Daily

daily@lists.cert.at

1 participants
3084 discussions

Tageszusammenfassung - 07.07.2023
by Daily end-of-shift report 07 Jul '23

07 Jul '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-07-2023 18:00 − Freitag 07-07-2023 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Google Play apps with 1.5 million installs send your data to China ∗∗∗ --------------------------------------------- Security researchers discovered two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data that goes well beyond whats needed to offer the promised functionality. [..] File Recovery and Data Recovery, identified as "com.spot.music.filedate" on devices, has at least 1 million installs. The install count for File Manager reads at least 500,000 and it can be identified on devices as "com.file.box.master.gkd." --------------------------------------------- https://www.bleepingcomputer.com/news/security/google-play-apps-with-15-mil… ∗∗∗ Iranian Hackers Sophisticated Malware Targets Windows and macOS Users ∗∗∗ --------------------------------------------- The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware."TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho," Proofpoint said in a new report. --------------------------------------------- https://thehackernews.com/2023/07/iranian-hackers-sophisticated-malware.html ∗∗∗ BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days ∗∗∗ --------------------------------------------- Recently, Microsoft's Incident Response team investigated the BlackByte 2.0 ransomware attacks and exposed these cyber strikes' terrifying velocity and damaging nature. The findings indicate that hackers can complete the entire attack process, from gaining initial access to causing significant damage, in just five days. They waste no time infiltrating systems, encrypting important data, and demanding a ransom to release it. --------------------------------------------- https://thehackernews.com/2023/07/blackbyte-20-ransomware-infiltrate.html ∗∗∗ StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability ∗∗∗ --------------------------------------------- A flaw was found in the handling of stack expansion in the Linux kernel 6.1 through 6.4, aka "Stack Rot". The maple tree, responsible for managing virtual memory areas, can undergo node replacement without properly acquiring the MM write lock, leading to use-after-free issues. An unprivileged local user could use this flaw to compromise the kernel and escalate their privileges. --------------------------------------------- https://github.com/lrh2000/StackRot ∗∗∗ Sie sollen eine „Erstattung aus dem Sozialfonds erhalten“? Ignorieren Sie diese SMS! ∗∗∗ --------------------------------------------- Unsere Leser:innen melden uns aktuell SMS, die im Namen des „Staates“ verschickt werden. Angeblich sollen Sie eine „Erstattung aus dem Sozialfonds“ erhalten. Achtung, Phishing-Alarm! Löschen Sie die SMS und geben Sie auf keinen Fall Ihre Kontodaten an. --------------------------------------------- https://www.watchlist-internet.at/news/sie-sollen-eine-erstattung-aus-dem-s… ∗∗∗ A Network of SOCs? ∗∗∗ --------------------------------------------- I wrote most of this text quickly in January 2021 when the European Commission asked me to apply my lessons learned from the CSIRTs Network to a potential European Network of SOCs. During 2022, the plans for SOC collaboration have been toned down a bit, the DIGITAL Europe funding scheme proposes multiple platforms where SOCs can work together. In 2023, the newly proposed “Cyber Solidarity Act” builds upon this and codifies the concept of a “national SOC” and “cross-border SOC platforms” into an EU regulation. --------------------------------------------- https://cert.at/en/blog/2023/7/a-network-of-socs ∗∗∗ Cybererpresser: Ransomware-Gruppe BianLian verzichtet auf Verschlüsselung ∗∗∗ --------------------------------------------- Die Hintermänner konzentrieren sich auf die Exfiltration von Daten. Sie reagieren auf die Veröffentlichung eines kostenlosen Entschlüsselungstools für die Ransomware BianLian. --------------------------------------------- https://www.zdnet.de/88410380/cybererpresser-ransomware-gruppe-bianlian-ver… ∗∗∗ CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants ∗∗∗ --------------------------------------------- Today, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigations (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint Cybersecurity Advisory (CSA), Increased Truebot Activity Infects U.S. and Canada Based Networks, to help organizations detect and protect against newly identified Truebot malware variants. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/07/06/cisa-and-partners-releas… ===================== = Vulnerabilities = ===================== ∗∗∗ Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities ∗∗∗ --------------------------------------------- Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks. --------------------------------------------- https://thehackernews.com/2023/07/google-releases-android-patch-update.html ∗∗∗ Mastodon Social Network Patches Critical Flaws Allowing Server Takeover ∗∗∗ --------------------------------------------- Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks.Mastodon is known for its federated model, consisting of thousands of separate servers called "instances," and it has over 14 million users across more than 20,000 instances. The most critical vulnerability, CVE-2023-36460, [..] --------------------------------------------- https://thehackernews.com/2023/07/mastodon-social-network-patches.html ∗∗∗ CISA Releases Three Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- * ICSA-23-187-01 PiiGAB M-Bus * ICSA-23-187-02 ABUS TVIP * ICSA-23-143-03 Mitsubishi Electric MELSEC Series CPU module (Update A) --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/07/06/cisa-releases-three-indu… ∗∗∗ VMSA-2023-0015 ∗∗∗ --------------------------------------------- CVSSv3 Range: 5.3 CVE(s): CVE-2023-20899 VMware SD-WAN contains a bypass authentication vulnerability. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 5.3. Known Attack Vectors: An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2023-0015.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (debian-archive-keyring, libusrsctp, nsis, ruby-redcloth, and webkit2gtk), Fedora (firefox), Mageia (apache-ivy, cups, curaengine, glances, golang, keepass, libreoffice, minidlna, nodejs, opensc, perl-DBD-SQLite, python-setuptools, python-wheel, skopeo/buildah/podman, systemd, testng, and webkit2), SUSE (bind), and Ubuntu (Gerbv, golang-websocket, linux-gke, linux-intel-iotg, and linux-oem-5.17). --------------------------------------------- https://lwn.net/Articles/937616/ ∗∗∗ [R1] Nessus Agent Version 10.4.1 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the provider.Out of caution and in line with best practice, Tenable has opted to upgrade these components to address the potential impact of the issues. --------------------------------------------- https://www.tenable.com/security/tns-2023-24 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.07.2023
by Daily end-of-shift report 06 Jul '23

06 Jul '23

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 05-07-2023 18:00 − Donnerstag 06-07-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Silentbob Campaign: Cloud-Native Environments Under Attack ∗∗∗ --------------------------------------------- The activity, dubbed Silentbob in reference to an AnonDNS domain set up by the attacker, is said to be linked to the infamous cryptojacking group tracked as TeamTNT, citing overlaps in tactics, techniques, and procedures (TTPs). Alternatively, it could be the work of an "advanced copycat." --------------------------------------------- https://thehackernews.com/2023/07/silentbob-campaign-cloud-native.html ∗∗∗ Flutter Restrictions Bypass ∗∗∗ --------------------------------------------- This article investigates the Flutter framework (Google, n.d.) and the methods for bypassing its detections on iOS. CyberCX have also published the scripts used for this bypass for other mobile application security researchers to use in their workflow on our GitHub. --------------------------------------------- https://blog.cybercx.co.nz/flutter-restrictions-bypass ∗∗∗ TeamsPhisher: Tool automatisiert Angriffe auf Teams-Schwachstelle ∗∗∗ --------------------------------------------- Über eine Schwachstelle in Teams können Angreifer Malware unterjubeln. Ein jetzt veröffentlichtes Tool macht diese Attacken noch einfacher. --------------------------------------------- https://heise.de/-9208677 ∗∗∗ Wie steht’s eigentlich um Emotet? ∗∗∗ --------------------------------------------- Eine kurze Zusammenfassung zur aktuellen Situation um Emotet seit dessen "Comeback". --------------------------------------------- https://www.welivesecurity.com/deutsch/2023/07/06/wie-stehts-eigentlich-um-… ∗∗∗ How to delete saved addresses and credit cards in Firefox for improved security and privacy ∗∗∗ --------------------------------------------- If youre looking to get the most out of Firefox security and privacy, you might consider not only deleting all saved addresses and credit cards but also disabling the autofill option. --------------------------------------------- https://www.zdnet.com/article/how-to-delete-saved-addresses-and-credit-card… ===================== = Vulnerabilities = ===================== ∗∗∗ MOVEit Transfer: Service Pack schließt weitere kritische Lücke ∗∗∗ --------------------------------------------- Mit dem Service Pack für MOVEit Transfer im Juli schließt Progress weitere Sicherheitslücken. Eine davon stuft der Hersteller als kritisch ein. (CVE-2023-36932, CVE-2023-36933, CVE-2023-36934) --------------------------------------------- https://heise.de/-9208451 ∗∗∗ MOVEit Transfer 2020.1 (12.1) Service Pack (July 2023) ∗∗∗ --------------------------------------------- CVE-2023-36934 (CRITICAL): SQL Injection CVE-2023-36932 (HIGH): multiple SQL injections CVE-2023-36933 (HIGH): unhandled exception --------------------------------------------- https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pac… ∗∗∗ Stackrot: Kernel-Schwachstelle ermöglicht Rechteausweitung unter Linux ∗∗∗ --------------------------------------------- Durch eine Sicherheitslücke im Speichermanagement-Subsystem des Linux-Kernels können Angreifer potenziell erweiterte Rechte erlangen. --------------------------------------------- https://www.golem.de/news/stackrot-kernel-schwachstelle-erlaubt-rechteauswe… ∗∗∗ Patchday: Vielfältige Attacken auf Android 11, 12 und 13 möglich ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für verschiedene Android-Versionen. Im schlimmsten Fall könnte Schadcode auf Geräte gelangen. --------------------------------------------- https://heise.de/-9208524 ∗∗∗ Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a full chain ∗∗∗ --------------------------------------------- In all, Cisco Talos is releasing 22 security advisories today, nine of which have a CVSS score greater than 8, associated with 69 CVEs. --------------------------------------------- https://blog.talosintelligence.com/talos-discovers-17-vulnerabilities-in-mi… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (golang-yaml.v2, kernel, and mediawiki), Fedora (kernel and picocli), SUSE (bind and python-sqlparse), and Ubuntu (cpdb-libs). --------------------------------------------- https://lwn.net/Articles/937481/ *** IBM Security Bulletins *** --------------------------------------------- IBM i, IBM Rational Functional Tester, IBM Security Verify Access, IBM Cloud Pak, IBM Match 360, IBM Watson, IBM Integration Designer, IBM Sterling Connect:Direct File Agent, IBM Operations Analytics and TADDM. --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic ∗∗∗ --------------------------------------------- Cisco says a high-severity vulnerability in Nexus 9000 series switches could allow attackers to intercept and modify encrypted traffic. Tracked as CVE-2023-20185, the issue impacts the ACI multi-site CloudSec encryption feature of the Nexus 9000 switches that are configured in application centric infrastructure (ACI) mode – typically used in data centers for controlling physical and virtual networks. --------------------------------------------- https://www.securityweek.com/vulnerability-in-cisco-enterprise-switches-all… ∗∗∗ Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Webex Meetings Web UI Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Duo Authentication Proxy Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco BroadWorks Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ ZDI-23-896: D-Link DAP-2622 DDP Change ID Password Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-896/ ∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (June 26, 2023 to July 2, 2023) ∗∗∗ --------------------------------------------- https://www.wordfence.com/blog/2023/07/wordfence-intelligence-weekly-wordpr… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.07.2023
by Daily end-of-shift report 05 Jul '23

05 Jul '23

===================== = End-of-Day report = ===================== Timeframe: Dienstag 04-07-2023 18:00 − Mittwoch 05-07-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Email crypto phishing scams: stealing from hot and cold crypto wallets ∗∗∗ --------------------------------------------- Here is how email phishing scams targeting hot and cold crypto wallets, such as Trezor and Ledger, work. --------------------------------------------- https://securelist.com/hot-and-cold-cryptowallet-phishing/110136/ ∗∗∗ Jetzt patchen! Über 335.000 SSL-VPN-Interfaces von Fortinet attackierbar ∗∗∗ --------------------------------------------- Sicherheitsforscher warnen vor weiteren Attacken auf eine kritische Lücke in FortiOS. Patches zum Schließen der Schwachstelle sind seit Wochen verfügbar. --------------------------------------------- https://heise.de/-9206478 ∗∗∗ Verbaucherzentralen warnen vor personalisiertem Phishing ∗∗∗ --------------------------------------------- Seit Anfang der Woche landen viele Phishingmails mit persönlicher Anrede betreffend der ING in Postfächern von Internetnutzern, warnen die Verbraucherzentralen. --------------------------------------------- https://heise.de/-9207386 ∗∗∗ TEMU Shopping App und temu.com: Problematische Angebote aus China ∗∗∗ --------------------------------------------- Wer sich aktuell durch Social Media bewegt, kommt kaum an Werbeschaltungen für die Shopping App TEMU vorbei. Die Plattform mit Sitz in Dublin und ihrem Ursprung in China startet aktuell eine Offensive auf den österreichischen und deutschen Markt. Die Produkte bei TEMU sind teils unfassbar günstig und für viele verlockend. Möglich ist das aber vor allem durch fragwürdige Geschäftspraktiken, teils mangelhafte Produkte und Nicht-Einhaltung rechtlicher Vorgaben. --------------------------------------------- https://www.watchlist-internet.at/news/temu-shopping-app-und-temucom-proble… ===================== = Vulnerabilities = ===================== ∗∗∗ Path traversal bypass & Denial of service in Kyocera TASKalfa 4053ci printer ∗∗∗ --------------------------------------------- CVE Number: CVE-2023-34259, CVE-2023-34260, CVE-2023-34261 Kyocera TASKalfa 4053ci printers are vulnerable to multiple vulnerabilities. The path traversal vulnerability can be used to access arbitrary files on the filesystem, even files that require root privileges. Also, the path traversal vulnerability can be used to conduct a denial-of-service (DoS). Due the username enumeration vulnerability, it is possible to identify valid user accounts. --------------------------------------------- https://sec-consult.com/vulnerability-lab/advisory/path-traversal-bypass-de… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (firefox and python-reportlab), Slackware (mozilla), SUSE (dnsdist, grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, pyt, kernel, kubernetes1.18, libdwarf, python311, qt6-base, rmt-server, and virtualbox), and Ubuntu (containerd, firefox, and python-django). --------------------------------------------- https://lwn.net/Articles/937368/ ∗∗∗ The "StackRot" kernel vulnerability ∗∗∗ --------------------------------------------- Ruihan Li has discloseda significant vulnerability introduced into the 6.1 kernel: A flaw was found in the handling of stack expansion in the Linux kernel 6.1 through 6.4, aka "Stack Rot". The maple tree, responsible for managing virtual memory areas, can undergo node replacement without properly acquiring the MM write lock, leading to use-after-free issues. An unprivileged local user could use this flaw to compromise the kernel and escalate their privileges. --------------------------------------------- https://lwn.net/Articles/937377/ ∗∗∗ Frauscher: Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-011/ ∗∗∗ IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker and denial of service due to Guava (CVE-2020-8908, CVE-2018-10237). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009535 ∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-35890) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009537 ∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to xml2js abitrary code execution vulnerability(CVE-2023-0842) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009049 ∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool\/OMNIbus WebGUI (CVE-2023-35890) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009625 ∗∗∗ Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool\/OMNIbus WebGUI - April 2023 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009627 ∗∗∗ A security vulnerability has been identified in WebSphere Application Server traditional shipped with IBM Intelligent Operations Center(CVE-2023-35890) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009635 ∗∗∗ IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker and denial of service due to Guava (CVE-2020-8908, CVE-2018-10237). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009535 ∗∗∗ IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-35890) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007857 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.07.2023
by Daily end-of-shift report 04 Jul '23

04 Jul '23

===================== = End-of-Day report = ===================== Timeframe: Montag 03-07-2023 18:00 − Dienstag 04-07-2023 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors ∗∗∗ --------------------------------------------- The threat actors behind the DDoSia attack tool have come up with a new version that incorporates a new mechanism to retrieve the list of targets to be bombarded with junk HTTP requests in an attempt to bring them down.The updated variant, written in Golang, "implements an additional security mechanism to conceal the list of targets, which is transmitted from the [command-and-control] to the users," cybersecurity company Sekoia said in a technical write-up. --------------------------------------------- https://thehackernews.com/2023/07/ddosia-attack-tool-evolves-with.html ∗∗∗ Hunting for Bitwarden master passwords stored in memory ∗∗∗ --------------------------------------------- A blog post on how I was able to identify unknown master passwords stored in the memory of the Bitwarden web extension and desktop client, after a vault has been locked. I also cover the decisions made for developing a proof of concept to automate the process of extracting potential passwords. --------------------------------------------- https://redmaple.tech/blogs/2023/extract-bitwarden-vault-passwords/ ∗∗∗ Achtung Fake-Shop: sharkos.de ∗∗∗ --------------------------------------------- Sharkos – „Ihr Experte für Garten, Pools und Haushalt“. Das sehen wir anders. Der Online-Shop sieht zwar vielversprechend aus, wenn Sie dort bestellen, bekommen Sie aber trotz Zahlung keine Ware. Wir zeigen Ihnen, wie Sie Fake-Shops erkennen. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-fake-shop-sharkosde/ ===================== = Vulnerabilities = ===================== ∗∗∗ Geräteverwaltung: hochriskante Schwachstelle in Ivanti Endpoint Manager ∗∗∗ --------------------------------------------- Eine Sicherheitslücke in der Geräte- und Softwareverwaltung von Ivanti für ChromeOS, Linux, macOS und Windows ermöglicht Angreifern aus dem Netz Codeschmuggel. --------------------------------------------- https://heise.de/-9206574 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ghostscript), Fedora (apache-ivy, chromium, golang-github-schollz-croc, golang-github-schollz-mnemonicode, and webkitgtk), SUSE (amazon-ecs-init, dnsdist, libcap, python-tornado, terraform, and xmltooling), and Ubuntu (imagemagick, openldap, php7.4, php8.1, and screen). --------------------------------------------- https://lwn.net/Articles/937292/ ∗∗∗ CISA issues warning for cardiac device system vulnerability ∗∗∗ --------------------------------------------- The Cybersecurity and Infrastructure Security Agency (CISA) warned of a severe vulnerability in a cardiac device from medical device company Medtronic. The issue – tracked as CVE-2023-31222 – carries a “critical” CVSS score of 9.8 out of 10 and affects the company’s Paceart Optima software that runs on a healthcare organization’s Windows server. --------------------------------------------- https://therecord.media/cisa-warning-for-cardiac-device-system-vulnerability ∗∗∗ Zyxel security advisory for buffer overflow vulnerability in 4G LTE and 5G NR outdoor routers ∗∗∗ --------------------------------------------- A buffer overflow vulnerability in the CGI program of some Zyxel 4G LTE and 5G NR outdoor routers could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. (CVE: CVE-2023-27989) --------------------------------------------- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-… ∗∗∗ Security Vulnerabilities fixed in Thunderbird 102.13 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/ ∗∗∗ Security Vulnerabilities fixed in Firefox ESR 102.13 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/ ∗∗∗ Security Vulnerabilities fixed in Firefox 115 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/ ∗∗∗ Vulnerability in the interface module SLC-0-GPNT00300 ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-894143.html ∗∗∗ Security Advisory for the FL MGUARD family of devices ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-833074.html ∗∗∗ IBM Integration Bus is vulnerable to a remote attack due to Apache Jena (CVE-2021-39239, CVE-2022-28890, CVE-2023-22665). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009371 ∗∗∗ Vulnerability in Spring Framework affects IBM Process Mining [CVE-2016-1000027] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009383 ∗∗∗ IBM Content Navigator is vulnerable to DoS due to Apache Commons FileUpload (CVE-2023-24998) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7002807 ∗∗∗ Vulnerability in IBM SDK Java Technology affects IBM Cloud Pak System (CVE-2021-35561) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009441 ∗∗∗ Vulnerabilities in OpenSSL affect Cloud Pak System (CVE-2021-23840, CVE-2021-23841) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7005857 ∗∗∗ Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009457 ∗∗∗ Vulnerability of Newtonsoft.Json-12.0.1.22727.dll has afftected to .NET Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009459 ∗∗∗ Multiple CVEs may affect IBM\u00ae SDK, Java\u2122 Technology Edition shipped with IBM CICS TX Standard ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009483 ∗∗∗ Multiple CVEs may affect IBM\u00ae SDK, Java\u2122 Technology Edition shipped with IBM CICS TX Advanced ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009485 ∗∗∗ Multiple CVEs may affect IBM\u00ae SDK, Java\u2122 Technology Edition shipped with IBM TXSeries for Multiplatforms ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009487 ∗∗∗ Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager. (CVE-2023-34396, CVE-2023-34149) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009497 ∗∗∗ TADDM affected by multiple vulnerabilities due to IBM Java and its runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009499 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.07.2023
by Daily end-of-shift report 03 Jul '23

03 Jul '23

===================== = End-of-Day report = ===================== Timeframe: Freitag 30-06-2023 18:00 − Montag 03-07-2023 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Beware: New RustBucket Malware Variant Targeting macOS Users ∗∗∗ --------------------------------------------- "This variant of RustBucket, a malware family that targets macOS systems, adds persistence capabilities not previously observed," Elastic Security Labs researchers said in a report published this week, adding it's "leveraging a dynamic network infrastructure methodology for command-and-control." --------------------------------------------- https://thehackernews.com/2023/07/beware-new-rustbucket-malware-variant.html ∗∗∗ Entschlüsselungstool: Sicherheitsforscher knacken Akira-Ransomware ∗∗∗ --------------------------------------------- Stimmten die Voraussetzungen, können Opfer des Erpressungstrojaner Akira ohne Lösegeld zu zahlen auf ihre Daten zugreifen. --------------------------------------------- https://heise.de/-9204932 ∗∗∗ Vorsicht vor Malvertising: Fake-WinSCP-Tool verbreitet BackCat-Ransomware ∗∗∗ --------------------------------------------- Die Hintermänner des Verschlüsselungstrojaners BlackCat (aka ALPHV) setzen auf einen weiteren Verbreitungsweg. --------------------------------------------- https://heise.de/-9204958 ∗∗∗ Vorsicht vor gefälschten Polizei-Mails ∗∗∗ --------------------------------------------- Aktuell geben sich Kriminelle per E-Mail als Polizei aus. Im Mail steht, dass Sie in der Anlage Ihre Einberufung finden und innerhalb von 48 Stunden antworten müssen. Ansonsten droht Ihnen eine Festnahme. Ignorieren Sie dieses E-Mail, es handelt sich um Betrug! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschten-polizei-ma… ∗∗∗ CVE-2023-20864: Remote Code Execution in VMware Aria Operations for Logs ∗∗∗ --------------------------------------------- In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Jonathan Lein and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in VMware Aria Operations for Logs (formerly vRealize). --------------------------------------------- https://www.zerodayinitiative.com/blog/2023/6/29/cve-2023-20864-remote-code… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: Schadcode-Attacken auf HP-LaserJet-Pro-Drucker möglich ∗∗∗ --------------------------------------------- Mehrere LaserJet-Pro-Modelle von HP sind verwundbar. Sicherheitsupdates schaffen Abhilfe. --------------------------------------------- https://heise.de/-9205846 ∗∗∗ WP AutoComplete 1.0.4 - Unauthenticated SQLi ∗∗∗ --------------------------------------------- The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection. --------------------------------------------- https://www.exploit-db.com/exploits/51560 ∗∗∗ Sicherheitsupdate: Attacken auf WordPress-Plug-in Ultimate Member ∗∗∗ --------------------------------------------- Derzeit nutzen Angreifer eine kritische Lücke im WordPress-Plug-in Ultimate Member aus. Der Anbieter rät zu einem zügigen Update. --------------------------------------------- https://heise.de/-9204916 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cups, gst-plugins-bad1.0, gst-plugins-base1.0, gst-plugins-good1.0, python3.7, and yajl), Fedora (chromium, kubernetes, pcs, and webkitgtk), Scientific Linux (open-vm-tools), SUSE (iniparser, keepass, libvirt, prometheus-ha_cluster_exporter, prometheus-sap_host_exporter, rekor, terraform-provider-aws, terraform-provider-helm, and terraform-provider-null), and Ubuntu (python-reportlab and vim). --------------------------------------------- https://lwn.net/Articles/937189/ ∗∗∗ Root-Zugang zu Smarthome-Server Loxone Miniserver Go Gen. 2 (SySS-2023-004/-012/-013) ∗∗∗ --------------------------------------------- Durch verschiedene Schwachstellen kann ein Administrator Betriebssystemzugriff auf dem Loxone Miniserver Go im Kontext des root-Benutzers erreichen. --------------------------------------------- https://www.syss.de/pentest-blog/root-zugang-zu-smarthome-server-loxone-min… ∗∗∗ Multiple Vulnerabilities including Unauthenticated Remote Code Execution in Siemens A8000 ∗∗∗ --------------------------------------------- The vendor provides a patch which should be installed immediately. Customers should update to CPCI85 V05 or later version (https://support.industry.siemens.com/cs/ww/en/view/109804985/). - Unauthenticated Remote Code Execution (CVE-2023-28489) - Authenticated Command Injection (CVE-2023-33919) - Hard-coded Root Password (CVE-2023-33920) - Console Login via UART (CVE-2023-33921) --------------------------------------------- https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities… ∗∗∗ Multiple vulnerabilities in SoftEther VPN and PacketiX VPN ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN64316789/ ∗∗∗ ZDI-23-894: NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-894/ ∗∗∗ ZDI-23-893: NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-893/ ∗∗∗ WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 – Authentication Bypass ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2023070002 ∗∗∗ Watson CP4D Data Stores is vulnerable to Golang Go to a denial of service (CVE-2022-1962) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009053 ∗∗∗ Watson CP4D Data Stores is vulnerable to Golang Go is vulnerable to HTTP request smuggling(CVE-2022-1705) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009055 ∗∗∗ Watson AI Gateway for Cloud Pak for Data is vulnerable to an Ajv (aka Another JSON Schema Validator) could allow a remote attacker to execute arbitrary code on the system (CVE-2020-15366) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009061 ∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to xml2js abitrary code execution vulnerability(CVE-2023-0842) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009049 ∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js http-cache-semantics module denial of service ( CVE-2022-25881) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009051 ∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Envoy security bypass ( CVE-2023-27488) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009057 ∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable ConfigObj denial of service ( CVE-2023-26112) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009059 ∗∗∗ IBM Connect:Direct Web Services vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-2455) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009293 ∗∗∗ IBM Connect:Direct Web Services vulnerable to sensitive information exposure due to PostgreSQL (CVE-2022-41862) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009295 ∗∗∗ IBM Security Key Lifecycle Manager is vulnerable to Incorrect Permission Assignment for Critical Resource (CVE-2018-1750) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/733311 ∗∗∗ Multiple Vulnerabilities in CloudPak for Watson AIOPs ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007837 ∗∗∗ Multiple vulnerabilities of Apache Groovy (groovy-all-2.3.11.jar) have affected APM JBoss and APM WebLogic Agent [CVE-202-17521, CVE-2016-6814, CVE-2015-3253] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009323 ∗∗∗ Multiple vulnerabilities of Apache Ant (ant-1.7.0.jar, ant-1.8.4.jar) have affected APM JBoss, APM WebLogic and APM SAP NetWeaver Java Stack Agents. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009321 ∗∗∗ Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects APM Agents for Monitoring ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009327 ∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operand is vulnerable to DOS/loss of integrity/confidentiality [CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009333 ∗∗∗ Watson CP4D Data Stores is vulnerable to Golang Go to a denial of service (CVE-2022-1962) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009053 ∗∗∗ Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Application Server April 2023 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7009353 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.06.2023
by Daily end-of-shift report 30 Jun '23

30 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 29-06-2023 18:00 − Freitag 30-06-2023 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Torrent of image-based phishing emails are harder to detect and more convincing ∗∗∗ --------------------------------------------- The arms race between scammers and defenders continues. --------------------------------------------- https://arstechnica.com/?p=1951208 ∗∗∗ Spamdexing: What is SEO Spam & How to Remove It ∗∗∗ --------------------------------------------- Ever had an uninvited guest crash your party, resulting in chaos, confusion, and some unhappy visitors? Well, SEO spam is that party crasher - just for websites. Why should you care, you ask? Well, just imagine your meticulously crafted website content being replaced with unsolicited ads for services and products that would make your grandma blush. Or even worse, your loyal site visitors being redirected to shady third party websites. Not the picture of ideal user experience, --------------------------------------------- https://blog.sucuri.net/2023/06/spamdexing-what-is-seo-spam.html ∗∗∗ Cybercriminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign ∗∗∗ --------------------------------------------- An active financially motivated campaign is targeting vulnerable SSH servers to covertly ensnare them into a proxy network. "This is an active campaign in which the attacker leverages SSH for remote access, running malicious scripts that stealthily enlist victim servers into a peer-to-peer (P2P) proxy network, such as Peer2Profit or Honeygain," Akamai researcher Allen West said [...] --------------------------------------------- https://thehackernews.com/2023/06/cybercriminals-hijacking-vulnerable-ssh.h… ∗∗∗ Its 2023 and memory overwrite bugs are not just a thing, theyre still number one ∗∗∗ --------------------------------------------- Cough, cough, use Rust. Plus: Eight more exploited bugs added to CISAs must-patch list The most dangerous type of software bug is the out-of-bounds write, according to MITRE this week. This type of flaw is responsible for 70 CVE-tagged holes in the US governments list of known vulnerabilities that are under active attack and need to be patched, we note. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2023/06/29/cwe_top_25_2… ∗∗∗ Router-Malware: Aktuelle Kampagne des Mirai-Botnet greift viele Lücken an ∗∗∗ --------------------------------------------- Das Mirari-Botnet ist weiter aktiv. Die Drahtzieher nutzen in einer aktuellen Kampagne zahlreiche Sicherheitslücken, um diverse Internetrouter zu infizieren. --------------------------------------------- https://heise.de/-9203406 ∗∗∗ 200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin ∗∗∗ --------------------------------------------- Attackers exploit critical vulnerability in the Ultimate Member plugin to create administrative accounts on WordPress websites. --------------------------------------------- https://www.securityweek.com/200000-wordpress-sites-exposed-to-attacks-expl… ∗∗∗ Neue browserbasierte Social-Engineering-Trends ∗∗∗ --------------------------------------------- Report von WatchGuard Threat Lab: Angreifer nutzen neue Wege, um im Internet surfende Anwender auszutricksen. --------------------------------------------- https://www.zdnet.de/88410262/neue-browserbasierte-social-engineering-trend… ∗∗∗ Malware Execution Method Using DNS TXT Record ∗∗∗ --------------------------------------------- AhnLab Security Emergency response Center (ASEC) has confirmed instances where DNS TXT records were being utilized during the execution process of malware. This is considered meaningful from various perspectives, including analysis and detection as this method has not been widely utilized as a means of executing malware. --------------------------------------------- https://asec.ahnlab.com/en/54916/ ∗∗∗ Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator ∗∗∗ --------------------------------------------- We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents. --------------------------------------------- https://www.trendmicro.com/en_us/research/23/f/malvertising-used-as-entry-v… ∗∗∗ Decrypted: Akira Ransomware ∗∗∗ --------------------------------------------- Researchers for Avast have developed a decryptor for the Akira ransomware and released it for public download. The Akira ransomware appeared in March 2023 and since then, the gang claims successful attacks on various organizations in the education, finance and real estate industries, amongst others. --------------------------------------------- https://decoded.avast.io/threatresearch/decrypted-akira-ransomware/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (docker-registry, flask, systemd, and trafficserver), Fedora (moodle, python-reportlab, suricata, and vim), Red Hat (go-toolset and golang, go-toolset-1.19 and go-toolset-1.19-golang, go-toolset:rhel8, open-vm-tools, python27:2.7, and python3), SUSE (buildah, chromium, gifsicle, libjxl, sqlite3, and xonotic), and Ubuntu (linux, linux-allwinner, linux-allwinner-5.19, linux-aws, linux-aws-5.19, linux-azure, linux-gcp, linux-gcp-5.19, linux-hwe-5.19, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux-starfive, linux-starfive-5.19, linux, linux-aws, linux-aws-5.15, linux-aws-5.4, linux-azure, linux-azure-5.15, linux-azure-5.4, linux-azure-fde-5.15, linux-bluefield, linux-gcp, linux-gcp-5.15, linux-gcp-5.4, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, and linux-oem-6.1). --------------------------------------------- https://lwn.net/Articles/936949/ ∗∗∗ Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2023-23 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.06.2023
by Daily end-of-shift report 29 Jun '23

29 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 28-06-2023 18:00 − Donnerstag 29-06-2023 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Linux version of Akira ransomware targets VMware ESXi servers ∗∗∗ --------------------------------------------- The Akira ransomware operation uses a Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide. --------------------------------------------- https://www.bleepingcomputer.com/news/security/linux-version-of-akira-ranso… ∗∗∗ Exploit released for new Arcserve UDP auth bypass vulnerability ∗∗∗ --------------------------------------------- Data protection vendor Arcserve has addressed a high-severity security flaw in its Unified Data Protection (UDP) backup software that can let attackers bypass authentication and gain admin privileges. --------------------------------------------- https://www.bleepingcomputer.com/news/security/exploit-released-for-new-arc… ∗∗∗ Security Baseline for M365 Apps for enterprise v2306 ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the release of the recommended security configuration baseline settings for Microsoft 365 Apps for enterprise, version 2306. --------------------------------------------- https://techcommunity.microsoft.com/t5/microsoft-security-baselines/securit… ∗∗∗ GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT, (Thu, Jun 29th) ∗∗∗ --------------------------------------------- On Monday 2023-06-26, I received an email in one of my honeypot accounts, and the email led to a loader-based infection for Remcos RAT. The loader seems to be a GuLoader- or ModiLoader (DBatLoader)-style malware, but it's not like the GuLoader or ModiLoader samples I've run across so far. --------------------------------------------- https://isc.sans.edu/diary/rss/29990 ∗∗∗ Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes ∗∗∗ --------------------------------------------- Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse. The malware "represents a significant shift as it incorporates the malicious components directly within the Flutter code," Fortinet FortiGuard Labs researcher Axelle Apvrille said in a report published last week. --------------------------------------------- https://thehackernews.com/2023/06/fluhorse-flutter-based-android-malware.ht… ∗∗∗ Finding Gadgets for CPU Side-Channels with Static Analysis Tools ∗∗∗ --------------------------------------------- We have recently begun research on using static analysis tools to find Spectre-v1 gadgets. During this research, we discovered two gadgets, one in do_prlimit (CVE-2023-0458) and one in copy_from_user (CVE-2023-0459). In this writeup, we explain these issues and how we found them. --------------------------------------------- https://github.com/google/security-research/blob/master/pocs/cpus/spectre-g… ∗∗∗ Verantwortungsvolle Veröffentlichung einer Exploit-Kette, die auf die Implementierung der RFC-Schnittstelle im SAP Application Server für ABAP abzielt ∗∗∗ --------------------------------------------- In einer unabhängigen Analyse der serverseitigen Implementierung der proprietären Remote Function Call (RFC)-Schnittstelle in SAP NetWeaver Application Server ABAP und ABAP Platform (beide im Folgenden als AS ABAP bezeichnet) wurden von Fabian Hagg, Sicherheitsforscher im SEC Consult Vulnerability Lab und SAP Security Experte, eine Reihe von schwerwiegenden Implementierungs- und Designfehlern identifiziert. --------------------------------------------- https://sec-consult.com/de/blog/detail/verantwortungsvolle-veroeffentlichun… ∗∗∗ Das können Sie tun, wenn Kriminelle Ihren Online-Shop kopieren ∗∗∗ --------------------------------------------- Fake-Shops bieten im Internet Markenprodukte zu Spottpreisen an. Kriminelle bauen dabei die echten Webseiten einfach nach, sodass die Fälschung auf den ersten Blick oft gar nicht ersichtlich ist. Wir zeigen Ihnen, was Sie tun können, wenn Ihr Online-Shop betroffen ist und wie Sie Ihre Kund:innen schützen können. --------------------------------------------- https://www.watchlist-internet.at/news/das-koennen-sie-tun-wenn-kriminelle-… ∗∗∗ CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments ∗∗∗ --------------------------------------------- Recognizing the various types of security threats that could affect CI/CD operations and taking steps to defend against each one is critical in securing a CI/CD environment. Organizations will find in this guide a list of common risks found in CI/CD pipelines and attack surfaces that could be exploited and threaten network security. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/28/cisa-and-nsa-release-joi… ∗∗∗ Detection, Containment, and Hardening Opportunities for Privileged Guest Operations, Anomalous Behavior, and VMCI Backdoors on Compromised VMware Hosts ∗∗∗ --------------------------------------------- In Mandiant’s initial publication of this vulnerability, we covered the attackers’ exploitation of CVE-2023-20867, the harvesting of ESXi service account credentials on vCenter machines, and the implications of backdoor communications over VMCI socket. In this blog post, we will focus on the artifacts, logging options, and hardening steps to detect and prevent the following tactics and techniques seen being used by UNC3886. --------------------------------------------- https://www.mandiant.com/resources/blog/vmware-detection-containment-harden… ∗∗∗ Introducing KBOM – Kubernetes Bill of Materials ∗∗∗ --------------------------------------------- SBOM (Software Bill of Materials) is an accepted best practice to map the components and dependencies of your applications in order to better understand your applications’ risks. SBOMs are used as a basis for vulnerability assessment, licensing compliance, and more. There are plenty of available tools, such as Aqua Trivy, that help you easily generate SBOM for your applications. --------------------------------------------- https://blog.aquasec.com/introducing-kbom-kubernetes-bill-of-materials ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal Security advisories 2023-06-28 ∗∗∗ --------------------------------------------- Drupal released 7 new security advisories. (1x Critical, 5x Moderatly Critical, 1x Less Critical) --------------------------------------------- https://www.drupal.org/security ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium and maradns), SUSE (iniparser, kubernetes1.23, python-reportlab, and python-sqlparse), and Ubuntu (accountsservice and linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon). --------------------------------------------- https://lwn.net/Articles/936752/ *** IBM Security Bulletins *** --------------------------------------------- AIX, IBM QRadar SIEM, WebSphere Application Server, IBM Security SOAR, IBM Cloud Pak, CICS, IBM SDK, IBM Tivoli, FileNet Content Manager, Db2 Graph, IBM OpenPages and IBM Semeru Runtime. --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2023-0005 ∗∗∗ --------------------------------------------- https://webkitgtk.org/security/WSA-2023-0005.html ∗∗∗ F5: K000135262 : Apache Tomcat vulnerability CVE-2023-28709 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000135262 ∗∗∗ Stable Channel Update for ChromeOS/ChromeOS Flex ∗∗∗ --------------------------------------------- http://chromereleases.googleblog.com/2023/06/stable-channel-update-for_28.h… ∗∗∗ [R1] Nessus Version 10.5.3 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2023-22 ∗∗∗ Delta Electronics InfraSuite Device Master ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01 ∗∗∗ Ovarro TBox RTUs ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 ∗∗∗ Mitsubishi Electric MELSEC-F Series ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-04 ∗∗∗ Medtronic Paceart Optima System ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-180-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.06.2023
by Daily end-of-shift report 28 Jun '23

28 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Dienstag 27-06-2023 18:00 − Mittwoch 28-06-2023 18:00 Handler: Stephan Richter Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Andariel’s silly mistakes and a new malware family ∗∗∗ --------------------------------------------- In this crimeware report, Kaspersky researchers provide insights into Andariel’s activity targeting organizations: clumsy commands executed manually, off-the-shelf tools and EasyRat malware. --------------------------------------------- https://securelist.com/lazarus-andariel-mistakes-and-easyrat/110119/ ∗∗∗ Warning: JavaScript registry npm vulnerable to manifest confusion abuse ∗∗∗ --------------------------------------------- Failure to match metadata with packaged files is perfect for supply chain attacks. The npm Public Registry, a database of JavaScript packages, fails to compare npm package manifest data with the archive of files that data describes, creating an opportunity for the installation and execution of malicious files. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2023/06/27/javascript_r… ∗∗∗ Black Basta Ransomware ∗∗∗ --------------------------------------------- What is Black Basta Ransomware? Black Basta is a threat group that provides ransomware-as-a-service (RaaS). The service is maintained by dedicated developers and is a highly efficient and professionally run operation; there’s a TOR website that provides a victim login portal, a chat room, and a wall of company’s names who’s data has been leaked. --------------------------------------------- https://www.pentestpartners.com/security-blog/black-basta-ransomware/ ∗∗∗ Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor ∗∗∗ --------------------------------------------- Manic Menagerie 2.0 is a campaign deploying coin miners and web shells, among other tactics. Hijacked machines could be used as C2 for further operations. --------------------------------------------- https://unit42.paloaltonetworks.com/manic-menagerie-targets-web-hosting-and… ∗∗∗ Charming Kitten Updates POWERSTAR with an InterPlanetary Twist ∗∗∗ --------------------------------------------- Volexity works with many individuals and organizations often subjected to sophisticated and highly targeted spear-phishing campaigns from a variety of nation-state-level threat actors. In the last few years, Volexity has observed threat actors dramatically increase the level of effort they put into compromising credentials or systems of individual targets. --------------------------------------------- https://www.volexity.com/blog/2023/06/28/charming-kitten-updates-powerstar-… ∗∗∗ Hackers Hiding DcRAT Malware in Fake OnlyFans Content ∗∗∗ --------------------------------------------- A malicious campaign targeting smartphone users has been uncovered, utilizing fake OnlyFans content to distribute a dangerous Remote Access Trojan (RAT) known as DcRAT malware. --------------------------------------------- https://www.hackread.com/hackers-dcrat-malware-fake-onlyfans-content/ ∗∗∗ Newly Surfaced ThirdEye Infostealer Targeting Windows Devices ∗∗∗ --------------------------------------------- FortiGuard Labs uncovered a not-so-sophisticated but highly malicious infostealer while analyzing suspicious files during a cursory review. They named this ThirdEye Infostealer. --------------------------------------------- https://www.hackread.com/thirdeye-infostealer-windows-devices/ ===================== = Vulnerabilities = ===================== ∗∗∗ Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution ∗∗∗ --------------------------------------------- Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable systems. --------------------------------------------- https://thehackernews.com/2023/06/critical-sql-injection-flaws-expose.html ∗∗∗ App Bypass und andere Schwachstellen in Boomerang Parental Control App ∗∗∗ --------------------------------------------- Die Kinderüberwachungs-App "Boomerang" von National Education Technologies ist von Schwachstellen mit hohem Risiko betroffen. Angreifer können ein lokales ADB Backup erzeugen, über welches Zugang zu API Token erlangt werden kann. Dadurch kann ein Angreifer Privilege Escalation durchführen oder auch Cross-Site Scripting im Web Dashboard der Eltern. Des weiteren können Kinder die Beschränkungen der Eltern auf einfache Weise umgehen. --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/app-bypass-und-andere… ∗∗∗ Nvidia: Treiber-Update schließt Codeschmuggel-Schwachstellen ∗∗∗ --------------------------------------------- Nvidias Grafikkartentreiber für Linux und Windows haben hochriskante Sicherheitslücken. Der Hersteller liefert jetzt Aktualisierungen zum Abdichten der Lecks. --------------------------------------------- https://heise.de/-9200904 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (docker-docker-registry, libcap, libx11, mediawiki, python-requests, python-tornado, sofia-sip, sqlite, and xonotic), Red Hat (kernel, kernel-rt, kpatch-patch, libssh, libtiff, python27:2.7, python39:3.9, python39-devel:3.9, ruby:2.7, sqlite, systemd, and virt:rhel, virt-devel:rhel), SUSE (bind, cosign, guile1, lilypond, keepass, kubernetes1.24, nodejs16, nodejs18, phpMyAdmin, and sqlite3), and Ubuntu (etcd). --------------------------------------------- https://lwn.net/Articles/936671/ *** IBM Security Bulletins *** --------------------------------------------- IBM App Connect Enterprise, IBM Security Guardium, CloudPak for Watson, IBM MQ, IBM Maximo Manage application, IBM TXSeries, IBM CICS TX, IBM Cloud Object Storage Systems, IBM Tivoli Netcool Impact, IBM Tivoli Business Service Manager, IBM Informix JDBC Driver, IBM i, IBM Tivoli Netcool Impact, IBM Robotic Process Automation, IBM WebSphere Application Server and FileNet Content Manager. --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Path Traversal / Cross-Site Scripting im Gira KNX IP-Router (SYSS-2023-015/-016) ∗∗∗ --------------------------------------------- Das Webinterface des Gira KNX IP-Routers ermöglicht ein Path Traversal (Zugriff auf Systemdateien) und ist anfällig für Cross-Site Scripting-Angriffe. --------------------------------------------- https://www.syss.de/pentest-blog/path-traversal-/-cross-site-scripting-im-g… ∗∗∗ Information Disclosure Vulnerability in Bosch IP cameras ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-839739-bt.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.06.2023
by Daily end-of-shift report 27 Jun '23

27 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Montag 26-06-2023 18:00 − Dienstag 27-06-2023 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Prominent cryptocurrency exchange infected with previously unseen Mac malware ∗∗∗ --------------------------------------------- Its not yet clear how the full-featured JokerSpy backdoor gets installed. --------------------------------------------- https://arstechnica.com/?p=1950160 ∗∗∗ New Mockingjay process injection technique evades EDR detection ∗∗∗ --------------------------------------------- A new process injection technique named Mockingjay could allow threat actors to bypass EDR (Endpoint Detection and Response) and other security products to stealthily execute malicious code on compromised systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-mockingjay-process-injec… ∗∗∗ The Importance of Malware Triage, (Tue, Jun 27th) ∗∗∗ --------------------------------------------- When dealing with malware analysis, you like to get "fresh meat". Just for hunting purposes or when investigating incidents in your organization, its essential to have a triage process to reduce the noise and focus on really interesting files. For example, if you detect a new sample of Agent Tesla, you dont need to take time to investigate it deeply. Just extract IOCs to share with your colleagues. From a business point of view, you dont have time to analyze all samples! --------------------------------------------- https://isc.sans.edu/diary/rss/29984 ∗∗∗ Smartwatches Are Being Used To Distribute Malware ∗∗∗ --------------------------------------------- "Smartwatches are being sent to random military members loaded with malware, much like malware distribution via USB drives in the past," writes longtime Slashdot reader frdmfghtr. "Recipients are advised not to turn them on and report the incident to their local security office." --------------------------------------------- https://it.slashdot.org/story/23/06/27/0641253/smartwatches-are-being-used-… ∗∗∗ SNAPPY: Detecting Rogue and Fake 802.11 Wireless Access Points Through Fingerprinting Beacon Management Frames ∗∗∗ --------------------------------------------- I’ve found a novel technique to detect both rogue and fake 802.11 wireless access points through fingerprinting Beacon Management Frames, and created a tool to do so, called snap.py (Snappy) – the blog post title doesn’t lie! --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/snappy-dete… ∗∗∗ New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain ∗∗∗ --------------------------------------------- Cybersecurity researchers have discovered a new ongoing campaign aimed at the npm ecosystem that leverages a unique execution chain to deliver an unknown payload to targeted systems."The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed," [..] --------------------------------------------- https://thehackernews.com/2023/06/new-ongoing-campaign-targets-npm.html ∗∗∗ Anatsa banking Trojan hits UK, US and DACH with new campaign ∗∗∗ --------------------------------------------- As of March 2023, ThreatFabric’s cyber fraud analysts have been monitoring multiple ongoing Google Play Store dropper campaigns delivering the Android banking Trojan Anatsa, with over 30.000 installations. The threat actors behind this new wave of Anatsa showed interest in new institutions from the US, UK, and DACH region. Our fraud intelligence platform was able to confirm this dangerous malware family adding multiple Android banking apps from these regions as new targets. --------------------------------------------- https://www.threatfabric.com/blogs/anatsa-hits-uk-and-dach-with-new-campaign ∗∗∗ Rowpress: DRAM-Angriff Rowhammer hat einen jüngeren Bruder ∗∗∗ --------------------------------------------- Ein neuer Seitenkanalangriff manipuliert vermeintlich geschützte Bereiche des Arbeitsspeichers und funktioniert unabhängig von der eingesetzten CPU. --------------------------------------------- https://heise.de/-9199330 ∗∗∗ Malvertising: A stealthy precursor to infostealers and ransomware attacks ∗∗∗ --------------------------------------------- Malvertising, the practice of using online ads to spread malware, can have dire consequences—and the problem only seems to be growing. --------------------------------------------- https://www.malwarebytes.com/blog/business/2023/06/malvertising-a-stealthy-… ∗∗∗ „Hallo Mama, mein Handy ist kaputt“ ∗∗∗ --------------------------------------------- Eine unbekannte Nummer schreibt Ihnen. Angeblich ist es Ihr Kind. In der Nachricht steht, dass das Handy kaputt ist und das jetzt die neue Nummer sei. Antworten Sie nicht, dahinter steckt Betrug. Wenn Sie zurückschreiben, bitten Kriminelle Sie um eine dringende Überweisung und Sie verlieren Geld. --------------------------------------------- https://www.watchlist-internet.at/news/hallo-mama-mein-handy-ist-kaputt/ ∗∗∗ Breaking GPT-4 Bad: Check Point Research Exposes How Security Boundaries Can Be Breached as Machines Wrestle with Inner Conflicts ∗∗∗ --------------------------------------------- Highlights Check Point Research examines security and safety aspects of GPT-4 and reveals how limitations can be bypassed Researchers present a new mechanism dubbed “double bind bypass”, colliding GPT-4s internal motivations against itself --------------------------------------------- https://blog.checkpoint.com/artificial-intelligence/breaking-gpt-4-bad-chec… ∗∗∗ A technical analysis of the SALTWATER backdoor used in Barracuda 0-day vulnerability (CVE-2023-2868) exploitation ∗∗∗ --------------------------------------------- SALTWATER is a backdoor that has been used in the exploitation of the Barracuda 0-day vulnerability CVE-2023-2868. It is a module for the Barracuda SMTP daemon called bsmtpd. The malware hooked the recv, send, and close functions using an open-source hooking library called funchook. The following functionalities are implemented: execute arbitrary commands, download and [..] --------------------------------------------- https://cybergeeks.tech/a-technical-analysis-of-the-saltwater-backdoor-used… ∗∗∗ CISA Releases SCuBA TRA and eVRF Guidance Documents ∗∗∗ --------------------------------------------- CISA has released several documents as part of the Secure Cloud Business Applications (SCuBA) project: - The Technical Reference Architecture (TRA) document [..] is [..] a security guide that agencies can use to adopt technology for cloud deployment, adaptable solutions, secure architecture, and zero trust frameworks. - The extensible Visibility Reference Framework (eVRF) guidebook provides an overview of the eVRF framework, which enables organizations to identify visibility data that can be used to mitigate threats, understand the extent to which specific products and services provide that visibility data, and identify potential visibility gaps. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/27/cisa-releases-scuba-tra-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and Jetson Nano (including Jetson Nano 2GB) - June 2023 ∗∗∗ --------------------------------------------- NVIDIA has released a software update for NVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX), and Jetson Nano devices (including Jetson Nano 2GB) in the NVIDIA JetPack software development kit (SDK). The update addresses security issues that may lead to code execution, denial of service, information disclosure, and loss of integrity. --------------------------------------------- https://nvidia.custhelp.com/app/answers/detail/a_id/5466 ∗∗∗ Security Bulletin: NVIDIA GPU Display Driver - June 2023 ∗∗∗ --------------------------------------------- NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure. --------------------------------------------- https://nvidia.custhelp.com/app/answers/detail/a_id/5468 ∗∗∗ Webbrowser: Update für Google Chrome dichtet hochriskante Sicherheitslücken ab ∗∗∗ --------------------------------------------- Google hat den Webbrowser Chrome in aktualisierter Fassung veröffentlicht. In der neuen Version dichten die Entwickler hochriskante Sicherheitslecks ab. --------------------------------------------- https://heise.de/-9199157 ∗∗∗ Sicherheitsupdates: Dell-BIOS gegen verschiedene Attacken gerüstet ∗∗∗ --------------------------------------------- Wer einen Computer von Dell besitzt, sollte das BIOS aus Sicherheitsgründen auf den aktuellen Stand bringen. --------------------------------------------- https://heise.de/-9199274 ∗∗∗ Arbitrary User Password Change Vulnerability in LearnDash LMS WordPress Plugin ∗∗∗ --------------------------------------------- On June 5, 2023, our Wordfence Threat Intelligence team identified, and began the responsible disclosure process, for an Arbitrary User Password Change vulnerability in LearnDash LMS plugin, a WordPress plugin that is actively installed on more than 100,000 WordPress websites according to our estimates. --------------------------------------------- https://www.wordfence.com/blog/2023/06/arbitrary-user-password-change-vulne… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (c-ares and libx11), Fedora (chromium and kubernetes), Red Hat (python3 and python38:3.8, python38-devel:3.8), and SUSE (amazon-ssm-agent, kernel, kubernetes1.24, libvirt, nodejs16, openssl-1_1, and webkit2gtk3). --------------------------------------------- https://lwn.net/Articles/936549/ ∗∗∗ Synology-SA-23:09 Mail Station ∗∗∗ --------------------------------------------- Multiple vulnerabilities allow remote attackers to potentially inject SQL commands and inject arbitrary web scripts or HTML via a susceptible version of Mail Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_23_09 ∗∗∗ Zahlreiche Schwachstellen mit hohem Risiko in ILIAS eLearning platform ∗∗∗ --------------------------------------------- Es wurden Sicherheitslücken mit hohem Risiko in der ILIAS eLearning Plattform identifiziert, welche es einem Angreifer über mehrere Angriffspfade ermöglichen, beliebigen Code auszuführen. Zum einen werden Eingaben in einer "unserialize" Funktion nicht ausreichend gefiltert, zum anderen können beliebige PHP Dateien durch Umgehen eines Filters hochgeladen werden. Des weiteren können Cross-Site Scripting Angriffe durchgeführt werden. --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/zahlreiche-schwachste… ∗∗∗ [R1] Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. --------------------------------------------- https://www.tenable.com/security/tns-2023-21 ∗∗∗ A vulnerability in the IBM Spectrum Protect Backup-Archive Client on Microsoft Windows Workstation operating systems can lead to local user escalated privileges (CVE-2023-28956) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7005519 ∗∗∗ Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007069 ∗∗∗ A vulnerabbility exists in the IBM\u00ae SDK, Java\u2122 Technology Edition affect IBM Tivoli Network Configuration Manager (CVE-2022-21426). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007317 ∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2022-39161) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007313 ∗∗∗ A security vulnerability has been identified in embedded IBM WebSphere Application Server which is shipped with IBM Tivoli Netcool Configuration Manager (CVE-2022-39161) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007315 ∗∗∗ Vulnerability in Spring Security affects IBM Process Mining . Multiple CVEs ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007351 ∗∗∗ Vulnerability in Spring Security affects IBM Process Mining . CVE-2022-22978 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007363 ∗∗∗ Vulnerability in Spring Security affects IBM Process Mining . CVE-2021-22119 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007359 ∗∗∗ Vulnerability in Pallets Flask affects IBM Process Mining . CVE-2023-30861 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007345 ∗∗∗ Vulnerability in Spring Boot affects IBM Process Mining . CVE-2023-20883 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007349 ∗∗∗ Vulnerability in netplex json-smart affects IBM Process Mining . CVE-2023-1370 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007357 ∗∗∗ Vulnerability in Spring Framework affects IBM Process Mining . CVE-2023-20863 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007365 ∗∗∗ A vulnerability exists in the IBM\u00ae SDK, Java\u2122 Technology Edition affect IBM Tivoli Network Configuration Manager (CVE-2023-21830, CVE-2023-21843). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007353 ∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2023-24998) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007355 ∗∗∗ IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to [CVE-2023-32695] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007367 ∗∗∗ Vulnerability in Spring Security affects IBM Process Mining . CVE-2023-20862 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007371 ∗∗∗ Vulnerability in Spring Framework affects IBM Process Mining . CVE-2023-20873 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007373 ∗∗∗ Vulnerability in Apache Tomcat affects IBM Process Mining . Multiple CVEs ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007375 ∗∗∗ CVE-2022-21426 may affect JAXP component in Java SE used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007387 ∗∗∗ A vulnerability has been identified in IBM Storage Scale System which could allow unauthorized access to user data or injection of arbitrary data in the communication protocol (CVE-2020-4927) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7007405 ∗∗∗ Hitachi Energy FOXMAN-UN and UNEM Products ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-178-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.06.2023
by Daily end-of-shift report 26 Jun '23

26 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Freitag 23-06-2023 18:00 − Montag 26-06-2023 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ FortiNAC: Kritische Sicherheitslücke erlaubt Codeschmuggel, Update vergfügbar ∗∗∗ --------------------------------------------- Fortinet stellt Softwareupdates bereit, die unter anderem eine kritische Sicherheitslücke in FortiNAC schließen. Angreifer können Schadcode einschleusen. --------------------------------------------- https://heise.de/-9197438 ∗∗∗ Teams-Lücke vereinfacht Unterjubeln von Malware ∗∗∗ --------------------------------------------- In Microsoft Teams können Angreifer potenziellen Opfern einfach Malware zukommen lassen. Herkömmlicher Phishing-Schutz hilft nicht dagegen. --------------------------------------------- https://heise.de/-9197620 ∗∗∗ DNS Analyzer - Finden von DNS-Schwachstellen mit Burp Suite ∗∗∗ --------------------------------------------- Ein brandneues Plugin für Burp Suite zum Aufspüren von DNS-Schwachstellen in Webanwendungen! --------------------------------------------- https://sec-consult.com/de/blog/detail/dns-analyzer-finden-von-dns-schwachs… ∗∗∗ Betrug bei der Wohnungssuche: Kriminelle führen in gemieteten Airbnb-Wohnungen Besichtigungen durch ∗∗∗ --------------------------------------------- Es ist kaum zu glauben: Sie haben gerade Ihre Traumwohnung besichtigt, noch dazu ist sie sehr günstig! In diesem Fall raten wir aber, Verträge nicht voreilig zu unterschreiben und auch keine Kaution zu überweisen, denn aktuell mieten Kriminelle Airbnb-Wohnungen und stellen diese dann zur Vermietung ins Internet. Sie besichtigen eine nicht verfügbare Wohnung, unterschreiben einen ungültigen Vertrag und überweisen Kriminellen die Kaution! --------------------------------------------- https://www.watchlist-internet.at/news/betrug-bei-der-wohnungssuche-krimine… ∗∗∗ Grafana warns of critical auth bypass due to Azure AD integration ∗∗∗ --------------------------------------------- Grafana has released security fixes for multiple versions of its application, addressing a vulnerability that enables attackers to bypass authentication and take over any Grafana account that uses Azure Active Directory for authentication. --------------------------------------------- https://www.bleepingcomputer.com/news/security/grafana-warns-of-critical-au… ∗∗∗ 5 facts to know about the Royal ransomware gang ∗∗∗ --------------------------------------------- A quick look the cybercriminal group known as Royal—one of the fastest growing ransomware gangs today. --------------------------------------------- https://www.malwarebytes.com/blog/business/2023/06/5-facts-to-know-about-th… ∗∗∗ Exploiting Noisy Oracles with Bayesian Inference ∗∗∗ --------------------------------------------- In cryptographic attacks, we often rely on abstracted information sources which we call “oracles”. [...] In practice, however, not all oracles are created equal: an oracle that comes from error messages may well be perfectly reliable, whereas one which relies on (say) timing side channels may have to deal with a non-negligible amount of noise. In this post, we’ll look at how to deal with noisy oracles, and how to mount attacks using them. --------------------------------------------- https://research.nccgroup.com/2023/06/23/exploiting-noisy-oracles-with-baye… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bind9 and owslib), Fedora (dav1d, dotnet6.0, dotnet7.0, mingw-dbus, vim, and wabt), and SUSE (cloud-init and golang-github-vpenso-prometheus_slurm_exporter). --------------------------------------------- https://lwn.net/Articles/936332/ ∗∗∗ Multiple Vulnerabilities in Autodesk® InfraWorks software ∗∗∗ --------------------------------------------- Autodesk InfraWorks has been affected by multiple vulnerabilities detailed below. Exploitation of these vulnerabilities may lead to remote code execution and/or denial-of-service to the software and user devices. Hotfixes are available in the Autodesk Desktop App or the Accounts Portal to help resolve these vulnerabilities --------------------------------------------- https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0012 ∗∗∗ WAGO: Controller with CODESYS 2.3 Runtime Denial-of-Service ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-006/ ∗∗∗ WAGO: Series 750-3x/-8x prone to MODBUS server DoS ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-005/ ∗∗∗ A vulnerability in containerd affects IBM Robotic Process Automation for Cloud Pak and may result in a denial of service (CVE-2022-23471) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7006699 ∗∗∗ IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability which can allow an attacker to execute arbitrary code ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7006819 ∗∗∗ Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for May 2023 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998727 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily