=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 14-09-2023 18:00 β Freitag 15-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
=====================
= News =
=====================
βββ What is Secure Shell (SSH) & How to Use It: Security & Best Practices βββ
---------------------------------------------
In this blog post, weβre going to delve deeper into what Secure Shell (SSH) is, how it operates, and why itβs useful. Weβll cover everything from the basics of connecting with SSH to common commands and best practices for ensuring secure communications and file transfers.
---------------------------------------------
https://blog.sucuri.net/2023/09/what-is-secure-shell-ssh-how-to-use-it-secuβ¦
βββ A detailed analysis of the Money Message Ransomware βββ
---------------------------------------------
The threat actor group, Money Message ransomware, first appeared in March 2023, demanding million-dollar ransoms from its targets. Its configuration, which contains the services and processes to stop a ransomware attack, can be found at the end of the executable. The ransomware creates a mutex and deletes the Volume Shadow Copies using vssadmin.exe.
---------------------------------------------
https://resources.securityscorecard.com/research/analysis-money-message-ranβ¦
βββ Mehr Sicherheit fΓΌr (Open-)Sourcecode: OpenSSF verΓΆffentlicht Leitfaden βββ
---------------------------------------------
Ein Leitfaden der Open Source Security Foundation zeigt Tools und Best Practices zum Absichern von Code auf Versionsverwaltungsplattformen auf.
---------------------------------------------
https://www.heise.de/-9306112.html
βββ Watch out, this LastPass email with "Important information about your account" is a phish βββ
---------------------------------------------
The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email.
---------------------------------------------
https://www.malwarebytes.com/blog/news/2023/09/nasty-lastpass-phish
βββ Threat Group Assessment: Turla (aka Pensive Ursa) βββ
---------------------------------------------
Pensive Ursa was chosen to be the main focus for the 2023 MITRE ATT&CK evaluation. MITRE has described Turla as being βknown for their targeted intrusions and innovative stealth.β The results of this evaluation, including Palo Alto Networks scoring, will be published in late September 2023.
---------------------------------------------
https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/
βββ Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety βββ
---------------------------------------------
UNC3944 is a financially motivated threat cluster that has persistently used phone-based social engineering and SMS phishing campaigns (smshing) to obtain credentials to gain and escalate access to victim organizations. At least some UNC3944 threat actors appear to operate in underground communities, such as Telegram and underground forums, which they may leverage to acquire tools, services, and/or other support to augment their operations.
---------------------------------------------
https://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-rβ¦
=====================
= Vulnerabilities =
=====================
βββ Jetzt patchen! SicherheitslΓΆsungen von Fortinet als Sicherheitsrisiko βββ
---------------------------------------------
Mehrere Produkte von Fortinet sind verwundbar. Sicherheitsupdates schaffen Abhilfe.
---------------------------------------------
https://www.heise.de/-9306543.html
βββ Management-Controller Lenovo XCC: Angreifer kΓΆnnen PasswΓΆrter manipulieren βββ
---------------------------------------------
Der Computerhersteller Lenovo hat in XClarity Controller mehrere SicherheitslΓΌcken geschlossen.
---------------------------------------------
https://www.heise.de/-9304734.html
βββ Security updates for Friday βββ
---------------------------------------------
Security updates have been issued by Debian (c-ares and samba), Fedora (borgbackup, firefox, and libwebp), Oracle (.NET 6.0 and kernel), Slackware (libwebp), SUSE (chromium and firefox), and Ubuntu (atftp, dbus, gawk, libssh2, libwebp, modsecurity-apache, and mutt).
---------------------------------------------
https://lwn.net/Articles/944581/
βββ QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7032220
βββ Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to HTTP header injection due to Go CVE-2023-29406 βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7032249
βββ Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to bypassing security restrictions due to multiple Node.js vulnerabilities βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7032238
βββ IBM Virtualization Engine TS7700 is susceptible to a denial of service due to use of Apache Commons FileUpload (CVE-2023-24998) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031979
βββ Due to use of Golang Go, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities. βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7032901
βββ Multiple vulnerabilities in jackson-databind affect IBM Application Performance Management products βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7032899
βββ IBM Operational Decision Manager August 2023 - Multiple CVEs addressed βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7032928
βββ Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7029387
βββ CVE-2023-24539, CVE-2023-29400, CVE-2023-29403, CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to Go affect IBM CICS TX Standard 11.1 βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7033006
βββ CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to Go affect IBM CICS TX Advanced 11.1 βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7033004
βββ Vulnerabilities in Golang, openSSH and openJDK might affect IBM Spectrum Copy Data Management βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7029389
βββ Vulnerabilities in snappy-java might affect IBM Spectrum Copy Data Management βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7029381
βββ Vulnerabilities in cURL libcurl might affect IBM Spectrum Copy Data Management βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7029380
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 13-09-2023 18:00 β Donnerstag 14-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
=====================
= News =
=====================
βββ Windows 11 βThemeBleedβ RCE bug gets proof-of-concept exploit βββ
---------------------------------------------
Security researcher Gabe Kirkpatrick has made a proof-of-concept (PoC) exploit available for CVE-2023-38146, aka "ThemeBleed," which enables attackers to trigger arbitrary remote code execution if the target opens a specially crafted .theme file.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/windows-11-themebleed-rce-buβ¦
βββ Top 10 Facts About MOVEit Breach βββ
---------------------------------------------
This breach exposed the vulnerabilities inherent in some of the worldβs most trusted platforms and highlighted the audacity and capabilities of modern cybercriminals. Furthermore, becoming the primary attack vector for the Cl0p ransomware group, it has led to many other attacks.
---------------------------------------------
https://socradar.io/top-10-facts-about-moveit-breach/
βββ Column-Level Encryption 101: What is It, implementation & Benefits βββ
---------------------------------------------
By encrypting individual columns of data, organizations can limit access to the data, reduce the potential damage of a breach and help ensure the privacy of their customers information. In this post, we will explore the power of column-level encryption for data security. So letβs dive in.
---------------------------------------------
https://www.piiano.com/blog/column-level-encryption
βββ Uncursing the ncurses: Memory corruption vulnerabilities found in library βββ
---------------------------------------------
Microsoft has discovered a set of memory corruption vulnerabilities in a library called ncurses, which provides APIs that support text-based user interfaces (TUI). Released in 1993, the ncurses library is commonly used by various programs on Portable Operating System Interface (POSIX) operating systems, including Linux, macOS, and FreeBSD.
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2023/09/14/uncursing-the-ncurβ¦
βββ PSA: Ongoing Webex malvertising campaign drops BatLoader βββ
---------------------------------------------
A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco's brand and is displayed first when performing a Google search.
---------------------------------------------
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/ongoing-webexβ¦
βββ QR-Code in E-Mails von vermeintlichen Lieferanten fΓΌhrt zu Phishing-Seite βββ
---------------------------------------------
Aktuell ist ein besonders perfides Phishing-Mail im Umlauf: Unternehmen werden von ihnen bekannten Lieferanten kontaktiert, die ein Angebot per QR-Code ΓΌbermitteln. Zumindest wird das in der Nachricht behauptet. TatsΓ€chlich fΓΌhrt das Scannen des QR-Codes auf eine Phishing-Seite. Kriminelle versuchen dabei, an die Zugangsdaten fΓΌr das Microsoft-Konto der Mitarbeiter:innen zu kommen.
---------------------------------------------
https://www.watchlist-internet.at/news/qr-code-in-e-mails-von-vermeintlicheβ¦
βββ Vorsicht vor Phishing-E-Mails von "oesterreich.gv.at" & "a-trust.at" βββ
---------------------------------------------
Momentan befinden sich zahlreiche Phishing-Nachrichten von vermeintlich vertrauenswΓΌrdigen Absendern in Umlauf. Die Nachrichten versprechen angebliche RΓΌckerstattungen von Oesterreich.gv.at. Klicken Sie nicht auf die Links, Ihre Daten werden gestohlen!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-phishing-e-mails-von-oeβ¦
=====================
= Vulnerabilities =
=====================
βββ FortiGuard PSIRT Advisories βββ
---------------------------------------------
Fortiguard Labs have released 12 Advisories for FortiADC, FortiAPs, FortiAP-U, FortiClient-EMS, FortiManager & FortiAnalyzer, FortiOS & FortiProxy, FortiPresence, FortiSIEM, FortiTester and FortiWeb. (Severity: 3x High, 8x Medium, 1x Low)
---------------------------------------------
https://fortiguard.fortinet.com/psirt?date=2023&product=FortiWeb,FortiSIEM,β¦
βββ Siemens hat mit 14.09.2023 weitere 2 Security Advisories verΓΆffentlicht βββ
---------------------------------------------
SSA-646240: Sensitive Information Disclosure in SIMATIC PCS neo Administration Console (5.5), SSA-357182: Local Privilege Escalation Vulnerability in Spectrum Power 7 (8.2)
---------------------------------------------
https://www.siemens.com/global/en/products/services/cert.html#SecurityPubliβ¦
βββ Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023) βββ
---------------------------------------------
Last week, there were 107 vulnerabilities disclosed in 89 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week.
---------------------------------------------
https://www.wordfence.com/blog/2023/09/wordfence-intelligence-weekly-wordprβ¦
βββ Security updates for Thursday βββ
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, libwebp, ruby-loofah, and ruby-rails-html-sanitizer), Fedora (open-vm-tools and salt), Oracle (.NET 7.0, dmidecode, flac, gcc, httpd:2.4, keylime, libcap, librsvg2, and qemu-kvm), Red Hat (.NET 6.0 and .NET 7.0), Slackware (libarchive and mozilla), SUSE (chromium and kernel), and Ubuntu (curl, firefox, ghostscript, open-vm-tools, postgresql-9.5, and thunderbird).
---------------------------------------------
https://lwn.net/Articles/944481/
βββ Drupal: Mail Login - Critical - Access bypass - SA-CONTRIB-2023-045 βββ
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-045
βββ Rockwell Automation Pavilion8 βββ
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-07
βββ Palo Alto: CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent (Severity: MEDIUM) βββ
---------------------------------------------
https://security.paloaltonetworks.com/CVE-2023-3280
βββ Palo Alto: CVE-2023-38802 PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software (Severity: HIGH) βββ
---------------------------------------------
https://security.paloaltonetworks.com/CVE-2023-38802
βββ : PostgreSQL Vulnerability Affects IBM Connect:Direct Web Service (CVE-2023-39417) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7032120
βββ CISA Adds Three Known Vulnerabilities to Catalog βββ
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/09/13/cisa-adds-three-known-vuβ¦
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 12-09-2023 18:00 β Mittwoch 13-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
=====================
= News =
=====================
βββ Patchday: Angriffe mittels prΓ€parierter PDF-Dateien auf Adobe Acrobat βββ
---------------------------------------------
Adobe hat in Acrobat und Reader, Connect und Experience Manager mehrere SicherheitslΓΌcken geschlossen.
---------------------------------------------
https://heise.de/-9303487
βββ Notfallpatch sichert Firefox und Thunderbird gegen Attacken ab βββ
---------------------------------------------
Mozilla hat in seinen Webbrowsern und seinem Mailclient eine SicherheitslΓΌcke geschlossen, die Angreifer bereits ausnutzen.
---------------------------------------------
https://heise.de/-9303536
βββ Microsoft Security Update Summary (12. September 2023) βββ
---------------------------------------------
Am 12. September 2023 hat Microsoft Sicherheitsupdates fΓΌr Windows-Clients und -Server, fΓΌr Office- sowie fΓΌr weitere Produkte β verΓΆffentlicht. Die Sicherheitsupdates beseitigen 61 CVE-Schwachstellen, zwei sind 0-day Schwachstellen. Nachfolgend findet sich ein kompakter Γberblick ΓΌber diese Updates [...]
---------------------------------------------
https://www.borncity.com/blog/2023/09/13/microsoft-security-update-summary-β¦
βββ Threat landscape for industrial automation systems. Statistics for H1 2023 βββ
---------------------------------------------
In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%.
---------------------------------------------
https://securelist.com/threat-landscape-for-industrial-automation-systems-sβ¦
βββ Malware distributor Storm-0324 facilitates ransomware access βββ
---------------------------------------------
The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool [...]
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2023/09/12/malware-distributoβ¦
βββ Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints βββ
---------------------------------------------
Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities were released on August 23, 2023, [...]
---------------------------------------------
https://thehackernews.com/2023/09/alert-new-kubernetes-vulnerabilities.html
βββ OpenSSL 1.1.1 reaches end of life for all but the well-heeled βββ
---------------------------------------------
$50k to breathe new life into its corpse. The rest of us must move on to OpenSSL 3.0
OpenSSL 1.1.1 has reached the end of its life, making a move to a later version essential for all, bar those with extremely deep pockets.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2023/09/12/openssl_111_β¦
βββ macOS Info-Stealer Malware βMetaStealerβ Targeting Businesses βββ
---------------------------------------------
The MetaStealer macOS information stealer has been targeting businesses to exfiltrate keychain and other valuable information.
---------------------------------------------
https://www.securityweek.com/macos-info-stealer-malware-metastealer-targetiβ¦
βββ How Next-Gen Threats Are Taking a Page From APTs βββ
---------------------------------------------
Cybercriminals are increasingly trying to find ways to get around security, detection, intelligence and controls as APTs start to merge with conventional cybercrime.
---------------------------------------------
https://www.securityweek.com/how-next-gen-threats-are-taking-a-page-from-apβ¦
βββ How Three Letters Brought Down UK Air Traffic Control βββ
---------------------------------------------
The UK bank holiday weekend at the end of August is a national holiday in which it sometimes seems the entire country ups sticks and makes for somewhere with a beach. This year though, many of them couldnβt, because the countryβs NATS air traffic system went down and stranded many to grumble in the heat of a crowded terminal. At the time it was blamed on faulty flight data, but news now emerges that the data which brought down an entire countryβs air traffic control may have not been faulty at all.
---------------------------------------------
https://hackaday.com/2023/09/13/how-three-letters-brought-down-uk-air-traffβ¦
βββ 3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack βββ
---------------------------------------------
Attackers resorted to new ransomware after deployment of LockBit was blocked on targeted network.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/threat-intelligence/3am-ransβ¦
βββ White House urging dozens of countries to publicly commit to not pay ransoms βββ
---------------------------------------------
The U.S. National Security Council (NSC) is urging the governments of all countries participating in the International Counter Ransomware Initiative (CRI) to issue a joint statement announcing they will not pay ransoms to cybercriminals, according to three sources with knowledge of the plans.
---------------------------------------------
https://therecord.media/counter-ransomware-initiative-members-ransom-paymenβ¦
βββ September 2023 release of new Exchange Server CVEs (resolved by August 2023 Security Updates) βββ
---------------------------------------------
You may have noticed there were several new Exchange Server CVEs that were released today (a part of September 2023 βPatch Tuesdayβ). If you havenβt yet, you can go to the Security Update Guide and filter on Exchange Server under Product Family to review CVE information. The CVEs released today were actually addressed in the August 2023 Exchange Server Security Update (SU). Due to the timing of validation of those fixes and release dates, we decided to release the CVEs as a part of September 2023 βPatch Tuesdayβ release cycle. We know that many customers are accustomed to checking for Microsoft security releases on the second Tuesday of every month, and we did not want these CVEs to go unnoticed.
---------------------------------------------
https://techcommunity.microsoft.com/t5/exchange-team-blog/september-2023-reβ¦
=====================
= Vulnerabilities =
=====================
βββ Security updates for Wednesday βββ
---------------------------------------------
Security updates have been issued by Debian (e2guardian), Fedora (libeconf), Red Hat (dmidecode, kernel, kernel-rt, keylime, kpatch-patch, libcap, librsvg2, linux-firmware, and qemu-kvm), Slackware (mozilla), SUSE (chromium and shadow), and Ubuntu (cups, dotnet6, dotnet7, file, flac, and ruby-redcloth).
---------------------------------------------
https://lwn.net/Articles/944354/
βββ BSRT-2023-001 Vulnerabilities in Management Console and Self Service Impact AtHoc Server βββ
---------------------------------------------
https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumbeβ¦
βββ VU#347067: Multiple BGP implementations are vulnerable to improperly formatted BGP updates βββ
---------------------------------------------
https://kb.cert.org/vuls/id/347067
βββ PHP Shopping Cart-4.2 Multiple-SQLi βββ
---------------------------------------------
https://cxsecurity.com/issue/WLB-2023090037
βββ Cisco IOS XR Software Compression ACL Bypass Vulnerability βββ
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisoβ¦
βββ Cisco IOS XR Software Image Verification Vulnerability βββ
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisoβ¦
βββ Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability βββ
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisoβ¦
βββ Cisco IOS XR Software Model-Driven Programmability Behavior with AAA Authorization βββ
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisoβ¦
βββ Cisco IOS XR Software Connectivity Fault Management Denial of Service Vulnerability βββ
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisoβ¦
βββ Cisco IOS XR Software Access Control List Bypass Vulnerability βββ
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisoβ¦
βββ IBM Security Bulletins βββ
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
βββ K000136157 : sssd vulnerability CVE-2022-4254 βββ
---------------------------------------------
https://my.f5.com/manage/s/article/K000136157?utm_source=f5support&utm_mediβ¦
βββ Trumpf: Multiple Products affected by WIBU Codemeter Vulnerability βββ
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-031/
βββ Elliptic Labs Virtual Lock Sensor Vulnerability βββ
---------------------------------------------
https://support.lenovo.com/product_security/PS500576-ELLIPTIC-LABS-VIRTUAL-β¦
βββ Lenovo XClarity Controller (XCC) Vulnerabilities βββ
---------------------------------------------
https://support.lenovo.com/product_security/PS500578
βββ Intel Dynamic Tuning Technology Advisory βββ
---------------------------------------------
https://support.lenovo.com/product_security/PS500577-INTEL-DYNAMIC-TUNING-Tβ¦
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 11-09-2023 18:00 β Dienstag 12-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
=====================
= News =
=====================
βββ New WiKI-Eve attack can steal numerical passwords over WiFi βββ
---------------------------------------------
A new attack dubbed WiKI-Eve can intercept the cleartext transmissions of smartphones connected to modern WiFi routers and deduce individual numeric keystrokes at an accuracy rate of up to 90%, allowing numerical passwords to be stolen.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-wiki-eve-attack-can-steaβ¦
βββ Free Download Manager backdoored β a possible supply chain attack on Linux machines βββ
---------------------------------------------
Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.
---------------------------------------------
https://securelist.com/backdoored-free-download-manager-linux-malware/11046β¦
βββ Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper βββ
---------------------------------------------
"A phishing email delivers the Word document as an attachment, presenting a deliberately blurred image and a counterfeit reCAPTCHA to lure the recipient into clicking on it," Fortinet FortiGuard Labs researcher Cara Lin said.
---------------------------------------------
https://thehackernews.com/2023/09/sophisticated-phishing-campaign.html
βββ GefΓ€lschte Post-, DHL und UPS-Benachrichtigungen im Umlauf βββ
---------------------------------------------
Sie warten gerade auf ein Paket? Nehmen Sie Benachrichtigungen ΓΌber den Lieferstatus genau unter die Lupe. Momentan kursieren viele betrΓΌgerische Infos. Per E-Mail oder SMS werden Sie informiert, dass noch ZollgebΓΌhren oder Versandkosten bezahlt werden mΓΌssen. Klicken Sie nicht auf den Link. Sie landen auf einer betrΓΌgerischen Seite, die Kreditkartendaten abgreift.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-post-dhl-und-ups-benachrβ¦
βββ Das European Cyber Shield βββ
---------------------------------------------
Die EU will im Rahmen vom "Digital Europe Programme" mit FΓΆrderungen fΓΌr die Vernetzung von SOCs die Sicherheit der EU stΓ€rken und das System ΓΌber einen neuen "Cyber Solidarity Act" dauerhaft einrichten. Ich hab dazu im Rahmen des CSIRTs Network Meetings im Juni einen Vortrag gehalten, dessen Inhalt ich jetzt auf ein ausformuliertes Paper (auf Englisch) erweitert habe.
---------------------------------------------
https://cert.at/de/blog/2023/9/european-cyber-shield
βββ Persistent Threat: New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk βββ
---------------------------------------------
A new vulnerability has been discovered that could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations. This technique could be used to perform a Repojacking attack (hijacking popular repositories to distribute malicious code).
---------------------------------------------
https://checkmarx.com/blog/persistent-threat-new-exploit-puts-thousands-of-β¦
βββ Deleting Your Way Into SYSTEM: Why Arbitrary File Deletion Vulnerabilities Matter βββ
---------------------------------------------
Windows arbitrary file deletion vulnerabilities should no longer be considered mere annoyances or tools for Denial-of-Service (DoS) attacks. Over the past couple of years, these vulnerabilities have matured into potent threats capable of unearthing a portal to full system compromise. This transformation is exemplified in CVE-2023-27470 (an arbitrary file deletion vulnerability in N-Ableβs Take Control Agent with a CVSS Base Score of 8.8) demonstrating that what might initially seem innocuous can, in fact, expose unexpected weaknesses within your system.
---------------------------------------------
https://www.mandiant.com/resources/blog/arbitrary-file-deletion-vulnerabiliβ¦
=====================
= Vulnerabilities =
=====================
βββ NSO-Exploit: Apple fixt auch Γ€ltere Versionen von macOS, iOS und iPadOS βββ
---------------------------------------------
Nach Notfall-Updates fΓΌr aktuelle Betriebssysteme schiebt Apple nun auch Patches fΓΌr Γ€ltere Versionen nach. Man sollte flott aktualisieren.
---------------------------------------------
https://heise.de/-9301842
βββ Patchday: SAP schlieΓt kritische Datenleak-LΓΌcke in BusinessObjects βββ
---------------------------------------------
Es sind wichtige Sicherheitsupdates fΓΌr SAP-Software erschienen. Admins sollten zeitnah handeln.
---------------------------------------------
https://heise.de/-9302399
βββ Security updates for Tuesday βββ
---------------------------------------------
Security updates have been issued by Debian (node-cookiejar and orthanc), Oracle (firefox, kernel, and kernel-container), Red Hat (flac and httpd:2.4), Slackware (vim), SUSE (python-Django, terraform-provider-aws, terraform-provider-helm, and terraform-provider-null), and Ubuntu (c-ares, curl, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-raspi, and linux-ibm, linux-ibm-5.4).
---------------------------------------------
https://lwn.net/Articles/944263/
βββ ICS Patch Tuesday: Critical CodeMeter Vulnerability Impacts Several Siemens Products βββ
---------------------------------------------
ICS Patch Tuesday: Siemens has released 7 new advisories and Schneider Electric has released 1 new advisory.
---------------------------------------------
https://www.securityweek.com/ics-patch-tuesday-critical-codemeter-vulnerabiβ¦
βββ WebKitGTK and WPE WebKit Security Advisory WSA-2023-0008 βββ
---------------------------------------------
CVE identifiers: CVE-2023-28198, CVE-2023-32370,CVE-2023-40397.
---------------------------------------------
https://webkitgtk.org/security/WSA-2023-0008.html
βββ Google Chrome 116.0.5845.187/.188 fixt kritische Schwachstelle βββ
---------------------------------------------
Google hat zum 11. September 2023 Updates des Google Chrome Browsers 116 im Stable und Extended Channel fΓΌr Mac, Linux und Windows freigegeben. Es sind Sicherheitsupdates, die ausgerollt werden und eine Schwachstelle (Einstufung als "kritisch") beseitigen sollen.
---------------------------------------------
https://www.borncity.com/blog/2023/09/11/google-chrome-116-0-5845-187-188-fβ¦
βββ Fujitsu Software Infrastructure Manager βββ
---------------------------------------------
An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and storage of authorization credentials in cleartext.
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-02
βββ Sicherheitsupdates in Foxit PDF Reader 2023.2 und Foxit PDF Editor 2023.2 verfΓΌgbar βββ
---------------------------------------------
https://www.foxit.com/de/support/security-bulletins.html
βββ Hitachi Energy Lumada APM Edge βββ
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-01
βββ Multiple vulnerabilities in OpenSSL affect AIX βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031625
βββ Control Access issues in PCOMM βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031707
βββ Multiple Security vulnerabilities in IBM Java in FileNet Content Manager βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7001699
βββ A vulnerability in FasterXML Jackson Core may affect IBM Robotic Process Automation and result in an application crash (IBM X-Force ID: 256137). βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031716
βββ IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable could provide weaker than expected security. βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031051
βββ Vulnerability in Open JDK affecting Rational Functional Tester βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031729
βββ IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules tough-cookie and semver (CVE-2023-26136, CVE-2022-25883). βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031733
βββ IBM Cloud Pak for Security includes components with multiple known vulnerabilities βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031754
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 08-09-2023 18:00 β Montag 11-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
=====================
= News =
=====================
βββ Microsoft Teams phishing attack pushes DarkGate malware βββ
---------------------------------------------
A new phishing campaign is abusing Microsoft Teams messages to send malicious attachments that install the DarkGate Loader malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-teams-phishing-attβ¦
βββ Facebook Messenger phishing wave targets 100K business accounts per week βββ
---------------------------------------------
Hackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/facebook-messenger-phishing-β¦
βββ From Caribbean shores to your devices: analyzing Cuba ransomware βββ
---------------------------------------------
The article analyzes the malicious tactics, techniques and procedures (TTP) used by the operator of the Cuba ransomware, and details a Cuba attack incident.
---------------------------------------------
https://securelist.com/cuba-ransomware/110533/
βββ New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World βββ
---------------------------------------------
A new malware loader called HijackLoader is gaining traction among the cybercriminal community to deliver various payloads such as DanaBot, SystemBC, and RedLine Stealer.
---------------------------------------------
https://thehackernews.com/2023/09/new-hijackloader-modular-malware-loader.hβ¦
βββ Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows βββ
---------------------------------------------
A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium. The activity has been codenamed Steal-It by Zscaler ThreatLabz.
---------------------------------------------
https://thehackernews.com/2023/09/cybercriminals-using-powershell-to.html
βββ Passwortmanager: LastPass-Hacker scheinen Kennworttresore zu knacken βββ
---------------------------------------------
Cyberkriminelle haben vergangenes Jahr LastPass-Kennworttresore kopiert. Nun scheinen sie diese zu knacken und Krypto-Wallets leerzurΓ€umen.
---------------------------------------------
https://heise.de/-9300583
βββ From ERMAC to Hook: Investigating the technical differences between two Android malware variants βββ
---------------------------------------------
Hook and ERMAC are Android based malware families that are both advertised by the actor named βDukeEugeneβ. Hook is the latest variant to be released by this actor and was first announced at the start of 2023. In this announcement, the actor claims that Hook was written from scratch [1]. In our research, we have analysed two samples of Hook and two samples of ERMAC to further examine the technical differences between these malware families.
---------------------------------------------
https://research.nccgroup.com/2023/09/11/from-ermac-to-hook-investigating-tβ¦
βββ Zahlreiche unseriΓΆse Dirndl-Shops im Umlauf βββ
---------------------------------------------
Wiesenzeit ist Dirndlzeit! Das wissen auch unseriΓΆse Shop-Betreiber:innen. Damit mΓΆglichst viele potenzielle Opfer davon erfahren, wird auf Werbung via Facebook und Instagram gesetzt. Versprochen werden hochwertige Dirndl zu einem unschlagbar gΓΌnstigen Preis. Erfahrungsberichte zeigen jedoch, dass nur minderwertige Kleidung bei den Konsument:innen ankommt.
---------------------------------------------
https://www.watchlist-internet.at/news/zahlreiche-unserioese-dirndl-shops-iβ¦
βββ A classification of CTI Data feeds βββ
---------------------------------------------
We at CERT.at process and share a wide selection of cyber threat intelligence (CTI) as part of our core mission as Austriaβs hub for IT security information. Right now, we are involved in two projects that involve the purchase of commercial CTI. I encountered some varying views on what CTI is and what one should do with the indicators of compromise (IoCs) that are part of a CTI feed. This blog post describes my view on this topic.
---------------------------------------------
https://cert.at/en/blog/2023/9/cti-data-feeds
=====================
= Vulnerabilities =
=====================
βββ Pyramid vulnerable to directory traversal βββ
---------------------------------------------
Pyramid provided by Pylons Project contains a directory traversal vulnerability.
---------------------------------------------
https://jvn.jp/en/jp/JVN41113329/
βββ HPE OneView: Kritische LΓΌcke erlaubt Umgehung von Authentifizierung βββ
---------------------------------------------
HPE warnt vor mehreren SicherheitslΓΌcken in OneView, einer Infrastrukurverwaltungssoftware. Angreifer kΓΆnnten etwa die Anmeldung umgehen.
---------------------------------------------
https://heise.de/-9301047
βββ Security updates for Monday βββ
---------------------------------------------
Security updates have been issued by Debian (frr, kernel, libraw, mutt, and open-vm-tools), Fedora (cjose, pypy, vim, wireshark, and xrdp), Gentoo (apache), Mageia (chromium-browser-stable, clamav, ghostscript, librsvg, libtiff, openssl, poppler, postgresql, python-pypdf2, and unrar), Red Hat (flac), SUSE (firefox, geoipupdate, icu73_2, libssh2_org, rekor, skopeo, and webkit2gtk3), and Ubuntu (linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp-5.4, linux-gkeop, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux-gcp, linux-gcp-6.2, linux-ibm, linux-oracle, linux-starfive, linux-gcp-5.15, linux-gkeop-5.15, and opendmarc).
---------------------------------------------
https://lwn.net/Articles/944190/
βββ Security updates available in PDF-XChange Editor/Tools 10.1.0.380 βββ
---------------------------------------------
https://www.tracker-software.com/support/security-bulletins.html
βββ Mattermost security updates 8.1.2 (ESR) / 8.0.3 / 7.8.11 (ESR) released βββ
---------------------------------------------
https://mattermost.com/blog/mattermost-security-updates-8-1-2-esr-8-0-3-7-8β¦
βββ AIX is vulnerable to arbitrary command execution (CVE-2023-26286) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/6983236
βββ IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in TensorFlow βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031271
βββ Vulnerability in BIND affects IBM Integrated Analytics System (Sailfish)[CVE-2023-2828] βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031294
βββ Vulnerability in OpenSSH affects IBM Integrated Analytics System (Sailfish)[CVE-2023-38408] βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031293
βββ Vulnerabilities in IBM Websphere Application Server affects IBM Application Performance Management. βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031576
βββ Due to use of, IBM Application Performance Management is vulnerable to a local authenticated attacker to obtain sensitive information. βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031614
βββ A vulnerability in Microsoft .NET may affect IBM Robotic Process Automation allowing an attacker to conduct spoofing attacks (CVE-2022-34716) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031620
βββ A vulnerability in Microsoft .NET Core may affect IBM Robotic Process Automation and result in a remote attacker obtaining sensitive information (CVE-2018-8292). βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7029529
βββ A vulnerability in Microsoft .NET Framework may affect IBM Robotic Process Automation and result in an exposure of sensitive information (CVE-2022-41064) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031621
βββ IBM Robotic Process Automation could disclose sensitive information from access to RPA scripts, workflows and related data (CVE-2023-38718) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031619
βββ IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap [CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115] βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031624
βββ A vulnerability in Newtonsoft.Json may affect IBM Robotic Process Automation and result in a denial of service (IBM X-Force ID: 234366). βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7031623
βββ IBM Cognos Command Center is affected by multiple vulnerabilities (CVE-2023-21939, CVE-2023-21967, CVE-2022-29117, XFID: 234366) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7012455
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 07-09-2023 18:00 β Freitag 08-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
=====================
= News =
=====================
βββ Post-Quantum Cryptography βββ
---------------------------------------------
Das Aufkommen von fΓ€higen Quantencomputern hat massive Seiteneffekte auf die Sicherheit diverser kryptografischer Grundoperationen. Diese sind in den letzten Jahren zu essentiellen Bausteinen unserer IT Architektur β insbesondere in vernetzten Systemen β geworden. Noch funktioniert alles, aber wenn wir nicht bald anfangen, uns auf die diese kommende Gefahr vorzubereiten, dann wird die Transition zu βpost-quantum cryptographyβ eine Schmerzhafte werden. [..] Ich darf nΓ€chste Woche bei einer Veranstaltung dazu am Podium sitzen. Und wenn ich mich schon darauf vorbereite, dann teile ich doch gleich meine Quellen und Schlussfolgerungen.
---------------------------------------------
https://cert.at/de/blog/2023/9/post-quantum-cryptography
βββ CISA warns of critical Apache RocketMQ bug exploited in attacks βββ
---------------------------------------------
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added to its catalog of known exploited vulnerabilities (KEV) a critical-severity issue tracked as CVE-2023-33246 that affects Apaches RocketMQ distributed messaging and streaming platform.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-apachβ¦
βββ Paranoids Vulnerability Research: Ivanti Issues Security Alert βββ
---------------------------------------------
The vulnerability allowed for remote code execution β giving a bad actor a method to distribute malicious software through a tool that sends out security updates. And, as part of the research process, we confirmed the feasibility of this by developing an end-to-end exploit that showcases how malware can be distributed to managed endpoints (demo).
---------------------------------------------
https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-ivanti-β¦
βββ Malvertising-Kampagne will Mac-Nutzern Atomic Stealer unterjubeln βββ
---------------------------------------------
IT-Forscher beobachten eine Malvertising-Kampagne, deren Urheber Mac-Nutzern den Atomic Stealer unterschieben wollen. Der klaut etwa Krypto-WΓ€hrungen.
---------------------------------------------
https://heise.de/-9298637
βββ Emsisoft Tells Users to Update Products, Reboot Systems Due to Certificate Mishap βββ
---------------------------------------------
The problem, the company says, affects its Extended Validation (EV) code signing certificate that was renewed on August 23 and used to sign all program files compiled after that date, including the latest software version, released on September 4.
---------------------------------------------
https://www.securityweek.com/emsisoft-tells-users-to-update-products-rebootβ¦
βββ New Phishing Campaign Launched via Google Looker Studio βββ
---------------------------------------------
Cybersecurity firm Check Point is warning of a new type of phishing attacks that abuse Google Looker Studio to bypass protections.
---------------------------------------------
https://www.securityweek.com/new-phishing-campaign-launched-via-google-lookβ¦
βββ MAR-10454006.r5.v1 SUBMARINE, SKIPJACK, SEASPRAY, WHIRLPOOL, and SALTWATER Backdoors βββ
---------------------------------------------
CISA obtained five malware samples - including artifacts related to SUBMARINE, SKIPJACK, SEASPRAY, WHIRLPOOL, and SALTWATER backdoors. The device was compromised by threat actors exploiting CVE-2023-2868, a former zero-day vulnerability affecting versions 5.1.3.001-9.2.0.006 of Barracuda Email Security Gateway (ESG).
---------------------------------------------
https://www.cisa.gov/news-events/analysis-reports/ar23-250a-0
βββ W3LL-Phishing Kit kann Multifaktor-Authentifizierung aushebeln; Tausende von Microsoft 365-Konten gekapert βββ
---------------------------------------------
Der in Singapur angesiedelte Sicherheitsanbieter Group-IB hat die Tage einen Sicherheits-Report verΓΆffentlicht, der auf spezielle AktivitΓ€ten einer W3LL genannten Gruppe von Cyberkriminellen hinweist. Die Cybergang hat ein spezielles Phishing-Kit entwickelt, um Microsoft 365-Konten zu kapern und bietet diese Dienstleistung mindestens 500 anderen Cybergangs ΓΌber einen geheimen W3LL Store an.
---------------------------------------------
https://www.borncity.com/blog/2023/09/08/w3ll-phishing-kit-kann-multifaktorβ¦
βββ A Deep Dive into 70 Layers of Obfuscated Info-Stealer Malware βββ
---------------------------------------------
In the battle of hackers against defenders, we consistently find hackers trying to disguise their true intent. We have analyzed an interesting sample that was armed with multiple layers of obfuscation. These packages were quite the challenge.
---------------------------------------------
https://checkmarx.com/blog/a-deep-dive-into-70-layers-of-obfuscated-info-stβ¦
=====================
= Vulnerabilities =
=====================
βββ Sicherheitsupdates fΓΌr macOS, iOS/iPadOS schlieΓen zwei 0-Days der NSO-Group (Pegasus Spyware) βββ
---------------------------------------------
Apple hat zum 7. September 2023 wieder einen Schwung Sicherheitsupdates fΓΌr seine Betriebssysteme macOS, iOS/iPadOS und auch WatchOS verΓΆffentlicht. Mit diesen Updates werden zwei 0-Day-Schwachstellen geschlossen, die von der Pegasus Spyware der NSO-Group fΓΌr die Γberwachung von MobilgerΓ€ten missbraucht wurden.
---------------------------------------------
https://www.borncity.com/blog/2023/09/08/sicherheitsupdates-fr-macos-ios-ipβ¦
βββ OpenSSL Security Advisory [8th September 2023] βββ
---------------------------------------------
POLY1305 MAC implementation corrupts XMM registers on Windows (CVE-2023-4807). Severity: Low
---------------------------------------------
https://www.openssl.org/news/secadv/20230908.txt
βββ QNAP Security Advisories 2023-09-08 βββ
---------------------------------------------
QNAP has released 4 security advisories: (1x High, 3x Medium)
---------------------------------------------
https://www.qnap.com/en-us/security-advisories?ref=security_advisory_details
βββ Security updates for Friday βββ
---------------------------------------------
Security updates have been issued by Debian (chromium, libssh2, memcached, and python-django), Fedora (netconsd), Oracle (firefox and thunderbird), Scientific Linux (firefox), SUSE (open-vm-tools), and Ubuntu (grub2-signed, grub2-unsigned, shim, and shim-signed, plib, and python2.7, python3.5).
---------------------------------------------
https://lwn.net/Articles/943990/
βββ Notepad++ v8.5.7 fixt Schwachstellen βββ
---------------------------------------------
Mitte August 2023 hatte Sicherheitsforscher Jaroslav Lobacevski vier Schwachstellen (CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166) im Editor Notepad ++ fΓΌr Windows ΓΆffentlich gemacht. Die Einstufung der Schwachstellen reicht von mittel bis hoch. Der Entwickler hat diese Schwachstellen, nachdem ihm diese seit Monaten bekannt sind, nun mit dem Update auf Notepad++ v8.5.7 beseitigt.
---------------------------------------------
https://www.borncity.com/blog/2023/09/08/notepad-v8-5-7-fixt-schwachstellen/
βββ PHOENIX CONTACT: Multiple vulnerabilities in WP 6xxx Web panels βββ
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-018/
βββ IBM Security Bulletins βββ
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 06-09-2023 18:00 β Donnerstag 07-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Robert Waldner
=====================
= News =
=====================
βββ Next-Generation Context Aware Password Cracking βββ
---------------------------------------------
TLDR; Using ChatGPT, an attacker can generate a list of password guesses based on the context of the target such as a companyβs description or social media accounts.
---------------------------------------------
https://medium.com/@doctoreww/next-generation-context-aware-password-crackiβ¦
βββ Cisco warnt vor teils kritischen LΓΌcken und liefert Updates fΓΌr mehrere Produkte βββ
---------------------------------------------
In mehreren Cisco-Produkten lauern SicherheitslΓΌcken, die Updates schlieΓen sollen. Eine gilt sogar als kritisch.
---------------------------------------------
https://heise.de/-9297182
βββ FreeWorld ransomware attacks MSSQLβget your databases off the Internet βββ
---------------------------------------------
When we think of ransomware and brute force password guessing attacks, we normally think of RDP, but recent research from Securonix reminds us that anything secured with a password and exposed to the internet is of interest to cybercriminals.
---------------------------------------------
https://www.malwarebytes.com/blog/news/2023/09/freeworld-ransomware-attacksβ¦
βββ Ozempic, Wegovy & Co: Vorsicht vor Fake-Shops mit βSchlankheitsmittelnβ βββ
---------------------------------------------
Diabetes-Medikamente wie Ozempic, Saxenda oder Metformin sind seit einiger Zeit von LieferengpΓ€ssen betroffen. Der Grund: Elon Musk, Kim Kardashian und andere Prominente nutzen diese und Γ€hnliche Medikamente zum Abnehmen, der Hype dieser βAbnehmspritzenβ lieΓ nicht lange auf sich warten. Ein Trend, den sich auch Kriminelle zunutze machen. Sie bieten die eigentlich verschreibungspflichtigen Medikamente in Fake-Shops als Schlankheitsmittel an.
---------------------------------------------
https://www.watchlist-internet.at/news/ozempic-wegovy-co-vorsicht-vor-fake-β¦
βββ A classification of CTI Data feeds βββ
---------------------------------------------
We at CERT.at process and share a wide selection of cyber threat intelligence (CTI) as part of our core mission as Austriaβs hub for IT security information. Right now, we are involved in two projects that involve the purchase of commercial CTI. I encountered some varying views on what CTI is and what one should do with the indicators of compromise (IoCs) that are part of a CTI feed. This blog post describes my view on this topic.
---------------------------------------------
https://cert.at/en/blog/2023/9/cti-data-feeds
βββ Cybercriminals target graphic designers with GPU miners βββ
---------------------------------------------
Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware including PhoenixMiner and lolMiner on infected machines.
---------------------------------------------
https://blog.talosintelligence.com/cybercriminals-target-graphic-designers-β¦
βββ CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells βββ
---------------------------------------------
This Cybersecurity Advisory has been updated with new tactics, techniques, and procedures (TTPs) as well as indicators of compromise (IOCs) received from an additional victim and trusted third parties.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/09/06/cisa-releases-update-thrβ¦
βββ MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 βββ
---------------------------------------------
CISA received 4 files for analysis from an incident response engagement conducted at an Aeronautical Sector organization [..] CISA has provided indicators of compromise (IOCs) and YARA rules for detection within this Malware Analysis Report (MAR).
---------------------------------------------
https://www.cisa.gov/news-events/analysis-reports/ar23-250a
=====================
= Vulnerabilities =
=====================
βββ Aruba-Controller und -Gateways mit hochriskanten SicherheitslΓΌcken βββ
---------------------------------------------
FΓΌr Aruba-Controller und -Gateways der Serien 9000 und 9200 gibt es Updates, die hochriskante SicherheitslΓΌcken schlieΓen.
---------------------------------------------
https://heise.de/-9297925
βββ Cisco Security Advisories 2023-09-06 - 2023-09-06 βββ
---------------------------------------------
Cisco has released 6 security advisories: (1x Critical, 1x High, 4x Medium)
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/Search.x?publicationTypeIDsβ¦
βββ Sicherheitsupdates: Unbefugte Zugriffe auf TP-Link-Router mΓΆglich βββ
---------------------------------------------
Angreifer kΓΆnnen verschiedene Router von TP-Link attackieren und im schlimmsten Fall eigene Befehle auf GerΓ€ten ausfΓΌhren.
---------------------------------------------
https://heise.de/-9297306
βββ 2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution βββ
---------------------------------------------
Update - September 5th 2023: A new variant of the SRX upload vulnerability has been published by external researchers (CVE-2023-36851). All fixes listed under Solution below break the RCE chain
---------------------------------------------
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bβ¦
βββ Wordfence Intelligence Weekly WordPress Vulnerability Report (August 28, 2023 to September 3, 2023) βββ
---------------------------------------------
Last week, there were 64 vulnerabilities disclosed in 61 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week.
---------------------------------------------
https://www.wordfence.com/blog/2023/09/wordfence-intelligence-weekly-wordprβ¦
βββ Security updates for Thursday βββ
---------------------------------------------
Security updates have been issued by Fedora (erofs-utils, htmltest, indent, libeconf, netconsd, php-phpmailer6, tinyexr, and vim), Red Hat (firefox), and Ubuntu (linux-aws, linux-aws-5.15, linux-ibm-5.15, linux-oracle, linux-oracle-5.15, linux-azure, linux-azure-fde-5.15, linux-gke, linux-gkeop, linux-intel-iotg-5.15, linux-raspi, linux-oem-6.1, linux-raspi, linux-raspi-5.4, shiro, and sox).
---------------------------------------------
https://lwn.net/Articles/943856/
βββ CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed) βββ
---------------------------------------------
CVE-2023-4528 affects all versions of JSCAPE MFT Server prior to version 2023.1.9 on all platforms (Windows, Linux, and MacOS). See the JSCAPE advisory for more information [..] CVE-2023-4528 has been addressed in JSCAPE version 2023.1.9 which is now available for customer deployment.
---------------------------------------------
https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserializatβ¦
βββ CISA Releases Four Industrial Control Systems Advisories βββ
---------------------------------------------
ICSA-23-250-01 Dover Fueling Solutions MAGLINK LX Console (CVSS v3 9.1),
ICSA-23-250-02 Phoenix Contact TC ROUTER and TC CLOUD CLIENT (CVSS v3 9.6),
ICSA-23-250-03 Socomec MOD3GP-SY-120K (CVSS v3 10.0),
ICSA-23-157-01 Delta Electronics CNCSoft-B DOPSoft (Update) (CVSS v3 7.8)
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/09/07/cisa-releases-four-indusβ¦
βββ Drupal: WebProfiler - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-044 βββ
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-044
βββ Drupal: highlight.php - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-043 βββ
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-043
βββ IBM Security Bulletins βββ
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 05-09-2023 18:00 β Mittwoch 06-09-2023 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
βββ Patchday: Schadcode-Attacken auf Android 11, 12, 13 mΓΆglich βββ
---------------------------------------------
Google und weitere Hersteller von Android-GerΓ€ten haben wichtige Sicherheitsupdates verΓΆffentlicht.
---------------------------------------------
https://heise.de/-9296497
βββ Microsoft ΓΌberarbeitet Downfall-Empfehlungen; MSI liefert BIOS-Update fΓΌr UNSUPPORTED_PROCESSOR-Problem βββ
---------------------------------------------
Im August war die sogenannte Downfall-Schwachstelle in Prozessoren bekannt geworden, die ein AbflieΓen von Informationen ermΓΆglicht. Nun hat Microsoft seinen Support-Beitrag mit Hinweisen zur Downfall-Schwachstelle unter Windows aktualisiert und Informationen zum Deaktivieren der SchutzmaΓnahmen entfernt. Weiterhin gab es nach Installation [..]
---------------------------------------------
https://www.borncity.com/blog/2023/09/06/microsoft-berarbeitet-downfall-empβ¦
βββ Pandoras box is now open: the well-known Mirai trojan arrives in a new disguise to Android-based TV sets and TV boxes βββ
---------------------------------------------
Doctor Web has identified a family of Android.Pandora trojans that compromise Android devices, either during firmware updates or when applications for viewing pirated video content are installed. This backdoor inherited its advanced DDoS-attack capabilities from its ancestor, the well-known Linux.Mirai trojan.
---------------------------------------------
https://news.drweb.com/show/?i=14743
βββ Security Relevant DNS Records, (Wed, Sep 6th) βββ
---------------------------------------------
DNS has a big security impact. DNS is in part responsible for your traffic reaching the correct host on the internet. But there is more to DNS then name resolution. I am going to mention a few security relevant record types here, in no particular order: [..]
---------------------------------------------
https://isc.sans.edu/diary/rss/30194
βββ Bogus URL Shorteners Go Mobile-Only in AdSense Fraud Campaign βββ
---------------------------------------------
Since September 2022, our team has been tracking a bogus URL shortener redirect campaign that started with just a single domain: ois[.]is. By the beginning of 2023, this malware campaign had expanded to over a hundred domain names to redirect traffic to low quality Q&A sites and monetize traffic via Google AdSense. In fact, since the beginning of this year alone, Sucuriβs remote website scanner has detected various strains of this malware on over 24,000 websites.
---------------------------------------------
https://blog.sucuri.net/2023/09/bogus-url-shorteners-go-mobile-only-in-adseβ¦
βββ Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant βββ
---------------------------------------------
The Iranian threat actor tracked as APT34 has been linked to a new phishing attack that leads to the deployment of a variant of a backdoor called SideTwist. βAPT34 has a high level of attack technology, can design different intrusion methods for different types of targets, and has supply chain attack capability,β NSFOCUS Security Labs said in a report published last week.
---------------------------------------------
https://thehackernews.com/2023/09/alert-phishing-campaigns-deliver-new.html
βββ Lord Of The Ring0 - Part 5 βββ
---------------------------------------------
In this blog post, Iβll explain two common hooking methods (IRP Hooking and SSDT Hooking) and two different injection techniques from the kernel to the user mode for both shellcode and DLL (APC and CreateThread) with code snippets and examples from Nidhogg.
---------------------------------------------
https://idov31.github.io/2023/07/19/lord-of-the-ring0-p5.html
βββ A review of SolarWinds attack on Orion platform using persistent threat agents and techniques for gaining unauthorized access βββ
---------------------------------------------
This paper of work examines the SolarWinds attack, designed on Orion Platform security incident. It analyses the persistent threats agents and potential technical attack techniques to gain unauthorized access. [..] It concludes with necessary remediation actions on cyber hygiene countermeasures, common vulnerabilities and exposure analysis and solutions.
---------------------------------------------
https://arxiv.org/abs/2308.10294
βββ What is ISO 27002:2022 Control 8.9? A Quick Look at the Essentials βββ
---------------------------------------------
Configuration management is now presented as a new control in the new, revised edition of ISO 27002:2022 (Control 8.9). It is a crucial component of an organizations security management. This blog will guide you through the essentials of Control 8.9.
---------------------------------------------
https://www.tripwire.com/state-of-security/what-iso-270022022-control-89-quβ¦
βββ Peeking under the bonnet of the Litter Robot 3 βββ
---------------------------------------------
I began to wonder what interesting things I may find when doing a small tear down of the Litter Robotβs components including the PCB, firmware, and mobile application. [..] So, please follow me on my journey to understanding the extraction and analysis of an ESP32 IOT device, reverse engineering a Flutter mobile application, and capturing and analysing the network traffic between the device, the mobile app and the internet.
---------------------------------------------
https://www.elttam.com/blog/re-of-lr3/
βββ Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach βββ
---------------------------------------------
[..] Palant said while LastPass indeed improved its master password defaults in 2018, it did not force all existing customers who had master passwords of lesser lengths to pick new credentials [..] Palant believes LastPass also failed to upgrade many older, original customers to more secure encryption protections [..] According to MetaMaskβs Monahan, users who stored any important passwords with LastPass [..] should change those credentials immediately
---------------------------------------------
https://krebsonsecurity.com/2023/09/experts-fear-crooks-are-cracking-keys-sβ¦
βββ Android 14 blocks all modification of system certificates, even as root βββ
---------------------------------------------
If youre an Android developer, tester, reverse engineer, or anybody else interested in directly controlling who your device trusts, this is going to create some new challenges. Before we get into the finer details, first I want to talk a little about the context around Android CA management and how we got here [..]
---------------------------------------------
https://httptoolkit.com/blog/android-14-breaks-system-certificate-installatβ¦
βββ You patched yet? Years-old Microsoft security holes still hot targets for cyber-crooks βββ
---------------------------------------------
And so we can believe it when Qualys yesterday said 15 of the 20 most-exploited software vulnerabilities it has observed are in Microsofts code. [..] The No. 1 flaw on the list was patched in November 2017, a code execution hole in Microsoft Offices Equation Editor wed have hoped had been mostly mitigated by now.
---------------------------------------------
https://www.theregister.com/2023/09/05/qualys_top_20_vulnerabilities/
βββ Code Vulnerabilities Leak Emails in Proton Mail βββ
---------------------------------------------
In this blog post, we first present the technical details of the vulnerabilities we found in Proton Mail. We show how an innocent-looking piece of code led to a Cross-Site Scripting issue that made it possible for attackers to steal unencrypted emails and impersonate victims. As part of a 3-post series, we will cover other severe vulnerabilities we found in Skiff and Tutanota Desktop in the coming weeks.
---------------------------------------------
https://www.sonarsource.com/blog/code-vulnerabilities-leak-emails-in-protonβ¦
βββ 4,500 of the Top 1 Million Websites Leaked Source Code, Secrets βββ
---------------------------------------------
We scanned the Alexa Top 1 Million Websites for leaked secrets. We found thousands of exposed source code repositories and hundreds of live API keys. These are our top 5 takeaways
---------------------------------------------
https://trufflesecurity.com/blog/4500-of-the-top-1-million-websites-leaked-β¦
βββ Apache Superset Part II: RCE, Credential Harvesting and More βββ
---------------------------------------------
In this post, we disclose all the issues weβve reported to Superset, including two new high severity vulnerabilities, CVE-2023-39265 and CVE-2023-37941, that are fixed in the just released 2.1.1 version of Superset. We strongly recommend that all Superset users upgrade to this version.
---------------------------------------------
https://www.horizon3.ai/apache-superset-part-ii-rce-credential-harvesting-aβ¦
βββ New phishing tool hijacked thousands of Microsoft business email accounts βββ
---------------------------------------------
Researchers have uncovered a hidden βphishing empireβ targeting businesses in Europe, Australia and the U.S. with a sophisticated new tool. A hacking group called W3LL, which has been active since at least 2017, has created an English-language underground marketplace to sell a phishing kit that can bypass multi-factor authentication, according to a report [..]
---------------------------------------------
https://therecord.media/w3ll-phishing-toolkit-bec-microsoft-365-accounts
βββ Distribution of Backdoor via Malicious LNK: RedEyes (ScarCruft) βββ
---------------------------------------------
AhnLab Security Emergency response Center (ASEC) has confirmed that malware [1], which was previously distributed in CHM format, is now being distributed in LNK format. This malware executes additional scripts located at a specific URL through the mshta process. It then receives commands from the threat actorβs server to carry out additional malicious behaviors.
---------------------------------------------
https://asec.ahnlab.com/en/56756/
βββ SapphireStealer: Open-source information stealer enables credential and data theft βββ
---------------------------------------------
SapphireStealer appears to be delivered as part of a multi-stage infection process, with threat actors leveraging open-source malware downloaders like FUD-Loader to deliver SapphireStealer to potential victims.
---------------------------------------------
https://blog.talosintelligence.com/sapphirestealer-goes-open-source/
βββ Threat Actor Continues to Plague the Open-Source Ecosystem with Sophisticated Info-Stealing Malware βββ
---------------------------------------------
In May, we sounded the alarm about PYTA31, an advanced persistent threat actor distributing the βWhiteSnakeβ malware. Since then, weβve been rigorously monitoring this group, which has been active from April through mid-August, distributing malicious PyPI packages laced with βWhiteSnake Malware.β
---------------------------------------------
https://checkmarx.com/blog/threat-actor-continues-to-plague-the-open-sourceβ¦
=====================
= Vulnerabilities =
=====================
βββ Sicherheitsupdates: Angreifer kΓΆnnen Kontrolle ΓΌber Asus-Router erlangen βββ
---------------------------------------------
Mehrere SicherheitslΓΌcken gefΓ€hrden verschiedene Router-Modelle von Asus. Patches sichern GerΓ€te ab.
---------------------------------------------
https://heise.de/-9296210
βββ Webbrowser: Hochriskante Schwachstellen in Google Chrome geschlossen βββ
---------------------------------------------
Google stopft mit aktualisiertern Chrome-Versionen vier als hochriskant eingestufte SicherheitslΓΌcken.
---------------------------------------------
https://heise.de/-9295977
βββ Researchers Discover Critical Vulnerability in PHPFusion CMS βββ
---------------------------------------------
No patch is available yet for the bug, which can enable remote code execution under the correct circumstances.
---------------------------------------------
https://www.darkreading.com/application-security/researchers-discover-critiβ¦
βββ Forthcoming OpenSSL Release βββ
---------------------------------------------
The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1w. This release will be made available on Monday 11th September 2023 between 1300-1700 UTC. This is a security-fix release. The highest severity issue fixed in this release is Low
---------------------------------------------
https://mta.openssl.org/pipermail/openssl-announce/2023-September/000271.htβ¦
βββ 2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution βββ
---------------------------------------------
2023-09-05: Important update for SRX customers
---------------------------------------------
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bβ¦
βββ Security updates for Wednesday βββ
---------------------------------------------
Security updates have been issued by Debian (aom and php7.3), Fedora (freeimage and mingw-freeimage), Scientific Linux (thunderbird), SUSE (amazon-ssm-agent, chromium, container-suseconnect, docker, glib2, php7, python-Django1, and rubygem-rails-html-sanitizer), and Ubuntu (kernel, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-ibm, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, linux-aws-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-raspi, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, and linux, linux-gcp, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia).
---------------------------------------------
https://lwn.net/Articles/943679/
βββ VU#304455: Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router βββ
---------------------------------------------
https://kb.cert.org/vuls/id/304455
βββ Stored Cross-Site Scripting Vulnerability Patched in Newsletter WordPress Plugin βββ
---------------------------------------------
https://www.wordfence.com/blog/2023/09/stored-cross-site-scripting-vulnerabβ¦
βββ AtlasVPN to Patch IP Leak Vulnerability After Public Disclosure βββ
---------------------------------------------
https://www.securityweek.com/atlasvpn-to-patch-ip-leak-vulnerability-after-β¦
βββ Dozens of Unpatched Flaws Expose Security Cameras Made by Defunct Company Zavio βββ
---------------------------------------------
https://www.securityweek.com/dozens-of-unpatched-flaws-expose-security-cameβ¦
βββ IBM Security Bulletins βββ
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 04-09-2023 18:00 β Dienstag 05-09-2023 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
βββ Hackers exploit MinIO storage system to breach corporate networks βββ
---------------------------------------------
Hackers are exploiting two recent MinIO vulnerabilities to breach object storage systems and access private information, execute arbitrary code, and potentially take over servers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-exploit-minio-storagβ¦
βββ DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates βββ
---------------------------------------------
A new malspam campaign has been observed deploying an off-the-shelf malware called DarkGate."The current spike in DarkGate malware activity is plausible given the fact that the developer of the malware has recently started to rent out the malware to a limited number of affiliates," Telekom Security said in a report published last week.
---------------------------------------------
https://thehackernews.com/2023/08/darkgate-malware-activity-spikes-as.html
βββ New Python Variant of Chaes Malware Targets Banking and Logistics Industries βββ
---------------------------------------------
Banking and logistics industries are under the onslaught of a reworked variant of a malware called Chaes."It has undergone major overhauls: from being rewritten entirely in Python, which resulted in lower detection rates by traditional defense systems, to a comprehensive redesign and an enhanced communication protocol," Morphisec said in a new detailed technical write-up [..]
---------------------------------------------
https://thehackernews.com/2023/09/new-python-variant-of-chaes-malware.html
βββ New BLISTER Malware Update Fuelling Stealthy Network Infiltration βββ
---------------------------------------------
An updated version of a malware loader known as BLISTER is being used as part of SocGholish infection chains to distribute an open-source command-and-control (C2) framework called Mythic.βNew BLISTER update includes keying feature that allows for precise targeting of victim networks and lowers exposure within VM/sandbox environments,β Elastic Security Labs researchers [..]
---------------------------------------------
https://thehackernews.com/2023/09/new-blister-malware-update-fuelling.html
βββ Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers βββ
---------------------------------------------
Python Malware: On the morning of September 3, 2023, our automated platform notified us of the first package in this campaign: kwxiaodian [..] This follows a common pattern we see across many early campaigns and one we witnessed a few weeks back [..] Obfuscated Javascript Packages: At roughly the same time, we received notifications about malicious package publications on npm. Rubygems Package: The Rubygems package follows similar patterns to both the PyPI and npm packages.
---------------------------------------------
https://blog.phylum.io/malware-campaign-targets-npm-pypi-and-rubygems-develβ¦
βββ Common usernames submitted to honeypots βββ
---------------------------------------------
Based on reader feedback, I decided to take a look at usernames submitted to honeypots. The usernames that are seen on a daily basis look very familiar. [..] I exported the username data from my honeypot, which is a little over 16 months of data
---------------------------------------------
https://isc.sans.edu/diary/rss/30188
βββ Uncovering Web Cache Deception: A Missed Vulnerability in the Most Unexpected Places βββ
---------------------------------------------
During the assessment of the target application, it was observed that the server had implemented restrictions to prevent Web Cache Deception attacks on API/Web endpoints that had session tokens or data in the response. Unfortunately, the same precautions were not implemented on the /404 page or any /nonexistingurl. We discovered that the response for any endpoint that doesnt exist contained PII information without any cache controls in place.
---------------------------------------------
https://blog.agilehunt.com/blogs/security/web-cache-deception-attack-on-404β¦
βββ Whats in a name? [..] The .kids TLD is not alright βββ
---------------------------------------------
Cisco Talos successfully registered the domain name: your-dns-needs-immediate-attention.kids. Talos set up an internet server to log all activity related to this name, and immediately we received a barrage of HTTP requests from systems running Microsoftβs βSystem Center Configuration Manager.β [..] we were able to masquerade as a trusted system. Networks using .kids names could be tricked into trusting our system to relay internal mail, dictate configuration management settings, and more.
---------------------------------------------
https://blog.talosintelligence.com/whats-in-a-name/
βββ Inconsistencies in the Common Vulnerability Scoring System (CVSS) βββ
---------------------------------------------
The goal of CVSS is to provide comparable scores across different evaluators. However, previous works indicate that CVSS might not reach this goal: If a vulnerability is evaluated by several analysts, their scores often differ. This raises the following questions: Are CVSS evaluations consistent? Which factors influence CVSS assessments? We systematically investigate these questions in an online survey with 196 CVSS users.
---------------------------------------------
https://www.schneier.com/blog/archives/2023/09/inconsistencies-in-the-commoβ¦
βββ CVE-2023-4634 - Tricky Unauthenticated RCE on Wordpress Media Library Assistant Plugin using a good old Imagick βββ
---------------------------------------------
As discussed in many of our articles, you already know that WordPress and related plugins are taking up a large space in the global attack surface [..] The vulnerability described below is a perfect example
---------------------------------------------
https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/
βββ When URL parsers disagree (CVE-2023-38633) βββ
---------------------------------------------
Discovery and walkthrough of CVE-2023-38633 in librsvg, when two URL parser implementations (Rust and Glib) disagree on file scheme parsing leading to path traversal.
---------------------------------------------
https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-3β¦
βββ Vorsicht vor betrΓΌgerischen PayPal-Anrufen βββ
---------------------------------------------
Ihr Telefon klingelt. Sie heben ab und eine Tonbandstimme meldet sich: βHallo, hier ist PayPal. Sie haben soeben 738 Euro ΓΌberwiesen. Um den Zahlvorgang abzubrechen, drΓΌcken Sie die 1.β DrΓΌcken Sie keinesfalls die 1, hierbei handelt es sich um eine Betrugsmasche. Legen Sie auf!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-betruegerischen-paypal-β¦
=====================
= Vulnerabilities =
=====================
βββ ASUS routers vulnerable to critical remote code execution flaws βββ
---------------------------------------------
Three critical-severity remote code execution vulnerabilities impact ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers, potentially allowing threat actors to hijack devices if security updates are not installed.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/asus-routers-vulnerable-to-cβ¦
βββ Multiple vulnerabilities in F-RevoCRM βββ
---------------------------------------------
* An attacker who can access the product may execute an arbitrary OS command on the server where the product is running - CVE-2023-41149
* An arbitrary script may be executed on the web browser of the user who is using the product - CVE-2023-41150
---------------------------------------------
https://jvn.jp/en/jp/JVN78113802/
βββ Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions (CVE-2023-3634) βββ
---------------------------------------------
Festo developed the products according to the respective state of the art. As a result, the protocols used no longer fully meet todays security requirements. The products are designed and developed for use in sealed-off (industrial) networks. If the network is not adequately sealed off, unauthorized access to the product can cause damage or malfunctions, particularly Denial of Service (DoS) or loss of integrity. Remediation: Update of user documentation in next product version.
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-020/
βββ 9 Vulnerabilities Patched in SEL Power System Management Products βββ
---------------------------------------------
Researchers at industrial cybersecurity firm Nozomi Networks have analyzed the companyβs SEL-5030 acSELerator QuickSet and SEL-5037 Grid Configurator, software products designed to allow engineers and technicians to configure and manage devices for power system protection, control, metering and monitoring, and to create and deploy settings for SEL power system devices. Nozomi researchers discovered a total of nine vulnerabilities, including four that have been assigned a βhigh severityβ rating
---------------------------------------------
https://www.securityweek.com/9-vulnerabilities-patched-in-sel-power-system-β¦
βββ CISA Releases Two Industrial Control Systems Advisories βββ
---------------------------------------------
* ICSA-23-248-01 Fujitsu Limited Real-time Video Transmission Gear IP series: CVE-2023-38433
* ICSMA-23-248-01 Softneta MedDream PACS Premium: CVE-2023-40150, CVE-2023-39227
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/09/05/cisa-releases-two-industβ¦
βββ AVM: Fritzbox-Firmware 7.57 und 7.31 stopfen Sicherheitsleck βββ
---------------------------------------------
AVM hat fΓΌr zahlreiche Fritzboxen die Firmware 7.57 und 7.31 verΓΆffentlicht. Es handelt sich um ein StabilitΓ€ts- und Sicherheitsupdate.
---------------------------------------------
https://heise.de/-9294758
βββ Xen XSA-437: arm32: The cache may not be properly cleaned/invalidated βββ
---------------------------------------------
A malicious guest may be able to read sensitive data from memory that previously belonged to another guest.
CVE ID: CVE-2023-34321
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-437.html
βββ Security updates for Tuesday βββ
---------------------------------------------
Security updates have been issued by Debian (file and thunderbird), Fedora (exercism, libtommath, moby-engine, and python-pyramid), Oracle (cups and kernel), Red Hat (firefox, kernel, kernel-rt, kpatch-patch, and thunderbird), SUSE (amazon-ecs-init, buildah, busybox, djvulibre, exempi, firefox, gsl, keylime, kubernetes1.18, php7, and sccache), and Ubuntu (docker-registry and linux-azure-5.4).
---------------------------------------------
https://lwn.net/Articles/943584/
βββ IBM UrbanCode Build is vulnerable to CVE-2023-24998 βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030594
βββ IBM UrbanCode Build is vulnerable to CVE-2023-28708 βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030596
βββ Vulnerabilities found in batik-all-1.7.jar, batik-dom-1.7.jar which is shipped with IBM Intelligent Operations Center(CVE-2018-8013, CVE-2017-5662, CVE-2015-0250) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030598
βββ Due to use of FasterXML Jackson-databind, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to a denial of service. βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030601
βββ Due to use of Kafka, IBM Cloud Pak for Multicloud Management Monitoring could allow a remote attacker to obtain sensitive information. βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030604
βββ Due to use of Spark from Hadoop, IBM Cloud Pak for Multicloud Management Monitoring could allow a remote attacker to traverse directories on the system. βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030603
βββ Due to use of Apache Cassandra , IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to an authenticated attacker to gaining elevated privileges. βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030602
βββ Due to use of IBM WebSphere Application Server Liberty, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities. βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030610
βββ Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository due to July 2023 CPU βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030605
βββ Due to use of NodeJS, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple security vulnerabilities. βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030612
βββ A security vulnerability has been identified in IBM SDK, Java Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2022-40609) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030613
βββ Vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030614
βββ Vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030615
βββ Vulnerability found in commons-io-1.3.1.jar which is shipped with IBM Intelligent Operations Center(CVE-2021-29425) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030617
βββ Vulnerabilities found in poi-ooxml-3.9.jar which is shipped with IBM Intelligent Operations Center(CVE-2017-5644, CVE-2019-12415, CVE-2014-3574, CVE-2014-3529) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030627
βββ Vulnerability found in pdfbox-1.8.1.jar which is shipped with IBM Intelligent Operations Center(220742, CVE-2018-11797, CVE-2016-2175) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030626
βββ Vulnerabilities found in poi-3.9.jar, poi-scratchpad-3.9.jar which is shipped with IBM Intelligent Operations Center(CVE-2017-12626, CVE-2014-9527) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030629
βββ Vulnerabilities found in jackson-mapper-asl-1.9.13.jar which is shipped with IBM Intelligent Operations Center(CVE-2019-10202, CVE-2019-10172) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030623
βββ Multiple Vulnerabilities found in Turf.js which is shipped with IBM Intelligent Operations Center(CVE-2020-15168, CVE-2022-0235) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030624
βββ Vulnerability found in fontbox-1.8.1.jarr which is shipped with IBM Intelligent Operations Center(CVE-2018-8036) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030622
βββ Vulnerabilities found in cxf-rt-transports-http-3.0.3.jar which is shipped with IBM Intelligent Operations Center(CVE-2016-6812, CVE-2018-8039, CVE-2020-13954) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030618
βββ Vulnerability found in fop-1.1.jar which is shipped with IBM Intelligent Operations Center(CVE-2017-5661) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030621
βββ Multiple Vulnerabilities found in Turf.js which is shipped with IBM Intelligent Operations Center(CVE-2021-44906, CVE-2020-7598) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030625
βββ Vulnerability found in dom4j-1.6.1.jar which is shipped with IBM Intelligent Operations Center(CVE-2018-1000632) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030619
βββ Vulnerability found in commons-codec-1.5.jar which is shipped with IBM Intelligent Operations Center(177835) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030616
βββ IBM MQ is affected by a denial of service vulnerability in OpenSSL (CVE-2023-2650) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7027922
βββ Multiple vulnerabilities found in IBM Java which is shipped with IBM Intelligent Operations Center(CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030632
βββ A Vulnerability found in IBM Java which is shipped with IBM Intelligent Operations Center(CVE-2022-3676) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030634
βββ Vulnerability found in dom4j-1.6.1.jar which is shipped with IBM Intelligent Operations Center(CVE-2020-10683) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030636
βββ Vulnerability found in xmlgraphics-commons-1.5.jar which is shipped with IBM Intelligent Operations Center(CVE-2020-11988) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030630
βββ Multiple Vulnerabilities found in IBM DB2 which is shipped with IBM Intelligent Operations Center(CVE-2022-43929, CVE-2022-43927, CVE-2014-3577, CVE-2022-43930) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030638
βββ Vulnerabilities found in batik-bridge-1.7.jar which is shipped with IBM Intelligent Operations Center(CVE-2022-40146, CVE-2022-38648, CVE-2022-38398) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030631
βββ Vulnerability found in cxf-core-3.5.4.jar which is shipped with IBM Intelligent Operations Center(CVE-2022-46364) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030633
βββ Vulnerability found in cxf-rt-transports-http-3.5.3.jar which is shipped with IBM Intelligent Operations Center(CVE-2022-46363) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030635
βββ Vulnerability found in commons-net-1.4.1.jar which is shipped with IBM Intelligent Operations Center(CVE-2021-37533) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030637
βββ A vulnerability found in IBM Java which is shipped with IBM Intelligent Operations Center(CVE-2022-21426) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030641
βββ Vulnerabilities found in jackson-mapper-asl which is shipped with IBM Intelligent Operations Center(CVE-2019-10172, CVE-2019-10202) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030639
βββ Multiple vulnerabilities found in IBM Java which is shipped with IBM Intelligent Operations Center(CVE-2023-21830, CVE-2023-21843) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030640
βββ A vulnerability found in IBM WebSphere Application Server Liberty which is shipped with IBM Intelligent Operations Center(CVE-2023-24998) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030642
βββ A vulnerability found in IBM Java which is shipped with IBM Intelligent Operations Center(CVE-2023-30441) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030643
βββ A vulnerability found in IBM Java which is shipped with IBM Intelligent Operations Center(CVE-2022-40609) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030644
βββ Multiple Angular vulnerabilities affects IBM Tivoli Business Service Manager (CVE-2023-26116, CVE-2023-26117, CVE-2023-26118, CVE-2022-25869, CVE-2022-25844) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030667
βββ IBM SDK, Java Technology Edition, Security Update August 2023 βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030664
βββ Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2023-22045, CVE-2023-22049) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030666
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 01-09-2023 18:00 β Montag 04-09-2023 18:00
Handler: Robert Waldner
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
βββ Chrome extensions can steal plaintext passwords from websites βββ
---------------------------------------------
A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a websites source code.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/chrome-extensions-can-steal-β¦
βββ New βYouPornβ sextortion scam threatens to leak your sex tape βββ
---------------------------------------------
A new sextortion scam is making the rounds that pretends to be an email from the adult site YouPorn, warning that a sexually explicit video of you was uploaded to the site and suggesting you pay to have it taken down.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-youporn-sextortion-scam-β¦
βββ Yes, theres an npm package called @(-.-)/env and some others like it βββ
---------------------------------------------
Strangely named npm packages like -, @!-!/-, @(-.-)/env, and --hepl continue to exist on the internets largest software registry. While not all of these may necessarily pose an obvious security risk, some were named before npm enforced naming guidelines and could potentially break tooling.
---------------------------------------------
https://www.bleepingcomputer.com/news/technology/yes-theres-an-npm-package-β¦
βββ PoC Exploit Released for Critical VMware Arias SSH Auth Bypass Vulnerability βββ
---------------------------------------------
Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation.
---------------------------------------------
https://thehackernews.com/2023/09/poc-exploit-released-for-critical.html
βββ Webinar: Betrugsfallen im Internet erkennen βββ
---------------------------------------------
Wie schΓΌtze ich mich vor InternetkriminalitΓ€t? Wie kann ich einen Fake Shop von einem seriΓΆsen Online-Shop unterscheiden? Wo lauern die dreistesten Abo-Fallen? Wie verschaffen sich Kriminelle Zugang zu meinen Daten? Das Webinar informiert ΓΌber gΓ€ngige Betrugsfallen im Internet und hilft, diese zu erkennen. Nehmen Sie kostenlos teil: Dienstag 12. September 2023, 18:30 - 20:00 Uhr via zoom
---------------------------------------------
https://www.watchlist-internet.at/news/webinar-betrugsfallen-im-internet-erβ¦
βββ Neue Phishing-Mails im Namen der ΓGK und des Finanzamtes unterwegs βββ
---------------------------------------------
Aktuell sind zwei neue Phishing-Mails im Umlauf. In der einen geben sich Kriminelle als Γsterreichische Gesundheitskasse (ΓGK) aus und behaupten, dass Sie eine Erstattung erhalten. Im anderen Mail wird Ihnen im Namen von FinanzOnline eine ErhΓΆhung der Rente versprochen. Beide Mails fordern Sie auf, auf einen Link zu klicken. Ignorieren Sie diese Mails. Kriminelle stehlen damit Ihre Bankdaten.
---------------------------------------------
https://www.watchlist-internet.at/news/neue-phishing-mails-im-namen-der-oegβ¦
βββ Decryptor fΓΌr Key Group Ransomware verfΓΌgbar βββ
---------------------------------------------
Sicherheitsforscher von ElectricIQ haben in den Routinen der Key Group Ransomware eine Schwachstelle entdeckt, die es ermΓΆglichte, EntschlΓΌsselungs-Tools zur Wiederherstellung verschlΓΌsselter Dateien zu entwickeln.
---------------------------------------------
https://www.borncity.com/blog/2023/09/03/decryptor-fr-key-group-ransomware-β¦
βββ Firmware-Updates: Surface Laptop 4 und Surface Duo βββ
---------------------------------------------
Microsoft hat zum 31. August 2023 ein Firmware-Update fΓΌr seinen Surface Laptop 4 verΓΆffentlicht, welches Sicherheitsprobleme und ein Lade-Problem beheben soll. Zudem gibt es wohl das (vermutlich) letzte Firmware-Update fΓΌr das Smartphone Surface Duo.
---------------------------------------------
https://www.borncity.com/blog/2023/09/03/firmware-updates-surface-laptop-4-β¦
=====================
= Vulnerabilities =
=====================
βββ Tinycontrol LAN Controller v3 (LK3) Remote Admin Password Change βββ
---------------------------------------------
The application suffers from an insecure access control allowing an unauthenticated attacker to change accounts passwords and bypass authentication gaining panel control access.
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5787.php
βββ Tinycontrol LAN Controller v3 (LK3) Remote Credentials Extraction PoC βββ
---------------------------------------------
An unauthenticated attacker can retrieve the controllers configuration backup file and extract sensitive information that can allow him/her/them to bypass security controls and penetrate the system in its entirety.
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5786.php
βββ Security updates for Monday βββ
---------------------------------------------
Security updates have been issued by Debian (thunderbird), Fedora (firefox, kernel, kubernetes, and mediawiki), Mageia (openldap), SUSE (terraform), and Ubuntu (atftp, busybox, and thunderbird).
---------------------------------------------
https://lwn.net/Articles/943492/
βββ Mattermost security updates 8.1.1 (ESR) / 8.0.2 / 7.8.10 (ESR) released βββ
---------------------------------------------
Weβre informing you about a Mattermost security update, which addresses low- to medium-level severity vulnerabilities. We highly recommend that you apply the update. The security update is available for Mattermost dot releases 8.1.1 (Extended Support Release), 8.0.2, and 7.8.10 (Extended Support Release), for both Team Edition and Enterprise Edition.
---------------------------------------------
https://mattermost.com/blog/mattermost-security-updates-8-1-1-esr-8-0-2-7-8β¦
βββ SicherheitslΓΌcken (CVE-2023-40481, CVE-2023-31102) in 7-ZIP; Fix in Version 23.00 (August 2023) βββ
---------------------------------------------
Kurzer Nachtrag vom Ende August 2023. Im Programm 7-Zip, welches zum Packen und Entpacken von ZIP-Archivdateien eingesetzt wird, haben Sicherheitsforscher gleich zwei Schwachstellen gefunden. Die Schwachstellen CVE-2023-40481 und CVE-2023-31102 werden vom Sicherheitsaspekt als hoch riskant eingestuft [..] Beide Schwachstellen wurden am 21. November 2022 an die 7-ZIP-Entwickler gemeldet und laut der Zero-Day-Initiative vom 23. August 2023 mit einem Update der Software auf die Version 23.00 (damals noch Beta) geschlossen.
---------------------------------------------
https://www.borncity.com/blog/2023/09/03/sicherheitslcken-cve-2023-40481-cvβ¦
βββ IBM MQ Explorer is affected by vulnerabilities in Eclipse Jetty (CVE-2023-26048, CVE-2023-26049) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7027923
βββ IBM MQ is affected by a denial of service vulnerability in OpenSSL (CVE-2023-2650) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7027922
βββ Google Guava component is vulnerable to CVE-2023-2976 is used by IBM Maximo Application Suite βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030429
βββ IBM Security Verify Information Queue has multiple information exposure vulnerabilities (CVE-2023-33833, CVE-2023-33834, CVE-2023-33835) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7029584
βββ IBM Sterling Connect:Direct Browser User Interface vulnerable to remote code execution due to IBM Java (CVE-2022-40609) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030442
βββ IBM Sterling Connect:Direct Web Services is vulnerable to remote code execution due to IBM Java (CVE-2022-40609) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030443
βββ The IBM Engineering Lifecycle Engineering product using IBM WebSphere Application Server traditional is vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030450
βββ The IBM Engineering Lifecycle Engineering product using WebSphere Application Server Liberty is vulnerable to denial of service (CVE-2023-38737) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030449
βββ The IBM Engineering Lifecycle Engineering product using IBM\u00ae SDK, Java\u2122 Technology Edition is affected by multiple vulnerabilities (CVE-2023-22045, CVE-2023-22049) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030448
βββ IBM Event Endpoint Management is vulnerable to a denial of service in Netty (CVE-2023-34462) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030456
βββ A vulnerability has been identified in IBM WebSphere Application Server Liberty profile shipped with IBM Business Automation Workflow CVE-2023-38737) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030458
βββ A vulnerability found in IBM WebSphere Application Server Liberty which is shipped with IBM\u00ae Intelligent Operations Center(CVE-2022-34165) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030460
βββ IBM Cloud Pak for Network Automation 2.6 addresses multiple security vulnerabilities βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030469
βββ Multiple CVEs may affect Operating System packages shipped with IBM CICS TX Advanced 10.1 βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030462
βββ Multiple CVEs may affect Operating System packages shipped with IBM CICS TX Advanced 10.1 βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030461
βββ IBM Cloud Pak for Network Automation 2.6.1 fixes multiple security vulnerabilities βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030470
βββ Multiple vulnerabilities may affect IBM SDK, Java\u2122 Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030463
βββ CVE-2022-40609 may affect Java Technology Edition used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030466
βββ CVE-2023-34149 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030464
βββ CVE-2023-34396 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint. βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030465
βββ IBM Java SDK update forJava deserialization filters (JEP 290) ignored during IBM ORB deserialization βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030522
βββ The Transformation Advisor Tool in IBM App Connect Enterprise is vulnerable to a denial of service due to Apache Johnzon (CVE-2023-33008) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7030531
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily