Daily

daily@lists.cert.at

1 participants
3156 discussions

Tageszusammenfassung - 18.12.2023
by Daily end-of-shift report 18 Dec '23

18 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-12-2023 18:00 − Montag 18-12-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Zwei Monate nach Meldung: SQL-Injection-Schwachstelle in 3CX noch immer ungepatcht ∗∗∗ --------------------------------------------- Statt einen Patch bereitzustellen, fordert 3CX seine Kunden nun dazu auf, aus Sicherheitsgründen ihre SQL-Datenbank-Integrationen zu deaktivieren. --------------------------------------------- https://www.golem.de/news/zwei-monate-nach-meldung-sql-injection-schwachste… ∗∗∗ SMTP Smuggling - Spoofing E-Mails Worldwide ∗∗∗ --------------------------------------------- Introducing a novel technique for e-mail spoofing --------------------------------------------- https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwi… ∗∗∗ SLP Denial of Service Amplification - Attacks are ongoing and rising ∗∗∗ --------------------------------------------- We build on our previous work and look into how threat actors are abusing SLP to launch reflection/amplification DDoS attacks, their evolution, and what targets are they focused on at the moment. --------------------------------------------- https://www.bitsight.com/blog/slp-denial-service-amplification-attacks-are-… ∗∗∗ WordPress hosting service Kinsta targeted by Google phishing ads ∗∗∗ --------------------------------------------- WordPress hosting provider Kinsta is warning customers that Google ads have been observed promoting phishing sites to steal hosting credentials. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-hosting-service-ki… ∗∗∗ Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds ∗∗∗ --------------------------------------------- Microsoft is warning of an uptick in malicious activity from an emerging threat cluster its tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season. --------------------------------------------- https://thehackernews.com/2023/12/microsoft-warns-of-storm-0539-rising.html ∗∗∗ PikaBot distributed via malicious search ads ∗∗∗ --------------------------------------------- PikaBot, a stealthy malware normally distributed via malspam is now being spread via malicious ads. --------------------------------------------- https://www.malwarebytes.com/blog/threat-intelligence/2023/12/pikabot-distr… ∗∗∗ QakBot Malware Resurfaces with New Tactics, Targeting the Hospitality Industry ∗∗∗ --------------------------------------------- A new wave of phishing messages distributing the QakBot malware has been observed, more than three months after a law enforcement effort saw its infrastructure dismantled by infiltrating its command-and-control (C2) network. Microsoft, which made the discovery, described it as a low-volume campaign that began on December 11, 2023, and targeted the hospitality industry. --------------------------------------------- https://thehackernews.com/2023/12/qakbot-malware-resurfaces-with-new.html ∗∗∗ iOS 17.2: Flipper Zero kann keine iPhones mehr crashen ∗∗∗ --------------------------------------------- Apple verhindert mit iOS 17.2 offenbar, dass iPhones mit einem Flipper-Zero-Bluetooth-Exploit ge-DoSt werden können. --------------------------------------------- https://www.heise.de/-9576526 ∗∗∗ Ransomware-Gruppen buhlen zunehmend um Medien-Aufmerksamkeit ∗∗∗ --------------------------------------------- Um sich von der Konkurrenz abzusetzen und die eigenen Leistungen gewürdigt zu wissen, suchen Ransomware-Gruppen zunehmend den direkten Kontakt zu Journalisten. --------------------------------------------- https://www.heise.de/-9576774 ∗∗∗ E-Mail vom Entschädigungsamt ist Fake ∗∗∗ --------------------------------------------- Kriminelle geben sich als „Entschädigungsamt“ aus und behaupten in einem E-Mail, dass Betrugsopfer mit einer Gesamtsumme von 3.500.000 Euro entschädigt werden. Antworten Sie nicht und schicken Sie keinesfalls persönliche Daten und Ausweiskopien. Sie werden erneut betrogen! --------------------------------------------- https://www.watchlist-internet.at/news/e-mail-vom-entschaedigungsamt-ist-fa… ∗∗∗ Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains ∗∗∗ --------------------------------------------- Using machine learning to target stockpiled malicious domains, the results of our detection pipeline tool highlight campaigns from phishing to scams. --------------------------------------------- https://unit42.paloaltonetworks.com/detecting-malicious-stockpiled-domains/ ∗∗∗ An Example of RocketMQ Exploit Scanner, (Sat, Dec 16th) ∗∗∗ --------------------------------------------- A few months ago, RocketMQ, a real-time message queue platform, suffered of a nasty vulnerability referred as cve:2023-33246. I found another malicious script in the wild a few weeks ago that exploits this vulnerability. It has still today a very low VirusTotal detection score: 2/60 --------------------------------------------- https://isc.sans.edu/diary/rss/30492 ∗∗∗ CISA Urges Manufacturers to Eliminate Default Passwords After Recent ICS Attacks ∗∗∗ --------------------------------------------- CISA is advising device makers to stop relying on customers to change default passwords following attacks targeting water sector ICS. --------------------------------------------- https://www.securityweek.com/cisa-urges-manufacturers-to-eliminate-default-… ∗∗∗ CISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health Sector ∗∗∗ --------------------------------------------- Report provides recommended actions and mitigation strategies for HPH sector, critical infrastructure and software manufacturers --------------------------------------------- https://www.cisa.gov/news-events/news/cisa-releases-key-risk-and-vulnerabil… ∗∗∗ #StopRansomware: Play Ransomware ∗∗∗ --------------------------------------------- These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. --------------------------------------------- https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a ===================== = Vulnerabilities = ===================== ∗∗∗ Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server ∗∗∗ --------------------------------------------- Four new unauthenticated remotely exploitable security vulnerabilities discovered in the popular source code management platform Perforce Helix Core Server have been remediated after being responsibly disclosed by Microsoft. Perforce Server customers are strongly urged to update to version 2023.1/2513900. --------------------------------------------- https://www.microsoft.com/en-us/security/blog/2023/12/15/patching-perforce-… ∗∗∗ ZDI-23-1799: Ivanti Avalanche Incorrect Default Permissions Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-41726. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-1799/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (freeimage, ghostscript, intel-microcode, spip, and xorg-server), Fedora (chromium, perl, perl-Devel-Cover, perl-PAR-Packer, polymake, PyDrive2, seamonkey, and vim), Gentoo (Leptonica), Mageia (audiofile, gimp, golang, and poppler), Oracle (buildah, containernetworking-plugins, gstreamer1-plugins-bad-free, kernel, kernel-container, libxml2, pixman, podman, postgresql, postgresql:15, runc, skopeo, tracker-miners, and webkit2gtk3), and SUSE (fish). --------------------------------------------- https://lwn.net/Articles/955566/ ∗∗∗ OpenSSH Security December 18, 2023 ∗∗∗ --------------------------------------------- penSSH 9.6 was released on 2023-12-18. It is available from the mirrors listed at https://www.openssh.com/. This release contains a number of security fixes, some small features and bugfixes. --------------------------------------------- https://www.openssh.com/security.html ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Nextcloud Security Advisories ∗∗∗ --------------------------------------------- https://github.com/nextcloud/security-advisories/security -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.12.2023
by Daily end-of-shift report 15 Dec '23

15 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-12-2023 18:00 − Freitag 15-12-2023 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Ten new Android banking trojans targeted 985 bank apps in 2023 ∗∗∗ --------------------------------------------- This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ten-new-android-banking-troj… ∗∗∗ Fake-Werbeanzeige auf Facebook & Instagram: „Verlorenes Gepäck für nur 1,95 €!“ ∗∗∗ --------------------------------------------- Im Namen des „Vienna International Airport“ schalten Kriminelle aktuell betrügerische Anzeigen und behaupten, dass verloren gegangene Koffer für knapp 2 Euro verkauft werden. --------------------------------------------- https://www.watchlist-internet.at/news/fake-werbeanzeige-auf-facebook-insta… ∗∗∗ OilRig’s persistent attacks using cloud service-powered downloaders ∗∗∗ --------------------------------------------- ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications. --------------------------------------------- https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-c… ∗∗∗ New Hacker Group GambleForce Hacks Targets with Open Source Tools ∗∗∗ --------------------------------------------- Yet another day, yet another threat actor posing a danger to the cybersecurity of companies globally. --------------------------------------------- https://www.hackread.com/gambleforce-hacks-targets-open-source-tools/ ∗∗∗ Mining The Undiscovered Country With GreyNoise EAP Sensors: F5 BIG-IP Edition ∗∗∗ --------------------------------------------- Discover the fascinating story of a GreyNoise researcher who found that attackers were using his demonstration code for a vulnerability instead of the real exploit. Explore the implications of this situation and learn about the importance of using accurate and up-to-date exploits in the cybersecurity community. --------------------------------------------- https://www.greynoise.io/blog/mining-the-undiscovered-country-with-greynois… ∗∗∗ Opening a new front against DNS-based threats ∗∗∗ --------------------------------------------- There are multiple ways in which threat actors can leverage DNS to carry out attacks. We will provide a an introduction to DNS threat landscape.The post Opening a new front against DNS-based threats appeared first on Avast Threat Labs. --------------------------------------------- https://decoded.avast.io/threatintel/opening-a-new-front-against-dns-based-… ===================== = Vulnerabilities = ===================== ∗∗∗ Ubiquiti: Nutzer konnten auf fremde Sicherheitskameras zugreifen ∗∗∗ --------------------------------------------- Teilweise erhielten Anwender sogar Benachrichtigungen auf ihre Smartphones, in denen Bilder der fremden Kameras enthalten waren. --------------------------------------------- https://www.golem.de/news/ubiquiti-nutzer-konnten-auf-fremde-sicherheitskam… ∗∗∗ New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now ∗∗∗ --------------------------------------------- Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances. --------------------------------------------- https://thehackernews.com/2023/12/new-security-vulnerabilities-uncovered.ht… ∗∗∗ Squid-Proxy: Denial of Service durch Endlosschleife ∗∗∗ --------------------------------------------- Schickt ein Angreifer einen präparierten HTTP-Header an den Proxy-Server, kann er ihn durch eine unkontrollierte Rekursion zum Stillstand bringen. --------------------------------------------- https://www.heise.de/news/Squid-Proxy-Denial-of-Service-durch-Endlosschleif… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bluez and haproxy), Fedora (curl, dotnet6.0, dotnet7.0, tigervnc, and xorg-x11-server), Red Hat (avahi and gstreamer1-plugins-bad-free), Slackware (bluez), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, cosign, curl, gstreamer-plugins-bad, haproxy, ImageMagick, kernel, kernel-firmware, libreoffice, tiff, [...] --------------------------------------------- https://lwn.net/Articles/955336/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Unitronics Vision Series ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-15 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.12.2023
by Daily end-of-shift report 14 Dec '23

14 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-12-2023 18:00 − Donnerstag 14-12-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Urteil des EuGH: Datenleck-Betroffene könnten doch Schadensersatz bekommen ∗∗∗ --------------------------------------------- Der Europäische Gerichtshof (EuGH) hat in einem neuen Urteil die Rechte der Betroffenen von Datenlecks gestärkt. Schon der Umstand, "dass eine betroffene Person infolge eines Verstoßes gegen die DSGVO befürchtet, dass ihre personenbezogenen Daten durch Dritte missbräuchlich verwendet werden könnten, kann einen 'immateriellen Schaden' darstellen", heißt es in dem Urteil, das am 14. Dezember 2023 veröffentlicht wurde. --------------------------------------------- https://www.golem.de/news/urteil-des-eugh-datenleck-betroffene-koennten-doc… ∗∗∗ Reverse, Reveal, Recover: Windows Defender Quarantine Forensics ∗∗∗ --------------------------------------------- Windows Defender (the antivirus shipped with standard installations of Windows) places malicious files into quarantine upon detection. Reverse engineering mpengine.dll resulted in finding previously undocumented metadata in the Windows Defender quarantine folder that can be used for digital forensics and incident response. Existing scripts that extract quarantined files do not process this metadata, even though it could be useful for analysis. Fox-IT’s open-source digital forensics and incident response framework Dissect can now recover this metadata, in addition to recovering quarantined files from the Windows Defender quarantine folder. --------------------------------------------- https://blog.fox-it.com/2023/12/14/reverse-reveal-recover-windows-defender-… ∗∗∗ Mobile Sicherheit. Handlungsempfehlungen und präventive Maßnahmen für die sichere Nutzung von mobilen Endgeräten, 2023 ∗∗∗ --------------------------------------------- Wie so oft stehen aber auch in diesem Bereich Komfort und Sicherheit in einem permanenten Spannungsverhältnis. Ein Mehr an Sicherheit für Ihr Gerät und Ihre Daten kann auf der anderen Seite bedeuten, dass einige durchaus praktische Funktionen nur mehr eingeschränkt oder gar nicht mehr zur Verfügung stehen. Letztlich liegt es an Ihnen, den für Sie bestmöglichen Kompromiss zwischen Funktion, Komfort, Sicherheit und Privatsphäre zu finden. Die vorliegende Broschüre möchte Ihnen dabei helfen. --------------------------------------------- https://www.nis.gv.at/dam/jcr:8165f553-2769-4553-91c8-4b117c752f56/mobile_s… ∗∗∗ Ransomware: AlphV meldet sich zurück, Aufruhr in der Szene ∗∗∗ --------------------------------------------- In der Ransomware-Szene rumort es: Gruppen versuchen, einander Mitglieder abspenstig zu machen, ein Geldwäscher geht ins Netz und Betrüger betrügen einander. --------------------------------------------- https://www.heise.de/-9574446 ∗∗∗ Amazon-Händler:innen wollen über Telegram-Gruppen Bewertungen kaufen? Machen Sie nicht mit! ∗∗∗ --------------------------------------------- Auf Telegram gibt es Kanäle, die gratis Amazon-Produkte versprechen. Die Idee dahinter: Sie suchen sich ein Produkt aus, bestellen es über Ihren privaten Amazon-Account, schreiben eine 5-Sterne-Bewertung und bekommen als Dankeschön das Geld über PayPal zurückerstattet. Mit dieser Masche kaufen sich Marketplace-Händler:innen Bewertungen, um besser gerankt zu werden – eine nicht legale Praktik. --------------------------------------------- https://www.watchlist-internet.at/news/amazon-haendlerinnen-wollen-ueber-te… ∗∗∗ Protecting the enterprise from dark web password leaks ∗∗∗ --------------------------------------------- The trade in compromised passwords in dark web markets is particularly damaging. Cybercriminals often exploit password leaks to access sensitive data, commit fraud or launch further attacks. Let’s explore the various ways passwords are leaked to the dark web and discuss strategies for using dark web data to protect your organization. --------------------------------------------- https://cybersecurity.att.com/blogs/security-essentials/protecting-the-ente… ∗∗∗ Rhadamanthys v0.5.0 – a deep dive into the stealer’s components ∗∗∗ --------------------------------------------- In this article we do a deep dive into the functionality and cooperation between the modules. The first part of the article describes the loading chain that is used to retrieve the package with the stealer components. In the second part, we take a closer look at those components, their structure, abilities, and implementation. --------------------------------------------- https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-t… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-23-1773: (0Day) Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-1773/ ∗∗∗ Paloalto released 7 Security Advisories ∗∗∗ --------------------------------------------- PAN-OS: CVE-2023-6790, CVE-2023-6791, CVE-2023-6794, CVE-2023-6792, CVE-2023-6795, CVE-2023-6793, CVE-2023-6789 --------------------------------------------- https://security.paloaltonetworks.com/ ∗∗∗ Zoom behebt Sicherheitslücken unter Windows, Android und iOS ∗∗∗ --------------------------------------------- Durch ungenügende Zugriffskontrolle, Verschlüsselungsprobleme und Pfadmanipulation konnten Angreifer sich zusätzliche Rechte verschaffen. --------------------------------------------- https://www.heise.de/-9574367 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium and rabbitmq-server), Fedora (chromium, kernel, perl-CryptX, and python-jupyter-server), Mageia (curl), Oracle (curl and postgresql), Red Hat (gstreamer1-plugins-bad-free, linux-firmware, postgresql, postgresql:10, and postgresql:15), Slackware (xorg), SUSE (catatonit, containerd, runc, container-suseconnect, gimp, kernel, openvswitch, poppler, python-cryptography, python-Twisted, python3-cryptography, qemu, squid, tiff, webkit2gtk3, xorg-x11-server, and xwayland), and Ubuntu (xorg-server and xorg-server, xwayland). --------------------------------------------- https://lwn.net/Articles/955130/ ∗∗∗ Dell Urges Customers to Patch Vulnerabilities in PowerProtect Products ∗∗∗ --------------------------------------------- Dell is informing PowerProtect DD product customers about 8 vulnerabilities, including many rated ‘high severity’, and urging them to install patches. --------------------------------------------- https://www.securityweek.com/dell-urges-customers-to-patch-vulnerabilities-… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023) ∗∗∗ --------------------------------------------- https://www.wordfence.com/blog/2023/12/wordfence-intelligence-weekly-wordpr… ∗∗∗ Cambium ePMP 5GHz Force 300-25 Radio ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-01 ∗∗∗ [R1] Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.0.0, 6.1.0, 6.1.1, and 6.2.0: SC-202312.1 ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2023-44 ∗∗∗ Johnson Controls Kantech Gen1 ioSmart ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.12.2023
by Daily end-of-shift report 13 Dec '23

13 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-12-2023 18:00 − Mittwoch 13-12-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ FakeSG campaign, Akira ransomware and AMOS macOS stealer ∗∗∗ --------------------------------------------- In this report, we share our latest crimeware findings: FakeSG malware distribution campaign delivering NetSupport RAT, new Conti-like Akira ransomware and AMOS stealer for macOS. --------------------------------------------- https://securelist.com/crimeware-report-fakesg-akira-amos/111483/ ∗∗∗ Willhaben: Lassen Sie sich nicht auf WhatsApp und Co locken! ∗∗∗ --------------------------------------------- Wenn Sie auf willhaben über Kleinanzeigen Ware verkaufen oder kaufen wollen, dann sind Sie am besten vor Betrug geschützt, wenn Sie einige einfach Tipps beachten. Insbesondere sollten Sie sich aber nicht über den willhaben-Chat auf externe Kanäle leiten lassen. --------------------------------------------- https://www.watchlist-internet.at/news/willhaben-lassen-sie-sich-nicht-auf-… ∗∗∗ A pernicious potpourri of Python packages in PyPI ∗∗∗ --------------------------------------------- The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository --------------------------------------------- https://www.welivesecurity.com/en/eset-research/pernicious-potpourri-python… ∗∗∗ Web shell on a SonicWall SMA ∗∗∗ --------------------------------------------- Truesec Cybersecurity Incident Response Team (CSIRT) found a compromised SonicWall Secure Mobile Access (SonicWall SMA) device on which a threat actor (TA) had deployed a web shell, a hiding mechanism, and a way to ensure persistence across firmware upgrades. --------------------------------------------- https://www.truesec.com/hub/blog/web-shell-on-a-sonicwall-sma ∗∗∗ A Day In The Life Of A GreyNoise Researcher: The Path To Understanding The Remote Code Execution Vulnerability Apache (CVE-2023-50164) in Apache Struts2 ∗∗∗ --------------------------------------------- This weakness enables attackers to remotely drop and call a web shell through a public interface. --------------------------------------------- https://www.greynoise.io/blog/a-day-in-the-life-of-a-greynoise-researcher-t… ∗∗∗ Responding to CitrixBleed (CVE-2023-4966): Key Takeaways from Affected Companies ∗∗∗ --------------------------------------------- This critical security flaw has had a significant impact across various industries in the United States, including credit unions and healthcare services, marking it as one of the most critical vulnerabilities of 2023. Its relatively straightforward buffer overflow exploitability has raised major concerns. --------------------------------------------- https://blog.morphisec.com/responding-to-citrixbleed ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft: OAuth apps used to automate BEC and cryptomining attacks ∗∗∗ --------------------------------------------- Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-oauth-apps-used-to… ∗∗∗ Final Patch Tuesday of 2023 goes out with a bang ∗∗∗ --------------------------------------------- Microsoft fixed 36 flaws. Adobe addressed 212. Apple, Google, Cisco, VMware and Atlassian joined the party Its the last Patch Tuesday of 2023, which calls for celebration – just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2023/12/13/december_202… ∗∗∗ Patchday Microsoft: Outlook kann sich an Schadcode-E-Mail verschlucken ∗∗∗ --------------------------------------------- Microsoft hat wichtige Sicherheitsupdates für Azure, Defender & Co. veröffentlicht. Bislang soll es keine Attacken geben. --------------------------------------------- https://www.heise.de/news/Patchday-Microsoft-Outlook-kann-sich-an-Schadcode… ∗∗∗ Patchday: Adobe schließt 185 Sicherheitslücken in Experience Manager ∗∗∗ --------------------------------------------- Angreifer können Systeme mit Anwendungen von Adobe ins Visier nehmen. Nun hat der Softwarehersteller Schwachstellen geschlossen. --------------------------------------------- https://www.heise.de/news/Patchday-Adobe-Adobe-schliesst-185-Sicherheitslue… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (debian-security-support and xorg-server), Fedora (java-17-openjdk, libcmis, and libreoffice), Mageia (fish), Red Hat (buildah, containernetworking-plugins, curl, fence-agents, kernel, kpatch-patch, libxml2, pixman, podman, runc, skopeo, and tracker-miners), SUSE (kernel, SUSE Manager 4.3.10 Release Notes, and SUSE Manager Client Tools), and Ubuntu (gnome-control-center, linux-gcp, linux-kvm, linux-gkeop, linux-gkeop-5.15, linux-hwe-6.2, [...] --------------------------------------------- https://lwn.net/Articles/954921/ ∗∗∗ Mal wieder Apache Struts: CVE-2023-50164 ∗∗∗ --------------------------------------------- Wir haben in der Vergangenheit ernsthaft schlechte Erfahrungen mit Schwachstellen in der Apache Struts Library gemacht. Etwa mit CVE-2017-5638 oder CVE-2017-9805. Insbesondere komplexe Webseiten/Portal, oft von größeren Firmen, wurden öfters in Java entwickelt und waren für eine Massenexploitation anfällig. Daher haben wir die Veröffentlichung einer neuen Schwachstelle in Struts CVE-2023-50164 mit dem CVSS Score von 9.8 initial als besorgniserregend eingestuft. --------------------------------------------- https://cert.at/de/aktuelles/2023/12/mal-wieder-apache-struts-cve-2023-50164 ∗∗∗ Apache Struts Vulnerability Affecting Cisco Products: December 2023 ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Atos Unify Security Advisories ∗∗∗ --------------------------------------------- https://unify.com/en/support/security-advisories ∗∗∗ Fortiguard Security Advisories ∗∗∗ --------------------------------------------- https://www.fortiguard.com/psirt ∗∗∗ Technical Advisory – Multiple Vulnerabilities in Nagios XI ∗∗∗ --------------------------------------------- https://research.nccgroup.com/2023/12/13/technical-advisory-multiple-vulner… ∗∗∗ VMSA-2023-0027 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2023-0027.html ∗∗∗ Command injection vulnerability in Bosch IP Cameras ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-638184-bt.html ∗∗∗ Denial of Service vulnerability in Bosch BT software products ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-092656-bt.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.12.2023
by Daily end-of-shift report 12 Dec '23

12 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Montag 11-12-2023 18:00 − Dienstag 12-12-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Counter-Strike 2 HTML injection bug exposes players’ IP addresses ∗∗∗ --------------------------------------------- Valve has reportedly fixed an HTML injection flaw in CS2 that was heavily abused today to inject images into games and obtain other players IP addresses. --------------------------------------------- https://www.bleepingcomputer.com/news/security/counter-strike-2-html-inject… ∗∗∗ New MrAnon Stealer Malware Targeting German Users via Booking-Themed Scam ∗∗∗ --------------------------------------------- A phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures. "This malware is a Python-based information stealer compressed with cx-Freeze to evade detection," Fortinet FortiGuard Labs researcher Cara Lin said. --------------------------------------------- https://thehackernews.com/2023/12/new-mranon-stealer-targeting-german-it.ht… ∗∗∗ Intercepting MFA. Phishing and Adversary in The Middle attacks ∗∗∗ --------------------------------------------- In this post I’ll show you at a high level how attackers carry out such an attack. The main focus here is to understand what artefacts we look for when investigating these types of attacks in a DFIR capacity. I’ll also cover the steps you can take to increase your security to try and stop your team falling foul of them. --------------------------------------------- https://www.pentestpartners.com/security-blog/intercepting-mfa-phishing-and… ∗∗∗ MySQL 5.7 reached EOL. Upgrade to MySQL 8.x today ∗∗∗ --------------------------------------------- In October 2023, MySQL 5.7 reached its end of life. As such, it will no longer be supported and won’t receive security patches or bug fixes anymore. --------------------------------------------- https://mattermost.com/blog/mysql-5-7-reached-eol-upgrade-to-mysql-8-x-toda… ∗∗∗ CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment ∗∗∗ --------------------------------------------- Today, CISA released the draft Secure Cloud Business Applications (SCuBA) Google Workspace (GWS) Secure Configuration Baselines and the associated assessment tool ScubaGoggles for public comment. The draft baselines offer minimum viable security configurations for nine GWS services: Groups for Business, Google Calendar, Google Common Controls, Google Classroom, Google Meet, Gmail, Google Chat, Google Drive and Docs, and Google Sites. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/12/12/cisa-releases-scuba-goog… ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: SAP behandelt mehr als 15 Schwachstellen ∗∗∗ --------------------------------------------- Am Dezember-Patchday hat SAP 15 neue Sicherheitsmitteilungen herausgegeben. Sie thematisieren teils kritische Lücken. --------------------------------------------- https://www.heise.de/-9571722 ∗∗∗ WordPress Elementor: Halbgarer Sicherheitspatch gefährdete Millionen Websites ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für die WordPress-Plug-ins Backup Migration und Elementor. --------------------------------------------- https://www.heise.de/-9571957 ∗∗∗ Sicherheitslücken: Apple-Patches auch für ältere Betriebssysteme – außer iOS 15 ∗∗∗ --------------------------------------------- Parallel zu iOS 17.2 und macOS 14.2 beseitigt der Hersteller auch manche Schwachstellen in früheren Versionen. Für ältere iPhones gibt es kein Update. --------------------------------------------- https://www.heise.de/news/-9572049 ∗∗∗ Xen Security Advisory CVE-2023-46837 / XSA-447 ∗∗∗ --------------------------------------------- A malicious guest may be able to read sensitive data from memory that previously belonged to another guest. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-447.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libreoffice and webkit2gtk), Fedora (java-1.8.0-openjdk and seamonkey), Oracle (apr, edk2, kernel, and squid:4), Red Hat (postgresql:12, tracker-miners, and webkit2gtk3), SUSE (curl, go1.20, go1.21, hplip, openvswitch, opera, squid, and xerces-c), and Ubuntu (binutils, ghostscript, libreoffice, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-xilinx-zynqmp, postfixadmin, python3.11, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/954706/ ∗∗∗ Beckhoff Security Advisory 2023-001: Open redirect in TwinCAT/BSD package “authelia-bhf” ∗∗∗ --------------------------------------------- https://download.beckhoff.com/download/document/product-security/Advisories… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Phoenix Contact: MULTIPROG Engineering tool and ProConOS eCLR SDK prone to CWE-732 ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-051/ ∗∗∗ Phoenix Contact: ProConOS prone to Download of Code Without Integrity Check ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-054/ ∗∗∗ Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-055/ ∗∗∗ Phoenix Contact: PLCnext prone to Incorrect Permission Assignment for Critical Resource ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-056/ ∗∗∗ Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-057/ ∗∗∗ Phoenix Contact: PLCnext Control prone to download of code without integrity check ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-058/ ∗∗∗ Schneider Electric Easy UPS Online Monitoring Software ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icaa-23-346-01 ∗∗∗ F5: K000137871 : Linux kernel vulnerability CVE-2023-35001 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000137871 ∗∗∗ SSA-999588 V1.0: Multiple Vulnerabilities in User Management Component (UMC) before V2.11.2 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-999588.html ∗∗∗ SSA-892915 V1.0: Multiple Denial of Service Vulnerabilities in the Webserver of Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-892915.html ∗∗∗ SSA-887801 V1.0: Information Disclosure Vulnerability in SIMATIC STEP 7 (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-887801.html ∗∗∗ SSA-844582 V1.0: Electromagnetic Fault Injection in LOGO! V8.3 BM Devices Results in Broken LOGO! V8.3 Product CA ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-844582.html ∗∗∗ SSA-693975 V1.0: Denial-of-Service Vulnerability in the Web Server of Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-693975.html ∗∗∗ SSA-592380 V1.0: Denial of Service Vulnerability in SIMATIC S7-1500 CPUs and related products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-592380.html ∗∗∗ SSA-480095 V1.0: Vulnerabilities in the Web Interface of SICAM Q100 Devices before V2.60 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-480095.html ∗∗∗ SSA-398330 V1.0: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-398330.html ∗∗∗ SSA-280603 V1.0: Denial of Service Vulnerability in SINUMERIK ONE and SINUMERIK MC ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-280603.html ∗∗∗ SSA-180704 V1.0: Multiple Vulnerabilities in SCALANCE M-800/S615 Family before V8.0 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-180704.html ∗∗∗ SSA-118850 V1.0: Denial of Service Vulnerability in the OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-118850.html ∗∗∗ SSA-077170 V1.0: Multiple Vulnerabilities in SINEC INS before V1.0 SP2 Update 2 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-077170.html ∗∗∗ SSA-068047 V1.0: Multiple Vulnerabilities in SCALANCE M-800/S615 Family before V7.2.2 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-068047.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.12.2023
by Daily end-of-shift report 11 Dec '23

11 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 07-12-2023 18:00 − Montag 11-12-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ AutoSpill attack steals credentials from Android password managers ∗∗∗ --------------------------------------------- Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. --------------------------------------------- https://www.bleepingcomputer.com/news/security/autospill-attack-steals-cred… ∗∗∗ Over 30% of Log4J apps use a vulnerable version of the library ∗∗∗ --------------------------------------------- Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years. --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-30-percent-of-log4j-app… ∗∗∗ Sicherheitsupdate: WordPress unter bestimmten Bedingungen angreifbar ∗∗∗ --------------------------------------------- In der aktuellen WordPress-Version haben die Entwickler eine Sicherheitslücke geschlossen. --------------------------------------------- https://www.heise.de/-9567923 ∗∗∗ DoS-Schwachstellen: Angreifer können 714 Smartphone-Modelle vom 5G-Netz trennen ∗∗∗ --------------------------------------------- Forscher haben mehrere Schwachstellen in gängigen 5G-Modems offengelegt. Damit können Angreifer vielen Smartphone-Nutzern 5G-Verbindungen verwehren. --------------------------------------------- https://www.golem.de/news/dos-schwachstellen-angreifer-koennen-714-smartpho… ∗∗∗ 40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager ∗∗∗ --------------------------------------------- In today’s post, we’ll take a look at some recent Google Tag Manager containers used in ecommerce malware, examine some newer forms of obfuscation techniques used in the malicious code, and track the evolution of the ATMZOW skimmer linked to widespread Magento website infections since 2015. --------------------------------------------- https://blog.sucuri.net/2023/12/40-new-domains-of-magecart-veteran-atmzow-f… ∗∗∗ Bluetooth-Lücke erlaubt Einschleusen von Tastenanschlägen ∗∗∗ --------------------------------------------- Eine Sicherheitslücke in Bluetooth-Stacks erlaubt Angreifern, Tastenanschläge einzuschmuggeln. Unter Android, iOS, Linux und macOS. --------------------------------------------- https://www.heise.de/-9570583 ∗∗∗ Achtung Fake-Shop: fressnapfs.shop ∗∗∗ --------------------------------------------- Kriminelle schalten auf Facebook und Instagram Werbung für einen betrügerischen Fressnapf-Online-Shop. Der gefälschte Online-Shop sieht dem echten Shop zum Verwechseln ähnlich. Auch die Internetadresse „fressnapfs.shop“ scheint plausibel. Wenn Sie beim Fake-Shop bestellen, verlieren Sie Ihr Geld und erhalten keine Lieferung! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-fake-shop-fressnapfsshop/ ∗∗∗ To tap or not to tap: Are NFC payments safer? ∗∗∗ --------------------------------------------- Contactless payments are quickly becoming ubiquitous – but are they more secure than traditional payment methods? --------------------------------------------- https://www.welivesecurity.com/en/cybersecurity/to-tap-or-not-to-tap-are-nf… ∗∗∗ Kaspersky entdeckt „hochkomplexen“ Proxy-Trojaner für macOS ∗∗∗ --------------------------------------------- Die Malware wird über raubkopierte Software verbreitet. Varianten für Android und Windows sind offenbar auch im Umlauf. --------------------------------------------- https://www.zdnet.de/88413363/kaspersky-entdeckt-hochkomplexen-proxy-trojan… ∗∗∗ Risiko Active Directory-Fehlkonfigurationen; Forest Druid zur Analyse ∗∗∗ --------------------------------------------- Fehlkonfigurationen und Standardeinstellungen des Active Directory können die IT-Sicherheit von Unternehmen gefährden. Bastien Bossiroy von den NVISO Labs hat sich Gedanken um dieses Thema gemacht und bereits Ende Oktober 2023 einen Beitrag zu den häufigsten Fehlkonfigurationen/Standardkonfigurationen des Active Directory, die Unternehmen gefährden, veröffentlicht. Zudem ist mir kürzlich ein Hinweis auf "Forest Druid" untergekommen, ein kostenloses Attack-Path-Management-Tool von Semperis. --------------------------------------------- https://www.borncity.com/blog/2023/12/09/risiko-active-directory-die-hufigs… ∗∗∗ Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang ∗∗∗ --------------------------------------------- Operation Blacksmith involved the exploitation of CVE-2021-44228, also known as Log4Shell, and the use of a previously unknown DLang-based RAT utilizing Telegram as its C2 channel. We’re naming this malware family “NineRAT.” NineRAT was initially built around May 2022 and was first used in this campaign as early as March 2023, almost a year later, against a South American agricultural organization. We then saw NineRAT being used again around September 2023 against a European manufacturing entity. --------------------------------------------- https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/ ∗∗∗ 2023 Review: Reflecting on Cybersecurity Trends ∗∗∗ --------------------------------------------- With the season of ubiquitous year-ahead predictions around the corner, Trend Micro’s Greg Young and William Malik decided to look back at 2023 and see which forecasted cybersecurity trends came to pass and which, um, didn’t. --------------------------------------------- https://www.trendmicro.com/en_us/ciso/23/l/2023-review-reflecting-on-cybers… ∗∗∗ Analyzing AsyncRATs Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases ∗∗∗ --------------------------------------------- This blog entry delves into MxDRs unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications. --------------------------------------------- https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-inje… ===================== = Vulnerabilities = ===================== ∗∗∗ Resolved RCE in Sophos Firewall (CVE-2022-3236) ∗∗∗ --------------------------------------------- The vulnerability was originally fixed in September 2022. In December 2023, we delivered an updated fix after identifying new exploit attempts against this same vulnerability in older, unsupported versions of the Sophos Firewall. No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022. --------------------------------------------- https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce ∗∗∗ Sicherheitslücken: Angreifer können Schadcode auf Qnap NAS schieben ∗∗∗ --------------------------------------------- Netzwerkspeicher von Qnap sind verwundbar. In aktuellen Versionen haben die Entwickler Sicherheitsprobleme gelöst. --------------------------------------------- https://www.heise.de/-9570375 ∗∗∗ New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) ∗∗∗ --------------------------------------------- The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution (CVE-2023-50164). --------------------------------------------- https://www.helpnetsecurity.com/2023/12/08/cve-2023-50164/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (chromium), Mageia (firefox, thunderbird, and vim), SUSE (kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container), and Ubuntu (freerdp2, glibc, and tinyxml). --------------------------------------------- https://lwn.net/Articles/954092/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium), Fedora (bluez, chromium, and curl), Red Hat (apr), Slackware (libxml2), and Ubuntu (squid3 and tar). --------------------------------------------- https://lwn.net/Articles/954449/ ∗∗∗ Edge 120.0.2210.61 mit Sicherheitsfixes und neuer Telemetriefunktion ∗∗∗ --------------------------------------------- Microsoft hat zum 7. Dezember 2023 den Edge 120.0.2210.61 im Stable-Channel veröffentlicht. Diese Version schließt gleich drei Schwachstellen (und zudem Chromium-Sicherheitslücken). Der neue Edge kommt zudem mit neuen Richtlinien. --------------------------------------------- https://www.borncity.com/blog/2023/12/08/edge-120-0-2210-61-mit-sicherheits… ∗∗∗ GarageBand 10.4.9 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT214042 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Frauscher: FDS102 for FAdC/FAdCi remote code execution vulnerability ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-049/ ∗∗∗ Local Privilege Escalation durch MSI installer in PDF24 Creator (geek Software GmbH) ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/local-privilege-escal… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.12.2023
by Daily end-of-shift report 07 Dec '23

07 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-12-2023 18:00 − Donnerstag 07-12-2023 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ CISA and International Partners Release Advisory on [..] Star Blizzard ∗∗∗ --------------------------------------------- The joint CSA aims to raise awareness of the specific tactics, techniques, and delivery methods [..] Known Star Blizzard techniques include: Impersonating known contacts' email accounts, Creating fake social media profiles, Using webmail addresses from providers such as Outlook, Gmail and others, and Creating malicious domains that resemble legitimate organizations. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/12/07/cisa-and-international-p… ∗∗∗ CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps ∗∗∗ --------------------------------------------- The guide strongly encourages executives of software manufacturers to prioritize using memory safe programing languages, write and publish memory safe roadmaps and implement changes to eliminate this class of vulnerability and protect their customers. Software developers and support staff should develop the roadmap, which should detail how the manufacturer will modify their software development life cycle (SDLC) to dramatically reduce and eventually eliminate memory unsafe code in their products. This guidance also provides a clear outline of elements that a memory safe roadmap should include. --------------------------------------------- https://www.cisa.gov/news-events/news/cisa-nsa-fbi-and-international-cybers… ===================== = Vulnerabilities = ===================== ∗∗∗ PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2 ∗∗∗ --------------------------------------------- WordPress 6.4.2 was released today, on December 6, 2023. It includes a patch for a POP chain introduced in version 6.4 that, combined with a separate Object Injection vulnerability, could result in a Critical-Severity vulnerability allowing attackers to execute arbitrary PHP code on the site. We urge all WordPress users to update to 6.4.2 immediately, as this issue could allow full site takeover if another vulnerability is present. --------------------------------------------- https://www.wordfence.com/blog/2023/12/psa-critical-pop-chain-allowing-remo… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (tzdata), Fedora (gmailctl), Oracle (kernel), Red Hat (linux-firmware, postgresql:12, postgresql:13, and squid:4), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, frr, libtorrent-rasterbar, qbittorrent, openssl-3, openvswitch, openvswitch3, and suse-build-key), and Ubuntu (bluez, curl, linux, linux-aws, linux-azure, linux-laptop, linux-lowlatency, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive, linux-gcp, open-vm-tools, postgresql-12, postgresql-14, postgresql-15, and python-cryptography). --------------------------------------------- https://lwn.net/Articles/953977/ ∗∗∗ Kritische Sicherheitslücken in mehreren Produkten von Atlassian - Patches verfügbar ∗∗∗ --------------------------------------------- Mehrere Versionen von Produkten des Unternehmens Atlassian enthalten kritische Sicherheitslücken. Die Ausnutzung der Sicherheitslücken ermöglicht Angreifer:innen die vollständige Übernahme von verwundbaren Systemen, sowie den Zugriff auf alle darauf gespeicherten Daten. CVE-Nummer(n): CVE-2023-22522, CVE-2022-1471 CVSS Base Score: 9.0 bzw. 9.8 --------------------------------------------- https://cert.at/de/warnungen/2023/12/kritische-sicherheitslucken-in-mehrere… ∗∗∗ CISA Releases Five Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- ICSA-23-341-01 Mitsubishi Electric FA Engineering Software Products, ICSA-23-341-02 Schweitzer Engineering Laboratories SEL-411L, ICSA-23-341-03 Johnson Controls Metasys and Facility Explorer, ICSA-23-341-05 ControlbyWeb Relay, ICSA-23-341-06 Sierra Wireless AirLink with ALEOS firmware --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/12/07/cisa-releases-five-indus… ∗∗∗ BIOS Image Parsing Function Vulnerabilities (LogoFAIL) ∗∗∗ --------------------------------------------- Vulnerabilities were reported in the image parsing libraries in AMI, Insyde and Phoenix BIOS which are used to parse personalized boot logos that are loaded from the EFI System Partition that could allow a local attacker with elevated privileges to trigger a denial of service or arbitrary code execution. [..] Update system firmware to the version (or newer) indicated for your model in the Product Impact section. --------------------------------------------- http://support.lenovo.com/product_security/PS500590-BIOS-IMAGE-PARSING-FUNC… ∗∗∗ Drupal: Group - Less critical - Access bypass - SA-CONTRIB-2023-054 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2023-054 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.12.2023
by Daily end-of-shift report 06 Dec '23

06 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Dienstag 05-12-2023 18:00 − Mittwoch 06-12-2023 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Trügerische Sicherheit: Angreifer können Lockdown-Modus von iOS fälschen ∗∗∗ --------------------------------------------- Der Lockdown-Modus von iOS soll iPhone-Besitzer vor Cyberangriffen schützen. Forscher haben gezeigt, wie sich die Funktion fälschen lässt. --------------------------------------------- https://www.golem.de/news/truegerische-sicherheit-angreifer-koennen-lockdow… ∗∗∗ Whose packet is it anyway: a new RFC for attribution of internet probes, (Wed, Dec 6th) ∗∗∗ --------------------------------------------- So far, security analysts and administrators have had to rely mostly on WHOIS, RDAP, reverse DNS lookups and third-party data (e.g., data from ISC/DShield) in order to gain some idea of who might be behind a specific scan and whether it was malicious or not. However, authors of the aforementioned RFC came up with several ideas of how originators of “internet probes” might simplify their own identification. --------------------------------------------- https://isc.sans.edu/diary/rss/30456 ∗∗∗ Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks ∗∗∗ --------------------------------------------- Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under "limited, targeted exploitation" back in October 2023. --------------------------------------------- https://thehackernews.com/2023/12/qualcomm-releases-details-on-chip.html ∗∗∗ Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts ∗∗∗ --------------------------------------------- Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said in a Tuesday analysis. --------------------------------------------- https://thehackernews.com/2023/12/alert-threat-actors-can-leverage-aws.html ∗∗∗ Blind CSS Exfiltration: exfiltrate unknown web pages ∗∗∗ --------------------------------------------- Why would we want to do blind CSS exfiltration? Imagine youve got a blind HTML injection vulnerability but you cant get XSS because of the sites CSP or perhaps the site has a server-side or DOM-based filter such as DOMPurify. JavaScript is off the table but they allow styles because theyre just styles right? What possible damage can you do with just CSS? --------------------------------------------- https://portswigger.net/research/blind-css-exfiltration ∗∗∗ SLAM: Neue Spectre-Variante gefährdet zukünftige CPU-Generationen ∗∗∗ --------------------------------------------- Forscher tricksen das Speichermanagement kommender CPU-Generationen aus, um vermeintlich geschützte Daten aus dem RAM zu lesen. --------------------------------------------- https://www.heise.de/-9549625 ∗∗∗ Windows 10: Security-Updates nach Support-Ende ∗∗∗ --------------------------------------------- Wer Windows 10 länger als bis 2025 betreiben will, muss entweder in die Microsoft-365-Cloud oder für Patches zahlen. --------------------------------------------- https://www.heise.de/-9566262 ∗∗∗ Achtung Betrug: Rechnung vom "Registergericht" ∗∗∗ --------------------------------------------- Aktuell läuft wohl wieder eine Betrugskampagne, in der Brief mit falschen Rechnungen von einem angeblichen "Registergericht" an Firmen geschickt werden. --------------------------------------------- https://www.borncity.com/blog/2023/12/06/achtung-betrug-rechnung-vom-regist… ∗∗∗ CVE-2023-49105, WebDAV Api Authentication Bypass in ownCloud ∗∗∗ --------------------------------------------- While the 10/10 CVE-2023-49103 got all the attention last week, organizations should not quickly overlook CVE-2023-49105! CVE-2023-49105 is an authentication bypass issue affecting ownCloud from version 10.6.0 to version 10.13.0. It allows an attacker to access, modify, or delete any file without authentication if the username is known. Even if the user has no signing key configured, ownCloud accepts pre-signed URLs, enabling the attacker to generate URLs for arbitrary file operations. --------------------------------------------- https://www.greynoise.io/blog/cve-2023-49105-webdav-api-authentication-bypa… ===================== = Vulnerabilities = ===================== ∗∗∗ "Sierra:21" vulnerabilities impact critical infrastructure routers ∗∗∗ --------------------------------------------- A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. [..] AirLink routers are highly regarded in the field of industrial and mission-critical applications due to high-performance 3G/4G/5G and WiFi and multi-network connectivity. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sierra-21-vulnerabilities-im… ∗∗∗ Codeschmuggel in Atlassian-Produkten: Vier kritische Lücken aufgetaucht ∗∗∗ --------------------------------------------- Admins von Confluence, Jira und Bitbucket kommen aus dem Patchen nicht heraus: Erneut hat Atlassian dringende Updates für seine wichtigsten Produkte vorgelegt. --------------------------------------------- https://www.heise.de/-9565780 ∗∗∗ Kiosk Escape Privilege Escalation in One Identity Password Manager Secure Password Extension ∗∗∗ --------------------------------------------- The Password Manager Extension from One Identity can be used to perform two different kiosk escapes on the lock screen of a Windows client. These two escapes allow an attacker to execute commands with the highest permissions of a user with the SYSTEM role. --------------------------------------------- https://sec-consult.com/vulnerability-lab/advisory/kiosk-escape-privilege-e… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (chromium, clevis-pin-tpm2, firefox, keyring-ima-signer, libkrun, perl, perl-PAR-Packer, polymake, poppler, rust-bodhi-cli, rust-coreos-installer, rust-fedora-update-feedback, rust-gst-plugin-reqwest, rust-pore, rust-rpm-sequoia, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sq, rust-sequoia-wot, rust-sevctl, rust-snphost, and rust-tealdeer), Mageia (samba), Red Hat (postgresql:12), SUSE (haproxy and kernel-firmware), and Ubuntu (haproxy, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-lowlatency, linux-oracle, linux-raspi, linux-starfive, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-oem-6.1, and redis). --------------------------------------------- https://lwn.net/Articles/953861/ ∗∗∗ Command Injection via CLI des DrayTek Vigor167 (SYSS-2023-023) ∗∗∗ --------------------------------------------- Die Kommandozeile (Command-Line Interface, CLI) des DrayTek Vigor167 mit der Modemfirmware 5.2.2 erlaubt es angemeldeten Angreifenden, beliebigen Code auf dem Modem auszuführen. Nutzende mit Zugang zur Weboberfläche, aber ohne jegliche Berechtigungen, haben ebenfalls Zugriff auf die CLI und können hierüber das Modem übernehmen. --------------------------------------------- https://www.syss.de/pentest-blog/command-injection-via-cli-des-draytek-vigo… ∗∗∗ Security Advisory - Identity Bypass Vulnerability in Some Huawei Smart Screen Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-ibvishssp… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.12.2023
by Daily end-of-shift report 05 Dec '23

05 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Montag 04-12-2023 18:00 − Dienstag 05-12-2023 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Unpatched Loytec Building Automation Flaws Disclosed 2 Years After Discovery ∗∗∗ --------------------------------------------- Industrial cybersecurity firm TXOne Networks has disclosed the details of 10 unpatched vulnerabilities discovered by its researchers in building automation products made by Austrian company Loytec more than two years ago. --------------------------------------------- https://www.securityweek.com/unpatched-loytec-building-automation-flaws-dis… ∗∗∗ BlueNoroff: new Trojan attacking macOS users ∗∗∗ --------------------------------------------- BlueNoroff has been attacking macOS users with a new loader that delivers unknown malware to the system. --------------------------------------------- https://securelist.com/bluenoroff-new-macos-malware/111290/ ∗∗∗ Zarya Hacktivists: More than just Sharepoint., (Mon, Dec 4th) ∗∗∗ --------------------------------------------- Zarya isn't exactly the type of threat you should be afraid of, but it is sad how these groups can still be effective due to organizations exposing unpatched or badly configured systems to the internet. Most of the attacks sent by Zarya will not succeed even if they hit a vulnerable system. For some added protection, you may consider blocking some of the Aeza network's traffic after ensuring that this network hosts no critical resources you need. Aeza uses ASN 210644. --------------------------------------------- https://isc.sans.edu/diary/rss/30450 ∗∗∗ Warning for iPhone Users: Experts Warn of Sneaky Fake Lockdown Mode Attack ∗∗∗ --------------------------------------------- A new "post-exploitation tampering technique" can be abused by malicious actors to visually deceive a target into believing that their Apple iPhone is running in Lockdown Mode when its actually not and carry out covert attacks. --------------------------------------------- https://thehackernews.com/2023/12/warning-for-iphone-users-experts-warn.html ∗∗∗ Sicherheitslücke in iOS 16 soll angeblich leichteres Auslesen ermöglichen ∗∗∗ --------------------------------------------- In Moskau streiten sich zwei Forensikfirmen wegen gestohlenem Programmcode. Dieser aber offenbart eine mögliche neue Sicherheitslücke im iPhone-Betriebssystem. --------------------------------------------- https://www.heise.de/-9548725 ∗∗∗ OSINT. What can you find from a domain or company name ∗∗∗ --------------------------------------------- To help OPSEC people I thought it might be useful to go over some of the key things that can be found using domain and company names. --------------------------------------------- https://www.pentestpartners.com/security-blog/osint-what-can-you-find-from-… ∗∗∗ Viele Beschwerden zu luckyluna.de ∗∗∗ --------------------------------------------- luckyluna.de bietet handgezeichnete Tierportraits. Sie laden ein Foto Ihres Tieres hoch, es wird gezeichnet und Sie erhalten das Bild entweder digital oder auf einer Leinwand – so zumindest das Versprechen. Verärgerte Kund:innen beschweren sich aber, dass die Bilder nicht handgezeichnet sind, sondern die „handgefertigten Portraits“ nur mit Hilfe eines Bildbearbeitungsprogramms erstellt werden. --------------------------------------------- https://www.watchlist-internet.at/news/viele-beschwerden-zu-luckylunade/ ∗∗∗ Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers ∗∗∗ --------------------------------------------- This CSA provides network defenders with tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and methods to detect and protect against similar exploitation. --------------------------------------------- https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday Android: Android 11, 12, 13 und 14 für Schadcode-Attacken anfällig ∗∗∗ --------------------------------------------- Angreifer können Android-Smartphones und -Tablets verschiedener Hersteller ins Visier nehmen. Für einige Geräte gibt es Sicherheitsupdates. --------------------------------------------- https://www.heise.de/-9548839 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (roundcube), Fedora (java-latest-openjdk), Mageia (libqb), SUSE (python-Django1), and Ubuntu (request-tracker4). --------------------------------------------- https://lwn.net/Articles/953783/ ∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2023-0011 ∗∗∗ --------------------------------------------- Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE identifiers: CVE-2023-42916, CVE-2023-42917. --------------------------------------------- https://webkitgtk.org/security/WSA-2023-0011.html ∗∗∗ Security updates for Ivanti Connect Secure and Ivanti Policy Secure ∗∗∗ --------------------------------------------- We are reporting the Ivanti Connect Secure issues as CVE-2023-39340, CVE-2023-41719 and CVE-2023-41720, and Ivanti Policy Secure issue as CVE-2023-39339. We encourage customers to download the latest releases of ICS and IPS to remediate the issues. --------------------------------------------- https://www.ivanti.com/blog/security-updates-for-ivanti-connect-secure-and-… ∗∗∗ SonicWall SSL-VPN SMA100 Version 10.x Is Affected By Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018 ∗∗∗ Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Packet Validation Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Wago: Vulnerabilities in IEC61850 Server / Telecontrol ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-044/ ∗∗∗ Wago: Vulnerability in Smart Designer Web-Application ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-045/ ∗∗∗ CODESYS: Multiple products affected by WIBU Codemeter vulnerability ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-035/ ∗∗∗ CODESYS: OS Command Injection Vulnerability in multiple CODESYS Control products ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-066/ ∗∗∗ Pilz : WIBU Vulnerabilitiy in multiple Products (Update A) ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-033/ ∗∗∗ Pilz: Electron Vulnerabilities in PASvisu and PMI v8xx ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-059/ ∗∗∗ Pilz: Multiple products prone to libwebp vulnerability ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-048/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-339-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.12.2023
by Daily end-of-shift report 04 Dec '23

04 Dec '23

===================== = End-of-Day report = ===================== Timeframe: Freitag 01-12-2023 18:00 − Montag 04-12-2023 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks ∗∗∗ --------------------------------------------- The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. --------------------------------------------- https://thehackernews.com/2023/12/logofail-uefi-vulnerabilities-expose.html ∗∗∗ New P2PInfect Botnet MIPS Variant Targeting Routers and IoT Devices ∗∗∗ --------------------------------------------- Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect thats capable of targeting routers and IoT devices. --------------------------------------------- https://thehackernews.com/2023/12/new-p2pinfect-botnet-mips-variant.html ∗∗∗ Advisory on IRGC-Affiliated Cyber Actors Exploiting PLCs ∗∗∗ --------------------------------------------- Today, CISA, (FBI), (NSA), (EPA), and (INCD) released a joint Cybersecurity Advisory (CSA) IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors in response to the active exploitation of Unitronics programmable logic controllers (PLCs) in multiple sectors. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/12/01/cisa-and-partners-releas… ∗∗∗ Phishing-Angriffe: Betrüger missbrauchen Hotelbuchungsplattform booking.com ∗∗∗ --------------------------------------------- Mit auf Datendiebstahl spezialisierte Malware griffen Cyberkriminelle zunächst Hotelmitarbeiter an und verschickten dann über Booking betrügerische Mails. --------------------------------------------- https://www.heise.de/-9547507 ∗∗∗ Update your iPhones! Apple fixes two zero-days in iOS ∗∗∗ --------------------------------------------- Apple has released an emergency security update for two zero-day vulnerabilities which may have already been exploited. --------------------------------------------- https://www.malwarebytes.com/blog/news/2023/12/update-your-iphones-apple-fi… ∗∗∗ PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin ∗∗∗ --------------------------------------------- The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Phishing email claims to be from the WordPress team and warns of a Remote Code Execution vulnerability on the user’s site with an identifier of CVE-2023-45124, which is not currently a valid CVE. --------------------------------------------- https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-sca… ∗∗∗ Vorsicht vor gefälschter Microsoft-Sicherheitswarnung ∗∗∗ --------------------------------------------- Beim Surfen im Internet poppt plötzlich eine Sicherheitswarnung auf: „Aus Sicherheitsgründen wurde das Gerät blockiert. Windows-Support Anrufen“. Zusätzlich wird eine Computerstimme abgespielt, die Ihnen erklärt, dass Ihre Kreditkarten- und Facebookdaten sowie persönliche Daten an Hacker weitergegeben werden. Für technische Unterstützung sollen Sie eine Nummer anrufen. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschter-microsoft-… ∗∗∗ Zyxel warnt vor kritischen Sicherheitslücken in NAS-Geräten ∗∗∗ --------------------------------------------- Betreibt jemand ein Zyxel NAS in seiner Umgebung? Der taiwanesische Hersteller hat gerade vor mehreren Schwachstellen in der Firmware dieser Geräte gewarnt. Drei kritische Schwachstellen ermöglichen es einem nicht authentifizierten Angreifer Betriebssystembefehle auf anfälligen NAS-Geräten (Network-Attached Storage) auszuführen. --------------------------------------------- https://www.borncity.com/blog/2023/12/02/zyxel-warnt-vor-kritischen-sicherh… ===================== = Vulnerabilities = ===================== ∗∗∗ SQUID-2023:7 Denial of Service in HTTP Message Processing ∗∗∗ --------------------------------------------- Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing[..] This problem allows a remote attacker to perform Denial of Service when sending easily crafted HTTP Messages. --------------------------------------------- https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9 ∗∗∗ SQUID-2023:8 Denial of Service in Helper Process management ∗∗∗ --------------------------------------------- Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. [..] This problem allows a trusted client or remote server to perform a Denial of Service attack when the Squid proxy is under load. --------------------------------------------- https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27 ∗∗∗ SQUID-2023:9 Denial of Service in HTTP Collapsed Forwarding ∗∗∗ --------------------------------------------- Due to a Use-After-Free bug Squid is vulnerable to a Denial of Service attack against collapsed forwarding [..] This problem allows a remote client to perform Denial of Service attack on demand when Squid is configured with collapsed forwarding. --------------------------------------------- https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5 ∗∗∗ GitLab Security Release: 16.6.1, 16.5.3, 16.4.3 ∗∗∗ --------------------------------------------- These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version. CVE IDs: CVE-2023-6033, CVE-2023-6396, CVE-2023-3949, CVE-2023-5226, CVE-2023-5995, CVE-2023-4912, CVE-2023-4317, CVE-2023-3964, CVE-2023-4658, CVE-2023-3443 --------------------------------------------- https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1… ∗∗∗ Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call ∗∗∗ --------------------------------------------- Sonos Era 100 is a smart speaker released in 2023. A vulnerability exists in the U-Boot component of the firmware which would allow for persistent arbitrary code execution with Linux kernel privileges. This vulnerability could be exploited either by an attacker with physical access to the device, or by obtaining write access to the flash memory through a separate runtime vulnerability. [..] Sonos state an update was released on 2023-11-15 which remediated the issue. --------------------------------------------- https://research.nccgroup.com/2023/12/04/technical-advisory-sonos-era-100-s… ∗∗∗ Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution ∗∗∗ --------------------------------------------- In this blog post, we detailed an Arbitrary File Upload vulnerability within the MW WP Form plugin affecting versions 5.0.1 and earlier. This vulnerability allows unauthenticated threat actors to upload arbitrary files, including PHP backdoors, and execute those files on the server. The vulnerability has been fully addressed in version 5.0.2 of the plugin. [..] CVE ID: CVE-2023-6316 / CVSS Score: 9.8 (Critical) --------------------------------------------- https://www.wordfence.com/blog/2023/12/update-asap-critical-unauthenticated… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (amanda, ncurses, nghttp2, opendkim, rabbitmq-server, and roundcube), Fedora (golang-github-openprinting-ipp-usb, kernel, kernel-headers, kernel-tools, and samba), Mageia (audiofile, galera, libvpx, and virtualbox), Oracle (kernel and postgresql:13), SUSE (openssl-3, optipng, and python-Pillow), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/953702/ ∗∗∗ Ruckus Access Point vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN45891816/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily