Daily

daily@lists.cert.at

1 participants
3084 discussions

Tageszusammenfassung - 24.02.2023
by Daily end-of-shift report 24 Feb '23

24 Feb '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-02-2023 18:00 − Freitag 24-02-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Vorsicht: ChatGPT-Scams nehmen stark zu ∗∗∗ --------------------------------------------- Im Internet gibt es viele Seiten, die vorgeben, der intelligente Chatbot zu sein. In Wahrheit verbreiten sie Schadsoftware. --------------------------------------------- https://futurezone.at/produkte/chatgpt-scam-malware-apps-android-chatbot-vo… ∗∗∗ KI: Journalist überlistet Bank mit künstlicher Intelligenz ∗∗∗ --------------------------------------------- Einem Journalisten ist es gelungen, die Stimmauthentifizierung einer Bank mit KI zu umgehen. Das könnten auch Betrüger. --------------------------------------------- https://www.golem.de/news/ki-journalist-ueberlistet-bank-mit-kuenstlicher-i… ∗∗∗ Privatsphäre: Chrome-Extensions können noch immer eine Menge anrichten ∗∗∗ --------------------------------------------- Eine Analyse zeigt, was sich trotz Googles Chrome Extension Manifest V3 alles ausspähen lässt, wenn Nutzer bei der Installation nicht vorsichtig sind. --------------------------------------------- https://www.golem.de/news/privatsphaere-chrome-extensions-koennen-noch-imme… ∗∗∗ The code that wasn’t there: Reading memory on an Android device by accident ∗∗∗ --------------------------------------------- CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space level of pages, and how the GitHub Security Lab used the kernel space information leak to construct a KASLR bypass. --------------------------------------------- https://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-… ∗∗∗ In Final Cut & Co: Warnung vor Cryptojacking durch gecrackte Mac-Apps ∗∗∗ --------------------------------------------- Malware für Cryptomining wird über gecrackte Mac-Apps verbreitet und verbirgt sich dabei immer besser, warnen Sicherheitsforscher. Apple reagiert. --------------------------------------------- https://heise.de/-7527273 ∗∗∗ Update on the Exchange Server Antivirus Exclusions ∗∗∗ --------------------------------------------- For years we have been saying how running antivirus (AV) software on your Exchange Servers can enhance the security and health of your Exchange organization. We’ve also said that if you are deploying file-level scanners on Exchange servers, make sure that the appropriate exclusions, such as directory exclusions, process exclusions, and file name extension exclusions, are in place for both scheduled and real-time scanning. But times have changed, and so has the cybersecurity landscape. --------------------------------------------- https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exc… ∗∗∗ Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool ∗∗∗ --------------------------------------------- Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX. --------------------------------------------- https://www.trendmicro.com/en_us/research/23/b/investigating-the-plugx-troj… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco stopft teils hochriskante Schwachstellen ∗∗∗ --------------------------------------------- Für mehrere Produkte stellt Netzwerkausrüster Cisco Sicherheitsupdates bereit. Sie schließen teils als hohe Bedrohung eingestufte Schwachstellen. --------------------------------------------- https://heise.de/-7526208 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (binwalk, chromium, curl, emacs, frr, git, libgit2, and tiff), Fedora (qt5-qtbase), SUSE (c-ares, kernel, openssl-1_1-livepatches, pesign, poppler, rubygem-activerecord-5_1, and webkit2gtk3), and Ubuntu (linux-aws). --------------------------------------------- https://lwn.net/Articles/924358/ ∗∗∗ Ineffective Cross Site Request Forgery (CSRF) protection in IBM Business Process Manager (BPM) (CVE-2017-1769) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/301273 ∗∗∗ IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to information disclosure (CVE-2022-43923) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6957654 ∗∗∗ AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6851445 ∗∗∗ A vulnerability in Node.js affects IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-21681, CVE-2022-21680) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6958016 ∗∗∗ A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2023-23477) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6958024 ∗∗∗ A vulnerability in Node.js affects IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-21681, CVE-2022-21680) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6958016 ∗∗∗ Vulnerabilities found within Apache Storm that is used by IBM Tivoli Network Manager (ITNM) IP Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6958056 ∗∗∗ Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for Febuary 2023 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6958062 ∗∗∗ Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6958064 ∗∗∗ CVE-2022-32149 may affect IBM CICS TX Advanced ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6958066 ∗∗∗ CVE-2022-32149 may affect IBM CICS TX Standard ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6958072 ∗∗∗ Multiple vulnerabilities in Go may affect IBM CICS TX Standard ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6958068 ∗∗∗ CVE-2022-3676 may affect IBM CICS TX Advanced ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6958086 ∗∗∗ CVE-2022-3676 may affect IBM CICS TX Standard ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6958074 ∗∗∗ IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Go ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6855111 ∗∗∗ IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Golang Go ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6955929 ∗∗∗ CVE-2022-37734 may affect IBM CICS TX Advanced ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6958076 ∗∗∗ CVE-2022-37734 may affect IBM CICS TX Standard ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6958084 ∗∗∗ IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6955937 ∗∗∗ CVE-2018-1099, CVE-2018-1098 may affect IBM CICS TX Advanced ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6958080 ∗∗∗ CVE-2018-1099, CVE-2018-1098 may affect IBM CICS TX Standard ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6958082 ∗∗∗ IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by a vulnerability in JSON Web Token ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6955935 ∗∗∗ Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6957710 ∗∗∗ Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6957822 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.02.2023
by Daily end-of-shift report 23 Feb '23

23 Feb '23

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-02-2023 18:00 − Donnerstag 23-02-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ New S1deload Stealer malware hijacks Youtube, Facebook accounts ∗∗∗ --------------------------------------------- An ongoing malware campaign targets YouTube and Facebook users, infecting their computers with a new information stealer that will hijack their social media accounts and use their devices to mine for cryptocurrency. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-s1deload-stealer-malware… ∗∗∗ Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries ∗∗∗ --------------------------------------------- Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index (PyPI) repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3. --------------------------------------------- https://thehackernews.com/2023/02/python-developers-warned-of-trojanized.ht… ∗∗∗ Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products ∗∗∗ --------------------------------------------- Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as CVE-2022-47966 (CVSS score: 9.8), the remote code execution flaw allows a complete takeover of the susceptible systems by unauthenticated attackers. --------------------------------------------- https://thehackernews.com/2023/02/experts-sound-alarm-over-growing.html ∗∗∗ OffSec Tools ∗∗∗ --------------------------------------------- This repository is intended for pentesters and red teamers using a variety of offensive security tools during their assessments. The repository is a collection of useful tools suitable for assessments in internal environments. --------------------------------------------- https://github.com/Syslifters/offsec-tools ∗∗∗ Technical Analysis of BlackBasta Ransomware 2.0 ∗∗∗ --------------------------------------------- Zscaler ThreatLabz has been tracking prominent ransomware families and their tactics, techniques and procedures (TTPs) including the BlackBasta ransomware family. On November 16, 2022, ThreatLabz identified new samples of the BlackBasta ransomware that had significantly lower antivirus detection rates. --------------------------------------------- https://www.zscaler.com/blogs/security-research/back-black-basta ∗∗∗ Users looking for ChatGPT apps get malware instead ∗∗∗ --------------------------------------------- The massive popularity of OpenAI’s chatbot ChatGPT has not gone unnoticed by cyber criminals: they are exploiting the public’s eagerness to experiment with it to trick users into downloading Windows and Android malware and visit phishing pages. --------------------------------------------- https://www.helpnetsecurity.com/2023/02/23/chatgpt-windows-android/ ∗∗∗ Stealthy Mac Malware Delivered via Pirated Apps ∗∗∗ --------------------------------------------- Cybercriminals are delivering stealthy cryptojacking malware to Macs using pirated apps and they could use the same method for other malware. --------------------------------------------- https://www.securityweek.com/stealthy-mac-malware-delivered-via-pirated-app… ∗∗∗ Anti-Forensic Techniques Used By Lazarus Group ∗∗∗ --------------------------------------------- Since approximately a year ago, the Lazarus group’s malware has been discovered in various Korean companies related to national defense, satellites, software, and media press. The AhnLab ASEC analysis team has been continuously tracking the Lazarus threat group’s activities and other related TTPs. Among the recent cases, this post aims to share the anti-forensic traces and details found in the systems that were infiltrated by the Lazarus group. --------------------------------------------- https://asec.ahnlab.com/en/48223/ ∗∗∗ ChromeLoader Disguised as Illegal Game Programs Being Distributed ∗∗∗ --------------------------------------------- Since the previous year, there has been a steady increase in cases where disk image files, such as ISO and VHD, have been used in malware distribution. These have been covered several times in previous ASEC blog posts. This post will cover a recent discovery of ChromeLoader being distributed using VHD files. --------------------------------------------- https://asec.ahnlab.com/en/48211/ ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerability Spotlight: EIP Stack Group OpENer open to two remote code execution vulnerabilities ∗∗∗ --------------------------------------------- Two of the vulnerabilities are considered to be considered of critical importance, with a CVSS score of a maximum 10 out of 10. --------------------------------------------- https://blog.talosintelligence.com/vuln-spotlight-eip-stack-group-feb-2023/ ∗∗∗ BIOS-Sicherheitsupdates: HP-Computer für Schadcode-Attacken anfällig ∗∗∗ --------------------------------------------- In aktualisierten BIOS-Versionen für HP-Computer haben die Entwickler mehrere Sicherheitslücken geschlossen. --------------------------------------------- https://heise.de/-7524562 ∗∗∗ Firewall-Distribution: pfSense 23.01 schließt Sicherheitslücken ∗∗∗ --------------------------------------------- In der Firewall-Distribution pfSense 23.01 haben die Entwickler mehrere Sicherheitslücken geschlossen. Die Basis haben sie auch auf aktuellen Stand gehievt. --------------------------------------------- https://heise.de/-7525432 ∗∗∗ Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023) ∗∗∗ --------------------------------------------- Last week, there were 104 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database. You can find those vulnerabilities below. --------------------------------------------- https://www.wordfence.com/blog/2023/02/wordfence-intelligence-ce-weekly-vul… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox and thunderbird), Debian (asterisk, git, mariadb-10.3, node-url-parse, python-cryptography, and sofia-sip), Fedora (c-ares, golang-github-need-being-tree, golang-helm-3, golang-oras, golang-oras-1, and golang-oras-2), Oracle (httpd:2.4, kernel, php:8.0, python-setuptools, python3, samba, systemd, tar, and webkit2gtk3), Red Hat (webkit2gtk3), SUSE (phpMyAdmin, poppler, and postgresql12), and Ubuntu (dcmtk and linux-hwe). --------------------------------------------- https://lwn.net/Articles/924236/ ∗∗∗ Case update: DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software ∗∗∗ --------------------------------------------- https://csirt.divd.nl/cases/DIVD-2022-00052/ ∗∗∗ Vulnerability in sqlite affects IBM VM Recovery Manager HA GUI ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6957680 ∗∗∗ Vulnerability in sqlite affects IBM VM Recovery Manager DR GUI ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6957708 ∗∗∗ Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6957710 ∗∗∗ Vulnerability in moment-timezone affects IBM VM Recovery Manager HA GUI ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6957714 ∗∗∗ CVE-2022-3509, CVE-2022-3171 may affect IBM CICS TX Advanced ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6957754 ∗∗∗ CVE-2022-3509, CVE-2022-3171 may affect IBM CICS TX Standard ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6957758 ∗∗∗ CVE-2022-3509 and CVE-2022-3171 may affect IBM TXSeries for Multiplatforms ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6957764 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.02.2023
by Daily end-of-shift report 22 Feb '23

22 Feb '23

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-02-2023 18:00 − Mittwoch 22-02-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Warnung vor Angriffen auf IBM Aspera Faspex und Mitel MiVoice ∗∗∗ --------------------------------------------- Die US-IT-Sicherheitsbehörde CISA warnt davor, dass Cyberkriminelle Sicherheitslücken in IBM Aspera Faspex und Mitel MiVoice angreifen. Updates stehen bereit. --------------------------------------------- https://heise.de/-7523870 ∗∗∗ Jetzt patchen! Exploit-Code für kritische Fortinet FortiNAC-Lücke in Umlauf ∗∗∗ --------------------------------------------- Da Exploit-Code veröffentlicht wurde, könnten Angreifer Fortinets Netzwerk-Zugangskontrolllösung FortiNAC ins Visier nehmen. --------------------------------------------- https://heise.de/-7523427 ∗∗∗ Fake Give-Aways und Geschenkaktionen im Namen von ‚MrBeast‘! ∗∗∗ --------------------------------------------- Wer sich regelmäßig YouTube-Videos ansieht, kommt kaum an MrBeast vorbei. Der Youtuber mit über 134 Millionen Abonnent:innen ist für seine Give-Away-Videos bekannt, bei denen er Tausende oder gar Millionen von Dollar verschenkt. Diesen Ruf machen sich auch Kriminelle zunutze, indem sie betrügerische Gewinnversprechen und Geschenkaktionen im Namen von MrBeast verbreiten. --------------------------------------------- https://www.watchlist-internet.at/news/fake-give-aways-und-geschenkaktionen… ∗∗∗ Hydrochasma hackers target medical research labs, shipping firms ∗∗∗ --------------------------------------------- A previously unknown threat actor named Hydrochasma has been targeting shipping and medical laboratories involved in COVID-19 vaccine development and treatments. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hydrochasma-hackers-target-m… ∗∗∗ WhatsApp ignoriert seit Jahren ein Sicherheitsproblem, das alle betrifft ∗∗∗ --------------------------------------------- Fremde können das eigene Profil übernehmen und sich für euch ausgeben - ganz ohne Hacking oder Phishing. --------------------------------------------- https://futurezone.at/apps/whatsapp-sicherheit-problem-konto-telefonnummer-… ∗∗∗ Attackers Abuse Cron Jobs to Reinfect Websites ∗∗∗ --------------------------------------------- Malicious cron jobs are nothing new; we’ve seen attackers use them quite frequently to reinfect websites. However, in recent months we’ve noticed a distinctive new wave of these infections that appears to be closely related to this article about a backdoor that we’ve been tracking. --------------------------------------------- https://blog.sucuri.net/2023/02/attackers-abuse-cron-jobs-to-reinfect-websi… ∗∗∗ Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks ∗∗∗ --------------------------------------------- An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an unnamed government organization that utilized Havoc. --------------------------------------------- https://thehackernews.com/2023/02/threat-actors-adopt-havoc-framework-for.h… ∗∗∗ Lets build a Chrome extension that steals everything ∗∗∗ --------------------------------------------- Manifest v3 may have taken some of the juice out of browser extensions, but I think there is still plenty left in the tank. To prove it, let’s build a Chrome extension that steals as much data as possible. --------------------------------------------- https://mattfrisbie.substack.com/p/spy-chrome-extension ∗∗∗ How NPM Packages Were Used to Spread Phishing Links ∗∗∗ --------------------------------------------- [...] On Monday, 20th of February, Checkmarx Labs discovered an anomaly in the NPM ecosystem when we cross-referenced new information with our databases. Clusters of packages had been published in large quantities to the NPM package manager. Further investigation revealed that the packages were part of a trending new attack vector, with attackers spamming the open-source ecosystem with packages containing links to phishing campaigns. --------------------------------------------- https://checkmarx.com/blog/how-npm-packages-were-used-to-spread-phishing-li… ∗∗∗ Android voice chat app with 5m installs leaked user chats ∗∗∗ --------------------------------------------- The voice chat app under discussion is OyeTalk, which is available for Android and iOS devices and is operated from Pakistan. --------------------------------------------- https://www.hackread.com/android-voice-chat-app-data-leak/ ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: VMware dichtet kritisches Sicherheitsleck ab ∗∗∗ --------------------------------------------- VMware schließt mit Updates für Carbon Black App Control und vRealize sowie Cloud Foundation eine kritische und eine hochriskante Schwachstelle. --------------------------------------------- https://heise.de/-7523335 ∗∗∗ Foxit PDF-Updates dichten hochriskante Schwachstellen ab ∗∗∗ --------------------------------------------- In der PDF-Software Foxit klafften Sicherheitslücken, durch die Angreifer etwa mit manipulierten PDF-Dateien Schadcode einschleusen und ausführen hätten können. --------------------------------------------- https://heise.de/-7523313 ∗∗∗ Multiple vulnerabilities in Nokia BTS Airscale ASIKA [PDF] ∗∗∗ --------------------------------------------- Synacktiv performed an audit on the base transceiver station Nokia Airscale ASIKA, running the firmware version btsmed_5G19B_GNB_0007_001836_000863, and discovered multiple vulnerabilities. --------------------------------------------- https://www.synacktiv.com/sites/default/files/2023-02/Synacktiv-Nokia-BTS-A… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (amanda, apr-util, and tiff), Fedora (apptainer, git, gssntlmssp, OpenImageIO, openssl, webkit2gtk3, xorg-x11-server, and xorg-x11-server-Xwayland), Oracle (firefox and thunderbird), Red Hat (python3), SUSE (gnutls, php7, and python-Django), and Ubuntu (chromium-browser, libxpm, and mariadb-10.3, mariadb-10.6). --------------------------------------------- https://lwn.net/Articles/924070/ ∗∗∗ Synology-SA-23:01 ClamAV ∗∗∗ --------------------------------------------- Multiple vulnerabilities allow remote attackers to possibly execute arbitrary code or local users to obtain sensitive information via a susceptible version of Antivirus Essential, Synology Mail Server, and Synology MailPlus Server. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_23_01 ∗∗∗ IBM Security Bulletins 2023-02-22 ∗∗∗ --------------------------------------------- * A vulnerability in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * A vulnerability in the GUI affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * BM Sterling B2B Integrator is vulnerable to cross-site scripting (CVE-2022-43578) * IBM Sterling Global Mailbox is vulnerable to arbitrary code execution due to Apache Commons Collections [CVE-2015-6420, CVE-2017-15708] * IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a remote code execution vulnerability (CVE-2023-23477) * IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a remote code execution vulnerability (CVE-2023-23477) * Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * SNMPv3 server credentials are exposed in log files in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * The dasboard UI of IBM Sterling B2B Integrator is vulnerable to improper permission control (CVE-2022-40231) * Vulnerabilities in jsonwebtoken affects IBM Watson Assistant for IBM Cloud Pak for Data * Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Vulnerability in IBM WebSphere Application Server Liberty may affect IBM Spectrum Protect Plus (CVE-2019-11777) * Vulnerability in Log4j affects IBM Integrated Analytics System [CVE-2022-23305] --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco NX-OS Software SSH X.509v3 Certificate Authentication with Unsupported Remote Authorization Method Privilege Escalation Issues ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Nexus 9300-FX3 Series Fabric Extender for UCS Fabric Interconnects Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.22.0 to 6.0.0: SC-202302.2 ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2023-06 ∗∗∗ [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.22.0 to 5.23.1: SC-202302.3 ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2023-05 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.02.2023
by Daily end-of-shift report 21 Feb '23

21 Feb '23

===================== = End-of-Day report = ===================== Timeframe: Montag 20-02-2023 18:00 − Dienstag 21-02-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Kriminalität: Ransomware will Versicherungspolice ∗∗∗ --------------------------------------------- Die Ransomware Hardbit 2.0 verlangt die Versicherungspolice der Unternehmen, um die Lösegeldforderung anzupassen. Nicht ungefährlich für die Betroffenen. --------------------------------------------- https://www.golem.de/news/kriminalitaet-ransomware-will-versicherungspolice… ∗∗∗ Researchers Discover Dozens Samples of Information Stealer Stealc in the Wild ∗∗∗ --------------------------------------------- A new information stealer called Stealc thats being advertised on the dark web could emerge as a worthy competitor to other malware of its ilk. "The threat actor presents Stealc as a fully featured and ready-to-use stealer, whose development relied on Vidar, Raccoon, Mars, and RedLine stealers," SEKOIA said in a Monday report. --------------------------------------------- https://thehackernews.com/2023/02/researchers-discover-dozens-samples-of.ht… ∗∗∗ Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs ∗∗∗ --------------------------------------------- On Thursday, 16 February 2022, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product. This vulnerability, discovered by Gwendal Guégniaud of Fortinet, allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user. --------------------------------------------- https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/ ∗∗∗ A Deep Dive Into a PoshC2 Implant ∗∗∗ --------------------------------------------- PoshC2 is an open-source C2 framework used by penetration testers and threat actors. It can generate a Powershell-based implant, a C#.NET implant that we analyze in this paper, and a Python3 implant. --------------------------------------------- https://resources.securityscorecard.com/research/poshc2-implant ∗∗∗ ClamAV Critical Patch Review ∗∗∗ --------------------------------------------- The description of those bugs got our attention since we have format handlers in unblob for both DMG and HFS+. We therefore decided to spend some time trying to understand them and learn if we may be affected by similar bugs. --------------------------------------------- https://onekey.com/blog/clamav-critical-patch-review/ ∗∗∗ OWASP Kubernetes Top 10 ∗∗∗ --------------------------------------------- The OWASP Kubernetes Top 10 is aimed at helping security practitioners, system administrators, and software developers prioritize risks around the Kubernetes ecosystem. The Top 10 is a prioritized list of common risks backed by data collected from organizations varying in maturity and complexity. --------------------------------------------- https://sysdig.com/blog/top-owasp-kubernetes/ ∗∗∗ iOS 16.3 und 16.3.1: Apple räumt weitere schwere Lücken ein ∗∗∗ --------------------------------------------- Apple neigt seit längerem dazu, nicht alle gestopften Löcher in seinen Betriebssystemen sofort zu kommunizieren. Nun wurden Infos zu iOS 16.3 nachgereicht. --------------------------------------------- https://heise.de/-7522282 ∗∗∗ What can we learn from the latest Coinbase cyberattack? ∗∗∗ --------------------------------------------- Cryptocurrency exchange Coinbase has fended off a cyberattack that might have been mounted by the same attackers that targeted Twillio, Cloudflare and many other companies last year. --------------------------------------------- https://www.helpnetsecurity.com/2023/02/21/coinbase-cyberattack/ ∗∗∗ Keine Pellets auf ferberpainting.de bestellen! ∗∗∗ --------------------------------------------- Auf der Suche nach Pellets für die Beheizung des Eigenheims stoßen aktuell zahlreiche Personen auf ferberpainting.de bzw. ferberpainting.com. Für 199,90 Euro werden dort 40 Säcke mit 25 KG Pellets abgebildet und angeboten. Wer hier bestellt erlebt eine böse Überraschung, denn geliefert werden 40 leere Säcke. --------------------------------------------- https://www.watchlist-internet.at/news/keine-pellets-auf-ferberpaintingde-b… ∗∗∗ Ihre Bank ruft an? Es könnte sich um Betrug handeln! ∗∗∗ --------------------------------------------- Sie erhalten einen Anruf. Angeblich eine Mitarbeiterin Ihrer Bank. Die Anruferin erklärt, dass sie ungewöhnliche Abbuchungen von Ihrem Konto festgestellt hat. Sie hilft Ihnen dabei, das Geld zurückzubekommen und Ihr Konto zu schützen. Vorsicht: Es handelt sich um Betrug. --------------------------------------------- https://www.watchlist-internet.at/news/ihre-bank-ruft-an-es-koennte-sich-um… ∗∗∗ HWP Malware Using the Steganography Technique: RedEyes (ScarCruft) ∗∗∗ --------------------------------------------- In January, the ASEC (AhnLab Security Emergency response Center) analysis team discovered that the RedEyes threat group (also known as APT37, ScarCruft) had been distributing malware by exploiting the HWP EPS (Encapsulated PostScript) vulnerability (CVE-2017-8291). This report will share the RedEyes group’s latest activity in Korea. --------------------------------------------- https://asec.ahnlab.com/en/48063/ ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2023-0004 ∗∗∗ --------------------------------------------- CVSSv3 Range: 9.1 CVE(s): CVE-2023-20858 Synopsis: VMware Carbon Black App Control updates address an injection vulnerability (CVE-2023-20858) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2023-0004.html ∗∗∗ VMSA-2023-0005 ∗∗∗ --------------------------------------------- CVSSv3 Range: 8.8 CVE(s): CVE-2023-20855 Synopsis: VMware vRealize Orchestrator update addresses an XML External Entity (XXE) vulnerability (CVE-2023-20855) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2023-0005.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (libksba, thunderbird, and tigervnc and xorg-x11-server), Debian (clamav, nss, python-django, and sox), Fedora (kernel and thunderbird), Mageia (curl, firefox, nodejs-qs, qtbase5, thunderbird, upx, and webkit2), Red Hat (httpd:2.4, kernel, kernel-rt, kpatch-patch, pcs, php:8.0, python-setuptools, Red Hat build of Cryostat, Red Hat Virtualization Host 4.4.z SP 1, samba, systemd, tar, and thunderbird), Scientific Linux (firefox and thunderbird), and SUSE (clamav, firefox, jhead, mozilla-nss, prometheus-ha_cluster_exporter, tar, and ucode-intel). --------------------------------------------- https://lwn.net/Articles/923942/ ∗∗∗ TYPO3-EXT-SA-2023-002: Persisted Cross-Site Scripting in extension "Forms Export" (frp_form_answers) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2023-002 ∗∗∗ Mitsubishi Electric MELSOFT iQ AppPortal ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-23-052-01 ∗∗∗ IBM FlashSystem 710, 720, 810, and 820 systems and RamSan 710, 720, 810, and 820 systems are not affected by the Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278)\nFlash ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/690011 ∗∗∗ Six (6) Vulnerabilities in Network Security Services (NSS) & Netscape Portable Runtime (NSPR) affect IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 systems (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-154 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/690125 ∗∗∗ Two (2) Vulnerabilities in glibc affect IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems (CVE-2014-5119 and CVE-2014-0475) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/690127 ∗∗∗ Sixteen (16) Vulnerabilities in OpenSSL affect IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/690129 ∗∗∗ Four (4) Vulnerabilities in OpenSSL affect IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems ( CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, and CVE-2014-3568) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/690131 ∗∗∗ Four (4) Vulnerabilities in OpenSSL affect IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems ( CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, and CVE-2014-3568) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/690149 ∗∗∗ IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2023-25928) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6956598 ∗∗∗ Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6328143 ∗∗∗ IBM Db2 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file. (CVE-2022-43930) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6953755 ∗∗∗ IBM MQ is affected by multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 8 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6957066 ∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to JSON5 code execution (CVE-2022-46175) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6957134 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.02.2023
by Daily end-of-shift report 20 Feb '23

20 Feb '23

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-02-2023 18:00 − Montag 20-02-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ CISA warnt: Mögliche System-Kompromittierung durch Lücken in Thunderbird ∗∗∗ --------------------------------------------- Die Version 102.8 von Thunderbird schließt Schwachstellen, durch die Angreifer die Kontrolle über ein System erlangen könnten. Davor warnt die CISA. --------------------------------------------- https://heise.de/-7521002 ∗∗∗ Microsoft-Updates: Nebenwirkungen für VMware und Windows Server 2022 ∗∗∗ --------------------------------------------- Die Februar-Updates zum Microsoft-Patchdays haben ungewollte Nebenwirkungen. Sie betreffen Windows Server 2022 unter VMware und die Windows-11-Updateverteilung. --------------------------------------------- https://heise.de/-7521199 ∗∗∗ Nach Cyber-Einbruch: Angreifer leiten GoDaddy-Webseiten um ∗∗∗ --------------------------------------------- Beim Webhoster GoDaddy konnten Angreifer Anfang Dezember 2022 Schadcode einschleusen, der dort gehostete Webseiten auf Malware-Seiten umleitete. --------------------------------------------- https://heise.de/-7521325 ∗∗∗ Achtung: Finanzamt schickt kein SMS ∗∗∗ --------------------------------------------- Kriminelle versenden im Namen des Finanzamtes gefälschte Nachrichten. Im SMS wird behauptet, dass Sie einen Betrag von € 286, 93 erhalten. Um das Geld zu bekommen, müssen Sie sich verifizieren und auf einen Link klicken. Klicken Sie nicht auf den Link, Sie landen auf einer Phishing-Seite. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-finanzamt-schickt-kein-sms/ ∗∗∗ New WhiskerSpy malware delivered via trojanized codec installer ∗∗∗ --------------------------------------------- Security researchers have discovered a new backdoor called WhiskerSpy used in a campaign from a relatively new advanced threat actor tracked as Earth Kitsune, known for targeting individuals showing an interest in North Korea. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-whiskerspy-malware-deliv… ∗∗∗ OneNote Suricata Rules, (Sun, Feb 19th) ∗∗∗ --------------------------------------------- I end my diary entry "Detecting (Malicious) OneNote Files" with a set of Suricata rules to detect various OneNote files. --------------------------------------------- https://isc.sans.edu/diary/rss/29564 ∗∗∗ The Dangers of Installing Nulled WordPress Themes and Plugins ∗∗∗ --------------------------------------------- Nulled WordPress themes and plugins are a controversial topic for many in the web development world - and arguably one of the bigger threats to WordPress security. Essentially modified versions of official WordPress themes and plugins with their licensing restrictions removed, these nulled software copies are often touted as premium functionality packaged in a free download. --------------------------------------------- https://blog.sucuri.net/2023/02/the-dangers-of-installing-nulled-wordpress-… ∗∗∗ NimPlant - A light first-stage C2 implant written in Nim and Python ∗∗∗ --------------------------------------------- NimPlant was developed as a learning project and released to the public for transparency and educational purposes. For a large part, it makes no effort to hide its intentions. Additionally, protections have been put in place to prevent abuse. In other words, do NOT use NimPlant in production engagements as-is without thorough source code review and modifications! --------------------------------------------- https://github.com/chvancooten/NimPlant ∗∗∗ Finding forensics breadcrumbs in Android image storage ∗∗∗ --------------------------------------------- [...] In this post I’ll be talking about image scanning apps, and how to reverse engineer them to pinpoint user activity and tie a user to a particular image’s creation from a source file e.g. pages from a PDF. --------------------------------------------- https://www.pentestpartners.com/security-blog/finding-forensics-breadcrumbs… ∗∗∗ Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers ∗∗∗ --------------------------------------------- Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. Royal ransomware is following in the same path, a new variant targeting Linux systems emerged and we will provide a technical analysis on this variant in this blog. --------------------------------------------- https://www.trendmicro.com/en_us/research/23/b/royal-ransomware-expands-att… ∗∗∗ QR code generator My QR Code leaks users’ login data and addresses ∗∗∗ --------------------------------------------- My QR Code was informed about the leak almost two weeks ago, yet it failed to respond or secure its server. --------------------------------------------- https://www.hackread.com/qr-code-generator-my-qr-code-data-leak/ ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Fortinet schließt 40 Sicherheitslücken, PoC-Exploit angekündigt ∗∗∗ --------------------------------------------- Fortinet hat im Februar Updates für diverse Produkte veröffentlicht, die insgesamt 40 Sicherheitslücken schließen. Davon gelten zwei als kritisch. --------------------------------------------- https://heise.de/-7520937 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (c-ares, gnutls28, golang-github-opencontainers-selinux, isc-dhcp, nss, openssl, snort, and thunderbird), Fedora (clamav, curl, phpMyAdmin, thunderbird, vim, webkitgtk, and xen), Red Hat (firefox), Slackware (kernel), SUSE (apache2-mod_security2, gssntlmssp, postgresql-jdbc, postgresql12, and timescaledb), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/923803/ ∗∗∗ Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks ∗∗∗ --------------------------------------------- Malwarebytes warns of a remote code execution vulnerability impacting Arris G2482A, TG2492, and SBG10 routers, which have reached end-of-life (EOL). --------------------------------------------- https://www.securityweek.com/newly-disclosed-vulnerability-exposes-eol-arri… ∗∗∗ Critical SQL injection vulnerabilities in MISP (fixed in v2.4.166 and v2.4.167) ∗∗∗ --------------------------------------------- As of the past 2 months, we’ve received two separate reports of two unrelated SQLi vector vulnerabilities in MISP that can lead to any authenticated user being able to execute arbitrary SQL queries in MISP. --------------------------------------------- https://www.misp-project.org/2023/02/20/Critical_SQL_Injection_Vulnerabilit… ∗∗∗ IBM Security Bulletins 2023-02-20 ∗∗∗ --------------------------------------------- Flash Storage->RamSan-710, Flash Storage->RamSan-720, Flash Storage->RamSan-810, Flash Storage->RamSan-820, IBM Cloud Object Storage System, IBM Cloud Pak for Applications, IBM FlashSystem 720, IBM FlashSystem 900, IBM Multi-Enterprise Integration Gateway, IBM Multi-Enterprise Integration Gateway, IBM Power E1050 (9043-MRX), IBM Power L1022 (9786-22H), IBM Power L1024 (9786-42H), IBM Power S1014 (9105-41B), IBM Power S1022 (9105-22A), IBM Power S1022s (9105-22B), IBM Power S1024 (9105-42A), IBM WebSphere Hybrid Edition, Tivoli System Automation Application Manager --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.02.2023
by Daily end-of-shift report 17 Feb '23

17 Feb '23

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 16-02-2023 18:00 − Freitag 17-02-2023 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ New Mirai Botnet Variant V3G4 Exploiting 13 Flaws to Target Linux and IoT Devices ∗∗∗ --------------------------------------------- A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto Networks Unit 42, which identified three different campaigns likely conducted by the same threat actor. --------------------------------------------- https://thehackernews.com/2023/02/new-mirai-botnet-variant-v3g4.html ∗∗∗ Massenhaft SMS im Namen des Finanzamts im Umlauf ∗∗∗ --------------------------------------------- Wir erhalten derzeit zahlreiche Meldungen zu einer SMS, die im Namen des Finanzamtes versendet wird. Angeblich besteht eine offene Forderung, die trotz mehrfacher Mahnungen nicht beglichen wurde. Bei Nichtzahlung bis zum 18. Februar drohe der Gerichtsvollzieher und die Pfändung. Lassen Sie sich nicht unter Druck setzen. Es handelt sich um Betrug! --------------------------------------------- https://www.watchlist-internet.at/news/massenhaft-sms-im-namen-des-finanzam… ∗∗∗ Kritische Sicherheitslücken in ClamAV - Updates verfügbar ∗∗∗ --------------------------------------------- 17. Februar 2023 Beschreibung Zwei kritische Schwachstellen in ClamAV erlauben es unauthentisierten Angreifenden, beliebigen Code auszuführen. CVE-Nummer(n): CVE-2023-20032, CVE-2023-20052 Auswirkungen Die Lücken in ClamAV können durch präparierte HFS+ bzw. DMG Images ausgelöst werden. Da ClamAV oft als Virenscanner in Mailservern eingesetzt wird, können durch den Versand entsprechender Files per Email verwundbare Installationen kompromittiert werden. [...] --------------------------------------------- https://cert.at/de/warnungen/2023/2/kritische-sicherheitslucken-in-clamav ===================== = Vulnerabilities = ===================== ∗∗∗ Fortinet Security Advisories ∗∗∗ --------------------------------------------- Secerity Critical: * FortiNAC - External Control of File Name or Path in keyUpload scriptlet * FortiWeb - Stack-based buffer overflows in Proxyd Severity High: 15 Advisories * FortiADC, FortiExtender, FortiNAC, FortiOS, FortiProxy, FortiSwitchManager, FortiWAN, FortiWeb Severity Medium/Low: 23 Advisories --------------------------------------------- https://fortiguard.fortinet.com/psirt?date=02-2023 ∗∗∗ Node.js Thursday February 16 2023 Security Releases ∗∗∗ --------------------------------------------- * OpenSSL Security updates * Node.js Permissions policies can be bypassed via process.mainModule * Node.js OpenSSL error handling issues in nodejs crypto library * Fetch API in Node.js did not protect against CRLF injection in host headers * Regular Expression Denial of Service in Headers in Node.js fetch API * Node.js insecure loading of ICU data through ICU_DATA environment variable * npm update for Node.js 14 --------------------------------------------- https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/ ∗∗∗ CISA Releases Fifteen Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- * Siemens Solid Edge * Siemens SCALANCE X-200 IRT * Siemens Brownfield Connectivity Client * Siemens Brownfield Connectivity Gateway * Siemens SiPass integrated AC5102/ACC-G2 and ACC-AP * Siemens Simcenter Femap * Siemens TIA Project Server * Siemens RUGGEDCOM APE1808 * Siemens SIMATIC Industrial Products * Siemens COMOS * Siemens Mendix * Siemens JT Open, JT Utilities, and Parasolid * Sub-IoT DASH 7 Alliance Protocol * Delta Electronic DIAEnergie (Update B) * BD Alaris Infusion Central --------------------------------------------- https://www.cisa.gov/uscert/ncas/current-activity/2023/02/16/cisa-releases-… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (webkit2gtk and wpewebkit), Fedora (firefox, phpMyAdmin, tpm2-tools, and tpm2-tss), Slackware (mozilla), SUSE (mozilla-nss, rubygem-actionpack-4_2, rubygem-actionpack-5_1, and tar), and Ubuntu (linux-azure and linux-hwe-5.19). --------------------------------------------- https://lwn.net/Articles/923644/ ∗∗∗ Vulnerability in IP Quorum affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- * IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to jsonwebtoken CVEs * IBM FlashSystem 9100 family and IBM Storwize V7000 2076-724 (Gen3) systems are NOT affected by security vulnerabilities CVE-2018-12037 and CVE-2018-12038 * IBM MQ Operator and Queue Manager container images are vulnerable to vulnerabilities from libksba and sqlite (CVE-2022-47629 and CVE-2022-35737) * IBM Security Guardium Data Encryption is using Components with Known Vulnerabilities (CVE-2022-31129, CVE-2022-24785) * IBM Security Guardium is affected by a redshift-jdbc42-2.0.0.3.jar vulnerability (CVE-2022-41828) * IBM Security Guardium is affected by the following vulnerabilities [CVE-2022-39166, CVE-2022-34917, CVE-2022-42889] * Java vulnerabilities affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * LDAP vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Multiple Vulnerabilities in Multicloud Management Security Services * Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform * Multiple vulnerabilities in Golang Go affect IBM Decision Optimization in IBM Cloud Pak for Data * Multiple vulnerabilities in IBM Java SDK affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Multiple vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Network Security (NSS) vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * OpenSLP vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Vulnerabilities in IBM Java affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Vulnerabilities in IBM Java and Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products * Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products* Vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-11776) * Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products * Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2018-11784) * Vulnerability in DHCP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5732) * Vulnerability in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2019-2602) * Vulnerability in IP Quorum affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Vulnerability in OpenSLP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2017-17833) * Vulnerability in OpenSSL affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Vulnerability in SSH protocols affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2008-5161) * Vulnerability in Service Assistant affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-1775) * Vulnerability in sed affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products * Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5391) * Vulnerability in zlib affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ Atrocore 1.5.25 Shell Upload ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2023020029 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.02.2023
by Daily end-of-shift report 16 Feb '23

16 Feb '23

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 15-02-2023 18:00 − Donnerstag 16-02-2023 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Emsisoft says hackers are spoofing its certs to breach networks ∗∗∗ --------------------------------------------- A hacker is using fake code-signing certificates impersonating cybersecurity firm Emsisoft to target customers using its security products, hoping to bypass their defenses. --------------------------------------------- https://www.bleepingcomputer.com/news/security/emsisoft-says-hackers-are-sp… ∗∗∗ Hackers backdoor Microsoft IIS servers with new Frebniis malware ∗∗∗ --------------------------------------------- Hackers are deploying a new malware named Frebniss on Microsofts Internet Information Services (IIS) that stealthily executes commands sent via web requests. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-backdoor-microsoft-i… ∗∗∗ „Fake Customer Trick“: Kriminelle ergaunern hochwertige Produkte ∗∗∗ --------------------------------------------- Der Name des Halbleiterherstellers Infineon wird derzeit für kriminelle Zwecke missbraucht: Per Mail geben sich Betrüger:innen als Infineon-Mitarbeiter Marcus Schlenker aus und bekunden Interesse an einer Großbestellung. Für die Empfänger:innen klingt das nach einem unkomplizierten und schnellen Geschäft. Doch tatsächlich landen die versendeten Produkte in den Händen von Kriminellen, auf die Bezahlung warten die Opfer vergeblich. --------------------------------------------- https://www.watchlist-internet.at/news/fake-customer-trick-kriminelle-ergau… ∗∗∗ Malware Reverse Engineering for Beginners – Part 2 ∗∗∗ --------------------------------------------- Often, malware targeting Windows will be packed and delivered as a second stage. There are different ways to “deliver” malware to the endpoint. This blog will cover key concepts and examples regarding how malware is packed, obfuscated, delivered, and executed on the endpoint. --------------------------------------------- https://www.intezer.com/blog/incident-response/malware-reverse-engineering-… ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday bei Intel: Angreifer könnten Server über Root-Lücke attackieren ∗∗∗ --------------------------------------------- Intel hat für verschiedene Firm- und Software wichtige Sicherheitsupdates veröffentlicht. In vielen Fällen könnten sich Angreifer höhere Rechte verschaffen. --------------------------------------------- https://heise.de/-7517141 ∗∗∗ Jetzt patchen! Entwickler des CMS Joomla warnen vor kritischer Sicherheitslücke ∗∗∗ --------------------------------------------- Es ist ein "sehr wichtiger" Sicherheitspatch für Joomla erscheinen. --------------------------------------------- https://heise.de/-7517312 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr), Fedora (community-mysql, edk2, firefox, and git), Slackware (curl and git), SUSE (apache2-mod_security2, aws-efs-utils, bind, curl, git, ImageMagick, java-11-openjdk, java-17-openjdk, java-1_8_0-openjdk, kernel, libksba, and mozilla-nss), and Ubuntu (golang-golang-x-text, golang-x-text, linux-aws, linux-intel-iotg, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux linux-ibm-5.4, linux-oracle-5.4, linux-gke, linux-gke-5.15, nss, and xorg-server, xorg-server-hwe-16.04). --------------------------------------------- https://lwn.net/Articles/923503/ ∗∗∗ Splunk Enterprise Updates Patch High-Severity Vulnerabilities ∗∗∗ --------------------------------------------- Splunk updates for Enterprise products resolve multiple high-severity vulnerabilities, including several in third-party packages. --------------------------------------------- https://www.securityweek.com/splunk-enterprise-updates-patch-high-severity-… ∗∗∗ Security Vulnerabilities fixed in Thunderbird 102.8 ∗∗∗ --------------------------------------------- CVE-2023-0616: User Interface lockup with messages combining S/MIME and OpenPGP CVE-2023-25728: Content security policy leak in violation reports using iframes CVE-2023-25730: Screen hijack via browser fullscreen mode CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS CVE-2023-25735: Potential use-after-free from compartment mismatch in SpiderMonkey CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry CVE-2023-25738: Printing on Windows could potentially crash Thunderbird with some device drivers CVE-2023-25739: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext CVE-2023-25746: Memory safety bugs fixed in Thunderbird 102.8 ... --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/ ∗∗∗ MISP 2.4.168 released with bugs fixed, security fixes and major improvements in STIX support. ∗∗∗ --------------------------------------------- We are pleased to announce the immediate availability of MISP v2.4.168 with bugs fixed and various security fixes. --------------------------------------------- https://github.com/MISP/MISP/releases/tag/v2.4.168 ∗∗∗ ClamAV DMG File Parsing XML Entity Expansion Vulnerability Affecting Cisco Products: February 2023 ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability Affecting Cisco Products: February 2023 ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ WAGO: Exposure of configuration interface in unmanaged switches ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-055/ ∗∗∗ IBM App Connect Enterprise is affected by a remote attacker due to the zip4j library [CVE-2023-22899] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6955913 ∗∗∗ Multiple vulnerabilities in moment.js affect IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-31129, CVE-2022-24785) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6852667 ∗∗∗ IBM Navigator for i is vulnerable to log file access, obtaining file attributes, and SQL Injection attacks due to multiple vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6850801 ∗∗∗ WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6956223 ∗∗∗ Intel Ethernet controllers as used in IBM QRadar SIEM are vulnerable to a denial of service (CVE-2021-0197, CVE-2021-0198, CVE-2021-0199, CVE-2021-0200) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6956287 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.02.2023
by Daily end-of-shift report 15 Feb '23

15 Feb '23

===================== = End-of-Day report = ===================== Timeframe: Dienstag 14-02-2023 18:00 − Mittwoch 15-02-2023 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Adobe Patchday: Schadcode-Attacken auf After Effects & Co. möglich ∗∗∗ --------------------------------------------- Adobe hat unter anderem für After Effects, InDesign und Photoshop Sicherheitsupdates veröffentlicht. --------------------------------------------- https://heise.de/-7496102 ∗∗∗ Bluetooth-Fehler in Android 13 kann Diabetiker gefährden ∗∗∗ --------------------------------------------- Ein Fehler in Android 13 kann die Kommunikation zwischen Blutzuckersensor und zugehöriger App stören. Dann warnt die App nicht vor gefährlicher Unterzuckerung. --------------------------------------------- https://heise.de/-7496644 ∗∗∗ Angreifer attackieren Microsoft 365 und Windows - Mehrere kritische Lücken ∗∗∗ --------------------------------------------- Es sind wichtige Sicherheitsupdates für unter anderem Azure, Exchange Server und Windows erschienen. Mehrere Lücken sind als "kritisch" eingestuft. --------------------------------------------- https://heise.de/-7496015 ∗∗∗ Abo-Falle beim Kauf von Handyhüllen auf puffcase-official.com ∗∗∗ --------------------------------------------- Wenn Sie auf der Suche nach einer Schutzhülle für Ihr Smartphone sind, nehmen Sie sich vor puffcase-official.com in Acht. Während die „Puffcases“ auf den ersten Blick günstig wirken und zu einem schnellen Kauf verleiten, stellt sich die Seite als Abo-Falle heraus. Davon erfahren Sie erst, wenn die neuerliche Abbuchung auf Ihrer Kreditkarte auftaucht. Bestellen Sie hier nicht! --------------------------------------------- https://www.watchlist-internet.at/news/abo-falle-beim-kauf-von-handyhuellen… ∗∗∗ NPM packages posing as speed testers install crypto miners instead ∗∗∗ --------------------------------------------- A new set of 16 malicious NPM packages are pretending to be internet speed testers but are, in reality, coinminers that hijack the compromised computers resources to mine cryptocurrency for the threat actors. --------------------------------------------- https://www.bleepingcomputer.com/news/security/npm-packages-posing-as-speed… ∗∗∗ Hyundai and Kia issue software upgrades to thwart killer TikTok car theft hack ∗∗∗ --------------------------------------------- Gone in 60 seconds using a USB-A plug and brute force instead of a key Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to many thefts and even some deaths. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2023/02/15/hyundai_kia_… ∗∗∗ PYbot DDoS Malware Being Distributed Disguised as a Discord Nitro Code Generator ∗∗∗ --------------------------------------------- The ASEC analysis team has recently discovered Pybot DDoS being distributed with illegal software. The program used as bait by the threat actor is a token generator called Nitro Generator. Nitro is a paid Discord service with various benefits which can be seen below in Figure 1. Nitro Generator is a tool that generates codes that can be used for free access to Nitro. --------------------------------------------- https://asec.ahnlab.com/en/47789/ ∗∗∗ cURL audit: How a joke led to significant findings ∗∗∗ --------------------------------------------- In fall 2022, Trail of Bits audited cURL, a widely-used command-line utility that transfers data between a server and supports various protocols. [..] the fuzzer quickly uncovered memory corruption bugs, specifically use-after-free issues, double-free issues, and memory leaks. Because the bugs are in libcurl, a cURL development library, they have the potential to affect the many software applications that use libcurl. This blog post describes how we found the following vulnerabilities --------------------------------------------- https://blog.trailofbits.com/2023/02/14/curl-audit-fuzzing-libcurl-command-… ∗∗∗ ICS Patch Tuesday: 100 Vulnerabilities Addressed by Siemens, Schneider Electric ∗∗∗ --------------------------------------------- Siemens has published 13 new advisories covering a total of 86 vulnerabilities. [..] Schneider Electric has published three advisories covering 10 vulnerabilities. --------------------------------------------- https://www.securityweek.com/ics-patch-tuesday-100-vulnerabilities-addresse… ∗∗∗ DNS Abuse Techniques Matrix ∗∗∗ --------------------------------------------- The FIRST DNS Abuse SIG has been working on a document for some time, which has now finally been published: a matrix of DNS abuse techniques and their stakeholders. Its intended to help people experiencing DNS abuse, particularly incident responders and security teams. --------------------------------------------- https://www.first.org/global/sigs/dns/DNS-Abuse-Techniques-Matrix_v1.1.pdf ∗∗∗ Sustained Activity by Threat Actors ∗∗∗ --------------------------------------------- The European Union Agency for Cybersecurity (ENISA) and the CERT of the EU institutions, bodies and agencies (CERT-EU) jointly published a report to alert on sustained activity by particular threat actors. The malicious cyber activities of the presented threat actors pose a significant and ongoing threat to the European Union. --------------------------------------------- https://www.enisa.europa.eu/news/sustained-activity-by-threat-actors ∗∗∗ Abusing Azure App Service Managed Identity Assignments ∗∗∗ --------------------------------------------- [...] Managed Identities are great and admins should absolutely use them. But admins also need to understand the risks that come with Managed Identities and how to deal with those risks. In this blog post I will explain those risks, demonstrate how an attacker can abuse App Service Managed Identity assignments, and show you how to identify and deal with those risks yourself. --------------------------------------------- https://posts.specterops.io/abusing-azure-app-service-managed-identity-assi… ===================== = Vulnerabilities = ===================== ∗∗∗ AMD: Cross-Thread Return Address Predictions ∗∗∗ --------------------------------------------- AMD internally discovered a potential vulnerability where certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information disclosure. AMD believes that due to existing mitigations applied to address other speculation-based issues, theoretical avenues for potential exploit of CVE-2022-27672 may be limited only to select virtualization environments where a virtual machine is given special privileges. --------------------------------------------- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1045 ∗∗∗ HAProxy Security Update (CVE-2023-25725) ∗∗∗ --------------------------------------------- A team of security researchers notified me on Thursday evening that they had found a dirty bug in HAProxys headers processing, and that, when properly exploited, this bug allows to build an HTTP content smuggling attack. [..] The issue was fixed in all versions and all modes (HTX and legacy), and all versions were upgraded. [..] Distros were notified (not very long ago admittedly, the delay was quite short for them) and updated packages will appear soon. --------------------------------------------- https://www.mail-archive.com/haproxy@formilux.org/msg43229.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gnutls28 and haproxy), Fedora (syslog-ng), Mageia (apr-util, chromium-browser-stable, editorconfig-core-c, ffmpeg, libzen, phpmyadmin, tpm2-tss, and webkit2), Oracle (kernel and kernel-container), Slackware (mozilla and php), SUSE (git, haproxy, kernel, nodejs18, phpMyAdmin, and timescaledb), and Ubuntu (APR-util, git, and haproxy). --------------------------------------------- https://lwn.net/Articles/923364/ ∗∗∗ Lenovo Product Security Advisories ∗∗∗ --------------------------------------------- * AMI MegaRAC SP-X BMC Redfish Vulnerabilities * AMI MegaRAC SP-X BMC Vulnerabilities * Crypto API Toolkit for Intel SGX Advisory * Intel Ethernet Controllers and Adapters Advisory * Intel Ethernet VMware Drivers Advisory * Intel Integrated Sensor Solution Advisory * Intel Server Platform Services (SPS) Vulnerabilities * Intel SGX SDK Advisory * Multi-Vendor BIOS Security Vulnerabilities (February 2023) --------------------------------------------- https://support.lenovo.com/at/en/product_security/home ∗∗∗ Released: February 2023 Exchange Server Security Updates ∗∗∗ --------------------------------------------- Microsoft has released Security Updates (SUs) for vulnerabilities found in:Exchange Server 2013Exchange Server 2016Exchange Server 2019SUs are available in a self-extracting auto-elevating .exe package, as well as the original update packages (.msp files), which can be downloaded from the Microsoft Update Catalog.SUs are available for the following specific versions of Exchange Server:Exchange Server 2013 CU23 (note that support and availability of SUs end on April 11, 2023)Exchange Server 2016 --------------------------------------------- https://techcommunity.microsoft.com/t5/exchange-team-blog/released-february… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ ∗∗∗ XSA-426 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-426.html ∗∗∗ Advisory: Impact of Insyde UEFI Boot Issues on B&R Products ∗∗∗ --------------------------------------------- https://www.br-automation.com/downloads_br_productcatalogue/assets/16759315… ∗∗∗ ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability Affecting Cisco Products: February 2023 ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Nexus Dashboard Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Nexus Dashboard Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Email Security Appliance and Cisco Secure Email and Web Manager Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ ClamAV DMG File Parsing XML Entity Expansion Vulnerability Affecting Cisco Products: February 2023 ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.02.2023
by Daily end-of-shift report 14 Feb '23

14 Feb '23

===================== = End-of-Day report = ===================== Timeframe: Montag 13-02-2023 18:00 − Dienstag 14-02-2023 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New stealthy Beep malware focuses heavily on evading detection ∗∗∗ --------------------------------------------- A new stealthy malware named Beep was discovered last week, featuring many features to evade analysis and detection by security software. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-stealthy-beep-malware-fo… ∗∗∗ Exploiting a remote heap overflow with a custom TCP stack ∗∗∗ --------------------------------------------- In November 2021 our team took part in the ZDI Pwn2Own Austin 2021 competition with multiple entries. One of them successfully compromised the Western Digital MyCloudHome connected hard drive via a 0-day in the Netatalk daemon. Our exploit was unusual because triggering the vulnerability required to mess with the remote TCP stack, so we wrote our own. This blog post will provide some technical details about it. --------------------------------------------- https://www.synacktiv.com/publications/exploiting-a-remote-heap-overflow-wi… ∗∗∗ Securing Open-Source Solutions: A Study of osTicket Vulnerabilities ∗∗∗ --------------------------------------------- One of the applications assessed was osTicket, an open-source ticketing system. With distinctive features and plugins, osTicket gives users the ability to “Manage, organize, and archive all your support requests and responses (...).” During our assessment, the Checkmarx Labs team found some interesting vulnerabilities. In this blog/report, not only will we disclose some of the identified vulnerabilities but also elaborate on the team’s approach to identifying them. --------------------------------------------- https://checkmarx.com/blog/securing-open-source-solutions-a-study-of-ostick… ∗∗∗ Amazon: Vorsicht vor Fake-Anrufen ∗∗∗ --------------------------------------------- Aktuell geben sich Kriminelle als Mitarbeiter:innen von Amazon aus und täuschen ein Problem mit Ihrer Bestellung vor. Sie werden aufgefordert Zahlungsdaten zu übermitteln, Zahlungen freizugeben und eine Wartungssoftware wie TeamViewer zu installieren. Legen Sie auf und blockieren Sie die Nummer. --------------------------------------------- https://www.watchlist-internet.at/news/amazon-vorsicht-vor-fake-anrufen/ ∗∗∗ A Deep Dive into Reversing CODESYS ∗∗∗ --------------------------------------------- This white paper offers a technical deep dive into PLC protocols and how to safely scan CODESYS-based ICS networking stacks. --------------------------------------------- https://www.rapid7.com/blog/post/2023/02/14/a-deep-dive-into-reversing-code… ∗∗∗ Typosquatting: Legit Abquery Package Duped with Malicious Aabquerys ∗∗∗ --------------------------------------------- Aabquerys use the typosquatting technique to encourage downloading malicious components, as it has been cleverly named to make it sound like the legitimate NPM module Abquery. --------------------------------------------- https://www.hackread.com/typosquatting-abquery-package-aabquerys/ ===================== = Vulnerabilities = ===================== ∗∗∗ Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug ∗∗∗ --------------------------------------------- Conditional code considered cryptographically counterproductive. --------------------------------------------- https://nakedsecurity.sophos.com/2023/02/13/serious-security-gnutls-follows… ∗∗∗ Patch Now: Apples iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw ∗∗∗ --------------------------------------------- Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild.Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution. --------------------------------------------- https://thehackernews.com/2023/02/patch-now-apples-ios-ipados-macos-and.html ∗∗∗ Patchday: SAP schützt seine Software vor möglichen Attacken ∗∗∗ --------------------------------------------- Es sind unter anderem für SAP BusinessObjects und SAP Start Service wichtige Sicherheitsupdates erschienen. --------------------------------------------- https://heise.de/-7494856 ∗∗∗ Bestimmte auf HP-Computern vorinstallierte Windows-10-Versionen sind verwundbar ∗∗∗ --------------------------------------------- Wer einen PC von HP mit einer älteren Windows-10-Ausgabe nutzt, sollte einen Sicherheitspatch installieren. --------------------------------------------- https://heise.de/-7494955 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (imagemagick), Fedora (xml-security-c), Red Hat (grub2), SUSE (chromium, freerdp, libbpf, and python-setuptools), and Ubuntu (fig2dev and python-django). --------------------------------------------- https://lwn.net/Articles/923267/ ∗∗∗ Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483 ∗∗∗ --------------------------------------------- A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. CVE-2023-24483 --------------------------------------------- https://support.citrix.com/article/CTX477616/citrix-virtual-apps-and-deskto… ∗∗∗ Citrix Workspace app for Windows Security Bulletin for CVE-2023-24484 & CVE-2023-24485 ∗∗∗ --------------------------------------------- A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. CVE-2023-24484 & CVE-2023-24485 --------------------------------------------- https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windo… ∗∗∗ Citrix Workspace app for Linux Security Bulletin for CVE-2023-24486 ∗∗∗ --------------------------------------------- A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched. CVE-2023-24486 --------------------------------------------- https://support.citrix.com/article/CTX477618/citrix-workspace-app-for-linux… ∗∗∗ SonicWall Email Security Information Discloser Vulnerability ∗∗∗ --------------------------------------------- SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. CVE: CVE-2023-0655 --------------------------------------------- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0002 ∗∗∗ The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries ∗∗∗ --------------------------------------------- The installers of ELECOM Camera Assistant and QuickFileDealer provided by ELECOM CO.,LTD. may insecurely load Dynamic Link Libraries. --------------------------------------------- https://jvn.jp/en/jp/JVN60263237/ ∗∗∗ Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools ∗∗∗ --------------------------------------------- tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools provided by FUJITSU LIMITED contain an improper restriction of XML external entity reference (XXE) vulnerability. --------------------------------------------- https://jvn.jp/en/jp/JVN00712821/ ∗∗∗ 101news By Mayuri K 1.0 SQL Injection ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2023020025 ∗∗∗ Developed by Ameya Computers LOGIN SQL INJECTİON ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2023020024 ∗∗∗ SSA-953464 V1.0: Multiple Vulnerabilites in Siemens Brownfield Connectivity - Client before V2.15 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf ∗∗∗ SSA-847261 V1.0: Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-847261.pdf ∗∗∗ SSA-836777 V1.0: JT File Parsing Vulnerabilities in JT Open, JT Utilities and Parasolid ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf ∗∗∗ SSA-744259 V1.0: Golang Vulnerabilities in Brownfield Connectivity - Gateway before V1.10.1 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf ∗∗∗ SSA-693110 V1.0: Buffer Overflow Vulnerability in COMOS ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-693110.pdf ∗∗∗ SSA-686975 V1.0: IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-686975.pdf ∗∗∗ SSA-658793 V1.0: Command Injection Vulnerability in SiPass integrated AC5102 / ACC-G2 and ACC-AP ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdf ∗∗∗ SSA-640968 V1.0: Untrusted Search Path Vulnerability in TIA Project-Server formerly known as TIA Multiuser Server ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf ∗∗∗ SSA-617755 V1.0: Denial of Service Vulnerability in the SNMP Agent of SCALANCE X-200IRT Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-617755.pdf ∗∗∗ SSA-565356 V1.0: X_T File Parsing Vulnerabilities in Simcenter Femap before V2023.1 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-565356.pdf ∗∗∗ SSA-491245 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf ∗∗∗ SSA-450613 V1.0: Insyde BIOS Vulnerabilities in RUGGEDCOM APE1808 Product Family ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf ∗∗∗ SSA-252808 V1.0: XPath Constraint Vulnerability in Mendix Runtime ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-252808.pdf ∗∗∗ PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-001/ ∗∗∗ Weintek EasyBuilder Pro cMT Series ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-23-045-01 ∗∗∗ Advisory: Reflected Cross-Site Scripting Vulnerabitities in SDM ∗∗∗ --------------------------------------------- https://www.br-automation.com/downloads_br_productcatalogue/assets/16756072… ∗∗∗ IBM Db2 Web Query for i is vulnerable to arbitrary code execution due to Apache Commons Text [CVE-2022-42889] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6955251 ∗∗∗ IBM App Connect Enterprise Certified Container operands may be vulnerable to security restrictions bypass due to [CVE-2021-25743] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6955255 ∗∗∗ IBM Sterling Control Center is vulnerable to a denial of service due to Jave SE (CVE-2022-21626) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6955277 ∗∗∗ IBM Sterling Control Center is vulnerable to security bypass due to Eclipse Openj9 (CVE-2022-3676) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6955281 ∗∗∗ CVE-2022-21624 may affect IBM\u00ae SDK, Java\u2122 Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6955493 ∗∗∗ CVE-2022-3676 may affect Eclipse Openj9 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6955497 ∗∗∗ IBM QRadar SIEM is vulnerable to possible information disclosure [CVE-2023-22875] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6855643 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.02.2023
by Daily end-of-shift report 13 Feb '23

13 Feb '23

===================== = End-of-Day report = ===================== Timeframe: Freitag 10-02-2023 18:00 − Montag 13-02-2023 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Erpressungstrojaner Play infiltriert Systeme von A10 Networks ∗∗∗ --------------------------------------------- Angreifer konnten auf interne Daten des Herstellers von Netzwerkgeräten A10 Networks zugreifen. Kundendaten sollen nicht betroffen sein. --------------------------------------------- https://heise.de/-7493748 ∗∗∗ Gefälschtes Therme Wien-Gewinnspiel auf Facebook ∗∗∗ --------------------------------------------- Auf Facebook kursiert momentan ein betrügerisches Gewinnspiel für einen Tagesurlaub inklusive Massage in der Therme Wien. Das Gewinnspiel, das von der Facebook-Seite „Freizeit-Helden“ beworben wird, steht aber in keinem Zusammenhang mit der Therme Wien und sammelt Daten. Nehmen Sie nicht teil und melden Sie das Posting. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschtes-therme-wien-gewinnspiel… ∗∗∗ Details zur LocalPotato NTLM Authentication-Schwachstelle (CVE-2023-21746) ∗∗∗ --------------------------------------------- Mitte Januar 2023 Monat hatte ich im Blog-Beitrag Nach RemotePotato0 kommt die Windows Local Potato NTLM-Schwachstelle (CVE-2023-21746) auf eine lokale NTLM-Authentifizierungsschwachstelle (CVE-2023-21746) hingewiesen. Die Entdecker bezeichnen diese als LocalPotator, hatten seinerzeit aber keine Details offen gelegt. Jetzt wurde dies nachgeholt. --------------------------------------------- https://www.borncity.com/blog/2023/02/11/details-zur-localpotato-ntlm-authe… ∗∗∗ We had a security incident. Here’s what we know. ∗∗∗ --------------------------------------------- TL:DR Based on our investigation so far, Reddit user passwords and accounts are safe, but on Sunday night (pacific time), Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to some internal documents, code, and some internal business systems. --------------------------------------------- https://www.reddit.com/r/netsec/comments/10y59q2/we_had_a_security_incident… ∗∗∗ Devs targeted by W4SP Stealer malware in malicious PyPi packages ∗∗∗ --------------------------------------------- Five malicious packages were found on the Python Package Index (PyPI), stealing passwords, Discord authentication cookies, and cryptocurrency wallets from unsuspecting developers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/devs-targeted-by-w4sp-steale… ∗∗∗ Security baseline for Microsoft Edge version 110 ∗∗∗ --------------------------------------------- We are pleased to announce the security review for Microsoft Edge, version 110! We have reviewed the new settings in Microsoft Edge version 110 and determined that there are no additional security settings that require enforcement. The Microsoft Edge version 107 security baseline continues to be our recommended configuration which can be downloaded from the Microsoft Security Compliance Toolkit. Microsoft Edge version 110 introduced 13 new computer settings and 13 new user settings. --------------------------------------------- https://techcommunity.microsoft.com/t5/microsoft-security-baselines/securit… ∗∗∗ PCAP Data Analysis with Zeek, (Sun, Feb 12th) ∗∗∗ --------------------------------------------- Having full packet captures of a device or an entire network can be extremely useful. It is also a lot of data to go through and process manually. Zeek [1] can help to simplify network traffic analysis. It can also help save a lot of storage space. I'll be going through and processing some PCAP data collected from my honeypot. --------------------------------------------- https://isc.sans.edu/diary/rss/29530 ∗∗∗ Linux auditd for Threat Hunting [Part 2] ∗∗∗ --------------------------------------------- In this part, I will highlight only 1 technique (process/command execution) and explain the fields. In Part 3, I will show you tests I ran for several other behaviors. --------------------------------------------- https://izyknows.medium.com/linux-auditd-for-threat-hunting-part-2-c75500f5… ∗∗∗ Crypto Wallet Address Replacement Attack ∗∗∗ --------------------------------------------- At around 17:49 UTC on 9 February 2023, Phylum’s automated risk detection platform began alerting us to a long series of suspicious publications which appear to be a revived attempt to deliver the same crypto wallet clipboard replacing malware. This time, however, the attacker changed the obfuscation technique and radically increased the volume of attacks. [..] over 451 unique packages. These targeted some very popular packages, many of them in the crypto/finance and web development space --------------------------------------------- https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-repla… ∗∗∗ The Linux Kernel and the Cursed Driver (CVE-2022-4842) ∗∗∗ --------------------------------------------- TL;DR: We found a bug in the not-so-well-maintained NTFS3 driver in Linux. Abusing the vulnerability could lead to a denial-of-service (DoS) attack on machines with a mounted NTFS filesystem. --------------------------------------------- https://www.cyberark.com/resources/threat-research-blog/the-linux-kernel-an… ===================== = Vulnerabilities = ===================== ∗∗∗ Monitorr 1.7.6 Shell Upload ∗∗∗ --------------------------------------------- Topic: Monitorr 1.7.6 Shell Upload Risk: High Text:# Exploit Title: Monitorr v1.7.6 - Unauthenticated File upload to Remote Code Execution # Exploit Author: Achuth V P (retrymp3... --------------------------------------------- https://cxsecurity.com/issue/WLB-2023020021 ∗∗∗ Cisco Email Security Appliance URL Filtering Bypass Vulnerability ∗∗∗ --------------------------------------------- On January 18, 2023, Cisco disclosed the following: A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. [...] After additional investigation, it was determined that this vulnerability is not exploitable. For more information, see the Workarounds section of this advisory. --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ ABB Cyber Security Advisory: Drive Composer multiple vulnerabilities ∗∗∗ --------------------------------------------- Affected products: CVE-2018-1285, CVE-2022-35737, CVE-2021-27293, CVE-2022-37434: - Drive Composer entry 2.8 and earlier - Drive Composer pro 2.8 and earlier. CVE-2018-1002205: - Drive Composer entry 2.4 and earlier - Drive Composer pro 2.4 and earlier An attacker who successfully exploited these vulnerabilities could cause the product to stop, make the product inaccessible or insert and run arbitrary code. --------------------------------------------- https://search.abb.com/library/Download.aspx?Action=Launch&DocumentID=9AKK1… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libde265 and snort), Fedora (chromium, openssl, php-symfony4, qt5-qtbase, qt6-qtbase, tigervnc, vim, wireshark, xorg-x11-server, and xorg-x11-server-Xwayland), Slackware (gnutls), SUSE (apr-util, grafana, java-1_8_0-ibm, kernel, less, libksba, opera, postgresql12, postgresql13, postgresql14, postgresql15, python-py, webkit2gtk3, wireshark, and xrdp), and Ubuntu (nova and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/923163/ ∗∗∗ Wordpress Multiple themes - Unauthenticated Arbitrary File Upload ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2023020022 ∗∗∗ NEC PC Settings Tool vulnerable to missing authentication for critical function ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN60320736/ ∗∗∗ Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN98612206/ ∗∗∗ IBM Security Bulletins 2023-02-13 ∗∗∗ --------------------------------------------- * AIX is vulnerable to denial of service vulnerabilities * IBM Cloud Pak for Network Automation v2.4.3 addresses multiple security vulnerabilities * IBM MQ Appliance is vulnerable to an unspecified Java SE vulnerability (CVE-2022-21626) * IBM PowerVM Novalink is vulnerable because Apache Commons IO could allow a remote attacker to traverse directories on the system * IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty vulnerable to protobuf-java core and lite are vulnerable to a denial of service. (CVE-2022-3509) * IBM PowerVM Novalink is vulnerable because Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. (CVE-2022-21628) * IBM QRadar SIEM includes multiple components with known vulnerabilities * IBM QRadar SIEM is vulnerable to information exposure (CVE-2022-34351) * IBM Security Directory Integrator is affected by multiple security vulnerabilities * IBM Sterling B2B Integrator is vulnerable to cross-site scripting (CVE-2022-43579) * IBM Sterling B2B Integrator is vulnerable to denial of service due to Spring Framework (CVE-2022-22970) * IBM Sterling B2B Integrator is vulnerable to http header injection due to IBM WebSphere Application Server (CVE-2022-34165) * IBM Sterling Connect:Direct FTP+ is vulnerable to denial of service due to IBM Java (CVE-2022-21626) * IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js bunyan module command execution * The dasboard UI of IBM Sterling B2B Integrator is vulnerable to improper permission control (CVE-2022-40231) * Vulnerabilities with ca-certificates, OpenJDK, Sudo affect IBM Cloud Object Storage Systems (Feb 2023v1) --------------------------------------------- https://www.ibm.com/support/pages/bulletin/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily