Daily

daily@lists.cert.at

1 participants
3084 discussions

Tageszusammenfassung - 23.06.2023
by Daily end-of-shift report 23 Jun '23

23 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 22-06-2023 18:00 − Freitag 23-06-2023 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Microsoft: Hackers hijack Linux systems using trojanized OpenSSH version ∗∗∗ --------------------------------------------- Microsoft says Internet-exposed Linux and Internet of Things (IoT) devices are being hijacked in brute-force attacks as part of a recently observed cryptojacking campaign. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-hackers-hijack-lin… ∗∗∗ NSA shares tips on blocking BlackLotus UEFI malware attacks ∗∗∗ --------------------------------------------- The U.S. National Security Agency (NSA) released today guidance on how to defend against BlackLotus UEFI bootkit malware attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/nsa-shares-tips-on-blocking-… ∗∗∗ Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware ∗∗∗ --------------------------------------------- A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID. Cybersecurity firm Deep Instinct is tracking the malware as PindOS, which contains the name in its "User-Agent" string. Both Bumblebee and IcedID serve as loaders, acting as a vector for other malware on compromised hosts, including ransomware. --------------------------------------------- https://thehackernews.com/2023/06/powerful-javascript-dropper-pindos.html ∗∗∗ Security: RepoJacking auf GitHub betrifft auch große Firmen wie Google ∗∗∗ --------------------------------------------- Durch die Übernahme von Repositories hinter umbenannten Organisationen auf GitHub können Angreifer Schadcode verbreiten. --------------------------------------------- https://heise.de/-9195575 ∗∗∗ Fake-Umfrage im Namen der ÖBB im Umlauf! ∗∗∗ --------------------------------------------- Sie gehören zu den „500 glücklichen Kunden“, die von der ÖBB kontaktiert wurden, um an einer Umfrage teilzunehmen? Für das Ausfüllen der Umfrage erhalten Sie 55 Euro? Das klingt zwar verlockend, es handelt sich aber um Betrug. Nachdem Sie die Umfrage ausgefüllt haben, sollen Sie Ihre Kreditkartendaten angeben und eine Zahlung freigeben! Ignorieren Sie diese E-Mail daher. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-fake-umfrage-im-namen-der-o… ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft Teams: Sicherheitslücke lässt Malware von externen Konten durch ∗∗∗ --------------------------------------------- Eine Sicherheitslücke in Microsoft Teams erlaubt es Angreifern, Malware direkt in den internen Posteingang zu senden. --------------------------------------------- https://www.golem.de/news/microsoft-teams-sicherheitsluecke-laesst-malware-… ∗∗∗ Fortinet fixes critical FortiNAC RCE, install updates asap ∗∗∗ --------------------------------------------- Fortinet addressed a critical remote command execution vulnerability, tracked as CVE-2023-33299, affecting FortiNAC solution. FortiNAC is a network access control (NAC) solution designed by Fortinet that is used by organizations to secure and control access to networks by enforcing security policies, monitoring devices, and managing their access privileges. --------------------------------------------- https://securityaffairs.com/147770/security/fortinet-fortinac-critical-flaw… ∗∗∗ Role-based Access Control and Privilege Management in OpenEdge Management (OEM) and in OpenEdge Explorer (OEE) ∗∗∗ --------------------------------------------- Using a local or remote admin service, a logged-in OpenEdge Management (OEM) or OpenEdge Explorer (OEE) user could perform a URL injection attack to change identity or role membership. Only users that are already authorized members of OEM or OEE user roles were able to perform this exploit. [..] We have addressed the issue and updated the product for customers to remediate it. --------------------------------------------- https://community.progress.com/s/article/Role-based-Access-Control-and-Priv… ∗∗∗ Junos OS and Junos OS Evolved: A BGP session will flap upon receipt of a specific, optional transitive attribute (CVE-2023-0026) ∗∗∗ --------------------------------------------- An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. --------------------------------------------- https://supportportal.juniper.net/s/article/2023-06-Out-of-Cycle-Security-B… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (asterisk, lua5.3, and trafficserver), Fedora (tang and trafficserver), Oracle (.NET 7.0, c-ares, firefox, openssl, postgresql, python3, texlive, and thunderbird), Red Hat (python27:2.7 and python39:3.9 and python39-devel:3.9), Scientific Linux (c-ares), Slackware (cups), SUSE (cups, dav1d, google-cloud-sap-agent, java-1_8_0-openjdk, libX11, openssl-1_0_0, openssl-1_1, openssl-3, openvswitch, and python-sqlparse), and Ubuntu (cups, dotnet6, dotnet7, and openssl). --------------------------------------------- https://lwn.net/Articles/936040/ ∗∗∗ High-severity vulnerabilities patched in popular domain name software BIND ∗∗∗ --------------------------------------------- With the recently discovered vulnerabilities remote attackers could launch denial-of-service attacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory released Friday. BIND stands for Berkeley Internet Name Domain. --------------------------------------------- https://therecord.media/bind-9-patches-internet-dns-vulnerabilities ∗∗∗ VMware schließt Schwachstellen in vCenter Server (22. Juni 2023) ∗∗∗ --------------------------------------------- Der Anbieter VMware hat Updates seiner vCenter-Server veröffentlicht, um gravierende (Einstufung als important) Schwachstellen (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895 und CVE-2023-20896) zu schließen. --------------------------------------------- https://www.borncity.com/blog/2023/06/23/vmware-schliet-schwachstellen-in-v… ∗∗∗ Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED] ∗∗∗ --------------------------------------------- Rapid7 has uncovered four issues in Fortra Globalscape EFT, the worst of which can lead to remote code execution. --------------------------------------------- https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-for… ∗∗∗ FortiNAC - argument injection in XML interface on port tcp/5555 ∗∗∗ --------------------------------------------- https://fortiguard.fortinet.com/psirt/FG-IR-23-096 ∗∗∗ FortiNAC - java untrusted object deserialization RCE ∗∗∗ --------------------------------------------- https://fortiguard.fortinet.com/psirt/FG-IR-23-074 ∗∗∗ F5: K000135178 : OpenSSL vulnerability CVE-2023-2650 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000135178 ∗∗∗ CISA Adds Five Known Exploited Vulnerabilities to Catalog ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/23/cisa-adds-five-known-exp… ∗∗∗ Enphase Envoy ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-171-01 ∗∗∗ Enphase Installer Toolkit Android App ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-171-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.06.2023
by Daily end-of-shift report 22 Jun '23

22 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 21-06-2023 18:00 − Donnerstag 22-06-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits ∗∗∗ --------------------------------------------- Mirai is a still-active botnet with new variants. We highlight observed exploitation of IoT vulnerabilities — due to low complexity and high impact. --------------------------------------------- https://unit42.paloaltonetworks.com/mirai-variant-targets-iot-exploits/ ∗∗∗ Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack ∗∗∗ --------------------------------------------- Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed. This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday report. --------------------------------------------- https://thehackernews.com/2023/06/alert-million-of-github-repositories.html ∗∗∗ LibreOffice Arbitrary File Write (CVE-2023-1883) ∗∗∗ --------------------------------------------- While performing a cursory inspection of the LibreOffice Base desktop database, we stumbled across an (arbitrary) file write issue. The fine folks at LibreOffice immediately addressed the vulnerability. --------------------------------------------- https://secfault-security.com/blog/libreoffice.html ∗∗∗ Virenschutz: Avast dreht alten Scannern Signaturnachschub ab ∗∗∗ --------------------------------------------- Avast beendet die Unterstützung älterer Virenscanner. Die Versionen Avast 9, 10 und 11 erhalten ab Sommerende keine Updates mehr, auch keine neuen Signaturen. --------------------------------------------- https://heise.de/-9194464 ∗∗∗ PoC-Exploit für Cisco AnyConnect-Schwachstelle CVE-2023-20178 ermöglicht SYSTEM-Privilegien ∗∗∗ --------------------------------------------- In der Cisco AnyConnect Secure Mobility Client Software gibt es eine Schwachstelle, über die Angreifer sich SYSTEM-Privilegien unter Windows verschaffen können. Nun ist ein Proof of Concept für einen Exploit zum Ausnutzen dieser Schwachstelle (CVE-2023-20178) verfügbar. --------------------------------------------- https://www.borncity.com/blog/2023/06/22/poc-exploit-fr-cisco-anyconnect-sc… ===================== = Vulnerabilities = ===================== ∗∗∗ iOS 16.5.1 & Co: Apple beseitigt Zero-Day-Lücken in allen Systemen ∗∗∗ --------------------------------------------- Die gravierenden Schwachstellen wurden offenbar ausgenutzt, um Überwachungs-Tools auf Apple-Hardware einzuschleusen. Patches gibt es auch für ältere Hardware. --------------------------------------------- https://heise.de/-9194404 ∗∗∗ VMSA-2023-0014 ∗∗∗ --------------------------------------------- The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2023-0014.html ∗∗∗ Critical Flaw Found in WordPress Plugin for WooCommerce Used by 30,000 Websites ∗∗∗ --------------------------------------------- A critical security flaw has been disclosed in the WordPress "Abandoned Cart Lite for WooCommerce" plugin thats installed on more than 30,000 websites. --------------------------------------------- https://thehackernews.com/2023/06/critical-flaw-found-in-wordpress-plugin.h… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (avahi, hsqldb, hsqldb1.8.0, minidlna, trafficserver, and xmltooling), Oracle (.NET 6.0, .NET 7.0, 18, c-ares, firefox, kernel, less, libtiff, libvirt, python, python3.11, texlive, and thunderbird), Red Hat (c-ares, kernel, kernel-rt, kpatch-patch, less, libtiff, libvirt, openssl, and postgresql), Slackware (bind and kernel), SUSE (bluez, curl, geoipupdate, kernel, netty, netty-tcnative, ntp, open-vm-tools, php8, python-reportlab, rustup, Salt, salt, terraform-provider-aws, terraform-provider-null, and webkit2gtk3), and Ubuntu (bind9, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-kvm, linux-oracle, linux-raspi, linux-azure, linux-gcp, linux-ibm, linux-kvm, linux-oracle, and linux-ibm). --------------------------------------------- https://lwn.net/Articles/935872/ ∗∗∗ CISA Adds Six Known Exploited Vulnerabilities to Catalog ∗∗∗ --------------------------------------------- CVE-2023-20887 VMware Aria Operations for Networks Command Injection Vulnerability CVE-2020-35730 Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability CVE-2020-12641 Roundcube Webmail Remote Code Execution Vulnerability CVE-2021-44026 Roundcube Webmail SQL Injection Vulnerability CVE-2016-9079 Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability CVE-2016-0165 Microsoft Win32k Privilege Escalation Vulnerability --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/22/cisa-adds-six-known-expl… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBM App Connect Enterprise, IBM Security Directory Integrator, IBM Security QRadar SIEM, CICS TX, IBM InfoSphere Information Server, IBM MQ, IBM Integration Bus for z/OS, IBM Spectrum Protect, IBM Robotic Process Automation. --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ ZDI-23-891: (0Day) ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-891/ ∗∗∗ Drupal: Album Photos - Critical - Access bypass - SA-CONTRIB-2023-022 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2023-022 ∗∗∗ Drupal: Civic Cookie Control - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-021 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2023-021 ∗∗∗ Cisco Duo Two-Factor Authentication for macOS Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Secure Email Gateway, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ BIND 9: CVE-2023-2828: nameds configured cache size limit can be significantly exceeded ∗∗∗ --------------------------------------------- https://kb.isc.org/docs/cve-2023-2828 ∗∗∗ BIND 9: CVE-2023-2829: Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled ∗∗∗ --------------------------------------------- https://kb.isc.org/docs/cve-2023-2829 ∗∗∗ BIND 9: CVE-2023-2911: Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0 ∗∗∗ --------------------------------------------- https://kb.isc.org/docs/cve-2023-2911 ∗∗∗ F5: K000134942 : Intel CPU vulnerability CVE-2022-33972 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000134942 ∗∗∗ SpiderControl SCADAWebServer ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-03 ∗∗∗ Advantech R-SeeNet ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-02 ∗∗∗ Nextcloud: End-to-End encrypted file-drops can be made inaccessible ∗∗∗ --------------------------------------------- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x… ∗∗∗ Nextcloud: Password reset endpoint is not brute force protected ∗∗∗ --------------------------------------------- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m… ∗∗∗ Nextcloud: Open redirect on "Unsupported browser" warning ∗∗∗ --------------------------------------------- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h… ∗∗∗ Nextcloud: Brute force protection allows to send more requests than intended ∗∗∗ --------------------------------------------- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q… ∗∗∗ Nextcloud: User scoped external storage can be used to gather credentials of other users ∗∗∗ --------------------------------------------- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6… ∗∗∗ Nextcloud: System addressbooks can be modified by malicious trusted server ∗∗∗ --------------------------------------------- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.06.2023
by Daily end-of-shift report 21 Jun '23

21 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Dienstag 20-06-2023 18:00 − Mittwoch 21-06-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitsupdates: Angreifer können Zyxel NAS ins Visier nehmen ∗∗∗ --------------------------------------------- Aktualisierte Firmware-Versionen für verschiedene NAS-Modelle von Zyxel schließen eine kritische Schwachstelle. --------------------------------------------- https://heise.de/-9193271 ∗∗∗ Zielgerichtete Angriffe auf iPhones: Neue Details zu Spyware ∗∗∗ --------------------------------------------- iPhone-Spyware kommt per iMessage und kann laut einer Analyse etwa Dateien manipulieren und den Standort tracken. Möglicherweise zählen auch Macs zu den Zielen. --------------------------------------------- https://heise.de/-9193906 ∗∗∗ VMware Aria: Angriffe auf kritische Sicherheitslücke – Update installieren! ∗∗∗ --------------------------------------------- VMware hat seine Sicherheitsmeldung zu einer kritischen Schwachstelle in der Monitoring-Software Aria Operations aktualisiert. Demnach wird sie angegriffen. --------------------------------------------- https://heise.de/-9193354 ∗∗∗ Hilfe, Kriminelle imitieren meine Telefonnummer für betrügerische Anrufe! ∗∗∗ --------------------------------------------- Dass Kriminelle auch gerne zum Telefon greifen, um Menschen zu betrügen, ist wohl allseits bekannt. Häufig setzen sie dabei allerdings auf „Spoofing“, wodurch bei den Angerufenen nicht die tatsächliche Nummer angezeigt wird, die hinter dem Scam-Anruf steckt. Immer häufiger wenden sich Personen an uns, deren Nummer simuliert und für Spam-Anrufe genutzt wird, weil sie ständig Rückrufe verärgerter Personen erhalten, [...] --------------------------------------------- https://www.watchlist-internet.at/news/hilfe-kriminelle-imitieren-meine-tel… ∗∗∗ Microsoft fixes Azure AD auth flaw enabling account takeover ∗∗∗ --------------------------------------------- Microsoft has addressed an Azure Active Directory (Azure AD) authentication flaw that could allow threat actors to escalate privileges and potentially fully take over the targets account. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-fixes-azure-ad-aut… ∗∗∗ New Condi malware builds DDoS botnet out of TP-Link AX21 routers ∗∗∗ --------------------------------------------- A new DDoS-as-a-Service botnet called "Condi" emerged in May 2023, exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to build an army of bots to conduct attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-condi-malware-builds-ddo… ∗∗∗ Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites ∗∗∗ --------------------------------------------- Two critical-severity authentication bypass vulnerabilities in WordPress plugins with tens of thousands of installations. --------------------------------------------- https://www.securityweek.com/critical-wordpress-plugin-vulnerabilities-impa… ∗∗∗ Enphase Ignores CISA Request to Fix Remotely Exploitable Flaws ∗∗∗ --------------------------------------------- Enphase Energy has ignored CISA requests to fix remotely exploitable vulnerabilities in Enphase products. --------------------------------------------- https://www.securityweek.com/enphase-ignores-cisa-request-to-fix-remotely-e… ∗∗∗ Graphican: Flea Uses New Backdoor in Attacks Targeting Foreign Ministries ∗∗∗ --------------------------------------------- Backdoor leverages Microsoft Graph API for C&C communication. --------------------------------------------- https://symantec-enterprise-blogs.security.com/threat-intelligence/flea-bac… ∗∗∗ Analysis of Ransomware With BAT File Extension Attacking MS-SQL Servers (Mallox) ∗∗∗ --------------------------------------------- AhnLab Security Emergency response Center (ASEC) has recently discovered the Mallox ransomware with the BAT file extension being distributed to poorly managed MS-SQL servers. Extensions of files distributed to poorly managed MS-SQL servers include not only EXE but also BAT, which is a fileless format. The files distributed with the BAT file extension that has been discovered so far are Remcos RAT and Mallox. The distributions include cases that use PowerShell and sqlps. --------------------------------------------- https://asec.ahnlab.com/en/54704/ ∗∗∗ AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice ∗∗∗ --------------------------------------------- While doing research on Microsoft SQL (MSSQL) Server, a GoSecure ethical hacker found an unorthodox design choice that ultimately led to a web application firewall (WAF) bypass. --------------------------------------------- https://www.gosecure.net/blog/2023/06/21/aws-waf-clients-left-vulnerable-to… ∗∗∗ MOVEIt Vulnerability: A Painful Reminder That Threat Actors Aren’t the Only Ones Responsible for a Data Breach ∗∗∗ --------------------------------------------- The MOVEIt data breach continues to impact a number of both private and government groups across the US and Europe by exposing confidential data. With breaches like this becoming increasingly common, it can be easy to blame advanced persistent threat (APT) groups and other malicious actors; however, there is a valuable lesson to learn from the MOVEit breach: it is essential to be proactive about these threats, Not doing so may lead to a breach. I’ve put together this blog post as a reminder that security organizations—and quite frankly, boards and executive leadership—should view internal security threats just as seriously as external ones when it comes time to protecting their organization’s sensitive information. --------------------------------------------- https://www.safebreach.com/moveit-vulnerability-a-painful-reminder-that-thr… ∗∗∗ Gaps in Azure Service Fabric’s Security Call for User Vigilance ∗∗∗ --------------------------------------------- In this blog post, we discuss different configuration scenarios that may lead to security issues with Azure Service Fabric, a distributed platform for deploying, managing, and scaling microservices and container applications. --------------------------------------------- https://www.trendmicro.com/en_us/research/23/f/gaps-in-azure-service-fabric… ∗∗∗ GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking ∗∗∗ --------------------------------------------- Millions of GitHub repositories are potentially vulnerable to RepoJacking. New research by Aqua Nautilus sheds light on the extent of RepoJacking, which if exploited may lead to code execution on organizations’ internal environments or on their customers’ environments. As part of our research, we found an enormous source of data that allowed us to sample a dataset and find some highly popular targets. --------------------------------------------- https://blog.aquasec.com/github-dataset-research-reveals-millions-potential… ===================== = Vulnerabilities = ===================== ∗∗∗ Heap-based buffer over-read in Autodesk® Desktop Licensing Service ∗∗∗ --------------------------------------------- Autodesk® Desktop Licensing Installer has been affected by privilege escalation vulnerabilities. Exploitation of these vulnerabilities could lead to code execution due to weak permissions. --------------------------------------------- https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0011 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libfastjson, libx11, opensc, python-mechanize, and wordpress), SUSE (salt and terraform-provider-helm), and Ubuntu (firefox, libx11, pngcheck, python-werkzeug, ruby3.1, and vlc). --------------------------------------------- https://lwn.net/Articles/935552/ ∗∗∗ K000135122 : Linux kernel vulnerability CVE-2023-0461 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000135122 ∗∗∗ Multiple vulnerabilities in Open JDK affecting Rational Functional Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7005601 ∗∗∗ IBM Storage Protect is vulnerable to a denial of service attack due to Google Gson (CVE-2022-25647) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7005605 ∗∗∗ Multiple vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server January 2023 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7005623 ∗∗∗ Python Cryptographic Authority cryptography is vulnerable to IBM X-Force ID: 239927 used in IBM Maximo Application Suite ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7005639 ∗∗∗ There is a vulnerability in Apache Commons BCEL used by IBM Maximo Asset Management (CVE-2022-42920) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6991671 ∗∗∗ IBM Aspera Faspex 4.4.2 PL3 has addressed multiple vulnerabilities (CVE-2023-27871, CVE-2023-27873, CVE-2023-27874) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6964694 ∗∗∗ Multiple Vulnerabilities in IBM Java SDK affect Cloud Pak System (CVE-2023-21830, 2023-21843) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7005573 ∗∗∗ Vulnerability in Apache Tomcat Server (CVE-2023-28709 ) affects Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7005499 ∗∗∗ IBM Operational Decision Manager June 2023 - Multiple CVEs ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7005851 ∗∗∗ Operations Dashboard is vulnerable to multiple vulnerabilities in Golang ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7005869 ∗∗∗ SnakeYaml is vulnerable to CVE-2022-1471 used by IBM Maximo Application Suite ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7005873 ∗∗∗ A security vulnerability has been identified in FasterXML jackson-databind shipped with IBM Tivoli Netcool Impact (CVE-2021-46877) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7005907 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.06.2023
by Daily end-of-shift report 20 Jun '23

20 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Montag 19-06-2023 18:00 − Dienstag 20-06-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SeroXen Mechanisms: Exploring Distribution, Risks, and Impact ∗∗∗ --------------------------------------------- This is the third installment of a three-part technical analysis of the fully undetectable (FUD) obfuscation engine BatCloak and SeroXen malware. In this entry, we document the techniques used to spread and abuse SeroXen, as well as the security risks, impact, implications of, and insights into highly evasive FUD batch obfuscators. --------------------------------------------- https://www.trendmicro.com/en_us/research/23/f/seroxen-mechanisms-exploring… ∗∗∗ New RDStealer malware steals from drives shared over Remote Desktop ∗∗∗ --------------------------------------------- A cyberespionage and hacking campaign tracked as RedClouds uses the custom RDStealer malware to automatically steal data from drives shared through Remote Desktop connections. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-rdstealer-malware-steals… ∗∗∗ Honeypot Recon: MSSQL Server – Database Threat Overview 22’/23’ ∗∗∗ --------------------------------------------- In this article, well reveal botnet behavior before and after a successful attack. These bots have one job: to install malicious software that can mine digital coins or create backdoors into systems. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-re… ∗∗∗ Wie wir ein Bahnticket buchen wollten und am Ende 245.000 Datensätze hatten ∗∗∗ --------------------------------------------- Um die deutsch-französische Freundschaft zu feiern, haben sich Bundesverkehrsminister Wissing und sein französischer Kollege Beaune etwas Besonderes ausgedacht: Je Land 30.000 kostenlose Interrail-Tickets für Reisen in Deutschland und Frankreich für junge Erwachsene zwischen 18 und 27. Allerdings lief beim Verteilen der Interrail-Pässe einiges schief. --------------------------------------------- https://zerforschung.org/posts/freundschaftspass-de/ ∗∗∗ "iCloud-Speicher ist voll": Phishing-Kampagne zielt auf Apple-Nutzer ∗∗∗ --------------------------------------------- iCloud-Gratisspeicherplatz ist schnell gefüllt, Mails mit Upgrade-Hinweisen sind für viele Nutzer ein vertrauter Anblick. Darauf setzen erneut auch Kriminelle. --------------------------------------------- https://heise.de/-9192454 ∗∗∗ OT:Icefall: Vulnerabilities Identified in Wago Controllers ∗∗∗ --------------------------------------------- Forescout Technologies has disclosed the details of vulnerabilities impacting operational technology (OT) products from Wago and Schneider Electric. --------------------------------------------- https://www.securityweek.com/oticefall-vulnerabilities-identified-in-wago-c… ∗∗∗ Vorsicht vor gefälschten Gymshark-Shops ∗∗∗ --------------------------------------------- Sie suchen nach günstigen Angeboten der Marke Gymshark? Fündig werden Sie bei den Fake-Shops gymsharkwien.com, gym-shark-osterreich.com oder gymsharkosterreichsale.com. Die Shops vermitteln durch den Zusatz „Wien“ oder „Österreich“ in der Internetadresse den Eindruck, dass es sich um österreichische Shops handelt. Tatsächlich sind Sie aber in einem Fake-Shop gelandet. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschten-gymshark-s… ∗∗∗ RecordBreaker Infostealer Disguised as a .NET Installer ∗∗∗ --------------------------------------------- Malware that are being distributed disguised as cracks are evolving. In the past, malware was simply distributed as the executable itself. However, there was a gradual shift towards also including normal files within a compressed file. More recently, there was a sample where a normal installer was downloaded and executed. If the malware is executed in an ordinary user environment, the encrypted malware file is downloaded from the threat actor’s server and executed. --------------------------------------------- https://asec.ahnlab.com/en/54658/ ∗∗∗ Tsunami DDoS Malware Distributed to Linux SSH Servers ∗∗∗ --------------------------------------------- AhnLab Security Emergency response Center (ASEC) has recently discovered an attack campaign that consists of the Tsunami DDoS Bot being installed on inadequately managed Linux SSH servers. Not only did the threat actor install Tsunami, but they also installed various other malware such as ShellBot, XMRig CoinMiner, and Log Cleaner. When looking at the attack cases against poorly managed Linux SSH servers, most of them involve the installation of DDoS bots or CoinMiners. --------------------------------------------- https://asec.ahnlab.com/en/54647/ ===================== = Vulnerabilities = ===================== ∗∗∗ Router-Firmware: Asus rät aufgrund kritischer Lücken dringend zum Update ∗∗∗ --------------------------------------------- Asus hat in der Firmware für mehrere Router-Modelle kritische Schwachstellen geschlossen, die Angreifer potenziell bösartigen Code ausführen lassen. --------------------------------------------- https://www.golem.de/news/router-firmware-asus-raet-aufgrund-kritischer-lue… ∗∗∗ Zyxel security advisory for pre-authentication command injection vulnerability in NAS products ∗∗∗ --------------------------------------------- The pre-authentication command injection vulnerability in some Zyxel NAS devices could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request. After a thorough investigation, we have identified the vulnerable products that are within their vulnerability support period, with their firmware patches shown in the table below. --------------------------------------------- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBM Storage Protect Server, IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect Plus, ICP - IBM Answer Retrieval for Watson Discovery, IBM Watson Speech Services, IBM Robotic Process Automation, IBM dashDB Local, HMC, IBM Operations Analytics Predictive Insights, IBM Cloud Pak for Network Automation, IBM Spectrum Discover, IBM Copy Services Manager, IBM SDK and IBM Maximo. --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libxpm and php7.3), Fedora (chromium), Mageia (kernel, kernel-linus, and sysstat), Red Hat (c-ares), SUSE (libwebp), and Ubuntu (cups-filters, libjettison-java, and libsvgpp-dev). --------------------------------------------- https://lwn.net/Articles/935353/ ∗∗∗ Enphase Envoy ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-171-01 ∗∗∗ Enphase Installer Toolkit Android App ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-23-171-02 ∗∗∗ 2023-06-20: OXAS-ADV-2023-0002 ∗∗∗ --------------------------------------------- https://documentation.open-xchange.com/security/advisories/txt/oxas-adv-202… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.06.2023
by Daily end-of-shift report 19 Jun '23

19 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Freitag 16-06-2023 18:00 − Montag 19-06-2023 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Android spyware camouflaged as VPN, chat apps on Google Play ∗∗∗ --------------------------------------------- Three Android apps on Google Play were used by state-sponsored threat actors to collect intelligence from targeted devices, such as location data and contact lists. --------------------------------------------- https://www.bleepingcomputer.com/news/security/android-spyware-camouflaged-… ∗∗∗ Security Expert Defeats Lenovo Laptop BIOS Password With a Screwdriver ∗∗∗ --------------------------------------------- Cybersecurity experts at CyberCX have demonstrated a simple method for consistently accessing older BIOS-locked laptops by shorting pins on the EEPROM chip with a screwdriver, enabling full access to the BIOS settings and bypassing the password. --------------------------------------------- https://it.slashdot.org/story/23/06/16/2322255/security-expert-defeats-leno… ∗∗∗ From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet ∗∗∗ --------------------------------------------- Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. "The Diicot name is significant, as its also the name of the Romanian organized crime and anti-terrorism policing unit," Cado Security said in a technical report. --------------------------------------------- https://thehackernews.com/2023/06/from-cryptojacking-to-ddos-attacks.html ∗∗∗ New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions ∗∗∗ --------------------------------------------- A new information-stealing malware called Mystic Stealer has been found to steal data from about 40 different web browsers and over 70 web browser extensions. First advertised on April 25, 2023, for $150 per month, the malware also targets cryptocurrency wallets, Steam, and Telegram, and employs extensive mechanisms to resist analysis. --------------------------------------------- https://thehackernews.com/2023/06/new-mystic-stealer-malware-targets-40.html ∗∗∗ [SANS ISC] Malware Delivered Through .inf File ∗∗∗ --------------------------------------------- Today, I published the following diary on isc.sans.edu: “Malware Delivered Through .inf File“: Microsoft has used “.inf” files for a while. They are simple text files and contain setup information in a driver package. They describe what must be performed to install a driver package on a device. When you read them, the syntax is straightforward to understand. The file is based on sections that describe what must be performed. One of them is very interesting for attackers: [RunPreSetupCommandsSection]. --------------------------------------------- https://blog.rootshell.be/2023/06/19/sans-isc-malware-delivered-through-inf… ∗∗∗ The Phantom Menace: Exposing hidden risks through ACLs in Active Directory (Part 1) ∗∗∗ --------------------------------------------- The abuse of misconfigured Access Control Lists is nothing new. However, it is still one of the main ways of lateral movement and privilege escalation within an active directory domain. [..] In this post, we will discuss, in a general overview, some concepts that will help us understand how Windows handles access relationships and privileges between objects and how to enumerate these relationships. --------------------------------------------- https://labs.lares.com/securing-active-directory-via-acls/ ∗∗∗ Speculative Denial-of-Service Attacks in Ethereum ∗∗∗ --------------------------------------------- Block proposers speculatively execute transactions when creating blocks to maximize their profits. How can this go wrong? In “Speculative Denial-of-Service Attacks in Ethereum”, we show how speculative execution allows attackers to cheaply DoS the network. --------------------------------------------- https://medium.com/@aviv.yaish/speculative-denial-of-service-attacks-in-eth… ∗∗∗ Warning: Malware Disguised as a Security Update Installer Being Distributed ∗∗∗ --------------------------------------------- AhnLab, in collaboration with the National Cyber Security Center (NCSC) Joint Analysis and Consultation Council, has recently uncovered the attack of a hacking group that is supported by a certain government. The discovered malware disguised itself as a security update installer and was developed using the Inno Setup software. --------------------------------------------- https://asec.ahnlab.com/en/54375/ ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-23-889: Schneider Electric IGSS DashFiles Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-23-889/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (golang-go.crypto, maradns, requests, sofia-sip, and xmltooling), Fedora (chromium, iaito, iniparser, libX11, matrix-synapse, radare2, and thunderbird), Red Hat (c-ares, jenkins and jenkins-2-plugins, and texlive), SUSE (bluez, chromium, go1.19, go1.20, jetty-minimal, kernel, kubernetes1.18, kubernetes1.23, kubernetes1.24, libX11, open-vm-tools, openvswitch3, opera, syncthing, and xen), and Ubuntu (libcap2, libpod, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux, linux-aws, linux-lowlatency, linux-raspi, linux-oem-5.17, linux-oem-6.1, pypdf2, and qemu). --------------------------------------------- https://lwn.net/Articles/935184/ ∗∗∗ Vulnerability in Apache Commons FileUpload may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2023-24998) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998653 ∗∗∗ Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004699 ∗∗∗ Vulnerability in Eclipse OpenJ9 affects Rational Performance Tester (CVE-2022-3676) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004703 ∗∗∗ Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004701 ∗∗∗ Vulnerability in Eclipse OpenJ9 affects Rational Service Tester (CVE-2022-3676) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004705 ∗∗∗ Vulnerabilities in Golang, Python, postgresql, cURL libcurl might affect IBM Spectrum Copy Data Management ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6995589 ∗∗∗ Vulnerabilities with OpenSSL, Apache HTTP Server, Python affect IBM Cloud Object Storage Systems (June 2023v1) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004661 ∗∗∗ A vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Performance Tester. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004709 ∗∗∗ A vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Service Tester. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004711 ∗∗∗ Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management (CVE-2022-1280, CVE-2023-0386, CVE-2022-4269, CVE-2022-2873, CVE-2022-4378) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6995585 ∗∗∗ Vulnerabilities with Linux Kernel, OpenJDK affect IBM Cloud Object Storage Systems (June 2023) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7002711 ∗∗∗ Vulnerabilities in Golang Go might affect IBM Spectrum Copy Data Management ( CVE-2023-24536, CVE-2023-24537, CVE-2023-24538) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6998399 ∗∗∗ IBM Sterling Control Center is vulnerable to denial of service attack due to Java SE (CVE-2022-21426) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004723 ∗∗∗ IBM Sterling Control Center is vulnerable to denial of service due to Java SE (CVE-2023-21830, CVE-2023-21843) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004721 ∗∗∗ Vulnerabilities in OpenSSL might affect IBM Spectrum Copy Data Management (CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6995593 ∗∗∗ IBM Aspera Shares is vulnerable to cross-site scripting due to JQuery-UI (CVE-2021-41184, CVE-2021-41183, CVE-2021-41182) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004731 ∗∗∗ Vulnerabilities in Oracle Java SE might affect IBM Spectrum Copy Data Management (CVE-2023-21968, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21937, CVE-2023-21930) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6995595 ∗∗∗ IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Kubernetes, curl and systemd ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004197 ∗∗∗ Vulnerabilities in Flask and Pallets Werkzeug may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2023-30861, CVE-2023-25577, CVE-2023-23934) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6999973 ∗∗∗ IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, openssl, gnutls, libarchive and libsepol ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6986323 ∗∗∗ Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7001663 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.06.2023
by Daily end-of-shift report 16 Jun '23

16 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 15-06-2023 18:00 − Freitag 16-06-2023 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Another RAT Delivered Through VBS, (Fri, Jun 16th) ∗∗∗ --------------------------------------------- VBS looks popular these days. After the last Didier's diary, I found another interesting script. It started with an email that referenced a fake due invoice. The invoice icon pointed to a URL. Usually, such URLs display a fake login page asking for credentials. Not this time. --------------------------------------------- https://isc.sans.edu/diary/rss/29956 ∗∗∗ Demystifying Website Hacktools: Types, Threats, and Detection ∗∗∗ --------------------------------------------- When we think about website malware, visible infection symptoms most often come to mind: unwanted ads or pop-ups, redirects to third party sites, or spam keywords in search results. However, in some cases these very symptoms are the results of hacktools, a diverse and often insidious category of software designed to exploit vulnerabilities and compromise website security. --------------------------------------------- https://blog.sucuri.net/2023/06/demystifying-website-hacktools-types-threat… ∗∗∗ ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC ∗∗∗ --------------------------------------------- The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actors capabilities.The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling. --------------------------------------------- https://thehackernews.com/2023/06/chameldoh-new-linux-backdoor-utilizing.ht… ===================== = Vulnerabilities = ===================== ∗∗∗ FortiOS & FortiProxy: authenticated user null pointer dereference in SSL-VPN ∗∗∗ --------------------------------------------- A NULL pointer dereference vulnerability in SSL-VPN may allow an authenticated remote attacker to trigger a crash of the SSL-VPN service via crafted requests. CVE: CVE-2023-33306 --------------------------------------------- https://fortiguard.fortinet.com/psirt/FG-IR-23-015 ∗∗∗ Microsoft ODBC and OLE DB Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable). --------------------------------------------- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349 ∗∗∗ Microsoft OLE DB Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. --------------------------------------------- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, openjdk-17, and wireshark), Fedora (iniparser, mariadb, mingw-glib2, perl-HTML-StripScripts, php, python3.7, and syncthing), Oracle (.NET 6.0, c-ares, kernel, nodejs, and python3.9), Slackware (libX11), SUSE (amazon-ssm-agent and chromium), and Ubuntu (gsasl, libx11, and sssd). --------------------------------------------- https://lwn.net/Articles/934939/ ∗∗∗ Mattermost security updates 7.10.3 / 7.9.5 / 7.8.7 (ESR) released ∗∗∗ --------------------------------------------- We’re informing you about a Mattermost security update, which addresses low- to medium-level severity vulnerabilities. --------------------------------------------- https://mattermost.com/blog/mattermost-security-updates-7-10-3-7-9-5-7-8-7-… ∗∗∗ Weitere kritische Sicherheitslücke in MOVEit Transfer - Workaround und Patches verfügbar ∗∗∗ --------------------------------------------- In MOVEit Transfer wurde eine weitere kritische Sicherheitslücke entdeckt. Auswirkungen Da es sich um eine SQL-Injection - Schwachstelle handelt, ist davon auszugehen dass alle auf betroffenen Systemen hinterlegten Daten gefährdet sind. --------------------------------------------- https://cert.at/de/warnungen/2023/6/weitere-kritische-sicherheitslucke-in-m… ∗∗∗ CISA Releases Fourteen Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- * SUBNET PowerSYSTEM Center * Advantech WebAccessSCADA * Siemens SICAM Q200 Devices * Siemens SIMOTION * Siemens SIMATIC WinCC * Siemens TIA Portal * Siemens SIMATIC WinCC V7 * Siemens SIMATIC STEP 7 and Derived Products * Siemens Solid Edge * Siemens SIMATIC S7-1500 TM MFP BIOS * Siemens SIMATIC S7-1500 TM MFP Linux Kernel * Siemens SINAMICS Medium Voltage Products * Siemens SICAM A8000 Devices * Siemens Teamcenter Visualization and JT2Go --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/15/cisa-releases-fourteen-i… ∗∗∗ Multiple vulnerabilities in Panasonic AiSEG2 ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN19748237/ ∗∗∗ ZDI-23-879: (0Day) Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-879/ ∗∗∗ ZDI-23-878: (0Day) Ashlar-Vellum Cobalt AR File Parsing Uninitialized Memory Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-878/ ∗∗∗ ZDI-23-877: (0Day) Ashlar-Vellum Cobalt IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-877/ ∗∗∗ ZDI-23-876: (0Day) Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-876/ ∗∗∗ ZDI-23-875: (0Day) Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-875/ ∗∗∗ ZDI-23-874: (0Day) Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-874/ ∗∗∗ ZDI-23-873: (0Day) Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-873/ ∗∗∗ ZDI-23-872: (0Day) Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-872/ ∗∗∗ ZDI-23-871: (0Day) Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-871/ ∗∗∗ ZDI-23-870: (0Day) Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-870/ ∗∗∗ ZDI-23-869: (0Day) Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-869/ ∗∗∗ ZDI-23-868: (0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-868/ ∗∗∗ ZDI-23-867: (0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-867/ ∗∗∗ ZDI-23-866: (0Day) Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-866/ ∗∗∗ ZDI-23-865: (0Day) Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-865/ ∗∗∗ ZDI-23-864: (0Day) Ashlar-Vellum Cobalt Out-Of-Bounds Access Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-864/ ∗∗∗ ZDI-23-863: (0Day) Ashlar-Vellum Cobalt Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-863/ ∗∗∗ ZDI-23-862: (0Day) Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-862/ ∗∗∗ ZDI-23-861: (0Day) Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-861/ ∗∗∗ ZDI-23-860: (0Day) Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-860/ ∗∗∗ ZDI-23-859: (0Day) Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-859/ ∗∗∗ CVE-2023-32027 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027 ∗∗∗ CVE-2023-29356 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356 ∗∗∗ CVE-2023-32025 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025 ∗∗∗ CVE-2023-32026 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026 ∗∗∗ Multiple vulnerabilities in Curl affect PowerSC ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004263 ∗∗∗ There is a security vulnerability in AWS SDK for Java used by Maximo Asset Management (CVE-2022-31159) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7002345 ∗∗∗ IBM SPSS Modeler is vulnerabile to SSL private key exposure (CVE-2023-33842) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004299 ∗∗∗ Vulnerability of xmlbeans-2.6.0.jar has affected APM DataPower agent. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004599 ∗∗∗ Vulnerabilities of Apache commons codec (commons-codec-1.6.jar) have affected APM NetApp Storage and APM File Gateway Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004597 ∗∗∗ IBM Cloud Pak for Security includes components with multiple known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004655 ∗∗∗ IBM Cloud Pak for Security includes components with multiple known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004653 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.06.2023
by Daily end-of-shift report 15 Jun '23

15 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 14-06-2023 18:00 − Donnerstag 15-06-2023 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Microsoft: Windows Kernel CVE-2023-32019 fix is disabled by default ∗∗∗ --------------------------------------------- Microsoft has released an optional fix to address a Kernel information disclosure vulnerability affecting systems running multiple Windows versions, including the latest Windows 10, Windows Server, and Windows 11 releases. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-windows-kernel-cve… ∗∗∗ Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway ∗∗∗ --------------------------------------------- A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway (ESG) appliances since October 2022."UNC4841 is an espionage actor behind this wide-ranging campaign in support of the Peoples Republic of China," Google-owned Mandiant said in a new report published today, [...] --------------------------------------------- https://thehackernews.com/2023/06/chinese-unc4841-group-exploits-zero-day.h… ∗∗∗ Hardware Hacking to Bypass BIOS Passwords ∗∗∗ --------------------------------------------- This article serves as a beginner’s hardware hacking journey, performing a BIOS password bypass on Lenovo laptops. We identify what the problem is, how to identify a vulnerable chip, how to bypass a vulnerable chip, and finally, analyse why this attack works and ways that it can be prevented. --------------------------------------------- https://blog.cybercx.co.nz/bypassing-bios-password ∗∗∗ Reverse Engineering Terminator aka Zemana AntiMalware/AntiLogger Driver ∗∗∗ --------------------------------------------- Recently, a threat actor (TA) known as SpyBot posted a tool, on a Russian hacking forum, that can terminate any antivirus/Endpoint Detection & Response (EDR/XDR) software. [..] While I’ve seen a lot of material from the defensive community (they were fast on this one) about the detection mechanism, IOCs, prevention policies and intelligence, I feel some other, perhaps more interesting vulnerable code paths in this driver were not explored nor discussed. --------------------------------------------- https://voidsec.com/reverse-engineering-terminator-aka-zemana-antimalware-a… ∗∗∗ Sicherheitsupdates: Attacken auf Pixel-Smartphones von Google gesichtet ∗∗∗ --------------------------------------------- Google hat etliche Sicherheitslücken in Pixel-Smartphones mit Android 13 geschlossen. Eine Lücke gilt als kritisch. --------------------------------------------- https://heise.de/-9188302 ∗∗∗ Eset schließt Sicherheitslücken in Virenscannern für Linux und Mac ∗∗∗ --------------------------------------------- Aufgrund einer hochriskanten Sicherheitslücke in Esets Virenschutz für Linux und Mac können Angreifer ihre Rechte ausweiten. Updates stehen bereit. --------------------------------------------- https://heise.de/-9188823 ∗∗∗ Kritisches Leck: Codeschmuggel auf mehr als 50 HP Laserjet MFP-Modelle möglich ∗∗∗ --------------------------------------------- HP warnt vor einer kritischen Sicherheitslücke in mehr als 50 HP (Enterprise) Laserjet MFP-Modellen. Angreifer aus dem Netz können Schadcode einschleusen. --------------------------------------------- https://heise.de/-9188162 ∗∗∗ WhatsApp Backups im Visier von Android GravityRAT ∗∗∗ --------------------------------------------- ESET-Forscher analysierten eine aktualisierte Version der Android-Spyware GravityRAT, die WhatsApp-Backup-Dateien stiehlt und Befehle zum Löschen von Dateien empfangen kann. --------------------------------------------- https://www.welivesecurity.com/deutsch/2023/06/15/whatsapp-backups-im-visie… ∗∗∗ Android Malware Impersonates ChatGPT-Themed Applications ∗∗∗ --------------------------------------------- Android malware posing as ChatGPT-themed apps targets mobile users. We report on instances of this attack vector, identifying two distinct types. --------------------------------------------- https://unit42.paloaltonetworks.com/android-malware-poses-as-chatgpt/ ∗∗∗ Unternehmen von LinkedIn-Betrugsfällen betroffen ∗∗∗ --------------------------------------------- Beliebteste Betrugsform sind Kontaktanfragen von einer unbekannten Person mit einem verdächtigen Link in der Nachricht. --------------------------------------------- https://www.zdnet.de/88409942/unternehmen-von-linkedin-betrugsfaellen-betro… ∗∗∗ CISA and NSA Release Joint Guidance on Hardening Baseboard Management Controllers (BMCs) ∗∗∗ --------------------------------------------- Today, CISA, together with the National Security Agency (NSA), released a Cybersecurity Information Sheet (CSI), highlighting threats to Baseboard Management Controller (BMC) implementations and detailing actions organizations can use to harden them. BMCs are trusted components designed into a computers hardware that operate separately from the operating system (OS) and firmware to allow for remote management and control, even when the system is shut down. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/14/cisa-and-nsa-release-joi… ∗∗∗ Gut gemachter Phishing-Versuch mit Malware im Namen Microsofts ∗∗∗ --------------------------------------------- Ein Blog-Leser hat mich auf einen gut gemachten Phishing-Versuch per E-Mail aufmerksam gemacht, der das Thema Multifactor-Authentifizierung (MFA) aufgreift. Dabei wird suggeriert, dass die Mail von Microsoft selbst stammt (es wird eine Sub-Domain von Microsoft benutzt) und die Leute agieren [...] --------------------------------------------- https://www.borncity.com/blog/2023/06/15/gut-gemachter-phishing-versuch-mit… ∗∗∗ Hijacking S3 Buckets: New Attack Technique Exploited in the Wild by Supply Chain Attackers ∗∗∗ --------------------------------------------- Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones. --------------------------------------------- https://checkmarx.com/blog/hijacking-s3-buckets-new-attack-technique-exploi… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-23-858: (0Day) Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-23-858/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (webkit2gtk), Fedora (python-django-filter and qt), Mageia (cups, firefox/nss, httpie, thunderbird, and webkit2), Red Hat (.NET 6.0, .NET 7.0, c-ares, firefox, jenkins and jenkins-2-plugins, nodejs, nodejs:18, python3, python3.11, python3.9, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (frr, opensc, python3, and rekor), and Ubuntu (c-ares, glib2.0, libcap2, linux-intel-iotg-5.15, pano13, and requests). --------------------------------------------- https://lwn.net/Articles/934802/ ∗∗∗ Vulnerabilities in Samba ∗∗∗ --------------------------------------------- The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba, including vulnerabilities related to RC4 encryption. If exploited, some of these vulnerabilities allow an attacker to take control of an affected system. --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-23-05 ∗∗∗ Windows PowerShell PS1 Trojan File RCE ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2023060031 ∗∗∗ Office Hours - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-020 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2023-020 ∗∗∗ CVE-2023-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication (Severity: MEDIUM) ∗∗∗ --------------------------------------------- https://security.paloaltonetworks.com/CVE-2023-0010 ∗∗∗ CVE-2023-0009 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability (Severity: MEDIUM) ∗∗∗ --------------------------------------------- https://security.paloaltonetworks.com/CVE-2023-0009 ∗∗∗ IBM Sterling Partner Engagement Manager is vulnerable to CSS injection due to Swagger UI (CVE-2019-17495) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004151 ∗∗∗ IBM Sterling Partner Engagement Manager vulnerable to buffer overflow due to OpenJDK (CVE-2023-2597) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004153 ∗∗∗ IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote sensitive information exposure due to IBM GSKit (CVE-2023-32342) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004175 ∗∗∗ A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2022-39161] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004183 ∗∗∗ Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase ( CVE-2023-24966, CVE-2022-39161, CVE-2023-27554, CVE-2023-24998) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004187 ∗∗∗ A vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Scale (CVE-2023-24998) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004199 ∗∗∗ IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Kubernetes, curl and systemd ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7004197 ∗∗∗ IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from curl, go and apr-util ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6999605 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.06.2023
by Daily end-of-shift report 14 Jun '23

14 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Dienstag 13-06-2023 18:00 − Mittwoch 14-06-2023 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft: Windows 10 21H2 has reached end of servicing ∗∗∗ --------------------------------------------- Multiple editions of Windows 10 21H2 have reached their end of service (EOS) in this months Patch Tuesday, as Microsoft reminded customers today. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-21h2-h… ∗∗∗ Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits ∗∗∗ --------------------------------------------- At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service.All seven repositories, which are still available as of writing, claim to be a proof-of-concept (PoC) exploit for purported zero-day flaws in Discord, Google Chrome, and Microsoft Exchange Server, --------------------------------------------- https://thehackernews.com/2023/06/fake-researcher-profiles-spread-malware.h… ∗∗∗ Shampoo: A New ChromeLoader Campaign ∗∗∗ --------------------------------------------- Recently HP Wolf Security detected a new malware campaign built around a new malicious ChromeLoader extension called Shampoo. [..] Its goal is to install a malicious extension in Google Chrome that is used for advertising. Older versions of ChromeLoader have a particularly complex infection chain, starting with the victim downloading malicious ISO files from websites hosting illegal content. --------------------------------------------- https://www.bromium.com/shampoo-a-new-chromeloader-campaign/ ∗∗∗ VMware ESXi Zero-Day Used [..] to Perform Privileged Guest Operations on Compromised Hypervisors ∗∗∗ --------------------------------------------- This blog post describes an expanded understanding of the attack path seen in Figure 1 and highlights the implications of both the zero-day vulnerability (CVE-2023-20867) and VMCI communication sockets the attacker leveraged to complete their goal. [Note: Patch verfügbar, siehe VMSA-2023-0013: "VMware Tools update addresses Authentication Bypass vulnerability"] --------------------------------------------- https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass ∗∗∗ Pre-announcement of BIND 9 security issues scheduled for disclosure 21 June 2023 ∗∗∗ --------------------------------------------- As part of our policy of pre-notification of upcoming security releases, we are writing to inform you that the June 2023 BIND 9 maintenance releases that will be published on Wednesday, 21 June will contain patches for security vulnerabilities affecting stable BIND 9 release branches. --------------------------------------------- https://lists.isc.org/pipermail/bind-announce/2023-June/001234.html ∗∗∗ Booking.com-Betrug: Unterkünfte stornieren Buchungen und verlangen externe Zahlungen! ∗∗∗ --------------------------------------------- Auf booking.com scheinen Kriminelle eine neue Betrugsmethode für sich entdeckt zu haben. Sie bieten eine Unterkunft mit Zahlung vor Ort und kostenloser Stornierung an. Bucht jemand die Unterkunft, wird diese kurz darauf storniert. Außerhalb der booking.com-Kommunikationskanäle verspricht man nach „Verifikation des Zahlungsmittels“ einen neuerlichen Buchungsabschluss. --------------------------------------------- https://www.watchlist-internet.at/news/bookingcom-betrug-unterkuenfte-storn… ∗∗∗ U.S. and International Partners Release Comprehensive Cyber Advisory on LockBit Ransomware ∗∗∗ --------------------------------------------- This joint advisory is a comprehensive resource with common tools; exploitations; and tactics, techniques, and procedures (TTPs) used by LockBit affiliates, along with recommended mitigations for organizations to reduce the likelihood and impact of future ransomware incidents. --------------------------------------------- https://www.cisa.gov/news-events/news/us-and-international-partners-release… ===================== = Vulnerabilities = ===================== ∗∗∗ WordPress Stripe payment plugin bug leaks customer order details ∗∗∗ --------------------------------------------- The WooCommerce Stripe Gateway plugin for WordPress was found to be vulnerable to a bug that allows any unauthenticated user to view order details placed through the plugin. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-stripe-payment-plu… ∗∗∗ Webbrowser: Neue Chrome-Version schließt kritische Schwachstelle ∗∗∗ --------------------------------------------- Im Webbrowser Chrome von Google klafft eine kritische Sicherheitslücke. Updates zum Schließen stehen bereit. Chrome-Nutzer sollten sie zügig installieren. --------------------------------------------- https://heise.de/-9186834 ∗∗∗ Webkonferenz-Software: Mehrere hochriskante Lücken in Zoom gestopft ∗∗∗ --------------------------------------------- Die Entwickler der Webkonferenz-Software Zoom haben zwölf Sicherheitsmeldungen veröffentlicht. Zum Abdichten der Schwachstellen liefern sie Aktualisierungen. --------------------------------------------- https://heise.de/-9186898 ∗∗∗ WordPress-Shops mit WooCommerce-Plug-in: Angreifer könnten Kundendaten einsehen ∗∗∗ --------------------------------------------- Aufgrund einer Schwachstelle sind persönliche Kundendaten in WordPress-Shopwebsites nicht optimal geschützt. Admins sollten zügig handeln. --------------------------------------------- https://heise.de/-9187447 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ffmpeg, owslib, php7.4, and php8.2), Fedora (ntp-refclock, php, and python3.7), Red Hat (c-ares, firefox, and thunderbird), SUSE (kernel, openldap2, and tomcat), and Ubuntu (binutils, dotnet6, dotnet7, node-fetch, and python-tornado). --------------------------------------------- https://lwn.net/Articles/934619/ ∗∗∗ SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates ∗∗∗ --------------------------------------------- SAP has released eight new security notes on June 2023 Security Patch Day, including two that address high-severity vulnerabilities.The post SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates appeared first on SecurityWeek. --------------------------------------------- https://www.securityweek.com/sap-patches-high-severity-vulnerabilities-with… ∗∗∗ ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities ∗∗∗ --------------------------------------------- ICS Patch Tuesday: Siemens and Schneider Electric have published more than a dozen advisories addressing over 200 vulnerabilities.The post ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities appeared first on SecurityWeek. --------------------------------------------- https://www.securityweek.com/ics-patch-tuesday-siemens-addresses-over-180-t… ∗∗∗ Windows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490 ∗∗∗ --------------------------------------------- CTX559370 NewWindows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490Applicable Products : Citrix Virtual Apps and Desktops --------------------------------------------- https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-deli… ∗∗∗ Fortinet Releases June 2023 Vulnerability Advisories ∗∗∗ --------------------------------------------- Fortinet has released its June 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the Fortinet June 2023 Vulnerability Advisories page for more information and apply the necessary updates. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/13/fortinet-releases-june-2… ∗∗∗ Adobe Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.Experience Manager APSB23-31Commerce APSB23-35Animate APSB23-36Substance 3D Designer APSB23-39 --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/13/adobe-releases-security-… ∗∗∗ Tuesday June 20 2023 Security Releases ∗∗∗ --------------------------------------------- The Node.js project will release new versions of the 16.x, 18.x and 20.x releases lines on or shortly after, Tuesday June 20 2023 in order to address: 7 medium severity issues, 3 high severity issues, OpenSSL security updates, c-ares 22th May security updates --------------------------------------------- https://nodejs.org/en/blog/vulnerability/june-2023-security-releases ∗∗∗ Microsoft Releases June 2023 Security Updates ∗∗∗ --------------------------------------------- Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review Microsoft’s June 2023 Security Update Guide and Deployment Information and apply the necessary updates. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/13/microsoft-releases-june-… ∗∗∗ IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6999317 ∗∗∗ IBM Security Guardium is affected by multiple Oracle\u00ae MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6981105 ∗∗∗ IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6981101 ∗∗∗ IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7000021 ∗∗∗ IBM Security Guardium is affected by FasterXML jackson-databind vulnerabilities (CVE-2020-25649, X-Force ID 217968) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6573001 ∗∗∗ IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTTP request smuggling in Apache Tomcat (CVE-2022-42252). ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003581 ∗∗∗ IBM Cloud Pak for Security includes components with multiple known vulnerabilities (CVE-2023-0286, CVE-2023-23931) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003815 ∗∗∗ A vulnerability in Certifi package may affect IBM Storage Scale (CVE-2022-23491) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003817 ∗∗∗ IBM App Connect for Healthcare is affected by multiple Apache vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6999671 ∗∗∗ Apache Commons FileUpload vulnerability affects IBM Financial Transaction Manager (CVE-2023-24998) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003827 ∗∗∗ TADDM is vulnerable to a denial of service due to vulnerability in Castor Library ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003861 ∗∗∗ Multiple Vulnerabilities of Apache HttpClient have affected APM Linux KVM Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003887 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.06.2023
by Daily end-of-shift report 13 Jun '23

13 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Montag 12-06-2023 18:00 − Dienstag 13-06-2023 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away ∗∗∗ --------------------------------------------- Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs. --------------------------------------------- https://arstechnica.com/?p=1947319 ∗∗∗ Passwort-Manager Bitwarden: Master-Schlüssel war für alle lesbar ∗∗∗ --------------------------------------------- Der Passwort-Manager Bitwarden unterstützt die Authentifizierung mit Windows Hello. Bis vor Kurzem war darüber der Master-Schlüssel für alle auslesbar. --------------------------------------------- https://heise.de/-9184586 ∗∗∗ BSI veröffentlicht Version 1.0.1 des TLS-Testtools TaSK ∗∗∗ --------------------------------------------- Nach der Veröffentlichung einer Beta-Version im Januar hat das BSI in der neuen Version weitere Funktionalitäten eingefügt. Die Version ist funktionsfähig für TLS-Server, TLS-Clients sowie für weitere Fachanwendungen wie beispielsweise eID-Clients, eID-Server oder auch E-Mail-Server. --------------------------------------------- https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldunge… ∗∗∗ Vorsicht vor zu günstigen „La Sportiva“-Produkten ∗∗∗ --------------------------------------------- Der Berg und die Fake-Angebote im Internet rufen. Aktuell werden uns vermehrt Fake-Shops der Outdoor-Marke „La Sportiva“ gemeldet. Aufmerksam auf die Schnäppchen werden Kund:innen vor allem durch Werbung auf Facebook, Instagram und Co. Ist der Preis zu schön, um wahr zu sein, handelt es sich um Fake. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-zu-guenstigen-la-sporti… ∗∗∗ Inside Win32k Exploitation: Background on Implementations of Win32k and Exploitation Methodologies ∗∗∗ --------------------------------------------- This is part one of a series that will cover Win32k internals and exploitation in general using these two vulnerabilities (CVE-2022-21882, CVE-2021-1732) and their related proof-of-concept (PoC) exploits as examples. --------------------------------------------- https://unit42.paloaltonetworks.com/win32k-analysis-part-1/ ∗∗∗ Are smartphone thermal cameras sensitive enough to uncover PIN codes? ∗∗∗ --------------------------------------------- I started out thinking that these cameras were gimmicks, but theyve become an important tool in the toolbox. Heres why - and a little test. --------------------------------------------- https://www.zdnet.com/home-and-office/are-smartphone-thermal-cameras-sensit… ===================== = Vulnerabilities = ===================== ∗∗∗ Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571) ∗∗∗ --------------------------------------------- Product Name: System.Linq.Dynamic.Core Affected versions 1.0.7.10 to 1.2.25 CVE: CVE-2023-32571 CVSSv3.1 base score 9.1 Users can execute arbitrary code and commands where user input is passed to Dynmic Linq methods such as .Where(...), .All(...), .Any(...) and .OrderBy(...). --------------------------------------------- https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code… ∗∗∗ TYPO3 Security Advisories ∗∗∗ --------------------------------------------- several vulnerabilities have been found in the following third party TYPO3 extensions: "Faceted Search" (ke_search) "ipandlanguageredirect" (ipandlanguageredirect) "Canto Extension" (canto_extension) For further information on the issues, please read the related advisories TYPO3-EXT-SA-2023-004, TYPO3-EXT-SA-2023-005 and TYPO3-EXT-SA-2023-006 --------------------------------------------- https://typo3.org/help/security-advisories ∗∗∗ New Siemens Security Advisories ∗∗∗ --------------------------------------------- TIA Portal, SIMOTION, SIMATIC WinCC, Teamcenter Visualization and JT2Go, CPCI85 Firmware of SICAM A8000 Devices, SIMATIC S7-1500 TM MFP V1.0, SICAM Q200 Devices, SIMATIC WinCC V7, Integrated SCALANCE S615 of SINAMICS Medium Voltage Products, in SIMATIC STEP 7 V5.x and Derived Products, Solid Edge --------------------------------------------- https://new.siemens.com/global/en/products/services/cert.html#SecurityPubli… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (vim), Fedora (kernel), Oracle (emacs, firefox, python3, and qemu), SUSE (firefox, java-1_8_0-ibm, and libwebp), and Ubuntu (firefox, glusterfs, and sniproxy). --------------------------------------------- https://lwn.net/Articles/934492/ ∗∗∗ Synology-SA-23:08 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to obtain user credential via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_23_08 ∗∗∗ Synology-SA-23:07 DSM ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to obtain user credential via a susceptible version of Synology DiskStation Manager (DSM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_23_07 ∗∗∗ Synology-SA-23:06 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to read arbitrary files via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_23_06 ∗∗∗ Synology-SA-23:05 DSM ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to read arbitrary files via a susceptible version of Synology DiskStation Manager (DSM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_23_05 ∗∗∗ ShareFile StorageZones Controller Security Update for CVE-2023-24489 ∗∗∗ --------------------------------------------- A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24. [..] All customer-managed ShareFile storage zones controllers versions prior to the latest version 5.11.24 have been blocked to protect our customers. Customers will be able to reinstate the storage zones controller once the update to 5.11.24 is applied. --------------------------------------------- https://support.citrix.com/article/CTX559517/sharefile-storagezones-control… ∗∗∗ Kritische Sicherheitslücke in Fortinet FortiOS und FortiProxy SSL-VPN Produkten - aktiv ausgenutzt, Updates verfügbar ∗∗∗ --------------------------------------------- 13. Juni 2023 Beschreibung Fortinet hat eine Warnung herausgegeben, dass in den SSL-VPN - Komponenten der Produkte FortiOS und FortiProxy eine kritische Sicherheitslücke besteht, die auch bereits aktiv ausgenutzt wird, und stellt erste entsprechende Updates bereit. CVE-Nummer(n): CVE-2023-27997 CVSSv3 Score: 9.2 Auswirkungen Unauthentisierte Angreifer:innen können durch Ausnutzen der Lücke beliebigen Code auf betroffenen Geräten ausführen. Da diese Geräte --------------------------------------------- https://cert.at/de/warnungen/2023/6/kritische-sicherheitslucke-in-fortinet-… ∗∗∗ CISA Releases Four Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- - ICSA-23-164-01 Datalogics Library Third-Party - ICSA-23-164-02 Rockwell Automation FactoryTalk Services Platform - ICSA-23-164-03 Rockwell Automation FactoryTalk Edge Gateway - ICSA-23-164-04 Rockwell Automation FactoryTalk Transaction Manager --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/06/13/cisa-releases-four-indus… ∗∗∗ Chatwork Desktop Application (Mac) vulnerable to code injection ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN96828492/ ∗∗∗ PHOENIX CONTACT: FL MGUARD affected by two vulnerabilities ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-010/ ∗∗∗ 2023-06-12: Cyber Security Advisory - ABB Relion REX640 Cyber Security Improvements ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423&Language… ∗∗∗ VMSA-2023-0013 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2023-0013.html ∗∗∗ System Management Module (SMM) v1 and v2 / Fan Power Controller (FPC) Vulnerabilities ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500565-SYSTEM-MANAGEMENT-MODUL… ∗∗∗ Lenovo XClarity Administrator (LXCA) Vulnerabilities ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500564-LENOVO-XCLARITY-ADMINIS… ∗∗∗ IBM Content Navigator is vulnerable to DoS due to Apache Commons FileUpload (CVE-2023-24998) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7002807 ∗∗∗ Multiple vulnerabilities in IBM Semeru Runtime affect z\/Transaction Processing Facility ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003337 ∗∗∗ Vulnerability of Apache Thrift (libthrift-0.12.0.jar ) have affected APM WebSphere Application Server Agent and APM SAP NetWeaver Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003479 ∗∗∗ Vulnerability of Google Gson (gson-2.8.2.jar ) have affected APM WebSphere Application Server Agent and APM SAP NetWeaver Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003477 ∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2023-26283) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003495 ∗∗∗ Multiple Vulnerabilities of Jackson-Mapper-asl have affected APM Linux KVM Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003497 ∗∗∗ IBM Workload Scheduler is potentially affected by multiple vulnerabilities in OpenSSL (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003501 ∗∗∗ IBM Workload Scheduler is potentially affected by a vulnerability in OpenSSL causing system crash (CVE-2022-4450) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003511 ∗∗∗ IBM Workload Scheduler potentially affected by a vulnerability in SnakeYaml (CVE-2022-1471) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003513 ∗∗∗ OpenPages with Watson has addressed Node.js vulnerability (CVE-2022-32213) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003313 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.06.2023
by Daily end-of-shift report 12 Jun '23

12 Jun '23

===================== = End-of-Day report = ===================== Timeframe: Freitag 09-06-2023 18:00 − Montag 12-06-2023 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fortinet: SSL-VPN-Lücke ermöglicht Codeschmuggel ∗∗∗ --------------------------------------------- Fortinet hat Updates für das FortiOS-Betriebssystem veröffentlicht. Sie schließen eine Sicherheitslücke im SSL-VPN, die das Einschleusen von Schadcode erlaubt. --------------------------------------------- https://heise.de/-9184284 ∗∗∗ Passwort-Manager Bitwarden: Biometrischer Schlüssel war für alle lesbar ∗∗∗ --------------------------------------------- Der Passwort-Manager Bitwarden unterstützt die Authentifizierung mit Windows Hello. Bis vor kurzem war der biometrische Schlüssel in Windows für alle auslesbar. --------------------------------------------- https://heise.de/-9184586 ∗∗∗ New MOVEit Vulnerabilities Found as More Zero-Day Attack Victims Come Forward ∗∗∗ --------------------------------------------- Researchers discover new MOVEit vulnerabilities related to the zero-day, just as more organizations hit by the attack are coming forward. --------------------------------------------- https://www.securityweek.com/new-moveit-vulnerabilities-found-as-more-zero-… ∗∗∗ Exploit released for MOVEit RCE bug used in data theft attacks ∗∗∗ --------------------------------------------- Horizon3 security researchers have released proof-of-concept (PoC) exploit code for a remote code execution (RCE) bug in the MOVEit Transfer managed file transfer (MFT) solution abused by the Clop ransomware gang in data theft attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/exploit-released-for-moveit-… ∗∗∗ Strava heatmap feature can be abused to find home addresses ∗∗∗ --------------------------------------------- Researchers at the North Carolina State University Raleigh have discovered a privacy risk in the Strava apps heatmap feature that could lead to identifying users home addresses. --------------------------------------------- https://www.bleepingcomputer.com/news/security/strava-heatmap-feature-can-b… ∗∗∗ Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency ∗∗∗ --------------------------------------------- Kaspersky researchers share insight into multistage DoubleFinger loader attack delivering GreetingGhoul cryptocurrency stealer and Remcos RAT. --------------------------------------------- https://securelist.com/doublefinger-loader-delivering-greetingghoul-cryptoc… ∗∗∗ Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer ∗∗∗ --------------------------------------------- Security researchers have warned about an "easily exploitable" flaw in the Microsoft Visual Studio installer that could be abused by a malicious actor to impersonate a legitimate publisher and distribute malicious extensions."A threat actor could impersonate a popular publisher and issue a malicious extension to compromise a targeted system," Varonis researcher Dolev Taler said. --------------------------------------------- https://thehackernews.com/2023/06/researchers-uncover-publisher-spoofing.ht… ∗∗∗ Bypassing Android Biometric Authentication ∗∗∗ --------------------------------------------- Cryptography and authentication issues are not only present in apps with a low number of downloads, but also in very popular apps. Furthermore, this affects also apps that aim to provide a high level of data protection, since they handle sensitive data that should be kept safe. [..] However, it is important to stress that to be able to perform a bypass, an attacker needs root permissions on the device of the victim or is able to talk the victim into installing a modified version of an app [..] --------------------------------------------- https://sec-consult.com/blog/detail/bypassing-android-biometric-authenticat… ∗∗∗ Circumventing inotify Watchdogs ∗∗∗ --------------------------------------------- Recently I’ve been building rudimentary file monitoring tools to get better at Golang, and build faux-watchdog programs for research at Arch Cloud Labs. Through this experimentation, I’ve identified some interesting gaps in the inotify subsystem that are new to me, but are well documented in the Linux man pages. This blog post will explore how to circumvent read detections implemented by inotify. --------------------------------------------- https://www.archcloudlabs.com/projects/inotify/ ∗∗∗ Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures ∗∗∗ --------------------------------------------- We are the first to provide an in-depth analysis of Office Open XML (OOXML) Signatures, the Ecma/ISO standard that all Microsoft Office applications use. Our analysis reveals major discrepancies between the structure of office documents and the way digital signatures are verified. These discrepancies lead to serious security flaws in the specification and in the implementation. As a result, we discovered five new attack classes. --------------------------------------------- https://www.usenix.org/system/files/sec23summer_235-rohlmann-prepub.pdf ∗∗∗ Defeating Windows DEP With A Custom ROP Chain ∗∗∗ --------------------------------------------- This article explains how to write a custom ROP (Return Oriented Programming) chain to bypass Data Execution Prevention (DEP) on a Windows 10 system. DEP makes certain parts of memory (e.g., the stack) used by an application non-executable. This means that overwriting EIP with a “JMP ESP” (or similar) instruction and then freely executing [...] --------------------------------------------- https://research.nccgroup.com/2023/06/12/defeating-windows-dep-with-a-custo… ∗∗∗ Instagram: Vorsicht vor gefälschter „Meta“-Nachricht ∗∗∗ --------------------------------------------- Ein Fake-Profil von Meta schreibt Ihnen auf Instagram. Angeblich haben Sie gegen das Urheberrecht verstoßen. Sie werden aufgefordert, ein Widerrufsformular auszufüllen, sonst wird das Konto gesperrt. Der Link zum Formular befindet sich gleich in der Nachricht. Vorsicht: Diese Nachricht ist Fake. Kriminelle stehlen Ihre Zugangsdaten und erpressen Sie im Anschluss. --------------------------------------------- https://www.watchlist-internet.at/news/instagram-vorsicht-vor-gefaelschter-… ∗∗∗ Varonis warnt vor nicht mehr genutzten Salesforce-Sites ∗∗∗ --------------------------------------------- Sicherheitsforscher von Varonis sind auf ein Problem in Verbindung mit Salesforce-Sites gestoßen, die verwaist sind und nicht mehr genutzt werden. Die Sicherheitsforscher der Varonis Threat Labs haben entdeckt, dass unsachgemäß deaktivierte Salesforce-Sites, sogenannte Ghost Sites, weiterhin aktuelle Daten abrufen und für Angreifer zugänglich sind: Durch Manipulation des Host-Headers können Cyberkriminelle Zugang zu sensiblen personenbezogenen Daten und Geschäftsinformationen erhalten. --------------------------------------------- https://www.borncity.com/blog/2023/06/10/varonis-warnt-vor-nicht-mehr-genut… ∗∗∗ OAuth2 Security Best Current Practices ∗∗∗ --------------------------------------------- Die IETF hat zum 6. Juni 2023 ein Dokument "OAuth2 Security Best Current Practices" aktualisiert. Das Dokument beschreibt die derzeit beste Sicherheitspraxis für OAuth 2.0. Es aktualisiert und erweitert das OAuth 2.0-Sicherheitsbedrohungsmodell. --------------------------------------------- https://www.borncity.com/blog/2023/06/11/oauth2-security-best-current-pract… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (pypdf2 and thunderbird), Fedora (chromium, dbus, mariadb, matrix-synapse, sympa, and thunderbird), Scientific Linux (python and python3), SUSE (chromium, gdb, and openldap2), and Ubuntu (jupyter-core, requests, sssd, and vim). --------------------------------------------- https://lwn.net/Articles/934456/ ∗∗∗ WordPress Theme Workreap 2.2.2 Unauthenticated Upload Leading to Remote Code Execution ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2023060012 ∗∗∗ ASUS Router RT-AX3000 vulnerable to using sensitive cookies without Secure attribute ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN34232595/ ∗∗∗ Security Vulnerabilities fixed in Thunderbird 102.12 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2023-21/ ∗∗∗ This Power System update is being released to address CVE-2023-25683 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7002721 ∗∗∗ IBM Content Navigator is vulnerable to DoS due to Apache Commons FileUpload (CVE-2023-24998) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7002807 ∗∗∗ IBMid credentials may be exposed when directly downloading code onto IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Spectrum Virtualize products [CVE-2023-27870] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6985697 ∗∗∗ Vulnerability in requests-2.27.1.tar.gz affects IBM Integrated Analytics System [CVE-2023-32681] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003185 ∗∗∗ Vulnerability in bottle-0.12.16 affects IBM Integrated Analytics System [CVE-2020-28473] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003195 ∗∗∗ Vulnerability in bottle-0.12.16 affects IBM Integrated Analytics System [CVE-2022-31799] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003201 ∗∗∗ Vulnerability in certifi-2018.4.16 affects IBM Integrated Analytics System [ CVE-2022-23491] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003205 ∗∗∗ IBM Cloud Kubernetes Service is affected by two containerd security vulnerabilities (CVE-2023-28642) (CVE-2023-27561) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7001317 ∗∗∗ Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7000903 ∗∗∗ IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to GraphQL Java (CVE-2023-28867) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003247 ∗∗∗ IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service due to GraphQL Java (CVE-2023-28867) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003245 ∗∗∗ IBM App Connect Enterprise Certified Container operands that use the Snowflake connector are vulnerable to arbitrary code execution due to [CVE-2023-34232] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003259 ∗∗∗ IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to arbitrary code execution due to PostgreSQL (CVE-2023-2454) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7003279 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily