=====================
= End-of-Day report =
=====================
Timeframe: Freitag 25-08-2023 18:00 − Montag 28-08-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Update korrigiert Verschlüsselung von Qnap-Betriebssystemen ∗∗∗
---------------------------------------------
Qnap hat aktualisierte Versionen der QTS- und QuTS hero-Betriebssysteme veröffentlicht. Sie korrigieren unter anderem zu schwache Verschlüsselung.
---------------------------------------------
https://heise.de/-9286394
∗∗∗ Stalker-Malware: Whiffy Recon schnüffelt Standort alle 60 Sekunden aus ∗∗∗
---------------------------------------------
Eine Malware namens Whiffy Recon überprüft alle 60 Sekunden den Standort des infizierten Geräts. Es bleibt unklar, wozu.
---------------------------------------------
https://heise.de/-9286754
∗∗∗ Auch Antivirensoftware: Winrar-Schwachstelle betrifft womöglich weitere Programme ∗∗∗
---------------------------------------------
Nachtrag vom 28. August 2023, 17:28 Uhr: Herr Marx wies die Redaktion im Nachhinein darauf hin, dass eine mögliche Ausnutzung von CVE-2023-40477 für die einzelnen Anwendungen individuell beurteilt werden muss. Nicht jedes Programm, das die gefährdete DLL verwendet, macht automatisch Gebrauch von dem problematischen Code.
---------------------------------------------
https://www.golem.de/news/auch-antivirensoftware-winrar-schwachstelle-betri…
∗∗∗ Duolingo: Leck mit 2,6 Millionen Nutzerdatensätze, Prüfung auf Have I been Pwned möglich ∗∗∗
---------------------------------------------
Bei der Sprachlern-App Duolingo bzw. bei deren Anbieter ermöglichten Schwachstellen Benutzerdaten abzuziehen. Jetzt hat Troy Hunt einen Datensatz mit den Informationen zu 2,6 Millionen Duolingo Nutzern in seine Plattform Have I been Pwned integriert.
---------------------------------------------
https://www.borncity.com/blog/2023/08/24/duolingo-leck-mit-26-millionen-nut…
∗∗∗ Antworten von Microsoft zum Hack der Microsoft Azure-Cloud durch Storm-0588 – Teil 1 ∗∗∗
---------------------------------------------
Ich hatte nach dem Hack der Microsoft Azure Cloud-Infrastruktur durch die mutmaßlich chinesische Gruppe Storm-0588 bei Microsoft Irland konkret nachgefragt, ob persönliche Daten eines meiner Microsoft Konten betroffen seien. Und ich hatte an den Bundesdatenschutzbeauftragten (BfDI), Ulrich Kelber, [...]
---------------------------------------------
https://www.borncity.com/blog/2023/08/26/antworten-von-microsoft-zum-hack-d…
∗∗∗ Antworten des Bundesdatenschutzbeauftragten, Ulrich Kelber, zum Hack der Microsoft Azure-Cloud durch Storm-0588 – Teil 2 ∗∗∗
---------------------------------------------
In Teil 1 dieser Artikelreihe hatte die die Antworten Microsofts auf meine konkreten Fragen zum Hack der Microsoft Azure Cloud-Infrastruktur durch die mutmaßlich chinesische Gruppe Storm-0588 wiedergegeben. Ich hatte aber auch einige Fragen an die Presseabteilung des Bundesdatenschutzbeauftragten (BfDI) [...]
---------------------------------------------
https://www.borncity.com/blog/2023/08/26/antworten-des-bundesdatenschutzbea…
∗∗∗ PoC for no-auth RCE on Juniper firewalls released ∗∗∗
---------------------------------------------
Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit.
---------------------------------------------
https://www.helpnetsecurity.com/2023/08/28/poc-rce-juniper-firewalls/
∗∗∗ Beware the Azure Guest User: How to Detect When a Guest User Account Is Being Exploited ∗∗∗
---------------------------------------------
In Azure environments, guest users are the go-to option when giving access to a user from a different tenant. Often, little effort is invested in keeping guest users safe. However, this could prove to be a costly mistake. It’s actually very important to monitor the third-party applications and identities that have access to your environment, [...]
---------------------------------------------
https://orca.security/resources/blog/detect-guest-user-account-exploited/
∗∗∗ Reply URL Flaw Allowed Unauthorized MS Power Platform API Access ∗∗∗
---------------------------------------------
Cybersecurity experts from Secureworks have revealed a critical vulnerability within Microsoft’s Power Platform, now known as Entra ID. The vulnerability, discovered early this year, involved an abandoned reply URL within the Azure Active Directory (AD) environment, granting unauthorized access to elevated permissions and control within an organization.
---------------------------------------------
https://www.hackread.com/reply-url-flaw-ms-power-platform-api-access/
∗∗∗ KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities ∗∗∗
---------------------------------------------
An updated version of a botnet malware called KmsdBot is now targeting Internet of Things (IoT) devices, simultaneously branching out its capabilities and the attack surface. "The binary now includes support for Telnet scanning and support for more CPU architectures," Akamai security researcher Larry W. Cashdollar said in an analysis published this month.
---------------------------------------------
https://thehackernews.com/2023/08/kmsdbot-malware-gets-upgrade-now.html
=====================
= Vulnerabilities =
=====================
∗∗∗ D-Link DAP-2622: Various Security Vulnerabilities Reported ∗∗∗
---------------------------------------------
Affected Models: DAP-2622
Hardware Revision: All A Series Hardware Revisions
Region: Non-US/CA
Affected FW: v1.00 & Below
Fixed FW: v1.10B03R022 Beta-Hotfix
---------------------------------------------
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name…
∗∗∗ Busybox cpio directory traversal vulnerability (CVE-2023-39810) ∗∗∗
---------------------------------------------
When extracting cpio archives with BusyBox cpio, the cpio archiving tools may write files outside the destination directory and there is no option to prevent this.
---------------------------------------------
https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerabi…
∗∗∗ Sicherheitsupdates: Drupal-Plug-ins mit Schadcode-Lücken ∗∗∗
---------------------------------------------
Wenn bestimmte Plug-ins zum Einsatz kommen, sind mit dem CMS Drupal erstellte Websites attackierbar.
---------------------------------------------
https://heise.de/-9286388
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, clamav, librsvg, rar, and unrar-nonfree), Fedora (caddy, chromium, and xen), and SUSE (ca-certificates-mozilla, gawk, ghostscript, java-1_8_0-ibm, java-1_8_0-openjdk, php7, qemu, and xen).
---------------------------------------------
https://lwn.net/Articles/942922/
∗∗∗ Sicherheitsschwachstellen im tef-Händlerportal (SYSS-2023-020/-021) ∗∗∗
---------------------------------------------
Im tef-Händlerportal kann über eine Persistent Cross-Site Scripting-Schwachstelle beliebiger Code im Kontext des Benutzers ausgeführt werden.
---------------------------------------------
https://www.syss.de/pentest-blog/sicherheitsschwachstellen-im-tef-haendlerp…
∗∗∗ VU#757109: Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account ∗∗∗
---------------------------------------------
https://kb.cert.org/vuls/id/757109
∗∗∗ Vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028975
∗∗∗ IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to arbitrary code execution due to an unsafe deserialization flaw (CVE-2022-40609). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7029160
∗∗∗ IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7029356
∗∗∗ Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7029359
∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2023-35890) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7029364
∗∗∗ A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-32342] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7029362
∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2022-40609) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7029361
∗∗∗ Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - July 2023 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7029360
∗∗∗ GNU C library (glibc) vulnerability affects (CVE-2015-7547) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/650093
∗∗∗ ISC DHCP vulnerability affects TS4500 Tape Library (CVE-2018-5732) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/650877
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 24-08-2023 18:00 − Freitag 25-08-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Auch Antivirensoftware: Winrar-Schwachstelle betrifft Hunderte weitere Programme ∗∗∗
---------------------------------------------
Nicht nur alte Winrar-Versionen sind für eine jüngst gepatchte Sicherheitslücke anfällig, sondern auch zahlreiche weitere Anwendungen.
---------------------------------------------
https://www.golem.de/news/auch-antivirensoftware-winrar-schwachstelle-betri…
∗∗∗ FBI-Warnung: Barracuda ESG-Appliances noch immer bedroht, umgehend entfernen ∗∗∗
---------------------------------------------
Das FBI warnt vor den Barracuda-ESG-Schwachstellen, die Ende Mai bekannt wurden. Es geht davon aus, dass alle Geräte kompromittiert seien.
---------------------------------------------
https://heise.de/-9284695
∗∗∗ „Mammutjagd“ auf Online-Marktplätze ∗∗∗
---------------------------------------------
Mit dem Toolset "Telekopye" können auch technisch wenig versierte Hacker auf Online-Marktplätzen Jagd auf ahnungslose Käufer – im Gauner-Slang "Mammut" - machen.
---------------------------------------------
https://www.zdnet.de/88411400/mammutjagd-auf-online-marktplaetze/
∗∗∗ Jupiter X Core WordPress plugin could let hackers hijack sites ∗∗∗
---------------------------------------------
Two vulnerabilities affecting some version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow hijacking accounts and uploading files without authentication.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/jupiter-x-core-wordpress-plu…
∗∗∗ Python Malware Using Postgresql for C2 Communications, (Fri, Aug 25th) ∗∗∗
---------------------------------------------
For modern malware, having access to its C2 (Command and control) is a crucial point. There are many ways to connect to a C2 server using tons of protocols, but today, HTTP remains very common because HTTP is allowed on most networks...
---------------------------------------------
https://isc.sans.edu/diary/rss/30158
∗∗∗ Playing Dominos with Moodles Security (1/2) ∗∗∗
---------------------------------------------
This is the first blog in a two-part series where we will present our findings on a Moodle security audit we conducted. We were drawn to researching the security aspect of the framework due to its popularity, with the goal of contributing to a safer internet. In this first article, we demonstrate how an unauthenticated attacker can leverage a vulnerability with a supposedly low impact to gain full control over the Moodle instance.
---------------------------------------------
https://www.sonarsource.com/blog/playing-dominos-with-moodles-security-1/
∗∗∗ A broken marriage. Abusing mixed vendor Kerberos stacks ∗∗∗
---------------------------------------------
*nix based servers and services can be joined to Active Directory networks in the same way as their Windows counterparts. This is usually facilitated through the MIT or Heimdal Kerberos stacks. Kerberos is designed as an authentication-based protocol therefore authorisation decisions are implemented independently to the Kerberos protocol itself. Due to this, different vendor stacks behave differently on how authorisation decisions are made.
---------------------------------------------
https://www.pentestpartners.com/security-blog/a-broken-marriage-abusing-mix…
∗∗∗ A Beginner’s Guide to Adversary Emulation with Caldera ∗∗∗
---------------------------------------------
The target audience for this blog post is individuals who have a basic understanding of cybersecurity concepts and terminology and looking to expand their knowledge on adversary emulation. This post delves into the details of adversary emulation with the Caldera framework exploring the benefits it offers.
---------------------------------------------
https://blog.nviso.eu/2023/08/25/a-beginners-guide-to-adversary-emulation-w…
∗∗∗ Analysis of MS-SQL Server Proxyjacking Cases ∗∗∗
---------------------------------------------
AhnLab Security Emergency response Center (ASEC) has recently discovered cases of proxyjacking targeting poorly managed MS-SQL servers. Publicly accessible MS-SQL servers with simple passwords are one of the main attack vectors used when targeting Windows systems. Typically, threat actors target poorly managed MS-SQL servers and attempt to gain access through brute force or dictionary attacks. If successful, they install malware on the infected system.
---------------------------------------------
https://asec.ahnlab.com/en/56350/
∗∗∗ Stories from the SOC - Unveiling the stealthy tactics of Aukill malware ∗∗∗
---------------------------------------------
On April 21st, 2023, AT&T Managed Extended Detection and Response (Managed XDR) investigated an attempted ransomware attack on one of our clients, a home improvement business. The investigation revealed the attacker used AuKill malware on the clients print server to disable the servers installed endpoint detection and response (EDR) solution by brute-forcing an administrator account and downgrading a driver to a vulnerable version.
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-so…
=====================
= Vulnerabilities =
=====================
∗∗∗ Maxon Cinema 4D SKP File Parsing vulnerabilities ∗∗∗
---------------------------------------------
CVSS Score: 7.8
CVE-2023-40482, CVE-2023-40483, CVE-2023-40486, CVE-2023-40485, CVE-2023-40484, CVE-2023-40488, CVE-2023-4049[0], CVE-2023-40491, CVE-2023-40487, CVE-2023-40489
Mitigation: Given the nature of the [vulnerabilities], the only salient mitigation strategy is to restrict interaction with the application.
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/
∗∗∗ (0Day) LG Simple Editor vulnerabilities ∗∗∗
---------------------------------------------
CVSS Scores: 6.5-9.8
CVE-2023-40502, CVE-2023-40513, CVE-2023-40514, CVE-2023-40515, CVE-2023-40492, CVE-2023-40493, CVE-2023-40494, CVE-2023-40495, CVE-2023-40496, CVE-2023-40497, CVE-2023-40498, CVE-2023-40499, CVE-2023-40500, CVE-2023-40503, CVE-2023-40503, CVE-2023-40504, CVE-2023-40505, CVE-2023-40506, CVE-2023-40507, CVE-2023-40508, CVE-2023-40509, CVE-2023-40510, CVE-2023-40511, CVE-2023-40512, CVE-2023-40501, CVE-2023-40516
[...] they do not have plans to fix the [vulnerabilities]
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/
∗∗∗ (0Day) LG SuperSign Media Editor vulnerabilities ∗∗∗
---------------------------------------------
CVSS Scores: 5.3-7.5
CVE-2023-40517, CVE-2023-41181
The vendor states that they do not have plans to fix the [vulnerabilities] now or in the future. [...] Given the nature of the [vulnerabilities], the only salient mitigation strategy is to restrict interaction with the application.
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/
∗∗∗ QNap: [Vulnerabilities] in QTS and QuTS hero ∗∗∗
---------------------------------------------
CVE-2023-34971, CVE-2023-34973, CVE-2023-34972
Affected products: QTS 5.1.0, 5.0.1, 4.5.4; QuTS hero h5.1.0, h4.5.4
We have already fixed the [vulnerabilities] in the following operating system versions: * QTS 5.1.0.2444 build 20230629 and later * QTS 5.0.1.2425 build 20230609 and later * QTS 4.5.4.2467 build 20230718 and later * QuTS hero h5.1.0.2424 build 20230609 and later * QuTS hero h4.5.4.2476 build 20230728 and later
---------------------------------------------
https://www.qnap.com/en-us/security-advisories?ref=security_advisory_details
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (tryton-server), Fedora (youtube-dl), SUSE (clamav and krb5), and Ubuntu (cjose and fastdds).
---------------------------------------------
https://lwn.net/Articles/942766/
∗∗∗ ZDI-23-1224: LG LED Assistant updateFile Directory Traversal Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-23-1224/
∗∗∗ ZDI-23-1223: LG LED Assistant thumbnail Directory Traversal Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-23-1223/
∗∗∗ ZDI-23-1222: LG LED Assistant setThumbnailRc Directory Traversal Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-23-1222/
∗∗∗ ZDI-23-1221: LG LED Assistant upload Directory Traversal Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-23-1221/
∗∗∗ IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-30435, CVE-2023-30436, CVE-2023-30437) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028506
∗∗∗ ISC BIND on IBM i is vulnerable to denial of service due to a memory usage flaw (CVE-2023-2828) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7017974
∗∗∗ Multiple vulnerabilities found in IBM Java which is shipped with IBM Intelligent Operations Center(CVE-2022-21541, CVE-2022-21540) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028934
∗∗∗ IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service due to [CVE-2023-26115] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028936
∗∗∗ IBM Spectrum Copy Data Management uses weaker than expected cryptographic algorithms ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028841
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 23-08-2023 18:00 − Donnerstag 24-08-2023 18:00
Handler: Robert Waldner
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ New "Whiffy Recon" Malware Triangulates Infected Device Location via Wi-Fi Every Minute ∗∗∗
---------------------------------------------
The SmokeLoader malware is being used to deliver a new Wi-Fi scanning malware strain called Whiffy Recon on compromised Windows machines. "The new malware strain has only one operation. Every 60 seconds it triangulates the infected systems positions by scanning nearby Wi-Fi access points as a data point for Googles geolocation API," [...]
---------------------------------------------
https://thehackernews.com/2023/08/new-whiffy-recon-malware-triangulates.html
∗∗∗ Using LLMs to reverse JavaScript variable name minification ∗∗∗
---------------------------------------------
This blog introduces a novel way to reverse minified Javascript using large language models (LLMs) like ChatGPT and llama2 while keeping the code semantically intact. The code is open source and available at Github
---------------------------------------------
https://thejunkland.com/blog/using-llms-to-reverse-javascript-minification
∗∗∗ Microsoft: Windows-Update-Vorschauen schützen vor Downfall-CPU-Lücke ∗∗∗
---------------------------------------------
Microsoft hat die Vorschauen auf die Windows-Updates im September veröffentlicht. Sie bringen Gegenmaßnahmen für die Downfall-Intel-CPU-Lücke mit.
---------------------------------------------
https://heise.de/-9283485
∗∗∗ FBI: Patches for Recent Barracuda ESG Zero-Day Ineffective ∗∗∗
---------------------------------------------
The Federal Bureau of Investigation says that the patches released for a recent Barracuda Email Security Gateway (ESG) vulnerability were not effective, advising organizations to “remove all ESG appliances immediately”.
---------------------------------------------
https://www.securityweek.com/fbi-patches-for-recent-barracuda-esg-zero-day-…
∗∗∗ Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT ∗∗∗
---------------------------------------------
This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.
---------------------------------------------
https://blog.talosintelligence.com/lazarus-quiterat/
∗∗∗ Tunnel Warfare: Exposing DNS Tunneling Campaigns using Generative Models – CoinLoader Case Study ∗∗∗
---------------------------------------------
In this blog post, we provide a deep dive into Check Point’s ongoing use of such a model to sweep across this haystack, and routinely thwart malicious campaigns abusing the DNS protocol to communicate with C&C servers. We focus on one such campaign, of CoinLoader, and lay out its infrastructure as well as an in-depth technical analysis of its DNS tunnelling functionality.
---------------------------------------------
https://research.checkpoint.com/2023/tunnel-warfare-exposing-dns-tunneling-…
=====================
= Vulnerabilities =
=====================
∗∗∗ Sicherheitsupdates: DoS-Attacken auf Firewalls und Switches von Cisco möglich ∗∗∗
---------------------------------------------
Angreifer können Geräte von Cisco via DoS-Attacken lahmlegen. Der Netzwerkausrüster hat Sicherheitspatches veröffentlicht.
---------------------------------------------
https://heise.de/-9283445
∗∗∗ Security Advisories for Drupal contributed projects ∗∗∗
---------------------------------------------
* Config Pages - Moderately critical - Information Disclosure * Shorthand - Critical - Access bypass * SafeDelete - Moderately critical - Access bypass * Data field - Moderately critical - Access bypass * ACL - Critical - Arbitrary PHP code execution * Forum Access - Critical - Arbitrary PHP code execution * Flexi Access - Critical - Arbitrary PHP code execution
---------------------------------------------
https://www.drupal.org/security/contrib
∗∗∗ CVE-2023-35150: Arbitrary Code Injection in XWiki.org XWiki ∗∗∗
---------------------------------------------
[..] detail a recently patched remote code execution vulnerability in the XWiki free wiki software platform. This bug was originally discovered by Michael Hamann with public Proof-of-Concept (PoC) code provided by Manuel Leduc. Successful exploitation of this vulnerability would allow an authenticated attacker to perform an arbitrary code injection on affected systems.
---------------------------------------------
https://www.zerodayinitiative.com/blog/2023/8/22/cve-2023-35150-arbitrary-c…
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (w3m), Fedora (libqb), Mageia (docker-containerd, kernel, kernel-linus, microcode, php, redis, and samba), Oracle (kernel, kernel-container, and openssh), Scientific Linux (subscription-manager), SUSE (ca-certificates-mozilla, erlang, gawk, gstreamer-plugins-base, indent, java-1_8_0-ibm, kernel, kernel-firmware, krb5, libcares2, nodejs14, nodejs16, openssl-1_1, openssl-3, poppler, postfix, redis, webkit2gtk3, and xen), and Ubuntu (php8.1).
---------------------------------------------
https://lwn.net/Articles/942654/
∗∗∗ Synology-SA-23:12 Synology SSL VPN Client ∗∗∗
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_23_12
∗∗∗ MISP 2.4.175 released with various bugs fixed, improvements and security fixes. ∗∗∗
---------------------------------------------
https://www.misp-project.org/2023/08/24/MISP.2.4.175.released.html/
∗∗∗ OPTO 22 SNAP PAC S1 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02
∗∗∗ CODESYS Development System ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-03
∗∗∗ CODESYS Development System ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-04
∗∗∗ CODESYS Development System ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-05
∗∗∗ Rockwell Automation Input/Output Modules ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-06
∗∗∗ KNX Protocol ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-01
∗∗∗ Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2023 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028350
∗∗∗ IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028511
∗∗∗ IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-30435, CVE-2023-30436, CVE-2023-30437) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028506
∗∗∗ IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability (CVE-2022-43904) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028509
∗∗∗ IBM Security Guardium is affected by an SQL Injection vulnerability (CVE-2023-33852) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028514
∗∗∗ IBM Security Verify Access OpenID Connect Provider container has fixed multiple vulnerabilities (CVE-2022-43868, CVE-2022-43739, CVE-2022-43740) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028513
∗∗∗ AIX is affected by security restrictions bypass (CVE-2023-24329) due to Python ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028095
∗∗∗ IBM Elastic Storage System is affected by a vulnerability in OpenSSL (CVE-2022-4304) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028709
∗∗∗ IBM Data Risk Manager is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028713
∗∗∗ IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality due to [CVE-2023-26268] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028728
∗∗∗ IBM App Connect Enterprise Certified Container operands that use the Box or Snowflake connectors are vulnerable to arbitrary code execution due to [CVE-2023-37466], [CVE-2023-37903] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028727
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 22-08-2023 18:00 − Mittwoch 23-08-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Schwachstellen im Web-Interface machen Aruba Orchestrator angreifbar ∗∗∗
---------------------------------------------
Angreifer können Arubas SD-WAN-Managementlösung EdgeConnect SD-WAN Orchestrator attackieren.
---------------------------------------------
https://heise.de/-9282524
∗∗∗ CISA warnt vor Angriffen auf Veeam-Backup-Sicherheitslücke ∗∗∗
---------------------------------------------
Die Cybersicherheitsbehörde CISA warnt vor aktuell laufenden Angriffen auf eine Veeam-Backup-Schwachstelle. Updates stehen bereit.
---------------------------------------------
https://heise.de/-9282365
∗∗∗ Die beliebteste WLAN-Glühbirne auf Amazon lässt Hacker in euer Netzwerk ∗∗∗
---------------------------------------------
Die TP-Link Tapo L530E hat Sicherheitslücken, mit denen sich Fremde Zugriff auf euer WLAN und damit auch auf die Geräte darin verschaffen können.
---------------------------------------------
https://futurezone.at/produkte/wlan-lampe-gluehbrine-amazon-hacker-tp-link-…
∗∗∗ Vorsicht: Gefälschte Versionen von Google Bard verbreiten Malware ∗∗∗
---------------------------------------------
Achtung vor Fake-Werbung mit Google Bard: Hinter den Links befindet sich Malware.
---------------------------------------------
https://futurezone.at/digital-life/google-bard-malware-faelschungen-fake-so…
∗∗∗ More Exotic Excel Files Dropping AgentTesla, (Wed, Aug 23rd) ∗∗∗
---------------------------------------------
Excel is an excellent target for attackers. The Microsoft Office suite is installed on millions of computers, and people trust these files. If we have the classic xls, xls, xlsm file extensions, Excel supports many others! Just check your local registry: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/30150
∗∗∗ Lateral movement: A conceptual overview ∗∗∗
---------------------------------------------
I think it would help a lot of those people to look at lateral movement from a conceptual point of view, instead of trying to understand all the techniques and ways in which lateral movement is achieved. [...] The goal is to hopefully enable more people to learn about how they can restructure or design their environments to be more resilient against lateral movement.
---------------------------------------------
https://diablohorn.com/2023/08/22/lateral-movement-a-conceptual-overview/
∗∗∗ Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders. ∗∗∗
---------------------------------------------
In large metropolitan areas, tourists are often easy to spot because theyre far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior.
---------------------------------------------
https://krebsonsecurity.com/2023/08/tourists-give-themselves-away-by-lookin…
∗∗∗ Hackergruppe CosmicBeetle verbreitet Ransomware in Europa ∗∗∗
---------------------------------------------
Gruppe verwendet das Toolset Spacecolon, um Ransomware unter ihren Opfern zu verbreiten und Lösegeld zu erpressen.
---------------------------------------------
https://www.zdnet.de/88411341/hackergruppe-cosmicbeetle-verbreitet-ransomwa…
∗∗∗ NVMe: New Vulnerabilities Made Easy ∗∗∗
---------------------------------------------
As vulnerability researchers, our primary mission is to find as many vulnerabilities as possible with the highest severity as possible. Finding vulnerabilities is usually challenging. But could there be a way, in some cases, to reach the same results with less effort?
---------------------------------------------
https://www.cyberark.com/resources/threat-research-blog/nvme-new-vulnerabil…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mediawiki and qt4-x11), Fedora (java-17-openjdk, linux-firmware, and python-yfinance), Red Hat (kernel, kpatch-patch, and subscription-manager), SUSE (evolution, janino, kernel, nodejs16, nodejs18, postgresql15, qt6-base, and ucode-intel), and Ubuntu (inetutils).
---------------------------------------------
https://lwn.net/Articles/942514/
∗∗∗ Google Chrome 116.0.5845.110/.111 Sicherheitsupdates ∗∗∗
---------------------------------------------
Google hat zum 22. August 2023 Updates des Google Chrome Browsers 116 im Stable Channel für Mac, Linux und Windows freigegeben. Es sind Sicherheitsupdates, die in den kommenden Wochen ausgerollt werden und 5 Schwachstellen (Einstufung als "hoch") beseitigen soll.
---------------------------------------------
https://www.borncity.com/blog/2023/08/23/google-chrome-116-0-5845-110-111-s…
∗∗∗ CVE-2022-40609 may affect IBM Java shipped with IBM CICS TX Standard ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028405
∗∗∗ CVE-2022-40609 may affect IBM Java shipped with IBM CICS TX Advanced ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028403
∗∗∗ CVE-2022-40609 may affect IBM Java shipped with IBM TXSeries for Multiplatforms ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028404
∗∗∗ Multiple vulnerabilities may affect IBM Semeru Runtime ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028407
∗∗∗ AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH (CVE-2023-40371 and CVE-2023-38408) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028420
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 21-08-2023 18:00 − Dienstag 22-08-2023 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Sneaky Amazon Google ad leads to Microsoft support scam ∗∗∗
---------------------------------------------
A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks up their browser.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/sneaky-amazon-google-ad-lead…
∗∗∗ Akira ransomware targets Cisco VPNs to breach organizations ∗∗∗
---------------------------------------------
Theres mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal, and eventually encrypt data.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/akira-ransomware-targets-cis…
∗∗∗ Security review for Microsoft Edge version 116 ∗∗∗
---------------------------------------------
We are pleased to announce the security review for Microsoft Edge, version 116! We have reviewed the new settings in Microsoft Edge version 116 and determined that there are no additional security settings that require enforcement. The Microsoft Edge version 114 security baseline continues to be our recommended configuration which can be downloaded from the Microsoft Security Compliance Toolkit.
---------------------------------------------
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/securit…
∗∗∗ New Variant of XLoader macOS Malware Disguised as OfficeNote Productivity App ∗∗∗
---------------------------------------------
A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote.""The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg," SentinelOne security researchers Dinesh Devadoss and Phil Stokes said in a Monday analysis.
---------------------------------------------
https://thehackernews.com/2023/08/new-variant-of-xloader-macos-malware.html
∗∗∗ CISA, NSA, and NIST Publish Factsheet on Quantum Readiness ∗∗∗
---------------------------------------------
Today, [CISA, NSA, NIST] released a joint factsheet, Quantum-Readiness: Migration to Post-Quantum Cryptography (PQC), to inform organizations—especially those that support Critical Infrastructure—of the impacts of quantum capabilities, and to encourage the early planning for migration to post-quantum cryptographic standards by developing a Quantum-Readiness Roadmap.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/08/21/cisa-nsa-and-nist-publis…
∗∗∗ Exploitation of Openfire CVE-2023-32315 ∗∗∗
---------------------------------------------
This vulnerability has flown under the radar on the defensive side of the industry. CVE-2023-32315 has been exploited in the wild, but you won’t find it in the CISA KEV catalog. There has also been minimal discussion about indicators of compromise and very few detections (although to their credit, Ignite Realtime put out patches and a great mitigation guide back in May).
---------------------------------------------
https://vulncheck.com/blog/openfire-cve-2023-32315
∗∗∗ Kritische Sicherheitslücke in Ivanti Sentry wird bereits missbraucht ∗∗∗
---------------------------------------------
Ivanti schließt in Sentry, vormals MobileIron Sentry, eine kritische Sicherheitslücke. Sie wird bereits angegriffen.
---------------------------------------------
https://heise.de/-9278280
∗∗∗ Facebook: Vorsicht vor Fake-Gewinnspielen von Kronehit und Radio Arabella ∗∗∗
---------------------------------------------
Kriminelle erstellen auf Facebook Fake-Profile von österreichischen Radiomoderator:innen. Betroffen sind aktuell Melanie See von Radio Arabella und Christian Mederitsch von Kronehit. Auf den Fake-Profilen werden betrügerische Gewinnspiele verbreitet. „Gewinner:innen“ werden per Kommentar benachrichtigt und müssen dann einen Link aufrufen oder dem Fake-Profil eine Privatnachricht schreiben. Melden Sie das Fake-Gewinnspiel und antworten Sie nicht!
---------------------------------------------
https://www.watchlist-internet.at/news/facebook-vorsicht-vor-fake-gewinnspi…
∗∗∗ This AI-generated crypto invoice scam almost got me, and Im a security pro ∗∗∗
---------------------------------------------
Even a tech pro can fall for a well-laid phishing trap. Heres what happened to me - and how you can avoid a similar fate, too.
---------------------------------------------
https://www.zdnet.com/article/this-ai-generated-crypto-invoice-scam-almost-…
∗∗∗ Verbraucherzentrale warnt vor Fake-Paypal-Betrugsanrufen ∗∗∗
---------------------------------------------
Ich nehme mal die Warnung vor einer Betrugsmasche hier mit im Blog auf, vor der die Verbraucherzentrale Baden-Württemberg aktuell warnt. Betrüger versuchen wohl über Call Center Opfer in Deutschland mit Schockanrufen über den Tisch zu ziehen.
---------------------------------------------
https://www.borncity.com/blog/2023/08/22/verbraucherzentrale-warnt-vor-fake…
=====================
= Vulnerabilities =
=====================
∗∗∗ TP-Link smart bulbs can let hackers steal your WiFi password ∗∗∗
---------------------------------------------
Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Links Tapo app, which could allow attackers to steal their targets WiFi password.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/tp-link-smart-bulbs-can-let-…
∗∗∗ McAfee Security Bulletin – McAfee Safe Connect update fixes Privilege Escalation vulnerability (CVE-2023-40352) ∗∗∗
---------------------------------------------
This Security Bulletin describes a vulnerability in a McAfee program, and provides ways to remediate (fix) the issue or mitigate (minimize) its impact.
---------------------------------------------
https://www.mcafee.com/support/?articleId=TS103462&page=shell&shell=article…
∗∗∗ Hitachi Energy AFF66x ∗∗∗
---------------------------------------------
CVSS v3 9.6
Successful exploitation of these vulnerabilities could allow an attacker to compromise availability, integrity, and confidentiality of the targeted devices.
CVE-2021-43523, CVE-2020-13817, CVE-2020-11868, CVE-2019-11477, CVE-2022-3204, CVE-2018-18066
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-234-01
∗∗∗ Rockwell Automation ThinManager ThinServer ∗∗∗
---------------------------------------------
CVSS v3 9.8
Rockwell Automation reports this vulnerability affects the following versions of ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software
CVE-2023-2914, CVE-2023-2915, CVE-2023-2917
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-234-03
∗∗∗ Trane Thermostats ∗∗∗
---------------------------------------------
CVSS v3 6.8
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as root using a specially crafted filename.
CVE-2023-4212
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-234-02
∗∗∗ Jetzt patchen! Angreifer schieben Schadcode durch Lücke in Adobe ColdFusion ∗∗∗
---------------------------------------------
Angreifer attackieren Adobes Middleware ColdFusion. Sicherheitsupdates sind verfügbar.
---------------------------------------------
https://heise.de/-9278446
∗∗∗ K000135921 : Python urllib.parse vulnerability CVE-2023-24329 ∗∗∗
---------------------------------------------
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
---------------------------------------------
https://my.f5.com/manage/s/article/K000135921?utm_source=f5support&utm_medi…
∗∗∗ Critical Privilege Escalation Vulnerability in Charitable WordPress Plugin Affects Over 10,000 sites ∗∗∗
---------------------------------------------
After providing full disclosure details, the developer released a patch on August 17, 2023. We would like to commend the WP Charitable Team for their prompt response and timely patch, which was released in just one day.
We urge users to update their sites with the latest patched version of Charitable, which is version 1.7.0.13 at the time of this writing, as soon as possible.
---------------------------------------------
https://www.wordfence.com/blog/2023/08/critical-privilege-escalation-vulner…
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (intel-microcode, lxc, and zabbix), Fedora (clamav), SUSE (python-configobj), and Ubuntu (clamav).
---------------------------------------------
https://lwn.net/Articles/942405/
∗∗∗ IBM Robotic Process Automation is vulnerable to exposure of sensitive information in application logs (CVE-2023-38732) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028221
∗∗∗ IBM Robotic Process Automation is vulnerable to information disclosure of script content (CVE-2023-40370) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028218
∗∗∗ Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028226
∗∗∗ IBM Robotic Process Automation is vulnerable to sensitive information disclosure in installation logs (CVE-2023-38733) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028223
∗∗∗ A vulnerability in urlib3 affects IBM Robotic Process Automation for Cloud Pak which may result in CRLF injection (CVE-2020-26137). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028229
∗∗∗ Multiple security vulnerabilities in .NET may affect IBM Robotic Process Automation for Cloud Pak (CVE-2023-24936, CVE-2023-29337, CVE-2023-33128) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028228
∗∗∗ IBM Robotic Process Automation is vulnerable to incorrect privilege assignment when importing user from an LDAP directory (CVE-2023-38734). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028227
∗∗∗ AWS SDK for Java as used by IBM QRadar SIEM is vulnerable to path traversal (CVE-2022-31159) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7027598
∗∗∗ IBM Decision Optimization for Cloud Pak for Data is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6551376
∗∗∗ IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6551326
∗∗∗ IBM Informix JDBC Driver Is Vulnerable to Remote Code Execution (CVE-2023-27866) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7007615
∗∗∗ Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2022-21282, CVE-2022-21296, CVE-2022-21299) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6565069
∗∗∗ A Unspecified Java Vulnerability is affecting Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2021-35550) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6594121
∗∗∗ Vulnerabilities in Linux kernel, libssh, and Java can affect IBM Spectrum Protect Plus ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028316
∗∗∗ Vulnerabilities in Oracle Java and the IBM Java SDK (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968 and CVE-2023-21937 ) affect Power HMC ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028209
∗∗∗ Multiple Vulnerabilities in IBM\u00ae Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2023 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028350
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 18-08-2023 18:00 − Montag 21-08-2023 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ The Week in Ransomware - August 18th 2023 - LockBit on Thin Ice ∗∗∗
---------------------------------------------
While there was quite a bit of ransomware news this week, the highlighted story was the release of Jon DiMaggios third article in the Ransomware Diaries series, with the focus of this article on the LockBit ransomware operation.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-augus…
∗∗∗ WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams ∗∗∗
---------------------------------------------
Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker thats engineered to conduct tech support scams.The sophisticated traffic redirection scheme was first documented by Malwarebytes in January 2020, leveraging JavaScript embedded in compromised websites to perform anti-bot and web traffic filtering checks [..]
---------------------------------------------
https://thehackernews.com/2023/08/wooflocker-toolkit-hides-malicious.html
∗∗∗ How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes ∗∗∗
---------------------------------------------
>From a user’s perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you’re seeking. Unfortunately, few users understand the implications of the permissions they allow when they create a new OAuth grant, making it easy for malicious actors to manipulate employees into giving away unintended access to corporate environments.
---------------------------------------------
https://thehackernews.com/2023/08/how-to-investigate-oauth-grant-for.html
∗∗∗ Journey into Windows Kernel Exploitation: The Basics ∗∗∗
---------------------------------------------
This blogpost embarks on the initial stages of kernel exploitation. The content serves as an introduction, leading to an imminent and comprehensive whitepaper centered around this subject matter. Through this, a foundation is laid for understanding how kernel drivers are developed, as well as basic understanding around key concepts that will be instrumental to comprehending the paper itself.
---------------------------------------------
https://blog.neuvik.com/journey-into-windows-kernel-exploitation-the-basics…
∗∗∗ mTLS: When certificate authentication is done wrong ∗∗∗
---------------------------------------------
In this post, well deep dive into some interesting attacks on mTLS authentication. Well have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation, and information leakages.
---------------------------------------------
https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done…
∗∗∗ ScienceLogic Dumpster Fire ∗∗∗
---------------------------------------------
In the last email correspondence with the vendor, nearly 9 months ago, the security director asserted that the vulnerabilities were addressed. However, they remained reluctant to proceed with CVE issuance. Considering the extensive duration that’s transpired, we opted to independently proceed with CVE issuance and disclosure. As a result, the vulnerabilities we identified are logged as CVE-2022-48580 through CVE-2022-48604.
---------------------------------------------
https://www.securifera.com/blog/2023/08/16/sciencelogic-dumpster-fire/
∗∗∗ Volatility Workbench: Empowering memory forensics investigations ∗∗∗
---------------------------------------------
Memory forensics plays a crucial role in digital investigations, allowing forensic analysts to extract valuable information from a computers volatile memory. Two popular tools in this field are Volatility Workbench and Volatility Framework. This article aims to compare and explore these tools, highlighting their features and differences to help investigators choose the right one for their needs.
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/volatility-workbenc…
∗∗∗ Vorsicht vor Investment-Tipps aus Telegram-Gruppen ∗∗∗
---------------------------------------------
Zahlreiche Telegram-Gruppen wie „Didi Random“, „Glück liebt Geld“ oder „Geld-Leuchtturm“ versprechen schnellen Reichtum. In diesen Gruppen erhalten Sie angebliche Investmenttipps, Erfolgsgeschichten von Anleger:innen und Kontakte zu „Finanz-Gurus“, die Ihnen bei der Geldanlage helfen. Wenn Sie bei den empfohlenen Plattformen investieren, verlieren Sie viel Geld!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-investment-tipps-aus-te…
=====================
= Vulnerabilities =
=====================
∗∗∗ WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting (CVE-2023-40068) ∗∗∗
---------------------------------------------
Description: WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability (CWE-79).
Impact: An arbitrary script may be executed on the web browser of the user who is logging in to the product with the editor or higher privilege.
---------------------------------------------
https://jvn.jp/en/jp/JVN98946408/
∗∗∗ Multiple vulnerabilities in LuxCal Web Calendar ∗∗∗
---------------------------------------------
Impact:
- An arbitrary script may be executed on the web browser of the user who is using the product - CVE-2023-39543
- A remote attacker may execute arbitrary queries against the database and obtain or alter the information in it - CVE-2023-39939
---------------------------------------------
https://jvn.jp/en/jp/JVN04876736/
∗∗∗ CD_SVA_2023_3: Wibu Systems - CodeMeter Runtime - security vulnerability addressed ∗∗∗
---------------------------------------------
A report has been received for the following security vulnerability in the zenon software platform: CVE-2023-3935 Further details regarding the vulnerability, mitigation options and product fixes that may be available, can be found in [...]
---------------------------------------------
https://selfservice.copadata.com/portal/en/kb/articles/cd-sva-2023-3-wibu-s…
∗∗∗ CVE-2023-38035 - Vulnerability affecting Ivanti Sentry ∗∗∗
---------------------------------------------
A vulnerability has been discovered in Ivanti Sentry, formerly MobileIron Sentry. We have reported this as CVE-2023-38035. This vulnerability impacts all supported versions – Versions 9.18. 9.17 and 9.16. Older versions/releases are also at risk. This vulnerability does not affect other Ivanti products or solutions [..] While the issue has a high CVSS score, there is low risk of exploitation for customers who do not expose 8443 to the internet.
---------------------------------------------
https://www.ivanti.com/blog/cve-2023-38035-vulnerability-affecting-ivanti-s…
∗∗∗ Update bereits ausgespielt: Kritische Lücke in WinRAR erlaubte Code-Ausführung ∗∗∗
---------------------------------------------
Das verbreitete Kompressionstool WinRAR besaß in älteren Versionen eine schwere Lücke, die beliebige Codeausführung erlaubte. Die aktuelle Version schließt sie.
---------------------------------------------
https://heise.de/-9268105
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (fastdds, flask, and kernel), Fedora (chromium, dotnet6.0, dotnet7.0, gerbv, java-1.8.0-openjdk, libreswan, procps-ng, and spectre-meltdown-checker), SUSE (chromium, kernel-firmware, krb5, opensuse-welcome, and python-mitmproxy), and Ubuntu (clamav, firefox, and vim).
---------------------------------------------
https://lwn.net/Articles/942311/
∗∗∗ GraphQL Java component is vulnerable to CVE-2023-28867 is used by IBM Maximo Application Suite ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028108
∗∗∗ Google Guava component is vulnerable to CVE-2023-2976 is used by IBM Maximo Application Suite ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028091
∗∗∗ Mutiple Vulnerabilties Affecting IBM Watson Machine Learning Accelerator ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028166
∗∗∗ IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to denial of service, availability, integrity, and confidentiality impacts due to multiple vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028168
∗∗∗ IBM Connect:Direct Web Services vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-2454) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028185
∗∗∗ A security vulnerability in Microsoft.NET affects IBM Robotic Process Automation and may result in a denial of service (CVE-2023-29331). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7026762
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 17-08-2023 18:00 − Freitag 18-08-2023 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ „Ihre Rückerstattung ist online verfügbar“: Phishing-Mail im Namen von oesterreich.gv.at ∗∗∗
---------------------------------------------
Aktuell melden uns zahlreiche Leser:innen eine betrügerische E-Mail, die im Namen von oesterreich.gv.at verschickt wird. In der E-Mail wird behauptet, dass eine Rückerstattung von 176,88 Euro aussteht. Achtung: Dahinter stecken Kriminelle!
---------------------------------------------
https://www.watchlist-internet.at/news/ihre-rueckerstattung-ist-online-verf…
∗∗∗ Microsoft: BlackCats Sphynx ransomware embeds Impacket, RemCom ∗∗∗
---------------------------------------------
Microsoft has discovered a new version of the BlackCat ransomware that embeds the Impacket networking framework and the Remcom hacking tool, both enabling spreading laterally across a breached network.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-blackcats-sphynx-…
∗∗∗ From a Zalando Phishing to a RAT, (Fri, Aug 18th) ∗∗∗
---------------------------------------------
Phishing remains a lucrative threat. We get daily emails from well-known brands (like DHL, PayPal, Netflix, Microsoft, Dropbox, Apple, etc). Recently, I received a bunch of phishing emails targeting Zalando customers. Zalando is a German retailer of shoes, fashion across Europe. It was the first time that I saw them used in a phishing campaign.
---------------------------------------------
https://isc.sans.edu/diary/rss/30136
∗∗∗ Critical Security Update for Magento Open Source & Adobe Commerce ∗∗∗
---------------------------------------------
Last week on August 8th, 2023, Adobe released a critical security patch for Adobe Commerce and the Magento Open Source CMS. The patch provides fixes for three vulnerabilities which affect the popular ecommerce platforms. Successful exploitation could lead to arbitrary code execution, privilege escalation and arbitrary file system read.
---------------------------------------------
https://blog.sucuri.net/2023/08/critical-security-update-for-magento-adobe-…
∗∗∗ New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools ∗∗∗
---------------------------------------------
Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution. "The Impacket tool has credential dumping and remote service execution modules that could be used for broad deployment of the BlackCat ransomware in target environments," the companys [...]
---------------------------------------------
https://thehackernews.com/2023/08/new-blackcat-ransomware-variant-adopts.ht…
∗∗∗ Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams ∗∗∗
---------------------------------------------
[...] another 3 years have gone by and this campaign is still going as if nothing has happened. The tactics and techniques are very similar, but the infrastructure is now more robust than before to defeat potential takedown attempts. [...] This blog post summarizes our latest findings and provides indicators of compromise that may be helpful to the security community.
---------------------------------------------
https://www.malwarebytes.com/blog/threat-intelligence/2023/08/wooflocker2
∗∗∗ Recapping the top stories from Black Hat and DEF CON ∗∗∗
---------------------------------------------
If you’re in the same boat as me and couldn’t attend BlackHat or DEF CON in person, I wanted to use this space to recap what I felt were the top stories and headlines coming out of the various new research that was published, talks, interviews and more.
---------------------------------------------
https://blog.talosintelligence.com/threat-source-newsletter-aug-17-2023/
∗∗∗ NoFilter Attack: Sneaky Privilege Escalation Method Bypasses Windows Security ∗∗∗
---------------------------------------------
A previously undetected attack method called NoFilter has been found to abuse the Windows Filtering Platform (WFP) to achieve privilege escalation in the Windows operating system. "If an attacker has the ability to execute code with admin privilege and the target is to perform LSASS Shtinkering, these privileges are not enough," Ron Ben Yizhak, a security researcher at Deep Instinct, told The Hacker News. "Running as "NT AUTHORITY\SYSTEM" is required.
---------------------------------------------
https://thehackernews.com/2023/08/nofilter-attack-sneaky-privilege.html
∗∗∗ Kommentar zum Azure-Master-Key-Diebstahl: Microsofts Reaktion lässt tief blicken ∗∗∗
---------------------------------------------
Microsoft lässt sich einen Signing Key für Azure klauen. Bis jetzt ist die Tragweite des Angriffs unklar. Das ist unverantwortlich, kommentiert Oliver Diedrich.
---------------------------------------------
https://heise.de/-9258697
∗∗∗ Gefälschte Buchungsseite vom Hotel Regina ∗∗∗
---------------------------------------------
Planen Sie gerade einen Urlaub in Wien? Vorsicht, wenn Sie das Hotel Regina buchen wollen. Kriminelle haben eine gefälschte Buchungsseite ins Netz gestellt. Die Internetadresse der betrügerischen Buchungsseite lautet regina-hotel-vienna.h-rez.com. Wenn Sie dort buchen, stehlen Kriminelle Ihnen persönliche Daten und Kreditkartendaten.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-buchungsseite-vom-hotel-…
=====================
= Vulnerabilities =
=====================
∗∗∗ 2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution ∗∗∗
---------------------------------------------
Multiple vulnerabilities in the J-Web component of Juniper Networks Junos OS on SRX Series and EX Series have been resolved through the application of specific fixes to address each vulnerability. By chaining exploitation of these vulnerabilities, an unauthenticated, network-based attacker may be able to remotely execute code on the devices. CVE IDs: CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847
---------------------------------------------
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-B…
∗∗∗ K30444545 : libxslt vulnerability CVE-2019-11068 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K30444545
∗∗∗ IBM Match 360 is vulnerable to a denial of service due to Apache Commons FileUpload in IBM WebSphere Application Server Liberty (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7027948
∗∗∗ IBM Match 360 is vulnerable to a denial of service due to Apache Commons FileUpload in IBM WebSphere Application Server Liberty (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7027944
∗∗∗ Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote information transfer due to CouchDB CVE-2023-26268 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028066
∗∗∗ Multiple vulnerabilities affect IBM SDK, Java Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028074
∗∗∗ Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028087
∗∗∗ A security vulnerability has been identified in the Apache POI, which is vulnerable to Denial of Service. (CVE-2017-5644) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/711741
∗∗∗ AIX is affected by security restrictions bypass (CVE-2023-24329) due to Python ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028095
∗∗∗ RESTEasy component is vulnerable to CVE-2023-0482 is used by IBM Maximo Application Suite ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028099
∗∗∗ netplex json-smart-v2 component is vulnerable to CVE-2023-1370 is used by IBM Maximo Application Suite ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028097
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 16-08-2023 18:00 − Donnerstag 17-08-2023 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Triple Extortion Ransomware and the Cybercrime Supply Chain ∗∗∗
---------------------------------------------
Ransomware attacks continue to grow both in sophistication and quantity. 2023 has already seen more ransomware attacks involving data exfiltration and extortion than all of 2022, an increasing trend we expect to continue.
This article will explore the business model of ransomware groups and the complex cybercrime ecosystem that has sprung up around them.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/triple-extortion-ransomware-…
∗∗∗ New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode ∗∗∗
---------------------------------------------
The method "tricks the victim into thinking their devices Airplane Mode works when in reality the attacker (following successful device exploit) has planted an artificial Airplane Mode which edits the UI to display Airplane Mode icon and cuts internet connection to all apps except the attacker application," [..]
---------------------------------------------
https://thehackernews.com/2023/08/new-apple-ios-16-exploit-enables.html
∗∗∗ CISA Releases JCDC Remote Monitoring and Management (RMM) Cyber Defense Plan ∗∗∗
---------------------------------------------
This plan addresses systemic risks facing the exploitation of RMM software. Cyber threat actors can gain footholds via RMM software into managed service providers (MSPs) or manage security service providers (MSSPs) servers and, by extension, can cause cascading impacts for the small and medium-sized organizations that are MSP/MSSP customers.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/08/16/cisa-releases-jcdc-remot…
∗∗∗ Angreifer attackieren Citrix ShareFile ∗∗∗
---------------------------------------------
Die US-Behörde [CISA] hat die "kritische" Sicherheitslücke (CVE-2023-24489) in ihren Katalog bekannter ausgenutzter Sicherheitslücken eingetragen. In welchem Umfang die Attacken ablaufen, ist derzeit nicht bekannt. [..] Die Lücke ist seit Juni 2023 bekannt. Seitdem gibt es auch die gepatchte Version 5.11.24.
---------------------------------------------
https://www.heise.de/news/Jetzt-patchen-Angreifer-attackieren-Citrix-ShareF…
∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (August 7, 2023 to August 13, 2023) ∗∗∗
---------------------------------------------
Last week, there were 86 vulnerabilities disclosed in 68 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database [..]
Patch Status :
- Unpatched 25
- Patched 61
---------------------------------------------
https://www.wordfence.com/blog/2023/08/wordfence-intelligence-weekly-wordpr…
∗∗∗ Phishing-Kampagne zielt auf Zimbra-Nutzer ab ∗∗∗
---------------------------------------------
Die Kampagne ist seit mindestens April 2023 aktiv und dauert laut Security-Forschern von ESET an.
---------------------------------------------
https://www.zdnet.de/88411237/phishing-kampagne-zielt-auf-zimbra-nutzer-ab/
=====================
= Vulnerabilities =
=====================
∗∗∗ PAN-SA-2023-0004 Informational Bulletin: Impact of TunnelCrack Vulnerabilities (CVE-2023-36671 CVE-2023-36672 CVE-2023-35838 CVE-2023-36673) ∗∗∗
---------------------------------------------
LocalNet attack is only applicable to GlobalProtect Agent configurations that allow direct access to the local network setting in the Split Tunnel tab on the firewall configuration. ServerIP attack is relevant only to PAN-OS firewall configurations with a GlobalProtect gateway enabled. You can verify whether you have a GlobalProtect portal or gateway configured by checking for entries in Network > GlobalProtect > Gateways from the web interface.
---------------------------------------------
https://security.paloaltonetworks.com/PAN-SA-2023-0004
∗∗∗ ClamAV 1.1.1, 1.0.2, 0.103.9 patch versions published ∗∗∗
---------------------------------------------
- CVE-2023-20197 Fixed a possible denial of service vulnerability in the HFS+ file parser.
- CVE-2023-20212 Fixed a possible denial of service vulnerability in the AutoIt file parser. This issue affects versions 1.0.1 and 1.0.0. This issue does not affect version 1.1.0.
ClamAV 0.105 and 0.104 have reached end-of-life according to the ClamAV’s End of Life (EOL) policy and will not be patched.
---------------------------------------------
https://blog.clamav.net/2023/07/2023-08-16-releases.html
∗∗∗ Parsec Remote Desktop App is prone to a local elevation of privilege due to a logical flaw in its code integrity verification process ∗∗∗
---------------------------------------------
By exploiting this race condition, a local attacker could swap out the officially signed Parsec DLL with a DLL that they created, which would subsequently be executed as the SYSTEM user as described in CVE-2023-37250. The vulnerability applies to a "Per User" installation as opposed to a "Shared User". There is an update that has been made available.
---------------------------------------------
https://kb.cert.org/vuls/id/287122
∗∗∗ TYPO3-EXT-SA-2023-007: Broken Access Control in extension "hCaptcha for EXT:form" (hcaptcha) ∗∗∗
---------------------------------------------
The extension fails to check the requirement of the captcha field in submitted form data allowing a remote user to bypass the captcha check. [..] An updated version 2.1.2 is available
---------------------------------------------
https://typo3.org/security/advisory/typo3-ext-sa-2023-007
∗∗∗ Varnish Enterprise/Cache: Base64 decoding vulnerability in vmod-digest ∗∗∗
---------------------------------------------
The potential outcome of the vulnerability can be both authentication bypass and information disclosure, however the exact attack surface will depend on the particular VCL configuration in use. [..]
Affected software versions:
- vmod-digest shipped with Varnish Enterprise 6.0 series up to and including 6.0.11r4.
- vmod-digest for Varnish Cache 6.0 LTS built on upstream source code prior to 2023-08-17.
- vmod-digest for Varnish Cache trunk built on upstream source code prior to 2023-08-17.
---------------------------------------------
https://docs.varnish-software.com/security/VSV00012/
∗∗∗ IP-Telefonie: Schwachstellen in der Provisionierung von Zoom und Audiocodes ∗∗∗
---------------------------------------------
Der Security-Experte Moritz Abrell von SySS hat Schwachstellen bei der IP-Telefonie mithilfe des Zoom Zero Touch Provisioning-Prozesses in Kombination mit Audiocodes 400HD Telefonen entdeckt. [..] Angreifer könnten gemäß den Darstellungen Gesprächsinhalte mithören, ein Botnetz aus infizierten Geräten bilden oder auf Basis der Kompromittierung der Endgeräte die Netzwerke attackieren, in denen diese betrieben werden.
---------------------------------------------
https://www.heise.de/news/IP-Telefonie-Schwachstellen-in-der-Provisionierun…
∗∗∗ Synology-SA-23:11 Synology Camera ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Camera BC500 Firmware and Synology Camera TC500 Firmware.
Solution: Upgrade to 1.0.5-0185 or above.
Workaround: Setting up firewall rules to allow only trusted clients to connect can be used as a temporary mitigation.
---------------------------------------------
https://www.synology.com/en-global/security/advisory/Synology_SA_23_11
∗∗∗ CISA Releases Three Industrial Control Systems Advisories ∗∗∗
---------------------------------------------
- ICSA-23-229-01 ICONICS and Mitsubishi Electric Products: CVE-2022-3602, CVE-2022-3786, CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0401
- ICSA-23-229-03 Schnieder Electric PowerLogic ION7400 PM8000 ION9000 Power Meters: CVE-2022-46680
- ICSA-23-229-04 Walchem Intuition 9: CVE-2022-3602, CVE-2022-3786, CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0401
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/08/17/cisa-releases-three-indu…
∗∗∗ Privilege Escalation in IBM Spectrum Virtualize ∗∗∗
---------------------------------------------
Im Rahmen einer oberflächlichen Sicherheitsprüfung stellte Certitude zwei Schwachstellen in der Firmware der IBM Spectrum Virtualize Storage-Lösung fest. Eine der Schwachstellen erlaubt es einem Benutzer der Administrationsschnittstelle, der nur über eingeschränkte Berechtigungen verfügt, beliebigen Code auszuführen.
---------------------------------------------
https://certitude.consulting/blog/de/privilege-escalation-in-ibm-spectrum-v…
∗∗∗ Atlassian Releases Security Update for Confluence Server and Data Center ∗∗∗
---------------------------------------------
Atlassian has released its security bulletin for August 2023 to address a vulnerability in Confluence Server and Data Center, CVE-2023-28709. A remote attacker can exploit this vulnerability to cause a denial-of-service condition.CISA encourages users and administrators to review Atlassian’s August 2003 Security Bulletin and apply the necessary update.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/08/17/atlassian-releases-secur…
∗∗∗ Cisco Integrated Management Controller Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco Umbrella Virtual Appliance Undocumented Support Tunnel Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco Unified Contact Center Express Finesse Portal Web Cache Poisoning Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerabilities ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco Intersight Private Virtual Appliance Command Injection Vulnerabilities ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco Identity Services Engine Device Credential Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco Intersight Virtual Appliance Unauthenticated Port Forwarding Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco Expressway Series and Cisco TelePresence Video Communication Server Command Injection Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco Duo Device Health Application for Windows Arbitrary File Write Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco Unified Communications Manager SQL Injection Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Cisco Unified Communications Products Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ ClamAV HFS+ File Scanning Infinite Loop Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ ClamAV AutoIt Module Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso…
∗∗∗ Vulnerability in Apache Tomcat Server (CVE-2023-28709 ) affects Power HMC ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7005499
∗∗∗ IBM Security Guardium is affected by Using Components with Known Vulnerabilities [CVE-2018-8909, CVE-2021-41100 and CVE-2021-41119] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7027854
∗∗∗ IBM Security Guardium is affected by a Command injection in CLI vulnerability [CVE-2023-35893] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7027853
∗∗∗ IBM Security Guardium is affected by several vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7007815
∗∗∗ Vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7027855
∗∗∗ IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7000021
∗∗∗ IBM Security Guardium is affected by multiple Oracle\u00ae MySQL vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981105
∗∗∗ IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981101
∗∗∗ Security Vulnerabilities affect IBM Cloud Pak for Data - Python (CVE-2019-20907) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6380954
∗∗∗ Security Vulnerabilities affect IBM Cloud Pak for Data - Golang (CVE-2020-24553) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6380968
∗∗∗ Security Vulnerabilities in GNU glibc affect IBM Cloud Pak for Data - GNU glibc (CVE-2020-1751) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6381220
∗∗∗ Vulnerability in IBM JDK (CVE-2022-40609 ) affects Power HMC ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7027898
∗∗∗ IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service (CVE-2023-38737) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7027921
∗∗∗ IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service (CVE-2023-38737) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7027919
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 14-08-2023 18:00 − Mittwoch 16-08-2023 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Jetzt 2FA aktivieren: Hackerangriffe auf Linkedin-Konten nehmen massiv zu ∗∗∗
---------------------------------------------
Cyberkriminelle haben es zuletzt vermehrt auf Linkedin-Konten abgesehen. Bei Google getätigte Suchanfragen bestätigen diesen Trend.
---------------------------------------------
https://www.golem.de/news/jetzt-2fa-aktivieren-hackerangriffe-auf-linkedin-…
∗∗∗ Vielfältige Attacken auf Ivanti Enterprise Mobility Management möglich (CVE-2023-32560) ∗∗∗
---------------------------------------------
Die Forscher geben an, die Schwachstelle im April 2023 gemeldet zu haben. Die gegen die Attacke abgesicherte EMM-Version 6.4.1 ist Anfang August erschienen. Mitte August haben die Sicherheitsforscher ihren Bericht veröffentlicht.
---------------------------------------------
https://www.heise.de/news/Vielfaeltige-Attacken-auf-Ivanti-Enterprise-Mobil…
∗∗∗ IT-Schutz für Kommunen: 18 Checklisten für den Schnelleinstieg ∗∗∗
---------------------------------------------
Kommunen sind zunehmend Ziele von Cyber-Angriffen. Für angemessenen Schutz mangelt es oft an Wissen und Personal. 18 WiBA-Checklisten des BSI sollen das ändern.
---------------------------------------------
https://heise.de/-9246027
∗∗∗ TR-75 - Unauthenticated remote code execution vulnerability in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) - CVE-2023-3519 ∗∗∗
---------------------------------------------
Use this Checklist to identify if your infrastructure already shows indications of a successful compromise
---------------------------------------------
https://www.circl.lu/pub/tr-75/
∗∗∗ Indicators of Compromise Scanner for Citrix ADC Zero-Day (CVE-2023-3519) ∗∗∗
---------------------------------------------
Today we are releasing a tool to help organizations scan their Citrix appliances for evidence of post-exploitation activity related to CVE-2023-3519. The tool contains indicators of compromise (IOCs) collected during Mandiant investigations and sourced from our partners and the community. Head over to the Mandiant GitHub page to download the tool today to scan your appliances.
---------------------------------------------
https://www.mandiant.com/resources/blog/citrix-adc-vulnerability-ioc-scanner
∗∗∗ l+f: Trojaner unterscheiden nicht zwischen Gut und Böse ∗∗∗
---------------------------------------------
D’oh! Sicherheitsforscher sind auf rund 120.000 mit Malware infizierte PCs gestoßen – von Cybergangstern.
---------------------------------------------
https://heise.de/-9244810
∗∗∗ Instagram-Nachricht: Gefälschte Beschwerde über Produktqualität führt zu Schadsoftware ∗∗∗
---------------------------------------------
Sie erhalten eine Nachricht auf Instagram. Darin beschwert sich eine Kundin, dass Ihre Produktqualität schlecht ist und das Produkt bereits nach 2 Tagen kaputt war. Ein Bild wird mitgeschickt. Laden Sie das Dokument mit der Endung .rar nicht herunter, es handelt sich um Schadsoftware.
---------------------------------------------
https://www.watchlist-internet.at/news/instagram-nachricht-gefaelschte-besc…
∗∗∗ An Apple malware-flagging tool is “trivially” easy to bypass ∗∗∗
---------------------------------------------
Background Task Manager can potentially miss malicious software on your machine.
---------------------------------------------
https://arstechnica.com/?p=1960742
∗∗∗ Ongoing scam tricks kids playing Roblox and Fortnite ∗∗∗
---------------------------------------------
The scams are often disguised as promotions, and they can all be linked to one network.
---------------------------------------------
https://arstechnica.com/?p=1961085
∗∗∗ Raccoon Stealer malware returns with new stealthier version ∗∗∗
---------------------------------------------
The developers of Raccoon Stealer information-stealing malware have ended their 6-month hiatus from hacker forums to promote a new 2.3.0 version of the malware to cyber criminals.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/raccoon-stealer-malware-retu…
∗∗∗ Massive 400,000 proxy botnet built with stealthy malware infections ∗∗∗
---------------------------------------------
A new campaign involving the delivery of proxy server apps to Windows systems has been uncovered, where users are reportedly involuntarily acting as residential exit nodes controlled by a private company.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/massive-400-000-proxy-botnet…
∗∗∗ QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord ∗∗∗
---------------------------------------------
A new remote access trojan (RAT) called QwixxRAT is being advertised for sale by its threat actor through Telegram and Discord platforms. "Once installed on the victims Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attackers Telegram bot, providing them with unauthorized access to the victims sensitive information," [...]
---------------------------------------------
https://thehackernews.com/2023/08/qwixxrat-new-remote-access-trojan.html
∗∗∗ Cookie Crumbles: Breaking and Fixing Web Session Integrity ∗∗∗
---------------------------------------------
In this paper, we question the effectiveness of existing protections and study the real-world security implications of cookie integrity issues. In particular, we focus on network and same-site attackers, a class of attackers increasingly becoming a significant threat to Web application security.
---------------------------------------------
https://www.usenix.org/system/files/usenixsecurity23-squarcina.pdf
∗∗∗ Chrome 116 Patches 26 Vulnerabilities ∗∗∗
---------------------------------------------
Google has released Chrome 116 with patches for 26 vulnerabilities and plans to ship weekly security updates for the popular web browser.
---------------------------------------------
https://www.securityweek.com/chrome-116-patches-26-vulnerabilities/
∗∗∗ Monti ransomware targets legal and gov’t entities with new Linux-based variant ∗∗∗
---------------------------------------------
The Monti hacker gang appears to have resumed its operations after a two-month break, this time claiming to target legal and government entities with a fresh Linux-based ransomware variant, according to new research. Monti was first discovered in June 2022, shortly after the infamous Conti ransomware group went out of business.
---------------------------------------------
https://therecord.media/monti-ransomware-targets-govt-entities
∗∗∗ CISA Adds One Known Exploited Vulnerability to Catalog ∗∗∗
---------------------------------------------
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-24489 Citrix Content Collaboration ShareFile Improper Access Control Vulnerability - These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/08/16/cisa-adds-one-known-expl…
∗∗∗ PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks ∗∗∗
---------------------------------------------
Recent findings by Aqua Nautilus have exposed significant flaws that are still active in the PowerShell Gallerys policy regarding package names and owners. These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package. Consequently, these flaws pave the way for potential supply chain attacks on the registrys vast user base.
---------------------------------------------
https://blog.aquasec.com/powerhell-active-flaws-in-powershell-gallery-expos…
∗∗∗ Verwundbare Webserver: Status in Österreich ∗∗∗
---------------------------------------------
Nachdem wir in den letzten Wochen von Schwachstellen in Systemen von Citrix, Ivanti und Fortinet berichtet haben, wollte ich wissen, wie weit Österreich beim Patchen ist. Wir bekommen von ShadowServer täglich Reports mit den Ergebnissen ihrer Scans über das ganze Internet. Im „Vulnerable HTTP Report“ geht es unter anderem um Schwachstellen, die in Web-Applikationen gefunden wurden. Auf Hersteller bezogen kann man aus den Daten für Österreich folgende folgende Entwicklung ablesen: [...]
---------------------------------------------
https://cert.at/de/aktuelles/2023/8/verwundbare-webserver-status-in-osterre…
=====================
= Vulnerabilities =
=====================
∗∗∗ Advisory | NetModule Router Software Race Condition Leads to Remote Code Execution ∗∗∗
---------------------------------------------
CVSSv3.1 Score: 8.4 Affected Vendor & Products: NetModule NB1601, NB1800, NB1810, NB2800, NB2810, NB3701, NB3800, NB800, NG800 Vulnerable version: < 4.6.0.105, < 4.7.0.103
---------------------------------------------
https://pentest.blog/advisory-netmodule-router-software-race-condition-lead…
∗∗∗ Sicherheitslücken: Angreifer können Hintertüren in Datenzentren platzieren ∗∗∗
---------------------------------------------
Schwachstellen in Software von CyberPower und Dataprobe zur Energieüberwachung und -Verteilung gefährden Datenzentren.
---------------------------------------------
https://heise.de/-9245788
∗∗∗ Lücken in Kennzeichenerkennungssoftware gefährden Axis-Überwachungskamera ∗∗∗
---------------------------------------------
Mehrere Sicherheitslücken in Software für Überwachungskameras von Axis gefährden Geräte.
---------------------------------------------
https://heise.de/-9245978
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (samba), Red Hat (.NET 6.0, .NET 7.0, rh-dotnet60-dotnet, rust, rust-toolset-1.66-rust, and rust-toolset:rhel8), and SUSE (kernel and opensuse-welcome).
---------------------------------------------
https://lwn.net/Articles/941658/
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (datatables.js and openssl), Fedora (ghostscript, java-11-openjdk, java-latest-openjdk, microcode_ctl, and xen), Red Hat (redhat-ds:11), SUSE (java-1_8_0-openj9, kernel, krb5, pcre2, and perl-HTTP-Tiny), and Ubuntu (gstreamer1.0, mysql-8.0, tiff, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/941722/
∗∗∗ Schneider Electric EcoStruxure Control Expert, Process Expert, Modicon M340, M580 and M580 CPU ∗∗∗
---------------------------------------------
Successful exploitation of this vulnerability could allow an attacker to execute unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session.
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-227-01
∗∗∗ Rockwell Automation Armor PowerFlex ∗∗∗
---------------------------------------------
Successful exploitation of this vulnerability could allow an attacker to send an influx of network commands, causing the product to generate an influx of event log traffic at a high rate, resulting in the stop of normal operation.
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-227-02
∗∗∗ K000135852 : FasterXML jackson-databind vulnerability CVE-2022-42003 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000135852
∗∗∗ CPE2023-003 Vulnerability Mitigation/Remediation for Inkjet Printers (Home and Office/Large Format) – 15 August 2023 ∗∗∗
---------------------------------------------
https://www.canon-europe.com/support/product-security-latest-news/
∗∗∗ [R1] Sensor Proxy Version 1.0.8 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2023-28
∗∗∗ Vulnerabilities in Node.js modules affect IBM Voice Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7026694
∗∗∗ Security Vulnerabilities affect IBM Cloud Pak for Data - Python (CVE-2019-20907) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6380956
∗∗∗ Multiple Eclipse Jetty Vulnerabilities Affect IBM Analytic Accelerator Framework for Communication Service Providers & IBM Customer and Network Analytics ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7027483
∗∗∗ AWS SDK for Java as used by IBM QRadar SIEM is vulnerable to path traversal (CVE-2022-31159) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7027598
∗∗∗ IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-38737) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7027509
∗∗∗ IBM Cognos Analytics has addressed multiple security vulnerabilities (CVE-2022-48285, CVE-2023-35009, CVE-2023-35011) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7026692
∗∗∗ Zyxel security advisory for post-authentication command injection in NTP feature of NBG6604 home router ∗∗∗
---------------------------------------------
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-…
∗∗∗ Zyxel security advisory for DoS vulnerability of XGS2220, XMG1930, and XS1930 series switches ∗∗∗
---------------------------------------------
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 11-08-2023 18:00 − Montag 14-08-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ MaginotDNS attacks exploit weak checks for DNS cache poisoning ∗∗∗
---------------------------------------------
A team of researchers from UC Irvine and Tsinghua University has developed a new powerful cache poisoning attack named MaginotDNS, that targets Conditional DNS (CDNS) resolvers and can compromise entire TLDs top-level domains.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/maginotdns-attacks-exploit-w…
∗∗∗ Phishing with hacked sites ∗∗∗
---------------------------------------------
Scammers are hacking websites powered by WordPress and placing phishing pages inside hidden directories. We share some statistics and tips on recognizing a hacked site.
---------------------------------------------
https://securelist.com/phishing-with-hacked-sites/110334/
∗∗∗ Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping ∗∗∗
---------------------------------------------
Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zooms Zero Touch Provisioning (ZTP) that could be potentially exploited by a malicious attacker to conduct remote attacks. "An external attacker who leverages the vulnerabilities discovered in AudioCodes Ltd.'s desk phones and Zoom's Zero Touch Provisioning feature can gain full remote control of the devices," SySS security researcher Moritz Abrell said in an analysis published Friday.
---------------------------------------------
https://thehackernews.com/2023/08/zoom-ztp-audiocodes-phones-flaws.html
∗∗∗ Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability ∗∗∗
---------------------------------------------
E-commerce sites using Adobes Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.
---------------------------------------------
https://thehackernews.com/2023/08/ongoing-xurum-attacks-on-e-commerce.html
∗∗∗ HAK5 BashBunny USB Gadget IoC Removal ∗∗∗
---------------------------------------------
StealthBunny is a tool designed to modify HAK5s BashBunny USB gadget kernel driver to remove possible indicators of compromise.
---------------------------------------------
https://github.com/emptynebuli/StealthBunny
∗∗∗ Microsofts Cloud-Hack: Überprüfung durch US Cyber Safety Review Board ∗∗∗
---------------------------------------------
Die Cybervorfälle der letzten Monate haben die US-Sicherheitsbehörden aufgeschreckt. Nun will sich das US Cyber Safety Review Board (CSRB) den Hack der Microsoft Cloud durch die mutmaßlich chinesische Hackergruppe Storm-0558 genauer ansehen. Der Fall war im Juli 2023 bekannt geworden und hatte wegen der Umstände Wellen geschlagen.
---------------------------------------------
https://www.borncity.com/blog/2023/08/12/microsofts-cloud-hack-berprfung-du…
∗∗∗ Whats New in CVSS v4 ∗∗∗
---------------------------------------------
The standard has been improved over time with the release of v1 in Feb. 2005, v2 in June 2007, and v3 in June 2015. The current version (v3.1) debuted in June 2019. Version 4 is slated for release on October 1, 2023.
---------------------------------------------
https://www.rapid7.com/blog/post/2023/08/14/whats-new-in-cvss-v4/
=====================
= Vulnerabilities =
=====================
∗∗∗ VU#127587: Python Parsing Error Enabling Bypass CVE-2023-24329 ∗∗∗
---------------------------------------------
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
---------------------------------------------
https://kb.cert.org/vuls/id/127587
∗∗∗ Schwachstelle in Sync 3: Infotainmentsystem von Ford ermöglicht Angriff via Wi-Fi ∗∗∗
---------------------------------------------
Das in vielen Ford-Modellen genutzte Infotainmentsystem Sync 3 hat eine Schwachstelle, durch die Angreifer böswilligen Code ausführen können.
---------------------------------------------
https://www.golem.de/news/schwachstelle-in-sync-3-infotainmentsystem-von-fo…
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gst-plugins-ugly1.0, libreoffice, linux-5.10, netatalk, poppler, and sox), Fedora (chromium, ghostscript, java-1.8.0-openjdk-portable, java-11-openjdk, java-11-openjdk-portable, java-17-openjdk-portable, java-latest-openjdk-portable, kernel, linux-firmware, mingw-python-certifi, ntpsec, and php), Oracle (.NET 6.0, .NET 7.0, 15, 18, bind, bind9.16, buildah, cjose, curl, dbus, emacs, firefox, go-toolset and golang, go-toolset:ol8, grafana, iperf3, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, libcap, libeconf, libssh, libtiff, libxml2, linux-firmware, mod_auth_openidc:2.3, nodejs, nodejs:16, nodejs:18, open-vm-tools, openssh, postgresql:12, postgresql:13, python-requests, python27:2.7, python3, python38:3.8 and python38-devel:3.8, python39:3.9 and python39-devel:3.9, ruby:2.7, samba, sqlite, systemd, thunderbird, virt:ol and virt-devel:rhel, and webkit2gtk3), SUSE (docker, java-1_8_0-openj9, kernel, kernel-firmware, libyajl, nodejs14, openssl-1_0_0, poppler, and webkit2gtk3), and Ubuntu (golang-yaml.v2, intel-microcode, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux-oem-6.1, pygments, and pypdf2).
---------------------------------------------
https://lwn.net/Articles/941587/
∗∗∗ F5: K000135795 : Downfall Attacks CVE-2022-40982 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000135795
∗∗∗ F5: K000135831 : Node.js vulnerability CVE-2023-32067 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000135831
∗∗∗ A vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Scale packaged in IBM Elastic Storage System (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7025515
∗∗∗ Multiple Linux Kernel vulnerabilities may affect IBM Elastic Storage System ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7025507
∗∗∗ IBM Elastic Storage System is affected by a vulnerability in OpenSSL (CVE-2022-4450) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7025510
∗∗∗ Postgresql JDBC drivers shipped with IBM Security Verify Access have a vulnerability (CVE-2022-41946) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7014261
∗∗∗ IBM GSKit as shipped with IBM Security Verify Access has fixed a reported vulnerability (CVE-2023-32342) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7014259
∗∗∗ Security Vulnerabilities fixed in IBM Security Verify Access (CVE-2022-40303) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009741
∗∗∗ Apache Log4j Vulnerability affects Cloud Pak for Data (CVE-2021-44228) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6529302
∗∗∗ IBM PowerVM Novalink is vulnerable because flaw was found in IBM SDK, Java Technology Edition, which could allow a remote attacker to execute arbitrary code on the system caused by an unsafe deserialization flaw. (CVE-2022-40609) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7026380
∗∗∗ Kafka nodes in IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to snappy-java (CVE-2023-34453, CVE-2023-34455, CVE-2023-34454). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7026403
∗∗∗ IBM ELM affected as Java deserialization filters (JEP 290) ignored during IBM ORB deserialization (CVE-2022-40609) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7026536
∗∗∗ Vulnerability in IBM Java SDK affects WebSphere Service Registry and Repository (CVE-2022-40609) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7026489
∗∗∗ Security Vulnerabilities in JRE and Java packages affect IBM Voice Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7026553
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily