Daily August 2023

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - 31.08.2023
by Daily end-of-shift report 31 Aug '23

31 Aug '23

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 30-08-2023 18:00 − Donnerstag 31-08-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ MMRat Android Trojan Executes Remote Financial Fraud Through Accessibility Feature ∗∗∗ --------------------------------------------- A previously undocumented Android banking trojan dubbed MMRat has been observed targeting mobile users in Southeast Asia since late June 2023 to remotely commandeer the devices and perform financial fraud."The malware, named after its distinctive package name com.mm.user, can capture user input and screen content, and can also remotely control victim devices through various techniques [..] --------------------------------------------- https://thehackernews.com/2023/08/mmrat-android-trojan-executes-remote.html ∗∗∗ North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository ∗∗∗ --------------------------------------------- Three additional malicious Python packages have been discovered in the Package Index (PyPI) repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors.The findings come from ReversingLabs, which detected the packages tablediter, request-plus, and requestspro. --------------------------------------------- https://thehackernews.com/2023/08/north-korean-hackers-deploy-new.html ∗∗∗ CISA and FBI Publish Joint Advisory on QakBot Infrastructure ∗∗∗ --------------------------------------------- CISA and FBI urge organizations to implement the recommendations contained within the joint CSA to reduce the likelihood of QakBot-related activity and promote identification of QakBot-facilitated ransomware and malware infections. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/08/30/cisa-and-fbi-publish-joi… ∗∗∗ Converting Tokens to Session Cookies for Outlook Web Application ∗∗∗ --------------------------------------------- More and more organizations are adopting cloud-based solutions and federating with various identity providers. As these deployments increase in complexity, ensuring that Conditional Access Policies (CAPs) always act as expected can become a challenge. Today, we will share a technique weve been using to gain access to Outlook Web Application (OWA) in a browser by utilizing Bearer and Refresh tokens for the outlook.office365.com or outlook.office.com endpoints. --------------------------------------------- https://labs.lares.com/owa-cap-bypass/ ∗∗∗ Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework ∗∗∗ --------------------------------------------- Starting with Windows Server 2016, Microsoft released its own version of this solution, Windows Containers, which offers process and Hyper-V isolation modes. The presentation covered the basics of Windows containers, broke down its file system isolation framework, reverse-engineered its main mini-filter driver, and detailed how it can be utilized and manipulated by a bad actor to bypass EDR products in multiple domains. --------------------------------------------- https://www.deepinstinct.com/blog/contain-yourself-staying-undetected-using… ∗∗∗ NosyMonkey: API hooking and code injection made easy ∗∗∗ --------------------------------------------- As a researcher I often run into situations in which I need to make a compiled binary do things that it wouldn’t normally do or change the way it works in some way. [..] Enter, NosyMonkey: a library to inject code and place hooks that does almost everything for you. No need to write complicated ASM shellcode, or even think about allocating code, hot patching and other dirty business. --------------------------------------------- https://www.anvilsecure.com/blog/nosymonkey.html ∗∗∗ Bypassing Defender’s LSASS dump detection and PPL protection In Go ∗∗∗ --------------------------------------------- This blog reviews the technique that can be used to bypass Protected Process Light protection for any Windows process using theProcess Explorer driver and explores methods to bypass Windows Defender’s signature-based mechanisms for process dump detection. The tool introduced in this blog (PPLBlade), is written entirely in GO and can be used as a POC for the techniques overviewed below. --------------------------------------------- https://tastypepperoni.medium.com/bypassing-defenders-lsass-dump-detection-… ∗∗∗ Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows ∗∗∗ --------------------------------------------- In today’s post, we look at action pinning, one of the profound mitigations against supply chain attacks in the GitHub Actions ecosystem. It turns out, though, that action pinning comes with a downside — a pitfall we call "unpinnable actions" that allows attackers to execute code in GitHub Actions workflows. --------------------------------------------- https://www.paloaltonetworks.com/blog/prisma-cloud/unpinnable-actions-githu… ∗∗∗ Trojanized Signal, Telegram apps found on Google Play, Samsung Galaxy Store ∗∗∗ --------------------------------------------- ESET researchers have identified two active campaigns targeting Android users, where the threat actors behind the tools for Telegram and Signal are attributed to the China-aligned APT group GREF. Most likely active since July 2020 and since July 2022, respectively for each malicious app, the campaigns have distributed the Android BadBazaar espionage code through the Google Play store, Samsung Galaxy Store, and dedicated websites posing as legitimate encrypted chat applications [..] --------------------------------------------- https://www.helpnetsecurity.com/2023/08/31/fake-signal-telegram-apps/ ∗∗∗ Infamous Chisel Malware Analysis Report ∗∗∗ --------------------------------------------- Infamous Chisel is a collection of components targeting Android devices.This malware is associated with Sandworm activity.It performs periodic scanning of files and network information for exfiltration.System and application configuration files are exfiltrated from an infected device. --------------------------------------------- https://www.cisa.gov/news-events/analysis-reports/ar23-243a ∗∗∗ A Deep Dive into Brute Ratel C4 payloads ∗∗∗ --------------------------------------------- Summary Brute Ratel C4 is a Red Team & Adversary Simulation software that can be considered an alternative to Cobalt Strike. In this blog post, we’re presenting a technical analysis of a Brute Ratel badger/agent that doesn’t implement all the recent features of the framework. --------------------------------------------- https://cybergeeks.tech/a-deep-dive-into-brute-ratel-c4-payloads/ ===================== = Vulnerabilities = ===================== ∗∗∗ WordPress migration add-on flaw could lead to data breaches ∗∗∗ --------------------------------------------- All-in-One WP Migration, a popular data migration plugin for WordPress sites that has 5 million active installations, suffers from unauthenticated access token manipulation that could allow attackers to access sensitive site information. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-migration-add-on-f… ∗∗∗ Wordpress: Cloud-Extensions für Migrationstool ermöglichen Datenklau ∗∗∗ --------------------------------------------- Die Box-, Google-Drive-, Onedrive- und Dropbox-Erweiterungen für ein weitverbreitetes Wordpress-Migrations-Plug-in sind anfällig für Datenklau. --------------------------------------------- https://www.golem.de/news/wordpress-cloud-extensions-fuer-migrationstool-er… ∗∗∗ Drupal: Unified Twig Extensions - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-041 ∗∗∗ --------------------------------------------- This module makes PatternLab's custom Twig functions available to Drupal theming. The module's included examples don't sufficiently filter data. This vulnerability is mitigated by the fact that the included examples must have been copied to a site's theme. --------------------------------------------- https://www.drupal.org/sa-contrib-2023-041 ∗∗∗ Drupal: Obfuscate Email - Less critical - Cross Site Scripting - SA-CONTRIB-2023-042 ∗∗∗ --------------------------------------------- This module enables you to hide email addresses from bots and site scrapers by using the rot13 strategy. The module doesnt sufficiently escape the data attribute under the scenario a user has access to manipulate that value. This vulnerability is mitigated by the fact that an attacker must have a role with permissions to allow data attributes in content on a site. --------------------------------------------- https://www.drupal.org/sa-contrib-2023-042 ∗∗∗ CISA Releases Four Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- * ICSA-23-243-01 ARDEREG Sistemas SCADA, CVE-2023-4485 * ICSA-23-243-02 GE Digital CIMPLICITY, CVE-2023-4487 * ICSA-23-243-03 PTC Kepware KepServerEX, CVE-2023-29444, CVE-2023-29445, CVE-2023-29446, CVE-2023-29447 * ICSA-23-243-04 Digi RealPort Protocol, CVE-2023-4299 --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/08/31/cisa-releases-four-indus… ∗∗∗ Sicherheitsupdates: Schadcode-Attacken auf Aruba-Switches möglich ∗∗∗ --------------------------------------------- Verschiedene Switch-Modelle von Aruba sind verwundbar. Abgesicherte Ausgaben von ArubaOS schaffen Abhilfe. --------------------------------------------- https://heise.de/-9290375 ∗∗∗ Big Data: Splunk dichtet hochriskante Lücken ab ∗∗∗ --------------------------------------------- Die Big-Data-Experten von Splunk haben aktualisierte Software bereitgestellt, die teils hochriskante Schwachstellen in der Analysesoftware ausbessert. --------------------------------------------- https://heise.de/-9290325 ∗∗∗ VMware Tools: Schwachstelle ermöglicht Angreifern unbefugte Aktionen in Gästen ∗∗∗ --------------------------------------------- VMware warnt vor einer Sicherheitslücke in VMware Tools. Sie ermöglicht eine Man-in-the-Middle-Attacke auf Gastsysteme. --------------------------------------------- https://heise.de/-9290783 ∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (August 21, 2023 to August 27, 2023) ∗∗∗ --------------------------------------------- Last week, there were 43 vulnerabilities disclosed in 38 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 23 Vulnerability Researchers that contributed to WordPress Security last week. --------------------------------------------- https://www.wordfence.com/blog/2023/08/wordfence-intelligence-weekly-wordpr… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, json-c, opendmarc, and otrs2), Red Hat (java-1.8.0-ibm and kpatch-patch), Scientific Linux (kernel), Slackware (mozilla), SUSE (haproxy, php7, vim, and xen), and Ubuntu (elfutils, frr, and linux-gcp, linux-starfive). --------------------------------------------- https://lwn.net/Articles/943192/ ∗∗∗ Mozilla Releases Security Updates for Firefox and Firefox ESR ∗∗∗ --------------------------------------------- Mozilla has released security updates to address vulnerabilities for Firefox 117, Firefox ESR 115.2, and Firefox ESR 102.15. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/08/30/mozilla-releases-securit… ∗∗∗ Weitere Windows-Rechteausweitung über Razer Synapse (SYSS-2023-002) ∗∗∗ --------------------------------------------- In Razer Synapse kann über eine Time-of-check Time-of-use Race Condition die Überprüfung fremder Bibliotheken durch den Dienst überlistet werden. --------------------------------------------- https://www.syss.de/pentest-blog/weitere-windows-rechteausweitung-ueber-raz… ∗∗∗ Cisco Unified Communications Products Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Multiple vulnerabilities in IBM Storage Defender Data Protect ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029861 ∗∗∗ Security Vulnerability in the IBM Java Runtime Environment (JRE) affect the 3592 Enterprise Tape Controller ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/691223 ∗∗∗ Vulnerability in SSLv3 affects IBM System Storage Tape Controller 3592 Model C07 (CVE-2014-3566) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/690117 ∗∗∗ IBM Java Runtime (JRE) security vulnerabilities CVE-2022-21426 in FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6983442 ∗∗∗ Security vulnerability in IBM Java Object Request Broker (ORB) in FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7027874 ∗∗∗ IBM Java Runtime (JRE) security vulnerabilities CVE-2023-21830, CVE-2023-21843 in FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6983440 ∗∗∗ Multiple Security vulnerabilities in IBM Java in FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7001699 ∗∗∗ IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029864 ∗∗∗ TADDM affected by vulnerability due to IBM Java and its runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029984 ∗∗∗ Due to use of Mozilla Firefox, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029986 ∗∗∗ Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are used in IBM Security Guardium Key Lifecycle Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7006475 ∗∗∗ A vulnerability in Microsoft ASP.NET affects IBM Robotic Process Automation and may result in a denial of service (CVE-2022-29117) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029527 ∗∗∗ A vulnerability in Microsoft Azure SDK for .NET affects IBM Robotic Process Automation and could allow a remote authenticated attacker to obtain sensitive information (CVE-2022-26907). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029524 ∗∗∗ Multiple security vulnerabilities affect IBM Robotic Process Automation ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7026754 ∗∗∗ A vulnerability in MicrosoftAspNetCore.Identity affects IBM Robotic Process Automation and may result in allowing an attacker to bypass secrity restrictions (CVE-2023-33170). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029540 ∗∗∗ Multiple security vulnerabilities in Java affect IBM Robotic Process Automation ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7026758 ∗∗∗ IBM Security Guardium is affected by an Hazardous Input Validation vulnerability (CVE-2022-43903) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7030110 ∗∗∗ IBM MQ is affected by OpenSSL vulnerability (CVE-2023-2650) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7030100 ∗∗∗ IBM MQ is affected by a sensitive information disclosure vulnerability (CVE-2023-28514) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7030101 ∗∗∗ IBM MQ is affected by a denial of service vulnerability (CVE-2023-28513) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7030102 ∗∗∗ IBM MQ is vulnerable to a denial of service attack (CVE-2023-26285) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7030103 ∗∗∗ IBM Edge Application Manager 4.5.2 addresses the security vulnerabilities listed in the CVEs below. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7030159 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.08.2023
by Daily end-of-shift report 30 Aug '23

30 Aug '23

===================== = End-of-Day report = ===================== Timeframe: Dienstag 29-08-2023 18:00 − Mittwoch 30-08-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Border Gateway Protocol: Der Klebstoff des Internets hat eine Schwachstelle ∗∗∗ --------------------------------------------- Durch eine neu entdeckte Schwachstelle im Border Gateway Protocol können Angreifer potenziell Teile des Internets abschotten. --------------------------------------------- https://www.golem.de/news/border-gateway-protocol-der-klebstoff-des-interne… ∗∗∗ Kritische Sicherheitslücke in VMware Aria Operations for Networks ∗∗∗ --------------------------------------------- VMware schließt Sicherheitslücken in Aria Operations for Networks. Eine gilt als kritisch und erlaubt den Zugriff ohne Anmeldung. --------------------------------------------- https://heise.de/-9288934 ∗∗∗ Botnet: Internationale Strafverfolger deinstallieren 700.000 Qakbot-Drohnen ∗∗∗ --------------------------------------------- Zusammen mit internationalen Strafverfolgern hat das FBI das Qakbot-Botnetz vorerst außer Gefecht gesetzt. Von 700.000 Systemen entfernten sie die Malware. --------------------------------------------- https://heise.de/-9289070 ∗∗∗ Cisco warnt vor Ransomware-Angriffen auf VPNs ohne Mehrfaktorauthentifizierung ∗∗∗ --------------------------------------------- Cisco warnt vor Angriffen mit der Akira-Ransomware, die auf VPNs des Herstellers zielt. Bei nicht genutzter Mehrfaktorauthentifizierung gelingen Einbrüche. --------------------------------------------- https://heise.de/-9289242 ∗∗∗ Vorsicht vor Jobs auf zalandoovip.vip und remote-rpo-at.com! ∗∗∗ --------------------------------------------- Auf remote-rpo-at.com wird Ihnen ein lukratives Job-Angebot präsentiert. „Seien Sie Ihr Eigener Chef Und Verdienen Sie Bis zu €1260 Pro Woche!“, heißt es da auf der Startseite. Sie sollen im weiteren Verlauf auf der betrügerischen Website zalandoovip.vip für Zalando Produktbewertungen abgeben und so angeblich Verkäufe steigern. Sobald Sie Ihr verdientes Geld auszahlen lassen wollen, folgt die böse Überraschung: [...] --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-jobs-auf-zalandoovipvip… ∗∗∗ Tausende Organisationen verwundbar auf Subdomain Hijacking ∗∗∗ --------------------------------------------- Subdomain-Hijacking stellt ein besorgniserregendes Szenario dar, bei dem Angreifer die Kontrolle über Websites übernehmen, die auf Subdomains seriöser Organisationen gehostet werden. Dies ermöglicht Angreifern zum Beispiel die Verbreitung von Schadsoftware und Desinformationen oder die Durchführung Phishing-Angriffen. --------------------------------------------- https://certitude.consulting/blog/de/subdomain-hijacking-2/ ∗∗∗ Trojanized Signal and Telegram apps on Google Play delivered spyware ∗∗∗ --------------------------------------------- Trojanized Signal and Telegram apps containing the BadBazaar spyware were uploaded onto Google Play and Samsung Galaxy Store by a Chinese APT hacking group known as GREF. --------------------------------------------- https://www.bleepingcomputer.com/news/security/trojanized-signal-and-telegr… ∗∗∗ Getting into AWS cloud security research as a n00bcake ∗∗∗ --------------------------------------------- Today, AWS security research can feel impenetrable, like understanding the latest meme that’s already gone through three ironic revivals. But if I’m being honest, I might suggest AWS security research is far more accessible than the other insane research in our industry. That’s why I attempt it. I’m just too dumb to write shellcode or disassemble a binary. So don’t be scared, let’s do it together! --------------------------------------------- https://dagrz.com/writing/aws-security/getting-into-aws-security-research/ ∗∗∗ CISA Releases IOCs Associated with Malicious Barracuda Activity ∗∗∗ --------------------------------------------- CISA has released additional indicators of compromise (IOCs) associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/08/29/cisa-releases-iocs-assoc… ∗∗∗ Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868) ∗∗∗ --------------------------------------------- On June 15, 2023, Mandiant released a blog post detailing an 8-month-long global espionage campaign conducted by a Chinese-nexus threat group tracked as UNC4841. In this follow-up blog post, we will detail additional tactics, techniques, and procedures (TTPs) employed by UNC4841 that have since been uncovered through Mandiant’s incident response engagements, as well as through collaborative efforts with Barracuda Networks and our International Government partners. Over the course of this --------------------------------------------- https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-rem… ∗∗∗ Pay our ransom instead of a GDPR fine, cybercrime gang tells its targets ∗∗∗ --------------------------------------------- Researchers are tracking a new cybercrime group that uses a never-seen-before extortion tactic. The gang, which operates through a blog called Ransomed, tells victims that if they don’t pay to protect stolen files, they will face fines under data protection laws like the EU’s GDPR, according to a new report by cybersecurity firm Flashpoint. --------------------------------------------- https://therecord.media/ransomed-cybercrime-group-extortion-gdpr ===================== = Vulnerabilities = ===================== ∗∗∗ Netgear: Security Advisory for Post-authentication Command Injection on the Prosafe® Network Management System, PSV-2023-0037 ∗∗∗ --------------------------------------------- NETGEAR is aware of a post-authentication command injection security vulnerability on NMS300 and strongly recommends that you download the latest version of NMS300 as soon as possible. --------------------------------------------- https://kb.netgear.com/000065705/Security-Advisory-for-Post-authentication-… ∗∗∗ Netgear: Security Advisory for Authentication Bypass on the RBR760, PSV-2023-0052 ∗∗∗ --------------------------------------------- NETGEAR is aware of an authentication bypass security vulnerability on the RBR760. This vulnerability requires an attacker to have your WiFi password or an Ethernet connection to a device on your network to be exploited. --------------------------------------------- https://kb.netgear.com/000065734/Security-Advisory-for-Authentication-Bypas… ∗∗∗ Webbrowser: Google-Chrome-Update stopft hochriskante Sicherheitslücke ∗∗∗ --------------------------------------------- Google bessert im Webbrowser Chrome eine als hochriskant eingestufte Schwachstelle aus. --------------------------------------------- https://heise.de/-9288903 ∗∗∗ Entwickler von Notepad++ ignoriert offensichtlich Sicherheitslücken ∗∗∗ --------------------------------------------- Mehrere Sicherheitslücken gefährden den Texteditor Notepad++. Trotz Informationen zu den Lücken und möglichen Fixes steht ein Sicherheitsupdate noch aus. --------------------------------------------- https://heise.de/-9289124 ∗∗∗ VMSA-2023-0018 ∗∗∗ --------------------------------------------- Synopsis: VMware Aria Operations for Networks updates address multiple vulnerabilities. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2023-0018.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (qpdf, ring, and tryton-server), Fedora (mingw-qt5-qtbase and moby-engine), Red Hat (cups, kernel, kernel-rt, kpatch-patch, librsvg2, and virt:rhel and virt-devel:rhel), and Ubuntu (amd64-microcode, firefox, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-kvm, linux-oracle, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-hwe-6.2, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-raspi, linux-bluefield, linux-ibm, linux-oem-6.1, and openjdk-lts, openjdk-17). --------------------------------------------- https://lwn.net/Articles/943087/ ∗∗∗ Remote Code Execution in RTS VLink Virtual Matrix ∗∗∗ --------------------------------------------- BOSCH-SA-893251-BT: A security vulnerability has been uncovered in the admin interface of the RTS VLink Virtual Matrix Software. The vulnerability will allow a Remote Code Execution (RCE) attack. --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-893251-bt.html ∗∗∗ 2023-08-29 Out-of-Cycle Security Bulletin: Junos OS and Junos OS Evolved: A crafted BGP UPDATE message allows a remote attacker to de-peer (reset) BGP sessions (CVE-2023-4481) ∗∗∗ --------------------------------------------- https://supportportal.juniper.net/s/article/2023-08-29-Out-of-Cycle-Securit… ∗∗∗ [R1] Nessus Version 10.6.0 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2023-29 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.08.2023
by Daily end-of-shift report 29 Aug '23

29 Aug '23

===================== = End-of-Day report = ===================== Timeframe: Montag 28-08-2023 18:00 − Dienstag 29-08-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Malware loader lowdown: The big 3 responsible for 80% of attacks so far this year ∗∗∗ --------------------------------------------- Three malware loaders — QBot, SocGholish, and Raspberry Robin — are responsible for 80 percent of observed attacks on computers and networks so far this year. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2023/08/28/top_malware_… ∗∗∗ Leaking File Contents with a Blind File Oracle in Flarum ∗∗∗ --------------------------------------------- Flarum is a free, open source PHP-based forum software used for everything from gaming hobbyist sites to cryptocurrency discussion. [..] Through our research we were able to leak the contents of arbitrary local files in Flarum through a blind oracle, and conduct blind SSRF attacks with only a basic user account. --------------------------------------------- https://blog.assetnote.io/2023/08/28/leaking-file-contents-with-a-blind-fil… ∗∗∗ Compromised OpenCart Payment Module Steals Credit Card Information ∗∗∗ --------------------------------------------- It seems that the attackers had manually modified one of the key files responsible for the processing of payment information on their OpenCart website; this is very similar to another credit card skimmer that we recently wrote about. --------------------------------------------- https://blog.sucuri.net/2023/08/opencart-payment-module-steals-credit-card-… ∗∗∗ Jetzt patchen! Exploitcode legt Attacken auf Juniper-Firewalls nahe ∗∗∗ --------------------------------------------- Sicherheitsforscher haben Schwachstellen in Juniper Firewalls und Switches dokumentiert. Das können Angreifer nun missbrauchen. --------------------------------------------- https://heise.de/-9287740 ∗∗∗ Zoho ManageEngine: Schwachstelle erlaubt Umgehen von Mehrfaktorauthentifizierung ∗∗∗ --------------------------------------------- Zahlreiche ManageEninge-Produkte von Zoho sind von Schwachstellen betroffen, die die Umgehung der Mehrfaktorauthentifizierung (MFA) ermöglichen. Während aktualisierte Softwarepakete offenbar seit Ende Juni bereitstehen, wurde erst jetzt die CVE-Meldung dazu bekannt. --------------------------------------------- https://heise.de/-9287917 ∗∗∗ MalDoc in PDF: Japanisches CERT warnt vor in PDFs versteckten Malware-Dokumenten ∗∗∗ --------------------------------------------- Cyberkriminelle finden immer neue Wege, Malware vor der Erkennung zu verstecken. Das japanische CERT hat jetzt bösartige Word-Dokumente in PDFs gefunden. --------------------------------------------- https://heise.de/-9288262 ∗∗∗ Gefälschte Beschwerdemails an Hotels führen zu Schadsoftware ∗∗∗ --------------------------------------------- Derzeit kursieren gefälschte E-Mails mit angeblichen Gästebeschwerden. Bisher sind uns zwei Versionen bekannt. In einem E-Mail beklagt sich ein vermeintlicher Gast über die Sauberkeit der Zimmer, in einer anderen Version, wirft man dem Personal vor, Wertgegenstände aus dem Zimmer gestohlen zu haben. Als Beweis finden Sie im E-Mail einen Link zu Fotos. Wir vermuten Schadsoftware, klicken Sie nicht auf den Link! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-beschwerdemails-an-hotel… ∗∗∗ Ungefixter Skype-Bug ermöglicht Angreifern die IP-Adresse der Opfer abzufragen (August 2023) ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher ist auf eine Möglichkeit gestoßen, die IP-Adresse eines Skype-Benutzers zu ermitteln, ohne dass die Zielperson überhaupt auf einen Link klicken muss. --------------------------------------------- https://www.borncity.com/blog/2023/08/29/ungefixter-skype-bug-ermglicht-ang… ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Vulnerabilities found in Techview LA-5570 Wireless Gateway Home Automation Controller ∗∗∗ --------------------------------------------- The Security Team at [exploitsecurity.io] uncovered multiple vulnerabilities in the Techview LA-5570 Wireless Home Automation Controller [Firmware Version 1.0.19_T53]. These vulnerabilities can be used to to gain full control of the affected device. CVE IDs: CVE-2023-34723, CVE-2023-34724, CVE-2023-34725 --------------------------------------------- https://www.exploitsecurity.io/post/cve-2023-34723-cve-2023-34724-cve-2023-… ∗∗∗ Webbrowser: Firefox 117, ESR 115.2 und ESR 102.15 dichten Sicherheitslecks ab ∗∗∗ --------------------------------------------- Die Mozilla-Entwickler haben die Firefox-Versionen 117, ESR 115.2 und ESR 102.15 herausgegeben, die mehrere teils hochriskante Sicherheitslücken schließen. --------------------------------------------- https://heise.de/-9288483 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (flask-security and opendmarc), Fedora (qemu), Oracle (rust and rust-toolset:ol8), Red Hat (cups and libxml2), Scientific Linux (cups), SUSE (ca-certificates-mozilla, chromium, clamav, freetype2, haproxy, nodejs12, procps, and vim), and Ubuntu (faad2, json-c, libqb, linux, linux-aws, linux-lts-xenial, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15, and linux-gke, linux-ibm-5.4). --------------------------------------------- https://lwn.net/Articles/943006/ ∗∗∗ Unauthenticated OS Command Injection im Patton SN200 VoIP-Gateway (SYSS-2023-019) ∗∗∗ --------------------------------------------- Durch verschiedene Schwachstellen können unangemeldete Angreifende Sytembefehle auf dem Patton SN200 VoIP-Gateway ausführen. --------------------------------------------- https://www.syss.de/pentest-blog/unauthenticated-os-command-injection-im-pa… ∗∗∗ Festo Didactic: Cross-Site-Scripting (XSS) vulnerability in LX-Appliance ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-040/ ∗∗∗ Reflected Cross-Site Scripting (XSS) Schwachstelle in Codebeamer (ALM Solution) von PTC ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/reflected-cross-site-… ∗∗∗ IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in scikit-learn ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029479 ∗∗∗ A CVE-2023-21967 vulnerability in IBM Java Runtime affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029615 ∗∗∗ The IBM Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2023 - Includes Oracle April 2023 CPU is vulnerable to (CVE-2023-2597) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029634 ∗∗∗ IBM Event Streams is vulnerable to denial of service attacks due to snappy-java (CVE-2023-34453, CVE-2023-34455, CVE-2023-34454) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029640 ∗∗∗ IBM Event Streams is vulnerable to a denial of service attack due to Golang Go (CVE-2023-29409) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029639 ∗∗∗ Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to code injection and privilege escalation due to multiple vulnerabilities in Go ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029646 ∗∗∗ Operations Dashboard is vulnerable to remote code execution, privilege escalation, and denial of service due to multiple Go vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029648 ∗∗∗ IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029656 ∗∗∗ Vulnerabilities in IBM Java included with IBM Tivoli Monitoring. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029662 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.08.2023
by Daily end-of-shift report 28 Aug '23

28 Aug '23

===================== = End-of-Day report = ===================== Timeframe: Freitag 25-08-2023 18:00 − Montag 28-08-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Update korrigiert Verschlüsselung von Qnap-Betriebssystemen ∗∗∗ --------------------------------------------- Qnap hat aktualisierte Versionen der QTS- und QuTS hero-Betriebssysteme veröffentlicht. Sie korrigieren unter anderem zu schwache Verschlüsselung. --------------------------------------------- https://heise.de/-9286394 ∗∗∗ Stalker-Malware: Whiffy Recon schnüffelt Standort alle 60 Sekunden aus ∗∗∗ --------------------------------------------- Eine Malware namens Whiffy Recon überprüft alle 60 Sekunden den Standort des infizierten Geräts. Es bleibt unklar, wozu. --------------------------------------------- https://heise.de/-9286754 ∗∗∗ Auch Antivirensoftware: Winrar-Schwachstelle betrifft womöglich weitere Programme ∗∗∗ --------------------------------------------- Nachtrag vom 28. August 2023, 17:28 Uhr: Herr Marx wies die Redaktion im Nachhinein darauf hin, dass eine mögliche Ausnutzung von CVE-2023-40477 für die einzelnen Anwendungen individuell beurteilt werden muss. Nicht jedes Programm, das die gefährdete DLL verwendet, macht automatisch Gebrauch von dem problematischen Code. --------------------------------------------- https://www.golem.de/news/auch-antivirensoftware-winrar-schwachstelle-betri… ∗∗∗ Duolingo: Leck mit 2,6 Millionen Nutzerdatensätze, Prüfung auf Have I been Pwned möglich ∗∗∗ --------------------------------------------- Bei der Sprachlern-App Duolingo bzw. bei deren Anbieter ermöglichten Schwachstellen Benutzerdaten abzuziehen. Jetzt hat Troy Hunt einen Datensatz mit den Informationen zu 2,6 Millionen Duolingo Nutzern in seine Plattform Have I been Pwned integriert. --------------------------------------------- https://www.borncity.com/blog/2023/08/24/duolingo-leck-mit-26-millionen-nut… ∗∗∗ Antworten von Microsoft zum Hack der Microsoft Azure-Cloud durch Storm-0588 – Teil 1 ∗∗∗ --------------------------------------------- Ich hatte nach dem Hack der Microsoft Azure Cloud-Infrastruktur durch die mutmaßlich chinesische Gruppe Storm-0588 bei Microsoft Irland konkret nachgefragt, ob persönliche Daten eines meiner Microsoft Konten betroffen seien. Und ich hatte an den Bundesdatenschutzbeauftragten (BfDI), Ulrich Kelber, [...] --------------------------------------------- https://www.borncity.com/blog/2023/08/26/antworten-von-microsoft-zum-hack-d… ∗∗∗ Antworten des Bundesdatenschutzbeauftragten, Ulrich Kelber, zum Hack der Microsoft Azure-Cloud durch Storm-0588 – Teil 2 ∗∗∗ --------------------------------------------- In Teil 1 dieser Artikelreihe hatte die die Antworten Microsofts auf meine konkreten Fragen zum Hack der Microsoft Azure Cloud-Infrastruktur durch die mutmaßlich chinesische Gruppe Storm-0588 wiedergegeben. Ich hatte aber auch einige Fragen an die Presseabteilung des Bundesdatenschutzbeauftragten (BfDI) [...] --------------------------------------------- https://www.borncity.com/blog/2023/08/26/antworten-des-bundesdatenschutzbea… ∗∗∗ PoC for no-auth RCE on Juniper firewalls released ∗∗∗ --------------------------------------------- Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit. --------------------------------------------- https://www.helpnetsecurity.com/2023/08/28/poc-rce-juniper-firewalls/ ∗∗∗ Beware the Azure Guest User: How to Detect When a Guest User Account Is Being Exploited ∗∗∗ --------------------------------------------- In Azure environments, guest users are the go-to option when giving access to a user from a different tenant. Often, little effort is invested in keeping guest users safe. However, this could prove to be a costly mistake. It’s actually very important to monitor the third-party applications and identities that have access to your environment, [...] --------------------------------------------- https://orca.security/resources/blog/detect-guest-user-account-exploited/ ∗∗∗ Reply URL Flaw Allowed Unauthorized MS Power Platform API Access ∗∗∗ --------------------------------------------- Cybersecurity experts from Secureworks have revealed a critical vulnerability within Microsoft’s Power Platform, now known as Entra ID. The vulnerability, discovered early this year, involved an abandoned reply URL within the Azure Active Directory (AD) environment, granting unauthorized access to elevated permissions and control within an organization. --------------------------------------------- https://www.hackread.com/reply-url-flaw-ms-power-platform-api-access/ ∗∗∗ KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities ∗∗∗ --------------------------------------------- An updated version of a botnet malware called KmsdBot is now targeting Internet of Things (IoT) devices, simultaneously branching out its capabilities and the attack surface. "The binary now includes support for Telnet scanning and support for more CPU architectures," Akamai security researcher Larry W. Cashdollar said in an analysis published this month. --------------------------------------------- https://thehackernews.com/2023/08/kmsdbot-malware-gets-upgrade-now.html ===================== = Vulnerabilities = ===================== ∗∗∗ D-Link DAP-2622: Various Security Vulnerabilities Reported ∗∗∗ --------------------------------------------- Affected Models: DAP-2622 Hardware Revision: All A Series Hardware Revisions Region: Non-US/CA Affected FW: v1.00 & Below Fixed FW: v1.10B03R022 Beta-Hotfix --------------------------------------------- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name… ∗∗∗ Busybox cpio directory traversal vulnerability (CVE-2023-39810) ∗∗∗ --------------------------------------------- When extracting cpio archives with BusyBox cpio, the cpio archiving tools may write files outside the destination directory and there is no option to prevent this. --------------------------------------------- https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerabi… ∗∗∗ Sicherheitsupdates: Drupal-Plug-ins mit Schadcode-Lücken ∗∗∗ --------------------------------------------- Wenn bestimmte Plug-ins zum Einsatz kommen, sind mit dem CMS Drupal erstellte Websites attackierbar. --------------------------------------------- https://heise.de/-9286388 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, clamav, librsvg, rar, and unrar-nonfree), Fedora (caddy, chromium, and xen), and SUSE (ca-certificates-mozilla, gawk, ghostscript, java-1_8_0-ibm, java-1_8_0-openjdk, php7, qemu, and xen). --------------------------------------------- https://lwn.net/Articles/942922/ ∗∗∗ Sicherheitsschwachstellen im tef-Händlerportal (SYSS-2023-020/-021) ∗∗∗ --------------------------------------------- Im tef-Händlerportal kann über eine Persistent Cross-Site Scripting-Schwachstelle beliebiger Code im Kontext des Benutzers ausgeführt werden. --------------------------------------------- https://www.syss.de/pentest-blog/sicherheitsschwachstellen-im-tef-haendlerp… ∗∗∗ VU#757109: Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/757109 ∗∗∗ Vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028975 ∗∗∗ IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to arbitrary code execution due to an unsafe deserialization flaw (CVE-2022-40609). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029160 ∗∗∗ IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029356 ∗∗∗ Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029359 ∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2023-35890) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029364 ∗∗∗ A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-32342] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029362 ∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2022-40609) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029361 ∗∗∗ Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - July 2023 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7029360 ∗∗∗ GNU C library (glibc) vulnerability affects (CVE-2015-7547) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/650093 ∗∗∗ ISC DHCP vulnerability affects TS4500 Tape Library (CVE-2018-5732) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/650877 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.08.2023
by Daily end-of-shift report 25 Aug '23

25 Aug '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 24-08-2023 18:00 − Freitag 25-08-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Auch Antivirensoftware: Winrar-Schwachstelle betrifft Hunderte weitere Programme ∗∗∗ --------------------------------------------- Nicht nur alte Winrar-Versionen sind für eine jüngst gepatchte Sicherheitslücke anfällig, sondern auch zahlreiche weitere Anwendungen. --------------------------------------------- https://www.golem.de/news/auch-antivirensoftware-winrar-schwachstelle-betri… ∗∗∗ FBI-Warnung: Barracuda ESG-Appliances noch immer bedroht, umgehend entfernen ∗∗∗ --------------------------------------------- Das FBI warnt vor den Barracuda-ESG-Schwachstellen, die Ende Mai bekannt wurden. Es geht davon aus, dass alle Geräte kompromittiert seien. --------------------------------------------- https://heise.de/-9284695 ∗∗∗ „Mammutjagd“ auf Online-Marktplätze ∗∗∗ --------------------------------------------- Mit dem Toolset "Telekopye" können auch technisch wenig versierte Hacker auf Online-Marktplätzen Jagd auf ahnungslose Käufer – im Gauner-Slang "Mammut" - machen. --------------------------------------------- https://www.zdnet.de/88411400/mammutjagd-auf-online-marktplaetze/ ∗∗∗ Jupiter X Core WordPress plugin could let hackers hijack sites ∗∗∗ --------------------------------------------- Two vulnerabilities affecting some version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow hijacking accounts and uploading files without authentication. --------------------------------------------- https://www.bleepingcomputer.com/news/security/jupiter-x-core-wordpress-plu… ∗∗∗ Python Malware Using Postgresql for C2 Communications, (Fri, Aug 25th) ∗∗∗ --------------------------------------------- For modern malware, having access to its C2 (Command and control) is a crucial point. There are many ways to connect to a C2 server using tons of protocols, but today, HTTP remains very common because HTTP is allowed on most networks... --------------------------------------------- https://isc.sans.edu/diary/rss/30158 ∗∗∗ Playing Dominos with Moodles Security (1/2) ∗∗∗ --------------------------------------------- This is the first blog in a two-part series where we will present our findings on a Moodle security audit we conducted. We were drawn to researching the security aspect of the framework due to its popularity, with the goal of contributing to a safer internet. In this first article, we demonstrate how an unauthenticated attacker can leverage a vulnerability with a supposedly low impact to gain full control over the Moodle instance. --------------------------------------------- https://www.sonarsource.com/blog/playing-dominos-with-moodles-security-1/ ∗∗∗ A broken marriage. Abusing mixed vendor Kerberos stacks ∗∗∗ --------------------------------------------- *nix based servers and services can be joined to Active Directory networks in the same way as their Windows counterparts. This is usually facilitated through the MIT or Heimdal Kerberos stacks. Kerberos is designed as an authentication-based protocol therefore authorisation decisions are implemented independently to the Kerberos protocol itself. Due to this, different vendor stacks behave differently on how authorisation decisions are made. --------------------------------------------- https://www.pentestpartners.com/security-blog/a-broken-marriage-abusing-mix… ∗∗∗ A Beginner’s Guide to Adversary Emulation with Caldera ∗∗∗ --------------------------------------------- The target audience for this blog post is individuals who have a basic understanding of cybersecurity concepts and terminology and looking to expand their knowledge on adversary emulation. This post delves into the details of adversary emulation with the Caldera framework exploring the benefits it offers. --------------------------------------------- https://blog.nviso.eu/2023/08/25/a-beginners-guide-to-adversary-emulation-w… ∗∗∗ Analysis of MS-SQL Server Proxyjacking Cases ∗∗∗ --------------------------------------------- AhnLab Security Emergency response Center (ASEC) has recently discovered cases of proxyjacking targeting poorly managed MS-SQL servers. Publicly accessible MS-SQL servers with simple passwords are one of the main attack vectors used when targeting Windows systems. Typically, threat actors target poorly managed MS-SQL servers and attempt to gain access through brute force or dictionary attacks. If successful, they install malware on the infected system. --------------------------------------------- https://asec.ahnlab.com/en/56350/ ∗∗∗ Stories from the SOC - Unveiling the stealthy tactics of Aukill malware ∗∗∗ --------------------------------------------- On April 21st, 2023, AT&T Managed Extended Detection and Response (Managed XDR) investigated an attempted ransomware attack on one of our clients, a home improvement business. The investigation revealed the attacker used AuKill malware on the clients print server to disable the servers installed endpoint detection and response (EDR) solution by brute-forcing an administrator account and downgrading a driver to a vulnerable version. --------------------------------------------- https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-so… ===================== = Vulnerabilities = ===================== ∗∗∗ Maxon Cinema 4D SKP File Parsing vulnerabilities ∗∗∗ --------------------------------------------- CVSS Score: 7.8 CVE-2023-40482, CVE-2023-40483, CVE-2023-40486, CVE-2023-40485, CVE-2023-40484, CVE-2023-40488, CVE-2023-4049[0], CVE-2023-40491, CVE-2023-40487, CVE-2023-40489 Mitigation: Given the nature of the [vulnerabilities], the only salient mitigation strategy is to restrict interaction with the application. --------------------------------------------- https://www.zerodayinitiative.com/advisories/published/ ∗∗∗ (0Day) LG Simple Editor vulnerabilities ∗∗∗ --------------------------------------------- CVSS Scores: 6.5-9.8 CVE-2023-40502, CVE-2023-40513, CVE-2023-40514, CVE-2023-40515, CVE-2023-40492, CVE-2023-40493, CVE-2023-40494, CVE-2023-40495, CVE-2023-40496, CVE-2023-40497, CVE-2023-40498, CVE-2023-40499, CVE-2023-40500, CVE-2023-40503, CVE-2023-40503, CVE-2023-40504, CVE-2023-40505, CVE-2023-40506, CVE-2023-40507, CVE-2023-40508, CVE-2023-40509, CVE-2023-40510, CVE-2023-40511, CVE-2023-40512, CVE-2023-40501, CVE-2023-40516 [...] they do not have plans to fix the [vulnerabilities] --------------------------------------------- https://www.zerodayinitiative.com/advisories/published/ ∗∗∗ (0Day) LG SuperSign Media Editor vulnerabilities ∗∗∗ --------------------------------------------- CVSS Scores: 5.3-7.5 CVE-2023-40517, CVE-2023-41181 The vendor states that they do not have plans to fix the [vulnerabilities] now or in the future. [...] Given the nature of the [vulnerabilities], the only salient mitigation strategy is to restrict interaction with the application. --------------------------------------------- https://www.zerodayinitiative.com/advisories/published/ ∗∗∗ QNap: [Vulnerabilities] in QTS and QuTS hero ∗∗∗ --------------------------------------------- CVE-2023-34971, CVE-2023-34973, CVE-2023-34972 Affected products: QTS 5.1.0, 5.0.1, 4.5.4; QuTS hero h5.1.0, h4.5.4 We have already fixed the [vulnerabilities] in the following operating system versions: * QTS 5.1.0.2444 build 20230629 and later * QTS 5.0.1.2425 build 20230609 and later * QTS 4.5.4.2467 build 20230718 and later * QuTS hero h5.1.0.2424 build 20230609 and later * QuTS hero h4.5.4.2476 build 20230728 and later --------------------------------------------- https://www.qnap.com/en-us/security-advisories?ref=security_advisory_details ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (tryton-server), Fedora (youtube-dl), SUSE (clamav and krb5), and Ubuntu (cjose and fastdds). --------------------------------------------- https://lwn.net/Articles/942766/ ∗∗∗ ZDI-23-1224: LG LED Assistant updateFile Directory Traversal Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-23-1224/ ∗∗∗ ZDI-23-1223: LG LED Assistant thumbnail Directory Traversal Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-23-1223/ ∗∗∗ ZDI-23-1222: LG LED Assistant setThumbnailRc Directory Traversal Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-23-1222/ ∗∗∗ ZDI-23-1221: LG LED Assistant upload Directory Traversal Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-23-1221/ ∗∗∗ IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-30435, CVE-2023-30436, CVE-2023-30437) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028506 ∗∗∗ ISC BIND on IBM i is vulnerable to denial of service due to a memory usage flaw (CVE-2023-2828) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7017974 ∗∗∗ Multiple vulnerabilities found in IBM Java which is shipped with IBM Intelligent Operations Center(CVE-2022-21541, CVE-2022-21540) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028934 ∗∗∗ IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service due to [CVE-2023-26115] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028936 ∗∗∗ IBM Spectrum Copy Data Management uses weaker than expected cryptographic algorithms ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028841 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.08.2023
by Daily end-of-shift report 24 Aug '23

24 Aug '23

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 23-08-2023 18:00 − Donnerstag 24-08-2023 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ New "Whiffy Recon" Malware Triangulates Infected Device Location via Wi-Fi Every Minute ∗∗∗ --------------------------------------------- The SmokeLoader malware is being used to deliver a new Wi-Fi scanning malware strain called Whiffy Recon on compromised Windows machines. "The new malware strain has only one operation. Every 60 seconds it triangulates the infected systems positions by scanning nearby Wi-Fi access points as a data point for Googles geolocation API," [...] --------------------------------------------- https://thehackernews.com/2023/08/new-whiffy-recon-malware-triangulates.html ∗∗∗ Using LLMs to reverse JavaScript variable name minification ∗∗∗ --------------------------------------------- This blog introduces a novel way to reverse minified Javascript using large language models (LLMs) like ChatGPT and llama2 while keeping the code semantically intact. The code is open source and available at Github --------------------------------------------- https://thejunkland.com/blog/using-llms-to-reverse-javascript-minification ∗∗∗ Microsoft: Windows-Update-Vorschauen schützen vor Downfall-CPU-Lücke ∗∗∗ --------------------------------------------- Microsoft hat die Vorschauen auf die Windows-Updates im September veröffentlicht. Sie bringen Gegenmaßnahmen für die Downfall-Intel-CPU-Lücke mit. --------------------------------------------- https://heise.de/-9283485 ∗∗∗ FBI: Patches for Recent Barracuda ESG Zero-Day Ineffective ∗∗∗ --------------------------------------------- The Federal Bureau of Investigation says that the patches released for a recent Barracuda Email Security Gateway (ESG) vulnerability were not effective, advising organizations to “remove all ESG appliances immediately”. --------------------------------------------- https://www.securityweek.com/fbi-patches-for-recent-barracuda-esg-zero-day-… ∗∗∗ Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT ∗∗∗ --------------------------------------------- This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations. --------------------------------------------- https://blog.talosintelligence.com/lazarus-quiterat/ ∗∗∗ Tunnel Warfare: Exposing DNS Tunneling Campaigns using Generative Models – CoinLoader Case Study ∗∗∗ --------------------------------------------- In this blog post, we provide a deep dive into Check Point’s ongoing use of such a model to sweep across this haystack, and routinely thwart malicious campaigns abusing the DNS protocol to communicate with C&C servers. We focus on one such campaign, of CoinLoader, and lay out its infrastructure as well as an in-depth technical analysis of its DNS tunnelling functionality. --------------------------------------------- https://research.checkpoint.com/2023/tunnel-warfare-exposing-dns-tunneling-… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: DoS-Attacken auf Firewalls und Switches von Cisco möglich ∗∗∗ --------------------------------------------- Angreifer können Geräte von Cisco via DoS-Attacken lahmlegen. Der Netzwerkausrüster hat Sicherheitspatches veröffentlicht. --------------------------------------------- https://heise.de/-9283445 ∗∗∗ Security Advisories for Drupal contributed projects ∗∗∗ --------------------------------------------- * Config Pages - Moderately critical - Information Disclosure * Shorthand - Critical - Access bypass * SafeDelete - Moderately critical - Access bypass * Data field - Moderately critical - Access bypass * ACL - Critical - Arbitrary PHP code execution * Forum Access - Critical - Arbitrary PHP code execution * Flexi Access - Critical - Arbitrary PHP code execution --------------------------------------------- https://www.drupal.org/security/contrib ∗∗∗ CVE-2023-35150: Arbitrary Code Injection in XWiki.org XWiki ∗∗∗ --------------------------------------------- [..] detail a recently patched remote code execution vulnerability in the XWiki free wiki software platform. This bug was originally discovered by Michael Hamann with public Proof-of-Concept (PoC) code provided by Manuel Leduc. Successful exploitation of this vulnerability would allow an authenticated attacker to perform an arbitrary code injection on affected systems. --------------------------------------------- https://www.zerodayinitiative.com/blog/2023/8/22/cve-2023-35150-arbitrary-c… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (w3m), Fedora (libqb), Mageia (docker-containerd, kernel, kernel-linus, microcode, php, redis, and samba), Oracle (kernel, kernel-container, and openssh), Scientific Linux (subscription-manager), SUSE (ca-certificates-mozilla, erlang, gawk, gstreamer-plugins-base, indent, java-1_8_0-ibm, kernel, kernel-firmware, krb5, libcares2, nodejs14, nodejs16, openssl-1_1, openssl-3, poppler, postfix, redis, webkit2gtk3, and xen), and Ubuntu (php8.1). --------------------------------------------- https://lwn.net/Articles/942654/ ∗∗∗ Synology-SA-23:12 Synology SSL VPN Client ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_23_12 ∗∗∗ MISP 2.4.175 released with various bugs fixed, improvements and security fixes. ∗∗∗ --------------------------------------------- https://www.misp-project.org/2023/08/24/MISP.2.4.175.released.html/ ∗∗∗ OPTO 22 SNAP PAC S1 ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02 ∗∗∗ CODESYS Development System ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-03 ∗∗∗ CODESYS Development System ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-04 ∗∗∗ CODESYS Development System ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-05 ∗∗∗ Rockwell Automation Input/Output Modules ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-06 ∗∗∗ KNX Protocol ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-01 ∗∗∗ Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2023 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028350 ∗∗∗ IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028511 ∗∗∗ IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-30435, CVE-2023-30436, CVE-2023-30437) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028506 ∗∗∗ IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability (CVE-2022-43904) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028509 ∗∗∗ IBM Security Guardium is affected by an SQL Injection vulnerability (CVE-2023-33852) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028514 ∗∗∗ IBM Security Verify Access OpenID Connect Provider container has fixed multiple vulnerabilities (CVE-2022-43868, CVE-2022-43739, CVE-2022-43740) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028513 ∗∗∗ AIX is affected by security restrictions bypass (CVE-2023-24329) due to Python ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028095 ∗∗∗ IBM Elastic Storage System is affected by a vulnerability in OpenSSL (CVE-2022-4304) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028709 ∗∗∗ IBM Data Risk Manager is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028713 ∗∗∗ IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality due to [CVE-2023-26268] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028728 ∗∗∗ IBM App Connect Enterprise Certified Container operands that use the Box or Snowflake connectors are vulnerable to arbitrary code execution due to [CVE-2023-37466], [CVE-2023-37903] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028727 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.08.2023
by Daily end-of-shift report 23 Aug '23

23 Aug '23

===================== = End-of-Day report = ===================== Timeframe: Dienstag 22-08-2023 18:00 − Mittwoch 23-08-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Schwachstellen im Web-Interface machen Aruba Orchestrator angreifbar ∗∗∗ --------------------------------------------- Angreifer können Arubas SD-WAN-Managementlösung EdgeConnect SD-WAN Orchestrator attackieren. --------------------------------------------- https://heise.de/-9282524 ∗∗∗ CISA warnt vor Angriffen auf Veeam-Backup-Sicherheitslücke ∗∗∗ --------------------------------------------- Die Cybersicherheitsbehörde CISA warnt vor aktuell laufenden Angriffen auf eine Veeam-Backup-Schwachstelle. Updates stehen bereit. --------------------------------------------- https://heise.de/-9282365 ∗∗∗ Die beliebteste WLAN-Glühbirne auf Amazon lässt Hacker in euer Netzwerk ∗∗∗ --------------------------------------------- Die TP-Link Tapo L530E hat Sicherheitslücken, mit denen sich Fremde Zugriff auf euer WLAN und damit auch auf die Geräte darin verschaffen können. --------------------------------------------- https://futurezone.at/produkte/wlan-lampe-gluehbrine-amazon-hacker-tp-link-… ∗∗∗ Vorsicht: Gefälschte Versionen von Google Bard verbreiten Malware ∗∗∗ --------------------------------------------- Achtung vor Fake-Werbung mit Google Bard: Hinter den Links befindet sich Malware. --------------------------------------------- https://futurezone.at/digital-life/google-bard-malware-faelschungen-fake-so… ∗∗∗ More Exotic Excel Files Dropping AgentTesla, (Wed, Aug 23rd) ∗∗∗ --------------------------------------------- Excel is an excellent target for attackers. The Microsoft Office suite is installed on millions of computers, and people trust these files. If we have the classic xls, xls, xlsm file extensions, Excel supports many others! Just check your local registry: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/30150 ∗∗∗ Lateral movement: A conceptual overview ∗∗∗ --------------------------------------------- I think it would help a lot of those people to look at lateral movement from a conceptual point of view, instead of trying to understand all the techniques and ways in which lateral movement is achieved. [...] The goal is to hopefully enable more people to learn about how they can restructure or design their environments to be more resilient against lateral movement. --------------------------------------------- https://diablohorn.com/2023/08/22/lateral-movement-a-conceptual-overview/ ∗∗∗ Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders. ∗∗∗ --------------------------------------------- In large metropolitan areas, tourists are often easy to spot because theyre far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior. --------------------------------------------- https://krebsonsecurity.com/2023/08/tourists-give-themselves-away-by-lookin… ∗∗∗ Hackergruppe CosmicBeetle verbreitet Ransomware in Europa ∗∗∗ --------------------------------------------- Gruppe verwendet das Toolset Spacecolon, um Ransomware unter ihren Opfern zu verbreiten und Lösegeld zu erpressen. --------------------------------------------- https://www.zdnet.de/88411341/hackergruppe-cosmicbeetle-verbreitet-ransomwa… ∗∗∗ NVMe: New Vulnerabilities Made Easy ∗∗∗ --------------------------------------------- As vulnerability researchers, our primary mission is to find as many vulnerabilities as possible with the highest severity as possible. Finding vulnerabilities is usually challenging. But could there be a way, in some cases, to reach the same results with less effort? --------------------------------------------- https://www.cyberark.com/resources/threat-research-blog/nvme-new-vulnerabil… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mediawiki and qt4-x11), Fedora (java-17-openjdk, linux-firmware, and python-yfinance), Red Hat (kernel, kpatch-patch, and subscription-manager), SUSE (evolution, janino, kernel, nodejs16, nodejs18, postgresql15, qt6-base, and ucode-intel), and Ubuntu (inetutils). --------------------------------------------- https://lwn.net/Articles/942514/ ∗∗∗ Google Chrome 116.0.5845.110/.111 Sicherheitsupdates ∗∗∗ --------------------------------------------- Google hat zum 22. August 2023 Updates des Google Chrome Browsers 116 im Stable Channel für Mac, Linux und Windows freigegeben. Es sind Sicherheitsupdates, die in den kommenden Wochen ausgerollt werden und 5 Schwachstellen (Einstufung als "hoch") beseitigen soll. --------------------------------------------- https://www.borncity.com/blog/2023/08/23/google-chrome-116-0-5845-110-111-s… ∗∗∗ CVE-2022-40609 may affect IBM Java shipped with IBM CICS TX Standard ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028405 ∗∗∗ CVE-2022-40609 may affect IBM Java shipped with IBM CICS TX Advanced ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028403 ∗∗∗ CVE-2022-40609 may affect IBM Java shipped with IBM TXSeries for Multiplatforms ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028404 ∗∗∗ Multiple vulnerabilities may affect IBM Semeru Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028407 ∗∗∗ AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH (CVE-2023-40371 and CVE-2023-38408) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028420 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.08.2023
by Daily end-of-shift report 22 Aug '23

22 Aug '23

===================== = End-of-Day report = ===================== Timeframe: Montag 21-08-2023 18:00 − Dienstag 22-08-2023 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sneaky Amazon Google ad leads to Microsoft support scam ∗∗∗ --------------------------------------------- A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks up their browser. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sneaky-amazon-google-ad-lead… ∗∗∗ Akira ransomware targets Cisco VPNs to breach organizations ∗∗∗ --------------------------------------------- Theres mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal, and eventually encrypt data. --------------------------------------------- https://www.bleepingcomputer.com/news/security/akira-ransomware-targets-cis… ∗∗∗ Security review for Microsoft Edge version 116 ∗∗∗ --------------------------------------------- We are pleased to announce the security review for Microsoft Edge, version 116! We have reviewed the new settings in Microsoft Edge version 116 and determined that there are no additional security settings that require enforcement. The Microsoft Edge version 114 security baseline continues to be our recommended configuration which can be downloaded from the Microsoft Security Compliance Toolkit. --------------------------------------------- https://techcommunity.microsoft.com/t5/microsoft-security-baselines/securit… ∗∗∗ New Variant of XLoader macOS Malware Disguised as OfficeNote Productivity App ∗∗∗ --------------------------------------------- A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote.""The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg," SentinelOne security researchers Dinesh Devadoss and Phil Stokes said in a Monday analysis. --------------------------------------------- https://thehackernews.com/2023/08/new-variant-of-xloader-macos-malware.html ∗∗∗ CISA, NSA, and NIST Publish Factsheet on Quantum Readiness ∗∗∗ --------------------------------------------- Today, [CISA, NSA, NIST] released a joint factsheet, Quantum-Readiness: Migration to Post-Quantum Cryptography (PQC), to inform organizations—especially those that support Critical Infrastructure—of the impacts of quantum capabilities, and to encourage the early planning for migration to post-quantum cryptographic standards by developing a Quantum-Readiness Roadmap. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/08/21/cisa-nsa-and-nist-publis… ∗∗∗ Exploitation of Openfire CVE-2023-32315 ∗∗∗ --------------------------------------------- This vulnerability has flown under the radar on the defensive side of the industry. CVE-2023-32315 has been exploited in the wild, but you won’t find it in the CISA KEV catalog. There has also been minimal discussion about indicators of compromise and very few detections (although to their credit, Ignite Realtime put out patches and a great mitigation guide back in May). --------------------------------------------- https://vulncheck.com/blog/openfire-cve-2023-32315 ∗∗∗ Kritische Sicherheitslücke in Ivanti Sentry wird bereits missbraucht ∗∗∗ --------------------------------------------- Ivanti schließt in Sentry, vormals MobileIron Sentry, eine kritische Sicherheitslücke. Sie wird bereits angegriffen. --------------------------------------------- https://heise.de/-9278280 ∗∗∗ Facebook: Vorsicht vor Fake-Gewinnspielen von Kronehit und Radio Arabella ∗∗∗ --------------------------------------------- Kriminelle erstellen auf Facebook Fake-Profile von österreichischen Radiomoderator:innen. Betroffen sind aktuell Melanie See von Radio Arabella und Christian Mederitsch von Kronehit. Auf den Fake-Profilen werden betrügerische Gewinnspiele verbreitet. „Gewinner:innen“ werden per Kommentar benachrichtigt und müssen dann einen Link aufrufen oder dem Fake-Profil eine Privatnachricht schreiben. Melden Sie das Fake-Gewinnspiel und antworten Sie nicht! --------------------------------------------- https://www.watchlist-internet.at/news/facebook-vorsicht-vor-fake-gewinnspi… ∗∗∗ This AI-generated crypto invoice scam almost got me, and Im a security pro ∗∗∗ --------------------------------------------- Even a tech pro can fall for a well-laid phishing trap. Heres what happened to me - and how you can avoid a similar fate, too. --------------------------------------------- https://www.zdnet.com/article/this-ai-generated-crypto-invoice-scam-almost-… ∗∗∗ Verbraucherzentrale warnt vor Fake-Paypal-Betrugsanrufen ∗∗∗ --------------------------------------------- Ich nehme mal die Warnung vor einer Betrugsmasche hier mit im Blog auf, vor der die Verbraucherzentrale Baden-Württemberg aktuell warnt. Betrüger versuchen wohl über Call Center Opfer in Deutschland mit Schockanrufen über den Tisch zu ziehen. --------------------------------------------- https://www.borncity.com/blog/2023/08/22/verbraucherzentrale-warnt-vor-fake… ===================== = Vulnerabilities = ===================== ∗∗∗ TP-Link smart bulbs can let hackers steal your WiFi password ∗∗∗ --------------------------------------------- Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Links Tapo app, which could allow attackers to steal their targets WiFi password. --------------------------------------------- https://www.bleepingcomputer.com/news/security/tp-link-smart-bulbs-can-let-… ∗∗∗ McAfee Security Bulletin – McAfee Safe Connect update fixes Privilege Escalation vulnerability (CVE-2023-40352) ∗∗∗ --------------------------------------------- This Security Bulletin describes a vulnerability in a McAfee program, and provides ways to remediate (fix) the issue or mitigate (minimize) its impact. --------------------------------------------- https://www.mcafee.com/support/?articleId=TS103462&page=shell&shell=article… ∗∗∗ Hitachi Energy AFF66x ∗∗∗ --------------------------------------------- CVSS v3 9.6 Successful exploitation of these vulnerabilities could allow an attacker to compromise availability, integrity, and confidentiality of the targeted devices. CVE-2021-43523, CVE-2020-13817, CVE-2020-11868, CVE-2019-11477, CVE-2022-3204, CVE-2018-18066 --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-234-01 ∗∗∗ Rockwell Automation ThinManager ThinServer ∗∗∗ --------------------------------------------- CVSS v3 9.8 Rockwell Automation reports this vulnerability affects the following versions of ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software CVE-2023-2914, CVE-2023-2915, CVE-2023-2917 --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-234-03 ∗∗∗ Trane Thermostats ∗∗∗ --------------------------------------------- CVSS v3 6.8 Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as root using a specially crafted filename. CVE-2023-4212 --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-234-02 ∗∗∗ Jetzt patchen! Angreifer schieben Schadcode durch Lücke in Adobe ColdFusion ∗∗∗ --------------------------------------------- Angreifer attackieren Adobes Middleware ColdFusion. Sicherheitsupdates sind verfügbar. --------------------------------------------- https://heise.de/-9278446 ∗∗∗ K000135921 : Python urllib.parse vulnerability CVE-2023-24329 ∗∗∗ --------------------------------------------- An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. --------------------------------------------- https://my.f5.com/manage/s/article/K000135921?utm_source=f5support&utm_medi… ∗∗∗ Critical Privilege Escalation Vulnerability in Charitable WordPress Plugin Affects Over 10,000 sites ∗∗∗ --------------------------------------------- After providing full disclosure details, the developer released a patch on August 17, 2023. We would like to commend the WP Charitable Team for their prompt response and timely patch, which was released in just one day. We urge users to update their sites with the latest patched version of Charitable, which is version 1.7.0.13 at the time of this writing, as soon as possible. --------------------------------------------- https://www.wordfence.com/blog/2023/08/critical-privilege-escalation-vulner… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (intel-microcode, lxc, and zabbix), Fedora (clamav), SUSE (python-configobj), and Ubuntu (clamav). --------------------------------------------- https://lwn.net/Articles/942405/ ∗∗∗ IBM Robotic Process Automation is vulnerable to exposure of sensitive information in application logs (CVE-2023-38732) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028221 ∗∗∗ IBM Robotic Process Automation is vulnerable to information disclosure of script content (CVE-2023-40370) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028218 ∗∗∗ Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028226 ∗∗∗ IBM Robotic Process Automation is vulnerable to sensitive information disclosure in installation logs (CVE-2023-38733) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028223 ∗∗∗ A vulnerability in urlib3 affects IBM Robotic Process Automation for Cloud Pak which may result in CRLF injection (CVE-2020-26137). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028229 ∗∗∗ Multiple security vulnerabilities in .NET may affect IBM Robotic Process Automation for Cloud Pak (CVE-2023-24936, CVE-2023-29337, CVE-2023-33128) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028228 ∗∗∗ IBM Robotic Process Automation is vulnerable to incorrect privilege assignment when importing user from an LDAP directory (CVE-2023-38734). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028227 ∗∗∗ AWS SDK for Java as used by IBM QRadar SIEM is vulnerable to path traversal (CVE-2022-31159) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7027598 ∗∗∗ IBM Decision Optimization for Cloud Pak for Data is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6551376 ∗∗∗ IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6551326 ∗∗∗ IBM Informix JDBC Driver Is Vulnerable to Remote Code Execution (CVE-2023-27866) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007615 ∗∗∗ Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2022-21282, CVE-2022-21296, CVE-2022-21299) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6565069 ∗∗∗ A Unspecified Java Vulnerability is affecting Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2021-35550) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6594121 ∗∗∗ Vulnerabilities in Linux kernel, libssh, and Java can affect IBM Spectrum Protect Plus ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028316 ∗∗∗ Vulnerabilities in Oracle Java and the IBM Java SDK (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968 and CVE-2023-21937 ) affect Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028209 ∗∗∗ Multiple Vulnerabilities in IBM\u00ae Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2023 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028350 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.08.2023
by Daily end-of-shift report 21 Aug '23

21 Aug '23

===================== = End-of-Day report = ===================== Timeframe: Freitag 18-08-2023 18:00 − Montag 21-08-2023 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ The Week in Ransomware - August 18th 2023 - LockBit on Thin Ice ∗∗∗ --------------------------------------------- While there was quite a bit of ransomware news this week, the highlighted story was the release of Jon DiMaggios third article in the Ransomware Diaries series, with the focus of this article on the LockBit ransomware operation. --------------------------------------------- https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-augus… ∗∗∗ WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams ∗∗∗ --------------------------------------------- Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker thats engineered to conduct tech support scams.The sophisticated traffic redirection scheme was first documented by Malwarebytes in January 2020, leveraging JavaScript embedded in compromised websites to perform anti-bot and web traffic filtering checks [..] --------------------------------------------- https://thehackernews.com/2023/08/wooflocker-toolkit-hides-malicious.html ∗∗∗ How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes ∗∗∗ --------------------------------------------- >From a user’s perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you’re seeking. Unfortunately, few users understand the implications of the permissions they allow when they create a new OAuth grant, making it easy for malicious actors to manipulate employees into giving away unintended access to corporate environments. --------------------------------------------- https://thehackernews.com/2023/08/how-to-investigate-oauth-grant-for.html ∗∗∗ Journey into Windows Kernel Exploitation: The Basics ∗∗∗ --------------------------------------------- This blogpost embarks on the initial stages of kernel exploitation. The content serves as an introduction, leading to an imminent and comprehensive whitepaper centered around this subject matter. Through this, a foundation is laid for understanding how kernel drivers are developed, as well as basic understanding around key concepts that will be instrumental to comprehending the paper itself. --------------------------------------------- https://blog.neuvik.com/journey-into-windows-kernel-exploitation-the-basics… ∗∗∗ mTLS: When certificate authentication is done wrong ∗∗∗ --------------------------------------------- In this post, well deep dive into some interesting attacks on mTLS authentication. Well have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation, and information leakages. --------------------------------------------- https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done… ∗∗∗ ScienceLogic Dumpster Fire ∗∗∗ --------------------------------------------- In the last email correspondence with the vendor, nearly 9 months ago, the security director asserted that the vulnerabilities were addressed. However, they remained reluctant to proceed with CVE issuance. Considering the extensive duration that’s transpired, we opted to independently proceed with CVE issuance and disclosure. As a result, the vulnerabilities we identified are logged as CVE-2022-48580 through CVE-2022-48604. --------------------------------------------- https://www.securifera.com/blog/2023/08/16/sciencelogic-dumpster-fire/ ∗∗∗ Volatility Workbench: Empowering memory forensics investigations ∗∗∗ --------------------------------------------- Memory forensics plays a crucial role in digital investigations, allowing forensic analysts to extract valuable information from a computers volatile memory. Two popular tools in this field are Volatility Workbench and Volatility Framework. This article aims to compare and explore these tools, highlighting their features and differences to help investigators choose the right one for their needs. --------------------------------------------- https://cybersecurity.att.com/blogs/security-essentials/volatility-workbenc… ∗∗∗ Vorsicht vor Investment-Tipps aus Telegram-Gruppen ∗∗∗ --------------------------------------------- Zahlreiche Telegram-Gruppen wie „Didi Random“, „Glück liebt Geld“ oder „Geld-Leuchtturm“ versprechen schnellen Reichtum. In diesen Gruppen erhalten Sie angebliche Investmenttipps, Erfolgsgeschichten von Anleger:innen und Kontakte zu „Finanz-Gurus“, die Ihnen bei der Geldanlage helfen. Wenn Sie bei den empfohlenen Plattformen investieren, verlieren Sie viel Geld! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-investment-tipps-aus-te… ===================== = Vulnerabilities = ===================== ∗∗∗ WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting (CVE-2023-40068) ∗∗∗ --------------------------------------------- Description: WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability (CWE-79). Impact: An arbitrary script may be executed on the web browser of the user who is logging in to the product with the editor or higher privilege. --------------------------------------------- https://jvn.jp/en/jp/JVN98946408/ ∗∗∗ Multiple vulnerabilities in LuxCal Web Calendar ∗∗∗ --------------------------------------------- Impact: - An arbitrary script may be executed on the web browser of the user who is using the product - CVE-2023-39543 - A remote attacker may execute arbitrary queries against the database and obtain or alter the information in it - CVE-2023-39939 --------------------------------------------- https://jvn.jp/en/jp/JVN04876736/ ∗∗∗ CD_SVA_2023_3: Wibu Systems - CodeMeter Runtime - security vulnerability addressed ∗∗∗ --------------------------------------------- A report has been received for the following security vulnerability in the zenon software platform: CVE-2023-3935 Further details regarding the vulnerability, mitigation options and product fixes that may be available, can be found in [...] --------------------------------------------- https://selfservice.copadata.com/portal/en/kb/articles/cd-sva-2023-3-wibu-s… ∗∗∗ CVE-2023-38035 - Vulnerability affecting Ivanti Sentry ∗∗∗ --------------------------------------------- A vulnerability has been discovered in Ivanti Sentry, formerly MobileIron Sentry. We have reported this as CVE-2023-38035. This vulnerability impacts all supported versions – Versions 9.18. 9.17 and 9.16. Older versions/releases are also at risk. This vulnerability does not affect other Ivanti products or solutions [..] While the issue has a high CVSS score, there is low risk of exploitation for customers who do not expose 8443 to the internet. --------------------------------------------- https://www.ivanti.com/blog/cve-2023-38035-vulnerability-affecting-ivanti-s… ∗∗∗ Update bereits ausgespielt: Kritische Lücke in WinRAR erlaubte Code-Ausführung ∗∗∗ --------------------------------------------- Das verbreitete Kompressionstool WinRAR besaß in älteren Versionen eine schwere Lücke, die beliebige Codeausführung erlaubte. Die aktuelle Version schließt sie. --------------------------------------------- https://heise.de/-9268105 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (fastdds, flask, and kernel), Fedora (chromium, dotnet6.0, dotnet7.0, gerbv, java-1.8.0-openjdk, libreswan, procps-ng, and spectre-meltdown-checker), SUSE (chromium, kernel-firmware, krb5, opensuse-welcome, and python-mitmproxy), and Ubuntu (clamav, firefox, and vim). --------------------------------------------- https://lwn.net/Articles/942311/ ∗∗∗ GraphQL Java component is vulnerable to CVE-2023-28867 is used by IBM Maximo Application Suite ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028108 ∗∗∗ Google Guava component is vulnerable to CVE-2023-2976 is used by IBM Maximo Application Suite ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028091 ∗∗∗ Mutiple Vulnerabilties Affecting IBM Watson Machine Learning Accelerator ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028166 ∗∗∗ IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to denial of service, availability, integrity, and confidentiality impacts due to multiple vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028168 ∗∗∗ IBM Connect:Direct Web Services vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-2454) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028185 ∗∗∗ A security vulnerability in Microsoft.NET affects IBM Robotic Process Automation and may result in a denial of service (CVE-2023-29331). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7026762 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.08.2023
by Daily end-of-shift report 18 Aug '23

18 Aug '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 17-08-2023 18:00 − Freitag 18-08-2023 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ „Ihre Rückerstattung ist online verfügbar“: Phishing-Mail im Namen von oesterreich.gv.at ∗∗∗ --------------------------------------------- Aktuell melden uns zahlreiche Leser:innen eine betrügerische E-Mail, die im Namen von oesterreich.gv.at verschickt wird. In der E-Mail wird behauptet, dass eine Rückerstattung von 176,88 Euro aussteht. Achtung: Dahinter stecken Kriminelle! --------------------------------------------- https://www.watchlist-internet.at/news/ihre-rueckerstattung-ist-online-verf… ∗∗∗ Microsoft: BlackCats Sphynx ransomware embeds Impacket, RemCom ∗∗∗ --------------------------------------------- Microsoft has discovered a new version of the BlackCat ransomware that embeds the Impacket networking framework and the Remcom hacking tool, both enabling spreading laterally across a breached network. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-blackcats-sphynx-… ∗∗∗ From a Zalando Phishing to a RAT, (Fri, Aug 18th) ∗∗∗ --------------------------------------------- Phishing remains a lucrative threat. We get daily emails from well-known brands (like DHL, PayPal, Netflix, Microsoft, Dropbox, Apple, etc). Recently, I received a bunch of phishing emails targeting Zalando customers. Zalando is a German retailer of shoes, fashion across Europe. It was the first time that I saw them used in a phishing campaign. --------------------------------------------- https://isc.sans.edu/diary/rss/30136 ∗∗∗ Critical Security Update for Magento Open Source & Adobe Commerce ∗∗∗ --------------------------------------------- Last week on August 8th, 2023, Adobe released a critical security patch for Adobe Commerce and the Magento Open Source CMS. The patch provides fixes for three vulnerabilities which affect the popular ecommerce platforms. Successful exploitation could lead to arbitrary code execution, privilege escalation and arbitrary file system read. --------------------------------------------- https://blog.sucuri.net/2023/08/critical-security-update-for-magento-adobe-… ∗∗∗ New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools ∗∗∗ --------------------------------------------- Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution. "The Impacket tool has credential dumping and remote service execution modules that could be used for broad deployment of the BlackCat ransomware in target environments," the companys [...] --------------------------------------------- https://thehackernews.com/2023/08/new-blackcat-ransomware-variant-adopts.ht… ∗∗∗ Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams ∗∗∗ --------------------------------------------- [...] another 3 years have gone by and this campaign is still going as if nothing has happened. The tactics and techniques are very similar, but the infrastructure is now more robust than before to defeat potential takedown attempts. [...] This blog post summarizes our latest findings and provides indicators of compromise that may be helpful to the security community. --------------------------------------------- https://www.malwarebytes.com/blog/threat-intelligence/2023/08/wooflocker2 ∗∗∗ Recapping the top stories from Black Hat and DEF CON ∗∗∗ --------------------------------------------- If you’re in the same boat as me and couldn’t attend BlackHat or DEF CON in person, I wanted to use this space to recap what I felt were the top stories and headlines coming out of the various new research that was published, talks, interviews and more. --------------------------------------------- https://blog.talosintelligence.com/threat-source-newsletter-aug-17-2023/ ∗∗∗ NoFilter Attack: Sneaky Privilege Escalation Method Bypasses Windows Security ∗∗∗ --------------------------------------------- A previously undetected attack method called NoFilter has been found to abuse the Windows Filtering Platform (WFP) to achieve privilege escalation in the Windows operating system. "If an attacker has the ability to execute code with admin privilege and the target is to perform LSASS Shtinkering, these privileges are not enough," Ron Ben Yizhak, a security researcher at Deep Instinct, told The Hacker News. "Running as "NT AUTHORITY\SYSTEM" is required. --------------------------------------------- https://thehackernews.com/2023/08/nofilter-attack-sneaky-privilege.html ∗∗∗ Kommentar zum Azure-Master-Key-Diebstahl: Microsofts Reaktion lässt tief blicken ∗∗∗ --------------------------------------------- Microsoft lässt sich einen Signing Key für Azure klauen. Bis jetzt ist die Tragweite des Angriffs unklar. Das ist unverantwortlich, kommentiert Oliver Diedrich. --------------------------------------------- https://heise.de/-9258697 ∗∗∗ Gefälschte Buchungsseite vom Hotel Regina ∗∗∗ --------------------------------------------- Planen Sie gerade einen Urlaub in Wien? Vorsicht, wenn Sie das Hotel Regina buchen wollen. Kriminelle haben eine gefälschte Buchungsseite ins Netz gestellt. Die Internetadresse der betrügerischen Buchungsseite lautet regina-hotel-vienna.h-rez.com. Wenn Sie dort buchen, stehlen Kriminelle Ihnen persönliche Daten und Kreditkartendaten. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-buchungsseite-vom-hotel-… ===================== = Vulnerabilities = ===================== ∗∗∗ 2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution ∗∗∗ --------------------------------------------- Multiple vulnerabilities in the J-Web component of Juniper Networks Junos OS on SRX Series and EX Series have been resolved through the application of specific fixes to address each vulnerability. By chaining exploitation of these vulnerabilities, an unauthenticated, network-based attacker may be able to remotely execute code on the devices. CVE IDs: CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847 --------------------------------------------- https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-B… ∗∗∗ K30444545 : libxslt vulnerability CVE-2019-11068 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K30444545 ∗∗∗ IBM Match 360 is vulnerable to a denial of service due to Apache Commons FileUpload in IBM WebSphere Application Server Liberty (CVE-2023-24998) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7027948 ∗∗∗ IBM Match 360 is vulnerable to a denial of service due to Apache Commons FileUpload in IBM WebSphere Application Server Liberty (CVE-2023-24998) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7027944 ∗∗∗ Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote information transfer due to CouchDB CVE-2023-26268 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028066 ∗∗∗ Multiple vulnerabilities affect IBM SDK, Java Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028074 ∗∗∗ Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028087 ∗∗∗ A security vulnerability has been identified in the Apache POI, which is vulnerable to Denial of Service. (CVE-2017-5644) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/711741 ∗∗∗ AIX is affected by security restrictions bypass (CVE-2023-24329) due to Python ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028095 ∗∗∗ RESTEasy component is vulnerable to CVE-2023-0482 is used by IBM Maximo Application Suite ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028099 ∗∗∗ netplex json-smart-v2 component is vulnerable to CVE-2023-1370 is used by IBM Maximo Application Suite ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7028097 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily August 2023