Daily

daily@lists.cert.at

1 participants
3156 discussions

Tageszusammenfassung - 03.11.2023
by Daily end-of-shift report 03 Nov '23

03 Nov '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-11-2023 18:00 − Freitag 03-11-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ New macOS KandyKorn malware targets cryptocurrency engineers ∗∗∗ --------------------------------------------- A new macOS malware dubbed KandyKorn has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-macos-kandykorn-malware-… ∗∗∗ Atlassian warns of exploit for Confluence data wiping bug, get patching ∗∗∗ --------------------------------------------- Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. --------------------------------------------- https://www.bleepingcomputer.com/news/security/atlassian-warns-of-exploit-f… ∗∗∗ Spyware Designed for Telegram Mods Also Targets WhatsApp Add-Ons ∗∗∗ --------------------------------------------- Researchers discovered spyware designed to steal from Android devices and from Telegram mods can also reach WhatsApp users. --------------------------------------------- https://www.darkreading.com/dr-global/spyware-designed-for-telegram-mods-al… ∗∗∗ Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments ∗∗∗ --------------------------------------------- The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a "new experimental campaign" designed to breach cloud environments. --------------------------------------------- https://thehackernews.com/2023/11/kinsing-actors-exploit-linux-flaw-to.html ∗∗∗ 48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems ∗∗∗ --------------------------------------------- A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. "These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install," software supply chain security firm Phylum said. --------------------------------------------- https://thehackernews.com/2023/11/48-malicious-npm-packages-found.html ∗∗∗ Prioritising Vulnerabilities Remedial Actions at Scale with EPSS ∗∗∗ --------------------------------------------- In this article, I’m presenting the Exploit Prediction Scoring System and its practical use cases in tandem with Common Vulnerability Scoring System. --------------------------------------------- https://itnext.io/prioritising-vulnerabilities-remedial-actions-at-scale-wi… ∗∗∗ Einstufung von Sicherheitslücken: Der CVSS-4.0-Standard ist da ∗∗∗ --------------------------------------------- Von niedrig bis kritisch: Das Common Vulnerability Scoring System (CVSS) hat einen Versionssprung vollzogen. --------------------------------------------- https://www.heise.de/-9352555 ∗∗∗ Apples "Wo ist": Keylogger-Tastatur nutzt Ortungsnetz zum Passwortversand ∗∗∗ --------------------------------------------- Eigentlich soll es helfen, verlorene Dinge aufzuspüren. Unsere Keylogger-Tastatur nutzt Apples "Wo ist"-Ortungsnetz jedoch zum Ausschleusen von Daten. --------------------------------------------- https://www.heise.de/-9342791 ∗∗∗ Lücke in VMware ONE UEM ermöglicht Login-Klau ∗∗∗ --------------------------------------------- Durch eine unsichere Weiterleitung können Angreifer SAML-Tokens angemeldeter Nutzer klauen und deren Zugänge übernehmen. VMware stellt Updates bereit. --------------------------------------------- https://www.heise.de/-9352599 ∗∗∗ Should you allow your browser to remember your passwords? ∗∗∗ --------------------------------------------- It’s very convenient to store your passwords in your browser. But is it a good idea? --------------------------------------------- https://www.malwarebytes.com/blog/news/2023/11/should-you-allow-your-browse… ∗∗∗ You’d be surprised to know what devices are still using Windows CE ∗∗∗ --------------------------------------------- Windows CE — an operating system that, despite being out for 27 years, never had an official explanation for why it was called “CE” — finally reached its official end-of-life period this week. This was Microsoft’s first operating system for embedded and pocket devices, making an appearance on personal pocket assistants, some of the first BlackBerry-likes, laptops and more during its lifetime. --------------------------------------------- https://blog.talosintelligence.com/threat-source-newsletter-nov-2-2023/ ===================== = Vulnerabilities = ===================== ∗∗∗ QNAP Security Advisories 2023-11-04 ∗∗∗ --------------------------------------------- QNAP released 4 new security advisories (2x Critical, 2x Medium). Music Station, QTS, QuTS hero, QuTScloud, Multimedia Console and Media Streaming add-on. --------------------------------------------- https://www.qnap.com/en-us/security-advisories ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (phppgadmin and vlc), Fedora (attract-mode, chromium, and netconsd), Red Hat (.NET 7.0, c-ares, curl, ghostscript, insights-client, python, squid, and squid:4), SUSE (kernel and roundcubemail), and Ubuntu (libsndfile). --------------------------------------------- https://lwn.net/Articles/950061/ ∗∗∗ Vulnerability in IBM SDK, Java Technology Edition may affect IBM Operations Analytics Predictive Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7066311 ∗∗∗ Multiple security vulnerabilities in Go may affect IBM Robotic Process Automation for Cloud Pak ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7066400 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.11.2023
by Daily end-of-shift report 02 Nov '23

02 Nov '23

===================== = End-of-Day report = ===================== Timeframe: Dienstag 31-10-2023 18:00 − Donnerstag 02-11-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ New CVSS 4.0 vulnerability severity rating standard released ∗∗∗ --------------------------------------------- The Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the previous major version. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-cvss-40-vulnerability-se… ∗∗∗ Nur zwei wurden gepatcht: Schwachstellen in 34 Treibern gefährden Windows-Systeme ∗∗∗ --------------------------------------------- Sicherheitsforscher der VMware Threat Analysis Unit (Tau) haben Schwachstellen in insgesamt 34 verschiedenen Windows-Gerätetreibern identifiziert. Böswillige Akteure können Firmwares gezielt manipulieren und sich auf Zielsystemen höhere Rechte verschaffen. "Alle Treiber geben Nicht-Admin-Benutzern volle Kontrolle über die Geräte", erklären die Forscher in ihrem Bericht. --------------------------------------------- https://www.golem.de/news/nur-zwei-wurden-gepatcht-schwachstellen-in-34-tre… ∗∗∗ Windows 11, version 23H2 security baseline ∗∗∗ --------------------------------------------- This release includes several changes to further assist in the security of enterprise customers. Changes have been made to provide additional protections to the local admin account, Microsoft Defender Antivirus updates, and a new setting in response to an MSRC bulletin. --------------------------------------------- https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows… ∗∗∗ Moderne Telefonbetrüger: Wie Betrüger Geld mit nur einem Telefonanruf stehlen ∗∗∗ --------------------------------------------- In diesem Blogbeitrag wird eine Schwachstelle in einer Bankanwendung beschrieben, die es Angreifern ermöglicht, unbemerkt Geldtransaktionen von bis zu 5.000 € im Namen anderer Benutzer durchzuführen. Darüber hinaus werden weitere mögliche Angriffsszenarien beschrieben, mit denen persönliche Informationen abgegriffen werden können. --------------------------------------------- https://sec-consult.com/de/blog/detail/moderne-telefonbetrueger-wie-betrueg… ∗∗∗ Jetzt patchen! Attacken auf BIG-IP-Appliances beobachtet ∗∗∗ --------------------------------------------- F5 warnt vor Angriffen auf BIG-IP-Appliances. Sicherheitspatches stehen bereit. Eine Lücke gilt als kritisch. --------------------------------------------- https://www.heise.de/-9350108 ∗∗∗ Sicherheitslücken: Angreifer können Cisco-Firewalls manipulieren ∗∗∗ --------------------------------------------- Mehrere Schwachstellen gefährden unter anderem Cisco Firepower und Identity Services Engine. Patches sind verfügbar. --------------------------------------------- https://www.heise.de/-9351087 ∗∗∗ MITRE ATT&CK v14 released ∗∗∗ --------------------------------------------- MITRE has released MITRE ATT&CK v14, the newest iteration of its popular investigation framework / knowledge base of tactics and techniques employed by cyber attackers. MITRE ATT&CK v14 ATT&CK’s goal is to catalog and categorize behaviors of cyber adversaries in real-world attacks. --------------------------------------------- https://www.helpnetsecurity.com/2023/11/02/mitre-attck-v14/ ∗∗∗ Unveiling the Dark Side: A Deep Dive into Active Ransomware Families ∗∗∗ --------------------------------------------- This series will focus on TTP’s deployed by four ransomware families recently observed during NCC Group’s incident response engagements. --------------------------------------------- https://research.nccgroup.com/2023/10/31/unveiling-the-dark-side-a-deep-div… ∗∗∗ Wer hat Mozi getötet? IoT-Zombie-Botnetz wurde endlich zu Grabe tragen ∗∗∗ --------------------------------------------- Wie ESET Research einen Kill-Switch gefunden hat, der dazu benutzt wurde, eines der am weitesten verbreiteten Botnets auszuschalten. --------------------------------------------- https://www.welivesecurity.com/de/eset-research/wer-hat-mozi-getotet-iot-zo… ∗∗∗ Kostenlose Webinar-Reihe „Schutz im Internet“ ∗∗∗ --------------------------------------------- In Kooperation mit der Arbeiterkammer Oberösterreich veranstaltet das ÖIAT (Österreichisches Institut für angewandte Telekommunikation) eine kostenlose Webinar-Reihe zu Themen wie Online-Shopping, Internet-Betrug und Identitätsdiebstahl! --------------------------------------------- https://www.watchlist-internet.at/news/kostenlose-webinar-reihe-schutz-im-i… ∗∗∗ Drupal 9 is end of life - PSA-2023-11-01 ∗∗∗ --------------------------------------------- Drupal 9 relies on several other software projects, including Symfony, CKEditor, and Twig. With Symfony 4's end of life, CKEditor 4's end of life, and Twig 2's end of life all coming up soon, Drupal 9 went end of life on November 1st, 2023. There will be no further releases of Drupal 9. --------------------------------------------- https://www.drupal.org/psa-2023-11-01 ∗∗∗ Warning Against Infostealer Infections Upon Executing Legitimate EXE Files (DLL Hijacking) ∗∗∗ --------------------------------------------- Caution is advised as an Infostealer that prompts the execution of legitimate EXE files is actively being distributed. The threat actor is distributing a legitimate EXE file with a valid signature and a malicious DLL compressed in the same directory. The EXE file itself is legitimate, but when executed in the same directory as the malicious DLL, it automatically runs that malicious DLL. This technique is called DLL hijacking and is often used in the distribution of malware. --------------------------------------------- https://asec.ahnlab.com/en/58319/ ∗∗∗ Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox” ∗∗∗ --------------------------------------------- Where there is a potential for profit there are also people trying to scam others. “Roblox” users can be targeted by scammers (known as “beamers” by “Roblox” players) who attempt to steal valuable items or Robux from other players. This can sometimes be made easier for the scammers because of “Roblox's” young user base. Nearly half of the game’s 65 million users are under the age of 13 who may not be as adept at spotting scams. --------------------------------------------- https://blog.talosintelligence.com/roblox-scam-overview/ ∗∗∗ Suspected Exploitation of Apache ActiveMQ CVE-2023-46604 ∗∗∗ --------------------------------------------- Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer environments. In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations. Based on the ransom note and available evidence, we attribute the activity to the HelloKitty ransomware family, whose source code was leaked on a forum in early October. Rapid7 observed similar indicators of compromise across the affected customer environments, both of which were running outdated versions of Apache ActiveMQ. --------------------------------------------- https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-a… ===================== = Vulnerabilities = ===================== ∗∗∗ Unpatched Powerful SSRF in Exchange OWA – Getting Response Through Attachments ∗∗∗ --------------------------------------------- As the attacker can abuse this SSRF to retrieve the content of the response, I thought it was a good finding. However, Microsoft did not agree [...] In short: this may get fixed or it may not. If they decide to fix it, the patch may appear in 1 year or in 3 years. In general, we know nothing. Accordingly, we informed Microsoft of our intention to publish this vulnerability as a 0-day advisory and a blog post. As we consider this issue potentially dangerous, we want organizations to be aware of the threat. For this reason, we are providing a PoC HTTP Request to be used for filtering and/or monitoring. --------------------------------------------- https://www.thezdi.com/blog/2023/11/1/unpatched-powerful-ssrf-in-exchange-o… ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- Cisco has released 24 new and 4 updated Security Advisories (2x Critical, 11x High, 15x Medium) --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/Search.x?publicationTypeIDs… ∗∗∗ Critical PHPFox RCE Vulnerability Risked Social Networks ∗∗∗ --------------------------------------------- Heads up, phpFox users! A critical remote code execution vulnerability existed in the phpFox service that allowed community takeovers [...] The researcher urged all phpFox users to update to the latest phpFox release (version 4.8.14 or later) to receive the security fix. --------------------------------------------- https://latesthackingnews.com/2023/10/30/critical-phpfox-rce-vulnerability-… ∗∗∗ Webbrowser: Google Chrome bessert 15 Schwachstellen aus und kann HTTPS-Upgrades ∗∗∗ --------------------------------------------- Google hat den Webbrowser Chrome in Version 119 veröffentlicht. Sie schließt 15 Sicherheitslücken und etabliert den HTTPS-Upgrade-Mechanismus. --------------------------------------------- https://www.heise.de/-9349956 ∗∗∗ Sicherheitsupdates Nvidia: GeForce-Treiberlücken gefährden PCs ∗∗∗ --------------------------------------------- Nvidias Entwickler haben im Grafikkartentreiber und der VGPU-Software mehrere Sicherheitslücken geschlossen. --------------------------------------------- https://www.heise.de/-9351600 ∗∗∗ Solarwinds Platform 2023.4 schließt Codeschmuggel-Lücken ∗∗∗ --------------------------------------------- Solarwinds hat das Platform-Update auf Version 2023.4 veröffentlicht. Neben diversen Fehlerkorrekturen schließt es auch Sicherheitslücken. --------------------------------------------- https://www.heise.de/-9351584 ∗∗∗ VMSA-2023-0025 ∗∗∗ --------------------------------------------- An open redirect vulnerability in VMware Workspace ONE UEM console was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products. (CVE-2023-20886) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2023-0025.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (h2o, open-vm-tools, pmix, and zookeeper), Gentoo (GitPython), Oracle (firefox, java-11-openjdk, java-17-openjdk, libguestfs-winsupport, nginx:1.22, and thunderbird), Red Hat (samba), SUSE (container-suseconnect, libsndfile, and slurm), and Ubuntu (krb5, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive, linux-laptop, linux-nvidia-6.2, linux-oem-6.1, linux-raspi, open-vm-tools, and xorg-server). --------------------------------------------- https://lwn.net/Articles/949612/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Gentoo (Netatalk), Oracle (firefox), Red Hat (.NET 6.0, .NET 6.0, .NET 7.0, binutils, and qemu-kvm), SUSE (gcc13, tomcat, and xorg-x11-server), and Ubuntu (axis, libvpx, linux-starfive, thunderbird, and xrdp). --------------------------------------------- https://lwn.net/Articles/949820/ ∗∗∗ [R1] Nessus Version 10.5.6 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2023-36 ∗∗∗ [R1] Nessus Agent Version 10.4.3 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2023-38 ∗∗∗ [R1] Nessus Version 10.6.2 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2023-37 ∗∗∗ Drupal: Paragraphs admin - Moderately critical - - SA-CONTRIB-2023-049 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2023-049 ∗∗∗ Open Exchange: 2023-08-01: OXAS-ADV-2023-0004 ∗∗∗ --------------------------------------------- https://documentation.open-xchange.com/security/advisories/txt/oxas-adv-202… ∗∗∗ IBM Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Weintek EasyBuilder Pro ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-05 ∗∗∗ Schneider Electric SpaceLogic C-Bus Toolkit ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-06 ∗∗∗ Franklin Fueling System TS-550 ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04 ∗∗∗ Red Lion Crimson ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01 ∗∗∗ Mitsubishi Electric MELSEC iQ-F Series CPU Module ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-02 ∗∗∗ Mitsubishi Electric MELSEC Series ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-03 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.10.2023
by Daily end-of-shift report 31 Oct '23

31 Oct '23

===================== = End-of-Day report = ===================== Timeframe: Montag 30-10-2023 18:00 − Dienstag 31-10-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ CVE-2023-4966 in Citrix NetScaler ADC und NetScaler Gateway wurde bereits als 0-day ausgenutzt ∗∗∗ --------------------------------------------- Uns wurde inzwischen von drei Organisationen in Österreich berichtet, dass Angreifer aufgrund der Sicherheitslücke im Citrix Server in ihren Systemen aktiv geworden sind, bevor Patches von Citrix verfügbar waren. Es wurden Befehle zur Erkundung des Systems und erste Schritte in Richtung lateral Movement beobachtet. Wir gehen inzwischen von einer weitläufigen Ausnutzung dieses 0-days aus. --------------------------------------------- https://cert.at/de/aktuelles/2023/10/cve-2023-4966-0day ∗∗∗ Exploit für Cisco IOS XE veröffentlicht, Infektionszahlen weiter hoch ∗∗∗ --------------------------------------------- Sicherheitsforscher haben den Exploit für Cisco IOS XE untersucht und seinen simplen Trick aufgedeckt. Hunderte Geräte mit Hintertür sind noch online. --------------------------------------------- https://www.heise.de/-9349296 ∗∗∗ Multiple Layers of Anti-Sandboxing Techniques, (Tue, Oct 31st) ∗∗∗ --------------------------------------------- It has been a while that I did not find an interesting malicious Python script. All the scripts that I recently spotted were always the same: a classic intostealer using Discord as C2 channel. Today I found one that contains a lot of anti-sanboxing techniques. Let's review them. For malware, it's key to detect the environment where they are executed. When detonated inside a sandbox (automatically or, manually, by an Analyst), they will be able to change their behaviour (most likely, do nothing). --------------------------------------------- https://isc.sans.edu/diary/rss/30362 ∗∗∗ Malicious NuGet Packages Caught Distributing SeroXen RAT Malware ∗∗∗ --------------------------------------------- Cybersecurity researchers have uncovered a new set of malicious packages published to the NuGet package manager using a lesser-known method for malware deployment. --------------------------------------------- https://thehackernews.com/2023/10/malicious-nuget-packages-caught.html ∗∗∗ LDAP authentication in Active Directory environments ∗∗∗ --------------------------------------------- Understanding the different types of LDAP authentication methods is fundamental to apprehend subjects such as relay attacks or countermeasures. This post introduces them through the lens of Python libraries. --------------------------------------------- https://offsec.almond.consulting/ldap-authentication-in-active-directory-en… ∗∗∗ Programmiersprache: End of Life für PHP 8.0 und Neues für PHP 8.3 ∗∗∗ --------------------------------------------- Die kommende Version 8.3 der Programmiersprache PHP hält einige Neuerungen bereit, und PHP 8.0 nähert sich dem Supportende. --------------------------------------------- https://www.heise.de/-9348772 ∗∗∗ Verkaufen auf etsy: Vorsicht vor betrügerischen Anfragen ∗∗∗ --------------------------------------------- Auf allen gängigen Verkaufsplattformen tummeln sich Kriminelle. Sie nehmen vor allem neue Nutzer:innen ins Visier, die die Abläufe noch nicht kennen. Wir zeigen Ihnen, wie Sie betrügerische Anfragen erkennen und sicher verkaufen! --------------------------------------------- https://www.watchlist-internet.at/news/verkaufen-auf-etsy-vorsicht-vor-betr… ∗∗∗ Lateral Movement: Abuse the Power of DCOM Excel Application ∗∗∗ --------------------------------------------- In this post, we will talk about an interesting lateral movement technique called ActivateMicrosoftApp() method within the distributed component object model (DCOM) Excel application. This technique is built upon Matt Nelson’s initial research on “Lateral Movement using Excel.Application and DCOM”. --------------------------------------------- https://posts.specterops.io/lateral-movement-abuse-the-power-of-dcom-excel-… ∗∗∗ Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla) ∗∗∗ --------------------------------------------- While tracking the evolution of Pensive Ursa (aka Turla, Uroburos), Unit 42 researchers came across a new, upgraded variant of Kazuar. Not only is Kazuar another name for the enormous and dangerous cassowary bird, Kazuar is an advanced and stealthy .NET backdoor that Pensive Ursa usually uses as a second stage payload. --------------------------------------------- https://unit42.paloaltonetworks.com/pensive-ursa-uses-upgraded-kazuar-backd… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Sicherheitslücke in Confluence Data Center und Confluence Server ∗∗∗ --------------------------------------------- In allen Versionen von Confluence Data Center und Confluence Server existiert eine kritische Sicherheitslücke (CVE-2023-22518 CVSS: 9.1). Das Ausnutzen der Sicherheitslücke auf betroffenen Geräten ermöglicht nicht authentifizierten Angreifern den Zugriff auf interne Daten des Systems. Obwohl Atlassian bislang keine Informationen zur aktiven Ausnutzung der Lücke hat, wird das zeitnahe Einspielen der verfügbaren Patches empfohlen. --------------------------------------------- https://cert.at/de/warnungen/2023/10/confluence-cve-2023-22518 ∗∗∗ RCE exploit for Wyze Cam v3 publicly released, patch now ∗∗∗ --------------------------------------------- A security researcher has published a proof-of-concept (PoC) exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices [...] Wyze released firmware update version 4.36.11.7071, which addresses the identified issues, on October 22, 2023, so users are recommended to apply the security update as soon as possible. --------------------------------------------- https://www.bleepingcomputer.com/news/security/rce-exploit-for-wyze-cam-v3-… ∗∗∗ Unpatched NGINX ingress controller bugs can be abused to steal Kubernetes cluster secrets ∗∗∗ --------------------------------------------- Three unpatched high-severity bugs in the NGINX ingress controller can be abused by miscreants to steal credentials and other secrets from Kubernetes clusters. The vulnerabilities, tracked as CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886, were disclosed on October 27, and are listed as currently awaiting triage. It's unclear if any of the flaws have been exploited. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2023/10/30/unpatched_ng… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jetty9, node-browserify-sign, request-tracker4, and request-tracker5), Fedora (golang-github-altree-bigfloat, golang-github-seancfoley-bintree, golang-github-seancfoley-ipaddress, kitty, slurm, and thunderbird), Gentoo (ConnMan, libxslt, and Salt), Mageia (chromium-browser-stable), Red Hat (firefox, libguestfs-winsupport, and thunderbird), SUSE (clamav, gcc13, gstreamer-plugins-bad, icu73_2, java-17-openjdk, nodejs10, poppler, python-Werkzeug, redis, thunderbird, webkit2gtk3, xorg-x11-server, and xwayland), and Ubuntu (kernel, linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-iot, linux-raspi, linux-raspi-5.4, and mysql-8.0). --------------------------------------------- https://lwn.net/Articles/949391/ ∗∗∗ FujiFilm printer credentials encryption issue fixed ∗∗∗ --------------------------------------------- Many multi-function printers made by FujiFilm Business Innovation Corporation (Fujifilm) which includes Apeos, ApeosPro, PrimeLink and RevoriaPress brands as well as Xerox Corporation (Xerox) which includes VersaLink, PrimeLink, and WorkCentre brands, allow administrators to store credentials on them to allow users to upload scans and other files to FTP and SMB file servers. With the default configuration of these printers, it’s possible to retrieve these credentials in an encrypted format without authenticating to the printer. A vulnerability in the encryption process of these credentials means that you can decrypt them with responses from the web interface. This has been given the ID CVE-2023-46327. --------------------------------------------- https://www.pentestpartners.com/security-blog/fujifilm-printer-credentials-… ∗∗∗ [R1] Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.0.0, 6.1.0, 6.1.1, and 6.2.0: SC-202310.1 ∗∗∗ --------------------------------------------- TNS-2023-35 / Critical 9.8 / 8.8 (CVE-2023-38545), 3.7 / 3.4 (CVE-2023-38546) --------------------------------------------- https://www.tenable.com/security/tns-2023-35 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ INEA ME RTU ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02 ∗∗∗ Zavio IP Camera ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03 ∗∗∗ Sonicwall: TunnelCrack Vulnerabilities ∗∗∗ --------------------------------------------- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.10.2023
by Daily end-of-shift report 30 Oct '23

30 Oct '23

===================== = End-of-Day report = ===================== Timeframe: Freitag 27-10-2023 18:00 − Montag 30-10-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Flying under the Radar: The Privacy Impact of multicast DNS, (Mon, Oct 30th) ∗∗∗ --------------------------------------------- The recent patch to iOS/macOS for CVE-2023-42846 made me think it is probably time to write up a reminder about the privacy impact of UPNP and multicast DNS. This is not a new issue, but it appears to have been forgotten a bit [vuln]. In particular, Apple devices are well-known for their verbose multicast DNS messages. --------------------------------------------- https://isc.sans.edu/diary/rss/30358 ∗∗∗ Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware ∗∗∗ --------------------------------------------- A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE. --------------------------------------------- https://thehackernews.com/2023/10/hackers-using-msix-app-packages-to.html ∗∗∗ Turning a boring file move into a privilege escalation on Mac ∗∗∗ --------------------------------------------- Hopefully other people find this trick useful, beyond just Parallels. You can find the code for this exploit on my GitHub [...] 2023-07-06 - fix released in version 18.3.2. --------------------------------------------- https://pwn.win/2023/10/28/file-move-privesc-mac.html ∗∗∗ citrix-logchecker - Parse citrix netscaler logs to check for signs of CVE-2023-4966 exploitation ∗∗∗ --------------------------------------------- CERT.at stellt via Github ein Skript zur Verfügung, welches genutzt werden kann, um Citrix-Logs nach potenziell übernommenen Sessions zu durchsuchen. Sollten auffällige Sessions gefunden werden, wird eine tiefergehende Analyse empfohlen. --------------------------------------------- https://github.com/certat/citrix-logchecker ∗∗∗ NATO und Behörden von kritischer Lücke in Lernplattform ILIAS betroffen ∗∗∗ --------------------------------------------- Gleich drei Sicherheitslücken in der Open-Source-Lernplattform ILIAS erlauben Codeschmuggel. Der Hersteller stellt eine aktualisierte Version bereit. --------------------------------------------- https://www.heise.de/-9344057.html ∗∗∗ Forscher: Sicherheitslücken beim Roaming bleiben auch bei 5G eine große Gefahr ∗∗∗ --------------------------------------------- Mobilfunker und Regulierer unternehmen laut einem Bericht des Citizen Lab zu wenig, um Sicherheitsschwächen der Roaming- und Abrechnungsprotokolle auszumerzen. --------------------------------------------- https://www.heise.de/-9347577.html ∗∗∗ F5 fixes critical BIG-IP vulnerability, PoC is public (CVE-2023-46747) ∗∗∗ --------------------------------------------- F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability (CVE-2023-46747) that could lead to unauthenticated remote code execution (RCE). About CVE-2023-46747 Discovered and reported by Thomas Hendrickson and Michael Weber of Praetorian Security, CVE-2023-46747 is a request smuggling bug in the Apache JServ Protocol (AJP) used by the vulnerable devices. [...] Praetorian has updated their blog post to include all the technical details, since Project Discovery has created a Nuclei template with the full CVE-2023-46747 attack chain. --------------------------------------------- https://www.helpnetsecurity.com/2023/10/30/cve-2023-46747/ ∗∗∗ Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack ∗∗∗ --------------------------------------------- Researchers document the Wiki-Slack attack, a new technique that uses modified Wikipedia pages to target end users on Slack. --------------------------------------------- https://www.securityweek.com/attackers-can-use-modified-wikipedia-pages-to-… ∗∗∗ Vorsicht vor Fake-Shops mit günstigen Lebensmitteln ∗∗∗ --------------------------------------------- Mittlerweile können Sie auch Lebensmittel online bestellen. Bedenken Sie aber: Auch hier gibt es betrügerische Angebote. Kriminelle bieten stark vergünstigte Lebensmittel in Fake-Shops wie leckerwurzede.com an. Wenn Sie dort bestellen, verlieren Sie Ihr Geld! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-fake-shops-mit-guenstig… ∗∗∗ CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys ∗∗∗ --------------------------------------------- We analyze an attack path starting with GitHub IAM exposure and leading to creation of AWS Elastic Compute instances — which TAs used to perform cryptojacking. --------------------------------------------- https://unit42.paloaltonetworks.com/malicious-operations-of-exposed-iam-key… ∗∗∗ NetSupport Intrusion Results in Domain Compromise ∗∗∗ --------------------------------------------- NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report on a NetSupport RAT intrusion, but malicious use of this tool dates back to at least 2016. During this report, we will analyze a case from January 2023 where a NetSupport RAT was utilized to infiltrate a network. The RAT was then used for persistence and command & control, resulting in a full domain compromise. --------------------------------------------- https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain… ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature ∗∗∗ --------------------------------------------- Version 2.4: Updated summary to indicate additional fixed releases and updated fixed release table. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (distro-info, distro-info-data, gst-plugins-bad1.0, node-browserify-sign, nss, openjdk-11, and thunderbird), Fedora (chromium, curl, nghttp2, and xorg-x11-server-Xwayland), Gentoo (Dovecot, Rack, rxvt-unicode, and UnZip), Mageia (apache, bind, and vim), Red Hat (varnish:6), SUSE (nodejs12, opera, python-bugzilla, python-Django, and vorbis-tools), and Ubuntu (exim4, firefox, nodejs, and slurm-llnl, slurm-wlm). --------------------------------------------- https://lwn.net/Articles/949238/ ∗∗∗ Mattermost security updates 9.1.1 / 9.0.2 / 8.1.4 (ESR) / 7.8.13 (ESR) released ∗∗∗ --------------------------------------------- We’re informing you about a Mattermost security update, which addresses low- to medium-level severity vulnerabilities. We highly recommend that you apply the update. The security update is available for Mattermost dot releases 9.1.1, 9.0.2, 8.1.4 (Extended Support Release), and 7.8.13 (Extended Support Release), for both Team Edition and Enterprise Edition. --------------------------------------------- https://mattermost.com/blog/mattermost-security-updates-9-1-1-9-0-2-8-1-4-e… ∗∗∗ Inkdrop vulnerable to code injection ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN48057522/ ∗∗∗ 2023-10-30: Cyber Security Advisory - ABB COM600 CODESYS Vulnerabilities ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2NGA001822&Language… ∗∗∗ Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7061278 ∗∗∗ IBM i is vulnerable to a local privilege escalation due to flaws in Management Central (CVE-2023-40685, CVE-2023-40686). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7060686 ∗∗∗ Due to use of Java 8.0.7.11 version, InfoSphere Data Replication is vulnerable to crypto attacks. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7061888 ∗∗∗ IBM Storage Ceph is vulnerable to a stack overflow attack in Golang (CVE-2022-24675) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7061939 ∗∗∗ Multiple vulnerabilities exist in the IBM SDK, Java Technology Edition affect IBM Tivoli Network Manager. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7062331 ∗∗∗ A vulnerability exists in the IBM SDK, Java Technology Edition affecting IBM Tivoli Network Manager (CVE-2023-22045, CVE-2023-22049). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7062330 ∗∗∗ IBM Automation Decision Services October 2023 - Multiple CVEs addressed ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7062348 ∗∗∗ Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to code injection and privilege escalation due to multiple vulnerabilities in Go ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7062415 ∗∗∗ Due to the use of OpenSSL IBM Tivoli Netcool System Service Monitors/Application Service Monitors is vulnerable to a denial of service and security bypass restrictions. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7062426 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.10.2023
by Daily end-of-shift report 27 Oct '23

27 Oct '23

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 25-10-2023 18:00 − Freitag 27-10-2023 18:00 Handler: Stephan Richter Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ StripedFly malware framework infects 1 million Windows, Linux hosts ∗∗∗ --------------------------------------------- A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time. --------------------------------------------- https://www.bleepingcomputer.com/news/security/stripedfly-malware-framework… ∗∗∗ How to catch a wild triangle ∗∗∗ --------------------------------------------- How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules. --------------------------------------------- https://securelist.com/operation-triangulation-catching-wild-triangle/11091… ∗∗∗ Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction ∗∗∗ --------------------------------------------- Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the globe with the goal of financial extortion. With their extensive range of tactics, techniques, and procedures (TTPs), the threat actor, from our perspective, is one of the most dangerous financial criminal groups. --------------------------------------------- https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-cross… ∗∗∗ iLeakage: Safari unzureichend vor Spectre-Seitenkanalangriff geschützt ∗∗∗ --------------------------------------------- Sicherheitsforscher sagen, dass Apples Browser nicht ausreichend vor CPU-Seitenkanalangriffen schützt. Angreifer können Daten lesen. Es gibt Schutzmaßnahmen. --------------------------------------------- https://www.heise.de/-9344659 ∗∗∗ CISA, HHS Release Cybersecurity Healthcare Toolkit ∗∗∗ --------------------------------------------- CISA and the HHS have released resources for healthcare and public health organizations to improve their security. --------------------------------------------- https://www.securityweek.com/cisa-hhs-release-cybersecurity-healthcare-tool… ∗∗∗ CVE-2023–4632: Local Privilege Escalation in Lenovo System Updater ∗∗∗ --------------------------------------------- The Lenovo System Update application is designed to allow non-administrators to check for and apply updates to their workstation. During the process of checking for updates, the privileged Lenovo Update application attempts to utilize C:\SSClientCommon\HelloLevel_9_58_00.xml, which doesn’t exist on the filesystem [...] This vulnerability has been fixed in the latest version of the Lenovo System Updater application. --------------------------------------------- https://posts.specterops.io/cve-2023-4632-local-privilege-escalation-in-len… ∗∗∗ ESET APT Activity Report Q2–Q3 2023 ∗∗∗ --------------------------------------------- An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 and Q3 2023 --------------------------------------------- https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2… ∗∗∗ Most common Active Directory misconfigurations and default settings that put your organization at risk ∗∗∗ --------------------------------------------- Introduction In this blog post, we will go over the most recurring (and critical) findings that we discovered when auditing the Active Directory environment of different companies, explain why these configurations can be dangerous, how they can be abused by attackers and how they can be mitigated or remediated. --------------------------------------------- https://blog.nviso.eu/2023/10/26/most-common-active-directory-misconfigurat… ∗∗∗ CVE-2023-4966 Helps Usher In A Baker’s Dozen Of Citrix Tags To Further Help Organizations Mitigate Harm ∗∗∗ --------------------------------------------- Citrixs NetScaler ADC and NetScaler Gateway have, once more, been found to have multiple vulnerabilities, tracked as CVE-2023-4966 and CVE-2023-4967 [...] As of this post’s publish time, GreyNoise has observed just under seventy IP addresses attempting to exploit this vulnerability. --------------------------------------------- https://www.greynoise.io/blog/cve-2023-4966-helps-usher-in-a-bakers-dozen-o… ∗∗∗ CISA Announces Launch of Logging Made Easy ∗∗∗ --------------------------------------------- Today, CISA announces the launch of a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/10/27/cisa-announces-launch-lo… ∗∗∗ Rhysida Ransomware Technical Analysis ∗∗∗ --------------------------------------------- Technical analysis of Rhysida Ransomware family that emerged in the Q2 of 2023 --------------------------------------------- https://decoded.avast.io/threatresearch/rhysida-ransomware-technical-analys… ===================== = Vulnerabilities = ===================== ∗∗∗ CISA Releases Nine Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- ICSA-23-299-01 Dingtian DT-R002 ICSA-23-299-02 Centralite Pearl Thermostat ICSA-23-299-03 Ashlar-Vellum Cobalt, Graphite, Xenon, Argon, Lithium ICSA-23-299-04 Rockwell Automation Arena ICSA-23-299-05 Rockwell Automation FactoryTalk View Site Edition ICSA-23-299-06 Rockwell Automation FactoryTalk Services Platform ICSA-23-299-07 Sielco PolyEco FM Transmitter ICSA-23-299-08 Sielco Radio Link and Analog FM Transmitters ICSMA-23-194-01 BD Alaris System with Guardrails Suite MX (Update A) --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/10/26/cisa-releases-nine-indus… ∗∗∗ Cisco Update: HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023 ∗∗∗ --------------------------------------------- Version 1.5: Updated the lists of vulnerable products and products confirmed not vulnerable. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Update: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature ∗∗∗ --------------------------------------------- Version 2.3: Updated summary to indicate additional fixed releases. Updated fixed release table and SMU table. Updated recommendations to add link to technical FAQ. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Juniper Update: 2023-10 Security Bulletin: Junos OS: jkdsd crash due to multiple telemetry requests (CVE-2023-44188) ∗∗∗ --------------------------------------------- 2023-10-25: Added note that SRX Series devices are not vulnerable to this issue --------------------------------------------- https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos… ∗∗∗ HPE Aruba Networking Product Security Advisory ∗∗∗ --------------------------------------------- HPE Aruba Networking has released updates to ClearPass Policy Manager that address multiple security vulnerabilities. --------------------------------------------- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt ∗∗∗ Sicherheitsupdates: Jenkins-Plug-ins als Einfallstor für Angreifer ∗∗∗ --------------------------------------------- Jenkins kann bei der Softwareentwicklung helfen. Einige Plug-ins weisen Sicherheitslücken auf. Ein paar Updates stehen noch aus. --------------------------------------------- https://www.heise.de/-9344802 ∗∗∗ Sicherheitslücken im X.Org X-Server und Xwayland erlauben Rechteausweitung ∗∗∗ --------------------------------------------- Aktualisierte Fassung des X.Org X-Servers und von Xwayland schließen Sicherheitslücken. Die erlauben die Rechteausweitung oder einen Denial-of-Service. --------------------------------------------- https://www.heise.de/-9345096 ∗∗∗ Rechteausweitung durch Lücke in HP Print and Scan Doctor ∗∗∗ --------------------------------------------- Aktualisierte Software korrigiert einen Fehler im Support-Tool HP Print and Scan Doctor, der die Ausweitung der Rechte im System ermöglicht. --------------------------------------------- https://www.heise.de/-9345192 ∗∗∗ Konfigurationsprogramm von BIG-IP-Appliances als Sprungbrett für Angreifer ∗∗∗ --------------------------------------------- F5 hat wichtige Sicherheitsupdates für BIG-IP-Produkte veröffentlicht. Angreifer können Geräte kompromittieren. --------------------------------------------- https://www.heise.de/-9346460 ∗∗∗ Lücken in Nessus Network Monitor ermöglichen Rechteerhöhung ∗∗∗ --------------------------------------------- Eine neue Version vom Nessus Network Monitor schließt Sicherheitslücken, durch die Angreifer etwa ihre Rechte erhöhen können. --------------------------------------------- https://www.heise.de/news/-9346392 ∗∗∗ VMWare Tools: Schwachstellen erlauben Rechteausweitung ∗∗∗ --------------------------------------------- Die VMware Tools unter Linux, Windows und macOS erlauben Angreifern unter bestimmten Umständen, unbefugt Kommandos abzusetzen. Noch sind nicht alle Updates da. --------------------------------------------- https://www.heise.de/-9346863 ∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (October 16, 2023 to October 22, 2023) ∗∗∗ --------------------------------------------- Last week, there were 109 vulnerabilities disclosed in 95 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39 Vulnerability Researchers that contributed to WordPress Security last week. --------------------------------------------- https://www.wordfence.com/blog/2023/10/wordfence-intelligence-weekly-wordpr… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr and xorg-server), Fedora (firefox, mbedtls, nodejs18, nodejs20, and xen), Gentoo (libinput, unifi, and USBView), Mageia (python-nltk), Oracle (linux-firmware), Red Hat (nginx:1.22), SUSE (chromium, firefox, java-11-openjdk, jetty-minimal, nghttp2, nodejs18, webkit2gtk3, and zlib), and Ubuntu (linux, linux-lowlatency, linux-oracle-5.15, vim, and xorg-server, xwayland). --------------------------------------------- https://lwn.net/Articles/948930/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium and firefox-esr), Fedora (firefox, redis, samba, and xen), Oracle (python39:3.9, python39-devel:3.9), Slackware (mozilla and xorg), and SUSE (libnbd, open-vm-tools, python, sox, vorbis-tools, and zchunk). --------------------------------------------- https://lwn.net/Articles/949057/ ∗∗∗ Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data ∗∗∗ --------------------------------------------- Mirth Connect versions prior to 4.4.1 are vulnerable to CVE-2023-43208, a bypass for an RCE vulnerability. --------------------------------------------- https://www.securityweek.com/critical-mirth-connect-vulnerability-could-exp… ∗∗∗ Apple Releases Security Advisories for Multiple Products ∗∗∗ --------------------------------------------- Apple has released security updates to address vulnerabilities in multiple products. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/10/26/apple-releases-security-… ∗∗∗ Schwachstelle CVE-2023-5363 in OpenSSL ∗∗∗ --------------------------------------------- In der Software OpenSSL wurde eine Schwachstelle CVE-2023-5363 gefunden. Die Initialisierung der Verschlüsselungsschlüssellänge und des Initialisierungsvektors in OpenSLL ist fehlerhaft. Für die Linux-Distributionen Debian und Ubuntu ist ein Fix aber bereits verfügbar. --------------------------------------------- https://www.borncity.com/blog/2023/10/27/schwachstelle-cve-2023-5363-in-ope… ∗∗∗ ServiceNow fixt stillschweigend Bug aus 2015 der Datenlecks ermöglichte ∗∗∗ --------------------------------------------- Das US-Unternehmen ServiceNow Inc. bietet eine Cloud-Plattform an, in deren Software wohl seit 2015 ein Bug klaffte, über den Dritte ohne Authentifizierung Informationen abziehen konnten. Nachdem ein Sicherheitsforscher auf die Schwachstelle gestoßen ist, wurde diese stillschweigend in der Cloud-Lösung beseitigt. --------------------------------------------- https://www.borncity.com/blog/2023/10/27/servicenow-fixt-stillschweigend-bu… ∗∗∗ 9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution ∗∗∗ --------------------------------------------- Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine. --------------------------------------------- https://blog.talosintelligence.com/vulnerability-roundup-oct-25-2023/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ VMSA-2023-0024 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2023-0024.html ∗∗∗ SonicWall SSO Agent - Directory Services Connector MSI Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0016 ∗∗∗ SonicWall NetExtender Windows Client DLL Search Order Hijacking Vulnerability ∗∗∗ --------------------------------------------- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0017 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.10.2023
by Daily end-of-shift report 25 Oct '23

25 Oct '23

===================== = End-of-Day report = ===================== Timeframe: Dienstag 24-10-2023 18:00 − Mittwoch 25-10-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Citrix Bleed exploit lets hackers hijack NetScaler accounts ∗∗∗ --------------------------------------------- A proof-of-concept (PoC) exploit is released for the Citrix Bleed vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances. --------------------------------------------- https://www.bleepingcomputer.com/news/security/citrix-bleed-exploit-lets-ha… ∗∗∗ Phishing-Masche: Klarstellung wegen Viren-Versands gefordert ∗∗∗ --------------------------------------------- Die Verbraucherzentralen warnen vor Betrugsmails, die Empfänger zu einer Klarstellung auffordern. Es seien Beschwerden wegen Malware-Versands eingegangen. --------------------------------------------- https://www.heise.de/news/Phishing-Masche-Klarstellung-wegen-Viren-Versands… ∗∗∗ Exploitcode für Root-Lücke in VMware Aria Operations for Logs in Umlauf ∗∗∗ --------------------------------------------- In Umlauf befindlicher Exploitcode gefährdet VMwares Management-Plattform für Cloudumgebungen. Admins sollten jetzt Sicherheitsupdates installieren. --------------------------------------------- https://www.heise.de/news/Exploitcode-fuer-Root-Luecke-in-VMware-Aria-Opera… ∗∗∗ Webmailer Roundcube: Attacken auf Zero-Day-Lücke ∗∗∗ --------------------------------------------- Im Webmailer Roundcube missbrauchen Cyberkriminelle eine Sicherheitslücke, um verwundbare Einrichtungen anzugreifen. Ein Update schließt das Leck. --------------------------------------------- https://www.heise.de/news/Webmailer-Roundcube-Attacken-auf-Zero-Day-Luecke-… ∗∗∗ Teils kritische Lücken in VMware vCenter Server und Cloud Foundation geschlossen ∗∗∗ --------------------------------------------- VMware hat aktualisierte Softwarepakete veröffentlicht, die mehrere Lücken in vCenter Server und Cloud Foundation abdichten. Eine gilt als kritisch. --------------------------------------------- https://www.heise.de/news/Update-stopft-kritische-Luecke-in-VMware-vCenter-… ∗∗∗ Nusuccess: Seriöse Marketingagentur oder unseriöses Schneeballsystem? ∗∗∗ --------------------------------------------- Die Nusuccess FZCO mit Sitz in Dubai – vormals mit Sitz in Kärnten – bezeichnet sich selbst als „weltweit renommierte Werbeagentur“. Welche Leistungen diese Firma tatsächlich erbringt, bleibt aber im besten Fall vage. Erfahrungsberichte deuten darauf hin, dass sie ihren Gewinn hauptsächlich durch den Verkauf von teuren „Franchise-Paketen“ erzielt. Was genau Inhalt dieser Franchise-Pakete sein soll, bleibt unklar. --------------------------------------------- https://www.watchlist-internet.at/news/nusuccess-serioese-marketingagentur-… ∗∗∗ Social engineering: Hacking minds over bytes ∗∗∗ --------------------------------------------- In this blog, lets focus on the intersection of psychology and technology, where cybercriminals manipulate human psychology through digital means to achieve their objectives. --------------------------------------------- https://cybersecurity.att.com/blogs/security-essentials/social-engineering-… ∗∗∗ How to Secure the WordPress Login Page ∗∗∗ --------------------------------------------- Given that WordPress powers millions of websites worldwide, it’s no surprise that it’s a prime target for malicious activities ranging from brute force attacks and hacking attempts to unauthorized access — all of which can wreak havoc on your site’s functionality, damage reputation, or even result in lost revenue and sales. A common entry point often exploited by hackers is the WordPress login page, [...] --------------------------------------------- https://blog.sucuri.net/2023/10/how-to-secure-the-wordpress-login-page.html ∗∗∗ The Rise of S3 Ransomware: How to Identify and Combat It ∗∗∗ --------------------------------------------- In todays digital landscape, around 60% of corporate data now resides in the cloud, with Amazon S3 standing as the backbone of data storage for many major corporations. Despite S3 being a secure service from a reputable provider, its pivotal role in handling vast amounts of sensitive data (customer personal information, financial data, intellectual property, etc.), provides a juicy target for threat actors. It remains susceptible to ransomware attacks which are often initiated using leaked access keys that have accidentally been exposed by human error and have access to the organization's buckets. --------------------------------------------- https://thehackernews.com/2023/10/the-rise-of-s3-ransomware-how-to.html ∗∗∗ RT 5.0.5 and 4.4.7 Now Available ∗∗∗ --------------------------------------------- RT versions 5.0.5 and 4.4.7 are now available. In addition to some new features and bug fixes, these releases contain important security updates and are recommended for all RT users. --------------------------------------------- https://bestpractical.com/blog/2023/10/rt-505-and-447-now-available ===================== = Vulnerabilities = ===================== ∗∗∗ Lücke in Cisco IOS XE: Auch Rockwell-Industrieswitches betroffen ∗∗∗ --------------------------------------------- Neben Cisco-eigenen Geräten sind auch Rockwell-Switches der Stratix-Serie für den Industrieeinsatz betroffen. Eine Fehlerbehebung steht noch aus. --------------------------------------------- https://www.heise.de/news/Luecke-in-Cisco-IOS-XE-Auch-Rockwell-Industrieswi… ∗∗∗ VMSA-2023-0023 ∗∗∗ --------------------------------------------- Synopsis: VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056) 1. Impacted Products * VMware vCenter Server * VMware Cloud Foundation --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2023-0023.html ∗∗∗ Several Critical Vulnerabilities Patched in AI ChatBot Plugin for WordPress ∗∗∗ --------------------------------------------- On September 28, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for multiple vulnerabilities in AI ChatBot, a WordPress plugin with over 4,000 active installations. After making our initial contact attempt on September 28th, 2023, we received a response on September 29, 2023 and sent over our full disclosure details. --------------------------------------------- https://www.wordfence.com/blog/2023/10/several-critical-vulnerabilities-pat… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gst-plugins-bad1.0, openssl, roundcube, and xorg-server), Fedora (dotnet6.0, dotnet7.0, roundcubemail, and wordpress), Mageia (redis), Oracle (dnsmasq, python27:2.7, python3, tomcat, and varnish), Red Hat (python39:3.9, python39-devel:3.9), Slackware (mozilla and vim), SUSE (openssl-3, poppler, ruby2.5, and xen), and Ubuntu (.Net, linux-gcp-5.15, linux-gkeop-5.15, linux-intel-iotg-5.15, linux-starfive-6.2, mysql-5.7, ncurses, and openssl). --------------------------------------------- https://lwn.net/Articles/948814/ ∗∗∗ Movable Type vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN39139884/ ∗∗∗ TEM Opera Plus FM Family Transmitter 35.45 XSRF ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5800.php ∗∗∗ TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5799.php ∗∗∗ VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) Remote Denial Of Service ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5798.php ∗∗∗ AIX is vulnerable to sensitive information exposure due to Perl (CVE-2023-31484 and CVE-2023-31486) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7047272 ∗∗∗ IBM QRadar SIEM includes components with known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7049133 ∗∗∗ IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to weaker than expected security (CVE-2023-46158) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7058540 ∗∗∗ IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to weaker than expected security (CVE-2023-46158) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7058536 ∗∗∗ A vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Business Developer. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7059262 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.10.2023
by Daily end-of-shift report 24 Oct '23

24 Oct '23

===================== = End-of-Day report = ===================== Timeframe: Montag 23-10-2023 18:00 − Dienstag 24-10-2023 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Log in With... Feature Allows Full Online Account Takeover for Millions ∗∗∗ --------------------------------------------- Hundreds of millions of users of Grammarly, Vidio, and the Indonesian e-commerce giant Bukalapak are at risk for financial fraud and credential theft due to OAuth misfires — and other online services likely have the same problems. --------------------------------------------- https://www.darkreading.com/remote-workforce/oauth-log-in-full-account-take… ∗∗∗ Hostile Takeover: Malicious Ads via Facebook ∗∗∗ --------------------------------------------- Criminals hijack business accounts on Facebook and run their own advertising campaigns in someone elses name and at the expense of those affected. --------------------------------------------- https://www.gdatasoftware.com/blog/2023/10/37814-meta-hijacked-malicious-ads ∗∗∗ Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware ∗∗∗ --------------------------------------------- In this report, we share our latest crimeware findings: GoPIX targeting PIX payment system; Lumar stealing files and passwords; Rhysida ransomware supporting old Windows. --------------------------------------------- https://securelist.com/crimeware-report-gopix-lumar-rhysida/110871/ ∗∗∗ Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar ∗∗∗ --------------------------------------------- The open-source remote access trojan known as Quasar RAT has been observed leveraging DLL side-loading to fly under the radar and stealthily siphon data from compromised Windows hosts. --------------------------------------------- https://thehackernews.com/2023/10/quasar-rat-leverages-dll-side-loading.html ∗∗∗ Citrix Bleed: Leaking Session Tokens with CVE-2023-4966 ∗∗∗ --------------------------------------------- We were interested in CVE-2023-4966, which was described as "sensitive information disclosure" and had a CVSS score of 9.4. The high score for an information disclosure vulnerability and the mention of "buffer-related vulnerabilities" piqued our interest. --------------------------------------------- https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-to… ∗∗∗ Best Practices for Writing Quality Vulnerability Reports ∗∗∗ --------------------------------------------- How to write great vulnerability reports? If you’re a security consultant, penetration tester or a bug bounty hunter, these tips are for you! --------------------------------------------- https://itnext.io/best-practices-for-writing-quality-vulnerability-reports-… ∗∗∗ Kriminelle verbreiten falsche Ryanair-Telefonnummern ∗∗∗ --------------------------------------------- Vorsicht, wenn Sie im Internet nach einer Telefonnummer von Ryanair suchen. Kriminelle stellen Webseiten mit falschen Nummern ins Netz. Wenn Sie bei der falschen Ryanair-Servicehotline anrufen, stehlen Kriminelle Ihnen sensible Daten und Geld. --------------------------------------------- https://www.watchlist-internet.at/news/kriminelle-verbreiten-falsche-ryanai… ∗∗∗ LOLBin mit WorkFolders.exe unter Windows ∗∗∗ --------------------------------------------- Die legitime Windows-Anwendung WorkFolders.exe lässt sich verwenden, um andere .exe-Programme im Windows-Ordner System32 oder im aktuellen Ordner zu starten. Dies ermöglicht Malware sogenannte LOLBin-Angriffe, bei der legitime Betriebssystemdateien zur Ausführung von Schadprogrammen missbraucht werden. --------------------------------------------- https://www.borncity.com/blog/2023/10/24/lolbin-mit-workfolders-exe-unter-w… ∗∗∗ The Great CVSS Bake Off: Testing How CVSS v4 Performs Versus v3 ∗∗∗ --------------------------------------------- The highly anticipated Common Vulnerability Scoring System (CVSS) version 4 is planned to be released on October 31st by the Forum of Incident Response and Security Teams (FIRST). --------------------------------------------- https://orca.security/resources/blog/cvss-version-4-versus-version-3/ ===================== = Vulnerabilities = ===================== ∗∗∗ VMware warns admins of public exploit for vRealize RCE flaw ∗∗∗ --------------------------------------------- VMware warned customers on Monday that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs). --------------------------------------------- https://www.bleepingcomputer.com/news/security/vmware-warns-admins-of-publi… ∗∗∗ Viele Systeme längst kompromittiert: Cisco stellt Patches für IOS XE bereit ∗∗∗ --------------------------------------------- Durch Schwachstellen in der Betriebssoftware IOS XE sind weltweit Zehntausende von Cisco-Geräten infiltriert worden. Jetzt gibt es erste Patches. --------------------------------------------- https://www.golem.de/news/viele-systeme-laengst-kompromittiert-cisco-stellt… ∗∗∗ CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files ∗∗∗ --------------------------------------------- Orthanc is an open source software to manage, exchange and visualize medical imaging data. In versions < 1.12.0, it is affected by an arbitrary file overwrite vulnerability (CVE-2023-33466) that might allow an authenticated attacker to obtain RCE on the system. --------------------------------------------- https://www.shielder.com/blog/2023/10/cve-2023-33466-exploiting-healthcare-… ∗∗∗ Proxy: Squid-Entwickler dichten teils kritische Lecks in Version 6.4 ab ∗∗∗ --------------------------------------------- Mit Squid 6.4 haben die Entwickler eine um vier Sicherheitslücken bereinigte Version des Proxy-Servers vorgelegt. Es klaffen jedoch weitere Lücken darin. --------------------------------------------- https://www.heise.de/news/Proxy-Squid-6-4-schliesst-teils-kritische-Sicherh… ∗∗∗ Lücke in LiteSpeed-Cache-Plug-in gefährdet 4 Millionen WordPress-Websites ∗∗∗ --------------------------------------------- Angreifer können WordPress-Websites mit Schadcode-Skripten verseuchen. Ein Sicherheitsupdate repariert das LiteSpeed-Cache-Plug-in. --------------------------------------------- https://www.heise.de/news/Luecke-in-LiteSpeed-Cache-Plug-in-gefaehrdet-4-Mi… ∗∗∗ Sicherheitsupdates: Firefox-Browser anfällig für Clickjacking-Attacken ∗∗∗ --------------------------------------------- Mozilla hat in aktuellen Versionen von Firefox und Firefox ESR mehrere Sicherheitsprobleme gelöst. --------------------------------------------- https://www.heise.de/news/Sicherheitsupdates-Firefox-Browser-anfaellig-fuer… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ceph and dbus), Fedora (cachelib, fb303, fbthrift, fizz, folly, matrix-synapse, mcrouter, mvfst, nats-server, nodejs18, proxygen, wangle, watchman, and wdt), Mageia (libcue), Oracle (18, grafana, kernel, nodejs, nodejs:16, nodejs:18, php, php:8.0, and tomcat), Red Hat (python27:2.7, python3, python39:3.9, python39-devel:3.9, toolbox, varnish, and varnish:6), SUSE (fwupdate, gcc13, icu73_2, netty, netty-tcnative, and xen), and Ubuntu [...] --------------------------------------------- https://lwn.net/Articles/948688/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Vulnerability in SICK Flexi Soft Gateway ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-164691.html ∗∗∗ Rockwell Automation Stratix 5800 and Stratix 5200 ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-297-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.10.2023
by Daily end-of-shift report 23 Oct '23

23 Oct '23

===================== = End-of-Day report = ===================== Timeframe: Freitag 20-10-2023 18:00 − Montag 23-10-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sessioncookies: Hacker erbeuten Zugangscodes bei Identitätsdienst Okta ∗∗∗ --------------------------------------------- Der Identitätsdienst Okta ist ein weiteres Mal das Einfallstor für Hacker gewesen. Dieses Mal betraf es Daten des Kundensupports. --------------------------------------------- https://www.golem.de/news/sessioncookies-hacker-erbeuten-zugangscodes-bei-i… ∗∗∗ Erst nach 3 Jahren gefixt: Zeiterfassungssystem ermöglichte OAuth-Token-Diebstahl ∗∗∗ --------------------------------------------- Harvest ermöglichte es Angreifern, OAuth-Token von Nutzern zu stehlen, die die Zeiterfassungssoftware mit Outlook verbinden wollten. --------------------------------------------- https://www.golem.de/news/erst-nach-3-jahren-gefixt-zeiterfassungssystem-er… ∗∗∗ Die MOVEit-Sicherheitslücke – eine Zwischenbilanz ∗∗∗ --------------------------------------------- Selbst wer die Software nicht verwendet, kann ein Opfer sein. Schätzungen gehen bisher von rund 68 Millionen Personen aus, deren Daten abgeflossen sind. --------------------------------------------- https://www.heise.de/-9318038.html ∗∗∗ Internationalen Ermittlungsbehörden gelingt Schlag gegen Ragnar Locker ∗∗∗ --------------------------------------------- Internationalen Ermittlern ist es gelungen, die Infrastruktur der bekannten Ransomware-Gruppierung Ragnar Locker zu zerschlagen. --------------------------------------------- https://www.heise.de/-9340480.html ∗∗∗ Cisco IOS XE und die verschwundenen Hintertüren ∗∗∗ --------------------------------------------- Die Anzahl der offensichtlich kompromittierten Geräte ist auch in Deutschland schlagartig gefallen, was wohl kaum an den gerade erschienenen Patches liegt. --------------------------------------------- https://www.heise.de/-9341205.html ∗∗∗ New TetrisPhantom hackers steal data from secure USB drives on govt systems ∗∗∗ --------------------------------------------- A new sophisticated threat tracked as TetrisPhantom has been using compromised secure USB drives to target government systems in the Asia-Pacific region. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-tetrisphantom-hackers-st… ∗∗∗ The outstanding stealth of Operation Triangulation ∗∗∗ --------------------------------------------- In this report Kaspersky shares insights into the validation components used in Operation Triangulation, TriangleDB implant post-compromise activity, as well as details of some additional modules. --------------------------------------------- https://securelist.com/triangulation-validators-modules/110847/ ∗∗∗ base64dump.py Handles More Encodings Than Just BASE64, (Sun, Oct 22nd) ∗∗∗ --------------------------------------------- My tool base64dump.py takes any input and searches for encoded data. By default, it searches for base64 encoding, but I implemented several encodings (like vaious hexadecimal formats) --------------------------------------------- https://isc.sans.edu/diary/rss/30332 ∗∗∗ How an AppleTV may take down your (#IPv6) network, (Mon, Oct 23rd) ∗∗∗ --------------------------------------------- I recently ran into an odd issue with IPv6 connectivity in my home network. During a lengthy outage, I decided to redo some of my network configurations. As part of this change, I also reorganized my IPv6 setup, relying more on DHCPv6 and less on router advertisements to configure IPv6 addresses. Overall, this worked well. My Macs had no issues connecting to IPv6. However, the Linux host I use to alert me of network connectivity issues could not "ping" the test host via IPv6. --------------------------------------------- https://isc.sans.edu/diary/rss/30336 ∗∗∗ Tampered OpenCart Authentication Aids Credit Card Skimming Attack ∗∗∗ --------------------------------------------- Using out of date software is the leading cause of website compromise, so keeping your environment patched and up to date is one of the most important responsibilities of a website administrator. It’s not uncommon to employ the use of custom code on websites, and spend small fortunes on software developers to tailor their website just the way they want it. However, the usage of customised code can sometimes inadvertently lock a website administrator into using an out of date CMS installation long after its expiry date, particularly if they no longer have access to their old developer (or sufficient funds to hire a new one). --------------------------------------------- https://blog.sucuri.net/2023/10/tampered-opencart-authentication-aids-credi… ∗∗∗ Abusing gdb Features for Data Ingress & Egress ∗∗∗ --------------------------------------------- As of November 2019, elfutils supports debuginfod, a client/server protocol that enables debuggers (gdb) to fetch debugging symbols via HTTP/HTTPs from a user-specified remote server. This blog post will demonstrate how this feature of gdb can be abused to create data communication paths for data exfiltration and tool ingress. --------------------------------------------- https://www.archcloudlabs.com/projects/debuginfod/ ∗∗∗ Vorsicht vor Jobangeboten auf WhatsApp oder Telegram ∗∗∗ --------------------------------------------- Sie suchen gerade einen Job? Praktisch, wenn Sie gar nicht suchen müssen und Sie direkt auf WhatsApp oder Telegram einen Job angeboten bekommen. Dahinter stecken aber Kriminelle, die Ihnen z. B. einen „Datenoptimierungsjob mit möglichen Provisionen“ anbieten. Auf Plattformen wie privko.live oder depopnr.com verlieren Sie dann Ihr Geld! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-jobangeboten-auf-whatsa… ∗∗∗ Important security update ∗∗∗ --------------------------------------------- Autodesk recently determined that an unauthorized third-party obtained access to portions of internal systems. Our findings show that sensitive data about our customers and their projects or products have not been compromised. We immediately took steps to contain the incident. Forensic analysis conducted by an independent, third party indicates that no customer operations or Autodesk products were disrupted due to this incident. --------------------------------------------- https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0020 ∗∗∗ Kritische Sicherheitslücke in Cisco IOS XE - aktiv ausgenützt ∗∗∗ --------------------------------------------- Update: 23. Oktober 2023 Cisco hat für einige der von der Schwachstelle betroffenen Geräte Aktualisierungen veröffentlicht, und weitere Updates angekündigt. Das Unternehmen aktualisiert die Liste an verfügbaren Patches auf einer dedizierten Seite laufend. Wenn das Management-WebInterface eines Cisco XE Gerätes vor dem Einspielen des Updates offen im Netz erreichbar war, ist davon auszugehen, dass ein Angreifer dies ausgenutzt hat und zumindest neue Admin-Accounts angelegt hat. Damit ist die Installation von weiteren Hintertüren möglich, die - aus heutiger Sicht - nur mit einem Factory Reset / Neuinstallation von IOS XE umfassend entfernt werden können --------------------------------------------- https://cert.at/de/warnungen/2023/10/kritische-sicherheitslucke-in-cisco-io… ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature ∗∗∗ --------------------------------------------- Version 1.4: Updated the summary to indicate the first fixes are available. Added specific fixed release information. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (krb5, redis, roundcube, ruby-rack, ruby-rmagick, zabbix, and zookeeper), Fedora (ansible-core, chromium, libvpx, mingw-xerces-c, python-asgiref, python-django, and vim), Mageia (cadence, kernel, kernel-linus, libxml2, nodejs, and shadow-utils), Oracle (nghttp2), Slackware (LibRaw), and SUSE (chromium, java-11-openjdk, nodejs18, python-Django, python-urllib3, and suse-module-tools). --------------------------------------------- https://lwn.net/Articles/948522/ ∗∗∗ Vulnerability in QUSBCam2 ∗∗∗ --------------------------------------------- An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute arbitrary commands via a network. --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-23-43 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.10.2023
by Daily end-of-shift report 20 Oct '23

20 Oct '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 19-10-2023 18:00 − Freitag 20-10-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Malvertising: Angreifer nutzen Punycode für gefälschte Webseiten ∗∗∗ --------------------------------------------- Cyberkriminelle werben über Google Ads etwa mit gefälschten KeePass-URLs mit Punycode-Zeichen. Die beworbene Seite liefert Malware aus. --------------------------------------------- https://www.heise.de/-9339448.html ∗∗∗ SolarWinds behebt Codeschmuggel in Access Rights Manager ∗∗∗ --------------------------------------------- Die Software zur Verwaltung von Zugriffsberechtigungen hat unter anderem Fehler, die eine Rechteausweitung ermöglichten. Admins sollten zügig handeln. --------------------------------------------- https://www.heise.de/-9339437.html ∗∗∗ VMware dichtet hochriskante Lecks in Aria, Fusion und Workstation ab ∗∗∗ --------------------------------------------- VMware hat Updates für VMNware Aria Operations for Logs, VMware Fusion sowie VMware Workstation veröffentlicht. Sie schließen teils hochriskante Lücken. --------------------------------------------- https://www.heise.de/-9339932.html ∗∗∗ IT-Sicherheitsbehörden geben Tipps für sichere Software und Phishing-Prävention ∗∗∗ --------------------------------------------- Die US-Sicherheitsbehörde CISA veröffentlicht mit internationalen Partnern je eine Handreichung zu sicherem Software-Entwurf und zur Phishing-Prävention. --------------------------------------------- https://www.heise.de/-9339899.html ∗∗∗ Cybersicherheit ermöglichen – BSI veröffentlicht Checklisten für Kommunen ∗∗∗ --------------------------------------------- Das BSI bietet Kommunen nun einen unkomplizierten und ressourcenschonenden Einstieg in den etablierten IT-Grundschutz des BSI. --------------------------------------------- https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse202… ∗∗∗ Fake Corsair job offers on LinkedIn push DarkGate malware ∗∗∗ --------------------------------------------- A threat actor is using fake LinkedIn posts and direct messages about a Facebook Ads specialist position at hardware maker Corsair to lure people into downloading info-stealing malware like DarkGate and RedLine. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-corsair-job-offers-on-l… ∗∗∗ ExelaStealer: A New Low-Cost Cybercrime Weapon Emerges ∗∗∗ --------------------------------------------- A new information stealer named ExelaStealer has become the latest entrant to an already crowded landscape filled with various off-the-shelf malware designed to capture sensitive data from compromised Windows systems. "ExelaStealer is a largely open-source infostealer with paid customizations available from the threat actor," Fortinet FortiGuard Labs researcher James Slaughter said [...] --------------------------------------------- https://thehackernews.com/2023/10/exelastealer-new-low-cost-cybercrime.html ∗∗∗ Ghost In The Wire, Sonic In The Wall - Adventures With SonicWall ∗∗∗ --------------------------------------------- Here at watchTowr, we just love attacking high-privilege devices [...]. A good example of these is the device class of ‘next generation’ firewalls, which usually include VPN termination functionality (meaning they’re Internet-accessible by network design). These devices patrol the border between the untrusted Internet and an organisation’s softer internal network, and so are a great place for attackers to elevate their status from ‘outsiders’ to ‘trusted users’. --------------------------------------------- https://labs.watchtowr.com/ghost-in-the-wire-sonic-in-the-wall/ ∗∗∗ VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs ∗∗∗ --------------------------------------------- Earlier this year we reported the technical details for VMSA-2023-0001 affecting VMware Aria Operations for Logs (formerly VMware vRealize Log Insight). [...] During the course of that investigation, we noticed the fix provided by VMware was not sufficient to stop a motivated attacker. We reported this new issue to VMware and it was fixed in VMSA-2023-0021. This post will discuss the technical details of CVE-2023-34051, an authentication bypass that allows remote code execution as root. --------------------------------------------- https://www.horizon3.ai/vmware-aria-operations-for-logs-cve-2023-34051-tech… ∗∗∗ Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities ∗∗∗ --------------------------------------------- Hackers are using a leaked toolkit used to create do-it-yourself versions of the popular LockBit ransomware, making it easy for even amateur cybercriminals to target common vulnerabilities. The LockBit ransomware gang, which has attacked thousands of organizations across the world, had the toolkit leaked in September 2022 by a disgruntled affiliate. --------------------------------------------- https://therecord.media/lockbit-knockoffs-proliferate-leaked-toolkit ∗∗∗ Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores ∗∗∗ --------------------------------------------- In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane. --------------------------------------------- https://www.trendmicro.com/en_us/research/23/j/asn1-vulnerabilities-in-5g-c… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IOS XE Software Web UI Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- Version 1.2: Added access list mitigation. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco IOS XE Software Web UI Command Injection Vulnerability ∗∗∗ --------------------------------------------- Version 1.1: Added information about active exploitation attempts. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ RT 5.0.5 Release Notes ∗∗∗ --------------------------------------------- RT 5.0.5 is now available for general use. The list of changes included with this release is below. In addition to a batch of updates, new features, and fixes, there are several important security updates provided in this release. See below for details. --------------------------------------------- https://docs.bestpractical.com/release-notes/rt/5.0.5 ∗∗∗ RT 4.4.7 Release Notes ∗∗∗ --------------------------------------------- RT 4.4.7 is now available for general use. The list of changes included with this release is below. In addition to a batch of updates, new features, and fixes, there are several important security updates provided in this release. See below for details. --------------------------------------------- https://docs.bestpractical.com/release-notes/rt/4.4.7 ∗∗∗ VMSA-2023-0022 ∗∗∗ --------------------------------------------- VMware Fusion and Workstation updates address privilege escalation and information disclosure vulnerabilities (CVE-2023-34044, CVE-2023-34045, CVE-2023-34046) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2023-0022.html ∗∗∗ VMSA-2023-0021 ∗∗∗ --------------------------------------------- VMware Aria Operations for Logs updates address multiple vulnerabilities. (CVE-2023-34051, CVE-2023-34052) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2023-0021.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (linux-5.10 and webkit2gtk), Fedora (matrix-synapse and trafficserver), Mageia (chromium-browser-stable, ghostscript, libxpm, and ruby-RedCloth), Oracle (.NET 7.0, curl, dotnet7.0, galera, mariadb, go-toolset, golang, java-1.8.0-openjdk, and python-reportlab), Red Hat (php, php:8.0, tomcat, and varnish), Slackware (httpd), SUSE (bluetuith, grub2, kernel, rxvt-unicode, and suse-module-tools), and Ubuntu (dotnet6, dotnet7, dotnet8, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15,linux-nvidia, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive, linux, linux-aws, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-bluefield, linux-intel-iotg, linux-oem-6.1, linux-raspi, and mutt). --------------------------------------------- https://lwn.net/Articles/948368/ ∗∗∗ Kritische Sicherheitslücke in Citrix NetScaler ADC und NetScaler Gateway - aktiv ausgenutzt - Updates verfügbar ∗∗∗ --------------------------------------------- Eine kritische Schwachstelle in Citrix/Netscaler ADC und Citrix Gateway erlaubt es unauthentifizierten Angreifer:innen, bestehende, authentifizierte Sessions zu übernehmen. Diese Schwachstelle wird zumindest seit Ende August 2023 bei Angriffen gegen Ziele in verschiedenen Sektoren aktiv ausgenutzt. --------------------------------------------- https://cert.at/de/warnungen/2023/10/kritische-sicherheitslucke-in-citrix-n… ∗∗∗ Multiple vulnerabilities in ctrlX WR21 HMI ∗∗∗ --------------------------------------------- BOSCH-SA-175607: The operating system of the ctrlX WR21 HMI has several vulnerabilities when the Kiosk mode is used in conjunction with Google Chrome. In worst case, an attacker with physical access to the device might gain full root access without prior authentication by combining the exploitation of those vulnerabilities. --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-175607.html ∗∗∗ CVE-2023-38041 New client side release to address a privilege escalation on Windows user machines ∗∗∗ --------------------------------------------- A vulnerability exists on all versions of the Ivanti Secure Access Client Below 22.6R1 that would allow an unprivileged local user to gain unauthorized elevated privileges on the affected system. --------------------------------------------- https://forums.ivanti.com/s/article/CVE-2023-38041-New-client-side-release-… ∗∗∗ Decision Optimization in IBM Cloud Pak for Data is affected by a vulnerability in Node.js semver package (CVE-2022-25883) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7056400 ∗∗∗ Multiple vulnerabilities in IBM Semeru Runtime affect IBM ILOG CPLEX Optimization Studio (CVE-2023-21968, CVE-2023-21937, CVE-2023-21938) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7056397 ∗∗∗ Improper input validation may lead to a Denial of Service attack in web services with IBM CICS TX Standard and IBM CICS TX Advanced ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7056433 ∗∗∗ IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to electron ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7056425 ∗∗∗ Improper input validation may lead to a Denial of Service attack in web services with IBM TXSeries for Multiplatforms ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7056429 ∗∗∗ IBM Integration Bus is vulnerable to a denial of service due to Eclipse Mosquitto ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7056456 ∗∗∗ IBM App Connect Enterprise Toolkit and IBM Integration Bus Toolkit are vulnerable to a denial of service due to Okio GzipSource (CVE-2023-3635). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7056518 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.10.2023
by Daily end-of-shift report 19 Oct '23

19 Oct '23

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 18-10-2023 18:00 − Donnerstag 19-10-2023 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Money-making scripts attack organizations ∗∗∗ --------------------------------------------- Cybercriminals attack government, law enforcement, non-profit organizations, agricultural and commercial companies by slipping a cryptominer, keylogger, and backdoor into their systems. --------------------------------------------- https://securelist.com/miner-keylogger-backdoor-attack-b2b/110761/ ∗∗∗ HasMySecretLeaked findet auf GitHub veröffentlichte Secrets ∗∗∗ --------------------------------------------- Wer prüfen möchte, ob seine Secrets auf GitHub geleakt sind, kann das kostenfreie Toolset von GitGuardian nutzen. Es soll dabei private Daten schützen. --------------------------------------------- https://www.heise.de/news/Security-Toolset-HasMySecretLeaked-sucht-auf-GitH… ∗∗∗ Public Report – Caliptra Security Assessment ∗∗∗ --------------------------------------------- During August and September of 2023, Microsoft engaged NCC Group to conduct a security assessment of Caliptra v0.9. Caliptra is an open-source silicon IP block for datacenter-focused server-class ASICs. --------------------------------------------- https://research.nccgroup.com/2023/10/18/public-report-caliptra-security-as… ∗∗∗ Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 ∗∗∗ --------------------------------------------- The number of Cisco devices hacked via the CVE-2023-20198 zero-day has reached 40,000, including many in the US. --------------------------------------------- https://www.securityweek.com/number-of-cisco-devices-hacked-via-unpatched-v… ∗∗∗ Ein PayPal-Tonband ruft an? Drücken Sie nicht die 1! ∗∗∗ --------------------------------------------- Eine unbekannte Nummer erscheint am Smartphone-Bildschirm. Sie heben ab und eine Roboterstimme meldet sich im Namen PayPals. Angeblich soll Geld von Ihrem PayPal-Konto behoben werden. Um das zu verhindern, sollen Sie die Taste „1“ drücken. Tun Sie dies nicht – Kriminelle versuchen, Ihnen dadurch Geld und Daten zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/news/ein-paypal-tonband-ruft-an-druecken-… ∗∗∗ Es cyberwart wieder. Oder so. ∗∗∗ --------------------------------------------- Wie schon zu Beginn des Krieges in der Ukraine vor inzwischen eineinhalb Jahren kam es auch kurz nach den Ereignissen, die am 07.10.2023 Israel erschüttert haben, relativ schnell zu Berichten über die mögliche Rolle von Cyberangriffen in diesem Konflikt. --------------------------------------------- https://cert.at/de/blog/2023/10/es-cyberwart-wieder-oder-so ∗∗∗ Hackers Exploit QR Codes with QRLJacking for Malware Distribution ∗∗∗ --------------------------------------------- Researchers report a surge in QR code-related cyberattacks exploiting phishing and malware distribution, especially QRLJacking and Quishing attacks. --------------------------------------------- https://www.hackread.com/hackers-exploit-qr-codes-qrljacking-malware/ ∗∗∗ CISA, NSA, FBI, MS-ISAC Publish Guide on Preventing Phishing Intrusions ∗∗∗ --------------------------------------------- The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC) today published “Phishing Guidance, Stopping the Attack Cycle at Phase One” to help organizations reduce likelihood and impact of successful phishing attacks. --------------------------------------------- https://www.cisa.gov/news-events/news/cisa-nsa-fbi-ms-isac-publish-guide-pr… ∗∗∗ Exploited SSH Servers Offered in the Dark web as Proxy Pools ∗∗∗ --------------------------------------------- Aqua Nautilus researchers have shed brighter light on a long-standing threat to SSH in the context of the cloud. More specifically, the threat actor harnessed our SSH server to be a slave proxy and pass traffic through it. --------------------------------------------- https://blog.aquasec.com/threat-alert-exploited-ssh-servers-offered-in-the-… ===================== = Vulnerabilities = ===================== ∗∗∗ Casio discloses data breach impacting customers in 149 countries ∗∗∗ --------------------------------------------- Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform. --------------------------------------------- https://www.bleepingcomputer.com/news/security/casio-discloses-data-breach-… ∗∗∗ Sophos Firewall: PDF-Passwortschutz der SPX-Funktion umgehbar ∗∗∗ --------------------------------------------- Sophos verteilt aktualisierte Firmware für die Firewalls. Im Secure PDF eXchange können Angreifer den Schutz umgehen und unbefugt PDF-Dateien entschlüsseln. --------------------------------------------- https://www.heise.de/news/Sophos-Firewall-PDF-Passwortschutz-der-SPX-Funkti… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (node-babel), Fedora (moodle), Gentoo (mailutils), Oracle (go-toolset:ol8 and java-11-openjdk), Red Hat (ghostscript, grafana, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, nghttp2, nodejs:16, nodejs:18, and rhc-worker-script), SUSE (cni, cni-plugins, container-suseconnect, containerd, cups, exim, grub2, helm, libeconf, nodejs18, python3, runc, slurm, supportutils, and tomcat), and Ubuntu (glib2.0, openssl, and vips). --------------------------------------------- https://lwn.net/Articles/948246/ ∗∗∗ ZDI-23-1568: NI Measurement & Automation Explorer Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-1568/ ∗∗∗ ZDI-23-1567: SolarWinds Access Rights Manager OpenClientUpdateFile Directory Traversal Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-1567/ ∗∗∗ ZDI-23-1566: SolarWinds Access Rights Manager GetParameterFormTemplateWithSelectionState Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-1566/ ∗∗∗ ZDI-23-1565: SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-1565/ ∗∗∗ ZDI-23-1564: SolarWinds Access Rights Manager createGlobalServerChannelInternal Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-1564/ ∗∗∗ ZDI-23-1563: SolarWinds Access Rights Manager ExecuteAction Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-1563/ ∗∗∗ ZDI-23-1562: SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-1562/ ∗∗∗ ZDI-23-1561: SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-1561/ ∗∗∗ ZDI-23-1560: SolarWinds Access Rights Manager IFormTemplate Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-1560/ ∗∗∗ Cisco Catalyst SD-WAN Manager Local File Inclusion Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Technical Advisory – Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE-2023-24052) ∗∗∗ --------------------------------------------- https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulner… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily