek.com/saas-ransomware-attack-hit-sharepoint-online-w… ∗∗∗ Shodan Verified Vulns 2023-06-01 ∗∗∗ --------------------------------------------- Mit Stand 2023-06-01 sieht Shodan in Österreich die folgenden Schwachstellen: [...] Auch diesen Monat ist ein Abfall bei fast allen Einträgen zu verzeichnen. Die einzige verhältnismäßig größere Ausnahme ist die Sicherheitslücke CVE-2015-2080 (Jetleak). --------------------------------------------- https://cert.at/de/aktuelles/2023/6/shodan-verified-vulns-2023-06-01 ∗∗∗ Adventures in Disclosure: When Reporting Bugs Goes Wrong ∗∗∗ --------------------------------------------- The Zero Day Initiative (ZDI) is the world’s largest vendor-agnostic bug bounty program. That means we purchase bug reports from independent security researchers around the world in Microsoft applications, Adobe, Cisco, Apple, IBM, Dell, Trend Micro, SCADA systems, etc. We don’t buy every bug report submitted, but we buy a lot of bugs. Of course, this means we disclose a lot of bugs. And not every disclosure goes according to plan. Why Disclose at All? This is a fine place to start. --------------------------------------------- https://www.thezdi.com/blog/2023/6/7/adventures-in-disclosure-when-reportin… ∗∗∗ May 2023’s Most Wanted Malware: New Version of Guloader Delivers Encrypted Cloud-Based Payloads ∗∗∗ --------------------------------------------- Check Point Research reported on a new version of shellcode-based downloader GuLoader featuring fully encrypted payloads for cloud-based delivery. Our latest Global Threat Index for May 2023 saw researchers report on a new version of shellcode-based downloader GuLoader, which was the fourth most prevalent malware. With fully encrypted payloads and anti-analysis techniques, the latest form can be stored undetected in well-known public cloud services, including Google Drive. --------------------------------------------- https://blog.checkpoint.com/security/may-2023s-most-wanted-malware-new-vers… ∗∗∗ Analyzing the FUD Malware Obfuscation Engine BatCloak ∗∗∗ --------------------------------------------- We look into BatCloak engine, its modular integration into modern malware, proliferation mechanisms, and interoperability implications as malicious actors take advantage of its fully undetectable (FUD) capabilities. --------------------------------------------- https://www.trendmicro.com/en_us/research/23/f/analyzing-the-fud-malware-ob… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-23-818: (0Day) ZTE MF286R goahead Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ZTE MF286R routers. Authentication is required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-818/ ∗∗∗ ZDI: Sante DICOM Viewer Pro Vulnerabilities ∗∗∗ --------------------------------------------- * ZDI-23-853: Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability: https://www.zerodayinitiative.com/advisories/ZDI-23-853/ * ZDI-23-854: Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability: https://www.zerodayinitiative.com/advisories/ZDI-23-854/ * ZDI-23-855: Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability: https://www.zerodayinitiative.com/advisories/ZDI-23-855/ * ZDI-23-856: Sante DICOM Viewer Pro JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability: https://www.zerodayinitiative.com/advisories/ZDI-23-856/ --------------------------------------------- https://www.santesoft.com/win/sante-dicom-viewer-pro/download.html ∗∗∗ Virenschutz: Hochriskante Sicherheitslücken in Trend Micros Apex One ∗∗∗ --------------------------------------------- In der Schutzsoftware Trend Micro Apex One können Angreifer Schwachstellen missbrauchen, um ihre Rechte am System auszuweiten. Aktualisierungen stehen bereit. --------------------------------------------- https://heise.de/-9180965 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, firefox-esr, and ruby2.5), Fedora (curl, dbus, pypy, pypy3.8, pypy3.9, python3.10, and python3.8), Red Hat (python and python-flask), Scientific Linux (emacs), SUSE (firefox, google-cloud-sap-agent, libwebp, opensc, openssl, openssl-3, openssl1, python-sqlparse, python310, and supportutils), and Ubuntu (libxml2, netatalk, and sysstat). --------------------------------------------- https://lwn.net/Articles/934245/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jupyter-core, openssl, and ruby2.5), Fedora (firefox), Mageia (libreoffice, openssl, and python-flask), Red Hat (python and python3), Slackware (mozilla, php8, and python3), SUSE (java-1_8_0-ibm, libcares2, mariadb, and python36), and Ubuntu (linux, linux-aws, linux-kvm, linux-lts-xenial, linux-gke, linux-intel-iotg, linux-raspi, linux-xilinx-zynqmp, and mozjs102). --------------------------------------------- https://lwn.net/Articles/934316/ ∗∗∗ Delta Electronics CNCSoft-B DOPSoft ∗∗∗ --------------------------------------------- Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-01 ∗∗∗ CISA Releases Two Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released two Industrial Control Systems (ICS) advisories on June 8, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-159-01 Atlas Copco Power Focus 6000 ICSA-23-159-02 Sensormatic Electronics Illustra Pro Gen 4 CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/08/cisa-releases-two-indust… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.06.2023
by Daily end-of-shift report 07 Jun '23

07 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Dienstag 06-06-2023 18:00 − Mittwoch 07-06-2023 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Patchday: Schadcode könnte via Bluetooth-Lücke auf Android-Geräten landen ∗∗∗ --------------------------------------------- Google und weitere Hersteller haben wichtige Sicherheitsupdates für Android-Geräte veröffentlicht. Eine GPU-Lücke nutzen Angreifer bereits aus. --------------------------------------------- https://heise.de/-9179937 ∗∗∗ MOVEit: Ransomware-Gang "Clop" erpresst Unternehmen nach Sicherheitslücke ∗∗∗ --------------------------------------------- Ransomware-Gang erpresst Unternehmen wegen Sicherheitslücke in der Datenübertragungssoftware MOVEit. Unter den potenziellen Opfern sind auch prominente Firmen. --------------------------------------------- https://heise.de/-9179875 ∗∗∗ SpinOk: Weitere infizierte Android-Apps mit 30 Millionen Installationen entdeckt ∗∗∗ --------------------------------------------- Die Android-Malware SpinOk schlägt immer größere Wellen und Sicherheitsforscher sind auf fast 200 weitere damit infizierte Apps in Google Play gestoßen. --------------------------------------------- https://heise.de/-9180094 ∗∗∗ Wieso mich Cybersecurity-Awareness auch als KMU interessieren sollte… ∗∗∗ --------------------------------------------- „Wieso sollte ausgerechnet uns jemand angreifen?“ Geht es um Cyberkriminalität glauben nach wie vor viele kleine und mittlere Unternehmen, dass sie kein interessantes Ziel für Kriminelle sind. Doch Zahlen zeigen etwas anderes: Cybercrime nimmt zu und wird zur wachsenden Bedrohung für Unternehmen – und zwar auch für kleine und mittlere Unternehmen. Wir geben einen Überblick über die Cybercrime-Lage in österreichischen Unternehmen und KMU und [...] --------------------------------------------- https://www.watchlist-internet.at/news/wieso-mich-cybersecurity-awareness-a… ∗∗∗ Aufgebrochene Postkästen wegen Bestellbetrug ∗∗∗ --------------------------------------------- Ein aufgebrochener Postkasten lässt im ersten Moment nicht auf einen tiefergreifenden Betrug schließen. Man könnte vermuten, dass es jemand lediglich auf den Postkasteninhalt abgesehen hatte. Tatsächlich handelt es sich häufig um den letzten Schritt eines Bestellbetrugs, bei dem Kriminelle den gelben Zettel der Post aus dem Postkasten stehlen, um die dazugehörige Postempfangsbox öffnen und ein zuvor an die Adresse ihrer Opfer bestelltes Paket stehlen zu können. Opfer müssen spätere Rechnungen und Mahnungen nicht bezahlen! --------------------------------------------- https://www.watchlist-internet.at/news/aufgebrochene-postkaesten-wegen-best… ∗∗∗ 2023 Vulnerabilities and Threat Trends ∗∗∗ --------------------------------------------- Understanding and monitoring vulnerability trends is crucial in maintaining robust cybersecurity practices. The evolving threat landscape demands constant vigilance and proactive measures from organizations and individuals alike. --------------------------------------------- https://www.prio-n.com/2023-vulnerabilities-and-threat-trends/ ∗∗∗ Tens of Thousands of Compromised Android Apps Found by Bitdefender Anomaly Detection Technology ∗∗∗ --------------------------------------------- Here are some of the types of apps mimicked by the malware: Game cracks, Games with unlocked features, Free VPN, Fake videos, Netflix, Fake tutorials, YouTube/TikTok without ads, Cracked utility programs: weather, pdf viewers, etc, Fake security programs --------------------------------------------- https://www.bitdefender.com/blog/labs/tens-of-thousands-of-compromised-andr… ∗∗∗ High-risk vulnerabilities patched in ABB Aspect building management system ∗∗∗ --------------------------------------------- Prism Infosec has identified two high-risk vulnerabilities within the Aspect Control Engine building management system (BMS) developed by ABB. ABB’s Aspect BMS enables users to monitor a building’s performance and combines real-time integrated control, supervision, data logging, alarming, scheduling and network management functions with internet connectivity and web serving capabilities. Consequently, users can view system status, override setpoints and schedules, and more over [...] --------------------------------------------- https://www.helpnetsecurity.com/2023/06/07/cve-2023-0635-cve-2023-0636/ ===================== = Vulnerabilities = ===================== ∗∗∗ B&R APROL Abuse SLP based traffic for amplification attack CVE ID: CVE-2023-29552 ∗∗∗ --------------------------------------------- An attacker who successfully exploited this vulnerability could use affected products to cause 3rd party components to become temporarily inaccessible --------------------------------------------- https://www.br-automation.com/downloads_br_productcatalogue/assets/16834661… ∗∗∗ Sicherheitsupdates: Firefox und Firefox ESR gegen mögliche Attacken gerüstet ∗∗∗ --------------------------------------------- Aufgrund einer Schwachstelle in Firefox könnten Angreifer Opfer noch effektiver auf unverschlüsselte Fake-Websites locken. --------------------------------------------- https://heise.de/-9180185 ∗∗∗ VMSA-2023-0012 ∗∗∗ --------------------------------------------- VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-20887, CVE-2023-20888, CVE-2023-20889) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2023-0012.html ∗∗∗ Critical Security Update: Directorist WordPress Plugin Patches Two High-risk Vulnerabilities ∗∗∗ --------------------------------------------- On April 3, 2023, our team uncovered two significant vulnerabilities – an Arbitrary User Password Reset to Privilege Escalation, and an Insecure Direct Object Reference leading to Arbitrary Post Deletion. Both vulnerabilities were found to affect Directorist versions 7.5.4 and earlier. --------------------------------------------- https://www.wordfence.com/blog/2023/06/critical-security-update-directorist… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (c-ares), Fedora (curl and firefox), Oracle (cups-filters, kernel, and webkit2gtk3), Red Hat (emacs and kpatch-patch), Slackware (mozilla), SUSE (kernel and openssl-1_0_0), and Ubuntu (firefox and libreoffice). --------------------------------------------- https://lwn.net/Articles/934132/ ∗∗∗ Edge 114.0.1823.41 ∗∗∗ --------------------------------------------- Microsoft hat (nach dem Chrome-Sicherheitsupdate) den Edge-Browser am 6. Juni 2023 im Stable Channel auf die Version 114.0.1823.41 aktualisiert (Sicherheits- und Bug-Fixes). Laut Release Notes wird die Schwachstelle CVE-2023-3079 aus dem Chromium-Projekt geschlossen. --------------------------------------------- https://www.borncity.com/blog/2023/06/07/edge-114-0-1823-41/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Unified Communications Manager Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Secure Workload Authenticated OpenAPI Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 2100 Series Appliances SSL/TLS Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.06.2023
by Daily end-of-shift report 06 Jun '23

06 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Montag 05-06-2023 18:00 − Dienstag 06-06-2023 18:00 Handler: Stephan Richter Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ SSD Advisory - Roundcube markasjunk RCE ∗∗∗ --------------------------------------------- A vulnerability in Roundcube’s markasjunk plugin allows attackers that send a specially crafted identity email address to cause the plugin to execute arbitrary code. --------------------------------------------- https://ssd-disclosure.com/ssd-advisory-roundcube-markasjunk-rce/ ∗∗∗ Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat ∗∗∗ --------------------------------------------- The Cyclops group is particularly proud of having created ransomware capable of infecting all three major platforms: Windows, Linux, and macOS. In an unprecedented move, it has also shared a separate binary specifically geared to steal sensitive data, such as an infected computer name and a number of processes. The latter targets specific files in both Windows and Linux. --------------------------------------------- https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo ∗∗∗ Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe ∗∗∗ --------------------------------------------- Google launched a “Priority 1” investigation into a Gmail security vulnerability after initially dismissing it as “intended behavior” that did not require a fix. The vulnerability relates to the Brand Indicators for Message Identification (BIMI) email authentication method, a feature Google introduced to Gmail in 2021 but only recently rolled out to all 1.8 billion users of its email services. --------------------------------------------- https://www.scmagazine.com/news/email-security/gmail-spoofing-google-priori… ∗∗∗ Unsichere Firmware: Gigabyte liefert BIOS-Updates für Mainboards ∗∗∗ --------------------------------------------- Gigabyte sichert mit BIOS-Updates unsichere Mainboard-Update-Funktionen ab. Diese wurden Ende vergangene Woche entdeckt und betreffen rund 270 Modelle. --------------------------------------------- https://heise.de/-9178747 ∗∗∗ KeePass: Lücke zum Auslesen des Master-Passworts geschlossen ∗∗∗ --------------------------------------------- Eine Sicherheitslücke im Passwort-Manager KeePass ermöglichte die Rekonstruktion des Master-Passworts aus Speicherabbildern. Ein Update schließt sie jetzt. --------------------------------------------- https://heise.de/-9179419 ∗∗∗ Dozens of Malicious Extensions Found in Chrome Web Store ∗∗∗ --------------------------------------------- Security researchers recently identified more than 30 malicious extensions that had made their way into the Chrome web store, potentially infecting millions. --------------------------------------------- https://www.securityweek.com/dozens-of-malicious-extensions-found-in-chrome… ∗∗∗ Webinar: Sicher bezahlen im Internet ∗∗∗ --------------------------------------------- Bei Online-Bestellungen im Internet gibt es inzwischen eine Vielzahl an Zahlungsmöglichkeiten. Worauf sollte ich bei der Auswahl achten und welche Zahlungsarten sollte ich lieber nicht nutzen? In diesem Webinar zeigen wir Ihnen, wie Sie im Internet sicher bezahlen. Nehmen Sie kostenlos teil: Dienstag 13. Juni 2023, 18:30 - 20:00 Uhr via zoom --------------------------------------------- https://www.watchlist-internet.at/news/webinar-sicher-bezahlen-im-internet/ ∗∗∗ Online-Banking: Vorsicht vor gefälschten Login-Seiten in Suchmaschinen-Ergebnissen ∗∗∗ --------------------------------------------- Kriminellen fälschen Online-Banking-Login-Seiten und bewerben sie in Suchmaschinen. Bei einer Bing- oder Google-Suche nach der gewünschten Login-Seite werden die Fake-Seiten häufig als erstes Ergebnis angezeigt, wie uns ein Bank-Austria-Kunde gemeldet hat. Wenn Sie dort Ihre Daten eintippen, landen sie direkt bei Kriminellen. Wir zeigen Ihnen, wie Sie sich davor schützen. --------------------------------------------- https://www.watchlist-internet.at/news/online-banking-vorsicht-vor-gefaelsc… ∗∗∗ Xollam, the Latest Face of TargetCompany ∗∗∗ --------------------------------------------- This blog talks about the latest TargetCompany ransomware variant, Xollam, and the new initial access technique it uses. We also investigate previous variants behaviors and the ransomware familys extortion scheme. --------------------------------------------- https://www.trendmicro.com/en_us/research/23/f/xollam-the-latest-face-of-ta… ∗∗∗ Impulse Team’s Massive Years-Long Mostly-Undetected Cryptocurrency Scam ∗∗∗ --------------------------------------------- We have been able to uncover a massive cryptocurrency scam involving more than a thousand websites handled by different affiliates linked to a program called Impulse Project, run by a threat actor named Impulse Team. --------------------------------------------- https://www.trendmicro.com/en_us/research/23/f/impulse-team-massive-cryptoc… ∗∗∗ Hackers Leak i2VPN Admin Credentials on Telegram ∗∗∗ --------------------------------------------- In a recent cybersecurity incident, hackers have claimed to have successfully breached the admin credentials of i2VPN, a popular freemium VPN proxy server app available for download on Google Play and the App Store. --------------------------------------------- https://www.hackread.com/hackers-i2vpn-admin-credentials-telegram-leak/ ===================== = Vulnerabilities = ===================== ∗∗∗ Google Chrome 114.0.5735.106/.110 Sicherheitsupdates für 0-day ∗∗∗ --------------------------------------------- Es sind Sicherheitsupdates, welche eine kritische Schwachstelle (0-day) beseitigen. --------------------------------------------- https://www.borncity.com/blog/2023/06/06/google-chrome-114-0-5735-106-110-s… ∗∗∗ Android security update fixes Mali GPU flaw exploited by spyware ∗∗∗ --------------------------------------------- Google has released the monthly security update for the Android platform, adding fixes for 56 vulnerabilities, five of them with a critical severity rating and one exploited since at least last December. --------------------------------------------- https://www.bleepingcomputer.com/news/security/android-security-update-fixe… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- Multi-Enterprise Relationship Management, CICS TX, TXSeries for Multiplatforms, Tivoli Netcool Configuration Manager, IBM Control Desk, IBM Maximo, System Networking Switch Center, Tivoli System Automation for Multiplatforms, IBM SDK, IBM Business Automation, IBM Cloud Pak, IBM Operations Analytics, IBM Security Guardium and IBM Semeru Runtimes. --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ CISA Adds Two Known Exploited Vulnerabilities to Catalog ∗∗∗ --------------------------------------------- CVE-2023-33009 Zyxel Multiple Firewalls Buffer Overflow Vulnerability CVE-2023-33010 Zyxel Multiple Firewalls Buffer Overflow Vulnerability --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/05/cisa-adds-two-known-expl… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (linux-5.10), Red Hat (cups-filters, curl, kernel, kernel-rt, kpatch-patch, and webkit2gtk3), SUSE (apache-commons-fileupload, openstack-heat, openstack-swift, python-Werkzeug, and openstack-heat, python-Werkzeug), and Ubuntu (frr, go, libraw, libssh, nghttp2, python2.7, python3.10, python3.11, python3.5, python3.6, python3.8, and xfce4-settings). --------------------------------------------- https://lwn.net/Articles/934010/ ∗∗∗ Security Vulnerabilities fixed in Firefox 114 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/ ∗∗∗ Security Vulnerabilities fixed in Firefox ESR 102.12 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/ ∗∗∗ Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-02 ∗∗∗ Zyxel security advisory for privilege escalation vulnerability in GS1900 series switches ∗∗∗ --------------------------------------------- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-… ∗∗∗ Zyxel security advisory for buffer overflow vulnerability in 4G LTE and 5G NR outdoor routers ∗∗∗ --------------------------------------------- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.06.2023
by Daily end-of-shift report 05 Jun '23

05 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Freitag 02-06-2023 18:00 − Montag 05-06-2023 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ KeePass v2.54 fixes bug that leaked cleartext master password ∗∗∗ --------------------------------------------- KeePass has released version 2.54, fixing the CVE-2023-3278 vulnerability that allows the extraction of the cleartext master password from the applications memory. --------------------------------------------- https://www.bleepingcomputer.com/news/security/keepass-v254-fixes-bug-that-… ∗∗∗ Satacom delivers browser extension that steals cryptocurrency ∗∗∗ --------------------------------------------- A recent campaign by Satacom downloader is delivering a cryptocurrency-stealing extension for Chromium-based browsers, such as Chrome, Brave and Opera. --------------------------------------------- https://securelist.com/satacom-delivers-cryptocurrency-stealing-browser-ext… ∗∗∗ Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack ∗∗∗ --------------------------------------------- Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign thats designed to steal personally identifiable information (PII) and credit card data from e-commerce websites. A noteworthy aspect that sets it apart from other Magecart campaigns is that the hijacked sites further serve as "makeshift" command-and-control (C2) servers, using the cover to facilitate the distribution of malicious code without the knowledge of the victim sites. --------------------------------------------- https://thehackernews.com/2023/06/magento-woocommerce-wordpress-and.html ∗∗∗ Storing Passwords - A Journey of Common Pitfalls ∗∗∗ --------------------------------------------- [..] we recently discovered a vulnerability in the web interface of STARFACE PBX allowing login using the password hash rather than the cleartext password (see advisory). We want to use this as an opportunity to discuss how we analyse such login mechanisms and talk about the misconceptions in security concepts that result in such pitfalls along the way. --------------------------------------------- https://blog.redteam-pentesting.de/2023/storing-passwords/ ∗∗∗ Big-Data-Unternehmen Splunk schließt teils kritische Sicherheitslücken ∗∗∗ --------------------------------------------- Der Big-Data-Spezialist Splunk korrigiert in der gleichnamigen Software zahlreiche Sicherheitslücken, die teils als kritisches Risiko eingestuft werden. --------------------------------------------- https://heise.de/-9164194 ∗∗∗ Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards ∗∗∗ --------------------------------------------- Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards. --------------------------------------------- https://www.securityweek.com/gigabyte-rolls-out-bios-updates-to-remove-back… ∗∗∗ Kriminelle missbrauchen Spenden-Funktion von PayPal ∗∗∗ --------------------------------------------- Aktuell beobachten wir, dass Fake-Shops PayPal-Zahlungen mit der Funktion „Geld spenden“ abwickeln. Brechen Sie die Zahlung sofort ab, wenn die PayPal-Zahlung nicht wie gewohnt abläuft, sondern als Spende bezeichnet wird! Wenn Sie mit der Funktion „Geld spenden“ bezahlen, entfällt der Käuferschutz und eine Rückerstattung ist nicht möglich. Schauen Sie genau, wie Ihre PayPal-Zahlung erfolgt! --------------------------------------------- https://www.watchlist-internet.at/news/kriminelle-missbrauchen-spenden-funk… ∗∗∗ Vice Society mit eigener Ransomware unterwegs ∗∗∗ --------------------------------------------- Ransomware-Gruppe führt immer wieder gezielte Angriffe auf Bildungseinrichtungen und Krankenhäuser durch. --------------------------------------------- https://www.zdnet.de/88409649/vice-society-mit-eigener-ransomware-unterwegs/ ∗∗∗ Trojaner Pikabot treibt sein Unwesen ∗∗∗ --------------------------------------------- Neue Malware-Familie setzt Anti-Analyse-Techniken ein und bietet Backdoor-Funktionen zum Laden von Shellcode und Ausführen zweistufiger Binärdateien. --------------------------------------------- https://www.zdnet.de/88409646/trojaner-pikabot-treibt-sein-unwesen/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, cpio, mariadb-10.3, nbconvert, sofia-sip, and wireshark), Fedora (ImageMagick, mingw-python-requests, openssl, python3.6, texlive-base, and webkitgtk), Red Hat (apr-util, git, gnutls, kernel, kernel-rt, and kpatch-patch), Slackware (cups and ntp), and Ubuntu (linux-azure-fde, linux-azure-fde-5.15 and perl). --------------------------------------------- https://lwn.net/Articles/933904/ ∗∗∗ IBM Aspera Connect and IBM Aspera Cargo has addressed multiple vulnerabilities (CVE-2023-22862, CVE-2023-27285) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7001053 ∗∗∗ Vulnerability in libexpat (CVE-2022-43680) affects Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6985561 ∗∗∗ Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for May 2023 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998727 ∗∗∗ Multiple vulnerabilities may affect IBM® Semeru Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7001271 ∗∗∗ There is a vulnerability in Apache SOAP used by IBM Maximo Asset Management (CVE-2022-40705) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6959357 ∗∗∗ There are several vulnerabilities in AntiSamy used by IBM Maximo Asset Management (CVE-2022-28367, CVE-2022-29577) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6966080 ∗∗∗ There is a vulnerability in Prism used by IBM Maximo Asset Management (CVE-2022-23647) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6959695 ∗∗∗ IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7000021 ∗∗∗ Multiple vulnerabilities in IBM® Java SDK and WebSphere Application Server Liberty profile affect IBM Business Automation Workflow containers ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7001287 ∗∗∗ A vulnerability has been identified in IBM HTTP Server shipped with IBM Businses Automation Workflow (CVE-2023-32342) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7001289 ∗∗∗ Cross-Site scripting vulnerability affect IBM Business Automation Workflow - CVE-2023-32339 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7001291 ∗∗∗ Vulnerability in spring-expressions may affect IBM Business Automation Workflow - CVE-2023-20863 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7001295 ∗∗∗ Multiple vulnerabilities in IBM Java XML affect IBM Tivoli System Automation for Multiplatforms deferred from Oracle Apr 2022 CPU (CVE-2022-21426) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7000999 ∗∗∗ Multiple vulnerabilities in VMware Tanzu Spring Framework affect IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7001309 ∗∗∗ There is a vulnerability in jQuery UI used by IBM Maximo Asset Management (CVE-2022-31160) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6966428 ∗∗∗ There are several vulnerabilities with TinyMCE used by IBM Maximo Asset Management ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6966710 ∗∗∗ IBM Maximo Asset Management is vulnerable to stored cross-site scripting (CVE-2022-35645) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6959353 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.06.2023
by Daily end-of-shift report 02 Jun '23

02 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 01-06-2023 18:00 − Freitag 02-06-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Attackers use Python compiled bytecode to evade detection ∗∗∗ --------------------------------------------- Attackers who are targeting open-source package repositories like PyPI (Python Package Index) have devised a new technique for hiding their malicious code from security scanners, manual reviews, and other forms of security analysis. In one incident, researchers have found malware code hidden inside a Python bytecode (PYC) file that can be directly executed as opposed to source code files that get interpreted by the Python runtime. --------------------------------------------- https://www.csoonline.com/article/3698472/attackers-use-python-compiled-byt… ∗∗∗ Cybercriminals use legitimate websites to obfuscate malicious payloads ∗∗∗ --------------------------------------------- According to Egress, the evolving attack methodologies currently used by cybercriminals are designed to get through traditional perimeter security. “The evolution of phishing emails continues to pose a major threat to organizations, emphasizing the need to enhance defenses to prevent attacks,” said Jack Chapman, VP of Threat Intelligence, Egress. --------------------------------------------- https://www.helpnetsecurity.com/2023/06/02/evolving-attack-methodologies/ ∗∗∗ Authority Scam: Angebliche E-Mails der FCA sind Fake! ∗∗∗ --------------------------------------------- Kriminelle geben sich als Mitarbeiter:innen der britischen Finanzaufsichtsbehörde FCA aus und behaupten per E-Mail, dass eine „Online-Investitionsplattform“ geschlossen wurde. Nun gehe es darum die „rechtmäßigen Eigentümer der im Blockchain-Netzwerk eingefrorenen Vermögenswerte zu identifizieren“, so heißt es in der E-Mail. --------------------------------------------- https://www.watchlist-internet.at/news/authority-scam-angebliche-e-mails-de… ∗∗∗ Zyxel’s guidance for the recent attacks on the ZyWALL devices ∗∗∗ --------------------------------------------- Zyxel recently became aware of a cyberattack targeting our ZyWALL devices. These vulnerabilities already have patches - we took immediate action as soon as we become aware of them, and have released patches, as well as security advisories for CVE-2023-28771, CVE-2023-33009, and CVE-2023-33010. --------------------------------------------- https://www.zyxel.com/global/en/support/security-advisories/zyxels-guidance… ===================== = Vulnerabilities = ===================== ∗∗∗ Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- Published: 2023-06-01 Affected Vendor: Delta Electronics ZDI ID: ZDI-23-781 bis ZDI-23-817 --------------------------------------------- https://www.zerodayinitiative.com/advisories/published/ ∗∗∗ Sicherheitsupdates: Schwachstellen machen Schutzsoftware von Symantec angreifbar ∗∗∗ --------------------------------------------- Symantecs Entwickler haben in Advanced Secure Gateway und Content Analysis mehrere Sicherheitslücken geschlossen. --------------------------------------------- https://heise.de/-9162943 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cups and netatalk), SUSE (cups, ImageMagick, installation-images, libvirt, openvswitch, and qemu), and Ubuntu (avahi, cups, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, linux, linux-aws, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-aws-5.4, linux-bluefield, linux-intel-iotg, and linux-intel-iotg-5.15). --------------------------------------------- https://lwn.net/Articles/933576/ ∗∗∗ High-Severity Vulnerabilities Patched in Splunk Enterprise ∗∗∗ --------------------------------------------- Splunk has resolved multiple high-severity vulnerabilities in Splunk Enterprise, including bugs in third-party packages used by the product.The post High-Severity Vulnerabilities Patched in Splunk Enterprise appeared first on SecurityWeek. --------------------------------------------- https://www.securityweek.com/high-severity-vulnerabilities-patched-in-splun… ∗∗∗ Kritische Sicherheitslücke in MOVEit Transfer - Updates verfügbar ∗∗∗ --------------------------------------------- In MOVEit Transfer existiert eine kritische Sicherheitslücke, die eine Rechteausweitung und potentiell unautorisierten Zugriff ermöglicht. Bis jetzt wurde die Lücke für Datendiebstahl ausgenutzt. Das volle Potential der Lücke ist jedoch noch nicht bekannt. --------------------------------------------- https://cert.at/de/warnungen/2023/6/kritische-sicherheitslucke-in-moveit-tr… ∗∗∗ IBM Edge Application Manager has a vulnerability listed in CVE 2023-28154. IBM has addressed this vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7000057 ∗∗∗ Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7000903 ∗∗∗ A vulnerability exists in the IBM\u00ae SDK, Java\u2122 Technology Edition affect IBM Tivoli Network Configuration Manager (CVE-2022-3676). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7000941 ∗∗∗ A security vulnerability has been identified in embedded IBM WebSphere Application Server which is shipped with IBM Tivoli Netcool Configuration Manager (CVE-2023-23477) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7000959 ∗∗∗ A vulnerability exists in the IBM\u00ae SDK, Java\u2122 Technology Edition affecting IBM Tivoli Network Configuration Manager (CVE-2023-30441). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7000969 ∗∗∗ Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager - Includes Oracle January 2023 CPU (CVE-2023-21830, CVE-2023-21843) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7000991 ∗∗∗ Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms - Includes Oracle January 2023 CPU (CVE-2023-21830, CVE-2023-21843) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7000989 ∗∗∗ A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-32342) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7000993 ∗∗∗ Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/888295 ∗∗∗ Multiple vulnerabilities in IBM Java XML affect IBM Tivoli System Automation Application Manager deferred from Oracle Apr 2022 CPU (CVE-2022-21426) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7000997 ∗∗∗ Apache commons fileupload vulnerability affect embedded Case Forms in IBM Business Automation Workflow and IBM Case Manager - CVE-2023-24998 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7001009 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily June 2023