=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 02-11-2023 18:00 β Freitag 03-11-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
βββ New macOS KandyKorn malware targets cryptocurrency engineers βββ
---------------------------------------------
A new macOS malware dubbed KandyKorn has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-macos-kandykorn-malware-β¦
βββ Atlassian warns of exploit for Confluence data wiping bug, get patching βββ
---------------------------------------------
Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/atlassian-warns-of-exploit-fβ¦
βββ Spyware Designed for Telegram Mods Also Targets WhatsApp Add-Ons βββ
---------------------------------------------
Researchers discovered spyware designed to steal from Android devices and from Telegram mods can also reach WhatsApp users.
---------------------------------------------
https://www.darkreading.com/dr-global/spyware-designed-for-telegram-mods-alβ¦
βββ Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments βββ
---------------------------------------------
The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a "new experimental campaign" designed to breach cloud environments.
---------------------------------------------
https://thehackernews.com/2023/11/kinsing-actors-exploit-linux-flaw-to.html
βββ 48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems βββ
---------------------------------------------
A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. "These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install," software supply chain security firm Phylum said.
---------------------------------------------
https://thehackernews.com/2023/11/48-malicious-npm-packages-found.html
βββ Prioritising Vulnerabilities Remedial Actions at Scale with EPSS βββ
---------------------------------------------
In this article, Iβm presenting the Exploit Prediction Scoring System and its practical use cases in tandem with Common Vulnerability Scoring System.
---------------------------------------------
https://itnext.io/prioritising-vulnerabilities-remedial-actions-at-scale-wiβ¦
βββ Einstufung von SicherheitslΓΌcken: Der CVSS-4.0-Standard ist da βββ
---------------------------------------------
Von niedrig bis kritisch: Das Common Vulnerability Scoring System (CVSS) hat einen Versionssprung vollzogen.
---------------------------------------------
https://www.heise.de/-9352555
βββ Apples "Wo ist": Keylogger-Tastatur nutzt Ortungsnetz zum Passwortversand βββ
---------------------------------------------
Eigentlich soll es helfen, verlorene Dinge aufzuspΓΌren. Unsere Keylogger-Tastatur nutzt Apples "Wo ist"-Ortungsnetz jedoch zum Ausschleusen von Daten.
---------------------------------------------
https://www.heise.de/-9342791
βββ LΓΌcke in VMware ONE UEM ermΓΆglicht Login-Klau βββ
---------------------------------------------
Durch eine unsichere Weiterleitung kΓΆnnen Angreifer SAML-Tokens angemeldeter Nutzer klauen und deren ZugΓ€nge ΓΌbernehmen. VMware stellt Updates bereit.
---------------------------------------------
https://www.heise.de/-9352599
βββ Should you allow your browser to remember your passwords? βββ
---------------------------------------------
Itβs very convenient to store your passwords in your browser. But is it a good idea?
---------------------------------------------
https://www.malwarebytes.com/blog/news/2023/11/should-you-allow-your-browseβ¦
βββ Youβd be surprised to know what devices are still using Windows CE βββ
---------------------------------------------
Windows CE β an operating system that, despite being out for 27 years, never had an official explanation for why it was called βCEβ β finally reached its official end-of-life period this week. This was Microsoftβs first operating system for embedded and pocket devices, making an appearance on personal pocket assistants, some of the first BlackBerry-likes, laptops and more during its lifetime.
---------------------------------------------
https://blog.talosintelligence.com/threat-source-newsletter-nov-2-2023/
=====================
= Vulnerabilities =
=====================
βββ QNAP Security Advisories 2023-11-04 βββ
---------------------------------------------
QNAP released 4 new security advisories (2x Critical, 2x Medium). Music Station, QTS, QuTS hero, QuTScloud, Multimedia Console and Media Streaming add-on.
---------------------------------------------
https://www.qnap.com/en-us/security-advisories
βββ Security updates for Friday βββ
---------------------------------------------
Security updates have been issued by Debian (phppgadmin and vlc), Fedora (attract-mode, chromium, and netconsd), Red Hat (.NET 7.0, c-ares, curl, ghostscript, insights-client, python, squid, and squid:4), SUSE (kernel and roundcubemail), and Ubuntu (libsndfile).
---------------------------------------------
https://lwn.net/Articles/950061/
βββ Vulnerability in IBM SDK, Java Technology Edition may affect IBM Operations Analytics Predictive Insights βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7066311
βββ Multiple security vulnerabilities in Go may affect IBM Robotic Process Automation for Cloud Pak βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7066400
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 31-10-2023 18:00 β Donnerstag 02-11-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
=====================
= News =
=====================
βββ New CVSS 4.0 vulnerability severity rating standard released βββ
---------------------------------------------
The Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the previous major version.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-cvss-40-vulnerability-seβ¦
βββ Nur zwei wurden gepatcht: Schwachstellen in 34 Treibern gefΓ€hrden Windows-Systeme βββ
---------------------------------------------
Sicherheitsforscher der VMware Threat Analysis Unit (Tau) haben Schwachstellen in insgesamt 34 verschiedenen Windows-GerΓ€tetreibern identifiziert. BΓΆswillige Akteure kΓΆnnen Firmwares gezielt manipulieren und sich auf Zielsystemen hΓΆhere Rechte verschaffen. "Alle Treiber geben Nicht-Admin-Benutzern volle Kontrolle ΓΌber die GerΓ€te", erklΓ€ren die Forscher in ihrem Bericht.
---------------------------------------------
https://www.golem.de/news/nur-zwei-wurden-gepatcht-schwachstellen-in-34-treβ¦
βββ Windows 11, version 23H2 security baseline βββ
---------------------------------------------
This release includes several changes to further assist in the security of enterprise customers. Changes have been made to provide additional protections to the local admin account, Microsoft Defender Antivirus updates, and a new setting in response to an MSRC bulletin.
---------------------------------------------
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windowsβ¦
βββ Moderne TelefonbetrΓΌger: Wie BetrΓΌger Geld mit nur einem Telefonanruf stehlen βββ
---------------------------------------------
In diesem Blogbeitrag wird eine Schwachstelle in einer Bankanwendung beschrieben, die es Angreifern ermΓΆglicht, unbemerkt Geldtransaktionen von bis zu 5.000 β¬ im Namen anderer Benutzer durchzufΓΌhren. DarΓΌber hinaus werden weitere mΓΆgliche Angriffsszenarien beschrieben, mit denen persΓΆnliche Informationen abgegriffen werden kΓΆnnen.
---------------------------------------------
https://sec-consult.com/de/blog/detail/moderne-telefonbetrueger-wie-betruegβ¦
βββ Jetzt patchen! Attacken auf BIG-IP-Appliances beobachtet βββ
---------------------------------------------
F5 warnt vor Angriffen auf BIG-IP-Appliances. Sicherheitspatches stehen bereit. Eine LΓΌcke gilt als kritisch.
---------------------------------------------
https://www.heise.de/-9350108
βββ SicherheitslΓΌcken: Angreifer kΓΆnnen Cisco-Firewalls manipulieren βββ
---------------------------------------------
Mehrere Schwachstellen gefΓ€hrden unter anderem Cisco Firepower und Identity Services Engine. Patches sind verfΓΌgbar.
---------------------------------------------
https://www.heise.de/-9351087
βββ MITRE ATT&CK v14 released βββ
---------------------------------------------
MITRE has released MITRE ATT&CK v14, the newest iteration of its popular investigation framework / knowledge base of tactics and techniques employed by cyber attackers. MITRE ATT&CK v14 ATT&CKβs goal is to catalog and categorize behaviors of cyber adversaries in real-world attacks.
---------------------------------------------
https://www.helpnetsecurity.com/2023/11/02/mitre-attck-v14/
βββ Unveiling the Dark Side: A Deep Dive into Active Ransomware Families βββ
---------------------------------------------
This series will focus on TTPβs deployed by four ransomware families recently observed during NCC Groupβs incident response engagements.
---------------------------------------------
https://research.nccgroup.com/2023/10/31/unveiling-the-dark-side-a-deep-divβ¦
βββ Wer hat Mozi getΓΆtet? IoT-Zombie-Botnetz wurde endlich zu Grabe tragen βββ
---------------------------------------------
Wie ESET Research einen Kill-Switch gefunden hat, der dazu benutzt wurde, eines der am weitesten verbreiteten Botnets auszuschalten.
---------------------------------------------
https://www.welivesecurity.com/de/eset-research/wer-hat-mozi-getotet-iot-zoβ¦
βββ Kostenlose Webinar-Reihe βSchutz im Internetβ βββ
---------------------------------------------
In Kooperation mit der Arbeiterkammer OberΓΆsterreich veranstaltet das ΓIAT (Γsterreichisches Institut fΓΌr angewandte Telekommunikation) eine kostenlose Webinar-Reihe zu Themen wie Online-Shopping, Internet-Betrug und IdentitΓ€tsdiebstahl!
---------------------------------------------
https://www.watchlist-internet.at/news/kostenlose-webinar-reihe-schutz-im-iβ¦
βββ Drupal 9 is end of life - PSA-2023-11-01 βββ
---------------------------------------------
Drupal 9 relies on several other software projects, including Symfony, CKEditor, and Twig. With Symfony 4's end of life, CKEditor 4's end of life, and Twig 2's end of life all coming up soon, Drupal 9 went end of life on November 1st, 2023. There will be no further releases of Drupal 9.
---------------------------------------------
https://www.drupal.org/psa-2023-11-01
βββ Warning Against Infostealer Infections Upon Executing Legitimate EXE Files (DLL Hijacking) βββ
---------------------------------------------
Caution is advised as an Infostealer that prompts the execution of legitimate EXE files is actively being distributed. The threat actor is distributing a legitimate EXE file with a valid signature and a malicious DLL compressed in the same directory. The EXE file itself is legitimate, but when executed in the same directory as the malicious DLL, it automatically runs that malicious DLL. This technique is called DLL hijacking and is often used in the distribution of malware.
---------------------------------------------
https://asec.ahnlab.com/en/58319/
βββ Attackers use JavaScript URLs, API forms and more to scam users in popular online game βRobloxβ βββ
---------------------------------------------
Where there is a potential for profit there are also people trying to scam others. βRobloxβ users can be targeted by scammers (known as βbeamersβ by βRobloxβ players) who attempt to steal valuable items or Robux from other players. This can sometimes be made easier for the scammers because of βRoblox'sβ young user base. Nearly half of the gameβs 65 million users are under the age of 13 who may not be as adept at spotting scams.
---------------------------------------------
https://blog.talosintelligence.com/roblox-scam-overview/
βββ Suspected Exploitation of Apache ActiveMQ CVE-2023-46604 βββ
---------------------------------------------
Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer environments. In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations. Based on the ransom note and available evidence, we attribute the activity to the HelloKitty ransomware family, whose source code was leaked on a forum in early October. Rapid7 observed similar indicators of compromise across the affected customer environments, both of which were running outdated versions of Apache ActiveMQ.
---------------------------------------------
https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-aβ¦
=====================
= Vulnerabilities =
=====================
βββ Unpatched Powerful SSRF in Exchange OWA β Getting Response Through Attachments βββ
---------------------------------------------
As the attacker can abuse this SSRF to retrieve the content of the response, I thought it was a good finding. However, Microsoft did not agree [...] In short: this may get fixed or it may not. If they decide to fix it, the patch may appear in 1 year or in 3 years. In general, we know nothing. Accordingly, we informed Microsoft of our intention to publish this vulnerability as a 0-day advisory and a blog post. As we consider this issue potentially dangerous, we want organizations to be aware of the threat. For this reason, we are providing a PoC HTTP Request to be used for filtering and/or monitoring.
---------------------------------------------
https://www.thezdi.com/blog/2023/11/1/unpatched-powerful-ssrf-in-exchange-oβ¦
βββ Cisco Security Advisories βββ
---------------------------------------------
Cisco has released 24 new and 4 updated Security Advisories (2x Critical, 11x High, 15x Medium)
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/Search.x?publicationTypeIDsβ¦
βββ Critical PHPFox RCE Vulnerability Risked Social Networks βββ
---------------------------------------------
Heads up, phpFox users! A critical remote code execution vulnerability existed in the phpFox service that allowed community takeovers [...] The researcher urged all phpFox users to update to the latest phpFox release (version 4.8.14 or later) to receive the security fix.
---------------------------------------------
https://latesthackingnews.com/2023/10/30/critical-phpfox-rce-vulnerability-β¦
βββ Webbrowser: Google Chrome bessert 15 Schwachstellen aus und kann HTTPS-Upgrades βββ
---------------------------------------------
Google hat den Webbrowser Chrome in Version 119 verΓΆffentlicht. Sie schlieΓt 15 SicherheitslΓΌcken und etabliert den HTTPS-Upgrade-Mechanismus.
---------------------------------------------
https://www.heise.de/-9349956
βββ Sicherheitsupdates Nvidia: GeForce-TreiberlΓΌcken gefΓ€hrden PCs βββ
---------------------------------------------
Nvidias Entwickler haben im Grafikkartentreiber und der VGPU-Software mehrere SicherheitslΓΌcken geschlossen.
---------------------------------------------
https://www.heise.de/-9351600
βββ Solarwinds Platform 2023.4 schlieΓt Codeschmuggel-LΓΌcken βββ
---------------------------------------------
Solarwinds hat das Platform-Update auf Version 2023.4 verΓΆffentlicht. Neben diversen Fehlerkorrekturen schlieΓt es auch SicherheitslΓΌcken.
---------------------------------------------
https://www.heise.de/-9351584
βββ VMSA-2023-0025 βββ
---------------------------------------------
An open redirect vulnerability in VMware Workspace ONE UEM console was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products. (CVE-2023-20886)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2023-0025.html
βββ Security updates for Wednesday βββ
---------------------------------------------
Security updates have been issued by Debian (h2o, open-vm-tools, pmix, and zookeeper), Gentoo (GitPython), Oracle (firefox, java-11-openjdk, java-17-openjdk, libguestfs-winsupport, nginx:1.22, and thunderbird), Red Hat (samba), SUSE (container-suseconnect, libsndfile, and slurm), and Ubuntu (krb5, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive, linux-laptop, linux-nvidia-6.2, linux-oem-6.1, linux-raspi, open-vm-tools, and xorg-server).
---------------------------------------------
https://lwn.net/Articles/949612/
βββ Security updates for Thursday βββ
---------------------------------------------
Security updates have been issued by Gentoo (Netatalk), Oracle (firefox), Red Hat (.NET 6.0, .NET 6.0, .NET 7.0, binutils, and qemu-kvm), SUSE (gcc13, tomcat, and xorg-x11-server), and Ubuntu (axis, libvpx, linux-starfive, thunderbird, and xrdp).
---------------------------------------------
https://lwn.net/Articles/949820/
βββ [R1] Nessus Version 10.5.6 Fixes Multiple Vulnerabilities βββ
---------------------------------------------
https://www.tenable.com/security/tns-2023-36
βββ [R1] Nessus Agent Version 10.4.3 Fixes Multiple Vulnerabilities βββ
---------------------------------------------
https://www.tenable.com/security/tns-2023-38
βββ [R1] Nessus Version 10.6.2 Fixes Multiple Vulnerabilities βββ
---------------------------------------------
https://www.tenable.com/security/tns-2023-37
βββ Drupal: Paragraphs admin - Moderately critical - - SA-CONTRIB-2023-049 βββ
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-049
βββ Open Exchange: 2023-08-01: OXAS-ADV-2023-0004 βββ
---------------------------------------------
https://documentation.open-xchange.com/security/advisories/txt/oxas-adv-202β¦
βββ IBM Security Bulletin βββ
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
βββ Weintek EasyBuilder Pro βββ
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-05
βββ Schneider Electric SpaceLogic C-Bus Toolkit βββ
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-06
βββ Franklin Fueling System TS-550 βββ
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04
βββ Red Lion Crimson βββ
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01
βββ Mitsubishi Electric MELSEC iQ-F Series CPU Module βββ
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-02
βββ Mitsubishi Electric MELSEC Series βββ
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-03
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 30-10-2023 18:00 β Dienstag 31-10-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
=====================
= News =
=====================
βββ CVE-2023-4966 in Citrix NetScaler ADC und NetScaler Gateway wurde bereits als 0-day ausgenutzt βββ
---------------------------------------------
Uns wurde inzwischen von drei Organisationen in Γsterreich berichtet, dass Angreifer aufgrund der SicherheitslΓΌcke im Citrix Server in ihren Systemen aktiv geworden sind, bevor Patches von Citrix verfΓΌgbar waren. Es wurden Befehle zur Erkundung des Systems und erste Schritte in Richtung lateral Movement beobachtet. Wir gehen inzwischen von einer weitlΓ€ufigen Ausnutzung dieses 0-days aus.
---------------------------------------------
https://cert.at/de/aktuelles/2023/10/cve-2023-4966-0day
βββ Exploit fΓΌr Cisco IOS XE verΓΆffentlicht, Infektionszahlen weiter hoch βββ
---------------------------------------------
Sicherheitsforscher haben den Exploit fΓΌr Cisco IOS XE untersucht und seinen simplen Trick aufgedeckt. Hunderte GerΓ€te mit HintertΓΌr sind noch online.
---------------------------------------------
https://www.heise.de/-9349296
βββ Multiple Layers of Anti-Sandboxing Techniques, (Tue, Oct 31st) βββ
---------------------------------------------
It has been a while that I did not find an interesting malicious Python script. All the scripts that I recently spotted were always the same: a classic intostealer using Discord as C2 channel. Today I found one that contains a lot of anti-sanboxing techniques. Let's review them. For malware, it's key to detect the environment where they are executed. When detonated inside a sandbox (automatically or, manually, by an Analyst), they will be able to change their behaviour (most likely, do nothing).
---------------------------------------------
https://isc.sans.edu/diary/rss/30362
βββ Malicious NuGet Packages Caught Distributing SeroXen RAT Malware βββ
---------------------------------------------
Cybersecurity researchers have uncovered a new set of malicious packages published to the NuGet package manager using a lesser-known method for malware deployment.
---------------------------------------------
https://thehackernews.com/2023/10/malicious-nuget-packages-caught.html
βββ LDAP authentication in Active Directory environments βββ
---------------------------------------------
Understanding the different types of LDAP authentication methods is fundamental to apprehend subjects such as relay attacks or countermeasures. This post introduces them through the lens of Python libraries.
---------------------------------------------
https://offsec.almond.consulting/ldap-authentication-in-active-directory-enβ¦
βββ Programmiersprache: End of Life fΓΌr PHP 8.0 und Neues fΓΌr PHP 8.3 βββ
---------------------------------------------
Die kommende Version 8.3 der Programmiersprache PHP hΓ€lt einige Neuerungen bereit, und PHP 8.0 nΓ€hert sich dem Supportende.
---------------------------------------------
https://www.heise.de/-9348772
βββ Verkaufen auf etsy: Vorsicht vor betrΓΌgerischen Anfragen βββ
---------------------------------------------
Auf allen gΓ€ngigen Verkaufsplattformen tummeln sich Kriminelle. Sie nehmen vor allem neue Nutzer:innen ins Visier, die die AblΓ€ufe noch nicht kennen. Wir zeigen Ihnen, wie Sie betrΓΌgerische Anfragen erkennen und sicher verkaufen!
---------------------------------------------
https://www.watchlist-internet.at/news/verkaufen-auf-etsy-vorsicht-vor-betrβ¦
βββ Lateral Movement: Abuse the Power of DCOM Excel Application βββ
---------------------------------------------
In this post, we will talk about an interesting lateral movement technique called ActivateMicrosoftApp() method within the distributed component object model (DCOM) Excel application. This technique is built upon Matt Nelsonβs initial research on βLateral Movement using Excel.Application and DCOMβ.
---------------------------------------------
https://posts.specterops.io/lateral-movement-abuse-the-power-of-dcom-excel-β¦
βββ Over the Kazuarβs Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla) βββ
---------------------------------------------
While tracking the evolution of Pensive Ursa (aka Turla, Uroburos), Unit 42 researchers came across a new, upgraded variant of Kazuar. Not only is Kazuar another name for the enormous and dangerous cassowary bird, Kazuar is an advanced and stealthy .NET backdoor that Pensive Ursa usually uses as a second stage payload.
---------------------------------------------
https://unit42.paloaltonetworks.com/pensive-ursa-uses-upgraded-kazuar-backdβ¦
=====================
= Vulnerabilities =
=====================
βββ Kritische SicherheitslΓΌcke in Confluence Data Center und Confluence Server βββ
---------------------------------------------
In allen Versionen von Confluence Data Center und Confluence Server existiert eine kritische SicherheitslΓΌcke (CVE-2023-22518 CVSS: 9.1). Das Ausnutzen der SicherheitslΓΌcke auf betroffenen GerΓ€ten ermΓΆglicht nicht authentifizierten Angreifern den Zugriff auf interne Daten des Systems. Obwohl Atlassian bislang keine Informationen zur aktiven Ausnutzung der LΓΌcke hat, wird das zeitnahe Einspielen der verfΓΌgbaren Patches empfohlen.
---------------------------------------------
https://cert.at/de/warnungen/2023/10/confluence-cve-2023-22518
βββ RCE exploit for Wyze Cam v3 publicly released, patch now βββ
---------------------------------------------
A security researcher has published a proof-of-concept (PoC) exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices [...] Wyze released firmware update version 4.36.11.7071, which addresses the identified issues, on October 22, 2023, so users are recommended to apply the security update as soon as possible.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/rce-exploit-for-wyze-cam-v3-β¦
βββ Unpatched NGINX ingress controller bugs can be abused to steal Kubernetes cluster secrets βββ
---------------------------------------------
Three unpatched high-severity bugs in the NGINX ingress controller can be abused by miscreants to steal credentials and other secrets from Kubernetes clusters. The vulnerabilities, tracked as CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886, were disclosed on October 27, and are listed as currently awaiting triage. It's unclear if any of the flaws have been exploited.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2023/10/30/unpatched_ngβ¦
βββ Security updates for Tuesday βββ
---------------------------------------------
Security updates have been issued by Debian (jetty9, node-browserify-sign, request-tracker4, and request-tracker5), Fedora (golang-github-altree-bigfloat, golang-github-seancfoley-bintree, golang-github-seancfoley-ipaddress, kitty, slurm, and thunderbird), Gentoo (ConnMan, libxslt, and Salt), Mageia (chromium-browser-stable), Red Hat (firefox, libguestfs-winsupport, and thunderbird), SUSE (clamav, gcc13, gstreamer-plugins-bad, icu73_2, java-17-openjdk, nodejs10, poppler, python-Werkzeug, redis, thunderbird, webkit2gtk3, xorg-x11-server, and xwayland), and Ubuntu (kernel, linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-iot, linux-raspi, linux-raspi-5.4, and mysql-8.0).
---------------------------------------------
https://lwn.net/Articles/949391/
βββ FujiFilm printer credentials encryption issue fixed βββ
---------------------------------------------
Many multi-function printers made by FujiFilm Business Innovation Corporation (Fujifilm) which includes Apeos, ApeosPro, PrimeLink and RevoriaPress brands as well as Xerox Corporation (Xerox) which includes VersaLink, PrimeLink, and WorkCentre brands, allow administrators to store credentials on them to allow users to upload scans and other files to FTP and SMB file servers. With the default configuration of these printers, itβs possible to retrieve these credentials in an encrypted format without authenticating to the printer. A vulnerability in the encryption process of these credentials means that you can decrypt them with responses from the web interface. This has been given the ID CVE-2023-46327.
---------------------------------------------
https://www.pentestpartners.com/security-blog/fujifilm-printer-credentials-β¦
βββ [R1] Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.0.0, 6.1.0, 6.1.1, and 6.2.0: SC-202310.1 βββ
---------------------------------------------
TNS-2023-35 / Critical
9.8 / 8.8 (CVE-2023-38545),
3.7 / 3.4 (CVE-2023-38546)
---------------------------------------------
https://www.tenable.com/security/tns-2023-35
βββ IBM Security Bulletins βββ
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
βββ INEA ME RTU βββ
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02
βββ Zavio IP Camera βββ
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03
βββ Sonicwall: TunnelCrack Vulnerabilities βββ
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 27-10-2023 18:00 β Montag 30-10-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
=====================
= News =
=====================
βββ Flying under the Radar: The Privacy Impact of multicast DNS, (Mon, Oct 30th) βββ
---------------------------------------------
The recent patch to iOS/macOS for CVE-2023-42846 made me think it is probably time to write up a reminder about the privacy impact of UPNP and multicast DNS. This is not a new issue, but it appears to have been forgotten a bit [vuln]. In particular, Apple devices are well-known for their verbose multicast DNS messages.
---------------------------------------------
https://isc.sans.edu/diary/rss/30358
βββ Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware βββ
---------------------------------------------
A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE.
---------------------------------------------
https://thehackernews.com/2023/10/hackers-using-msix-app-packages-to.html
βββ Turning a boring file move into a privilege escalation on Mac βββ
---------------------------------------------
Hopefully other people find this trick useful, beyond just Parallels. You can find the code for this exploit on my GitHub [...] 2023-07-06 - fix released in version 18.3.2.
---------------------------------------------
https://pwn.win/2023/10/28/file-move-privesc-mac.html
βββ citrix-logchecker - Parse citrix netscaler logs to check for signs of CVE-2023-4966 exploitation βββ
---------------------------------------------
CERT.at stellt via Github ein Skript zur VerfΓΌgung, welches genutzt werden kann, um Citrix-Logs nach potenziell ΓΌbernommenen Sessions zu durchsuchen. Sollten auffΓ€llige Sessions gefunden werden, wird eine tiefergehende Analyse empfohlen.
---------------------------------------------
https://github.com/certat/citrix-logchecker
βββ NATO und BehΓΆrden von kritischer LΓΌcke in Lernplattform ILIAS betroffen βββ
---------------------------------------------
Gleich drei SicherheitslΓΌcken in der Open-Source-Lernplattform ILIAS erlauben Codeschmuggel. Der Hersteller stellt eine aktualisierte Version bereit.
---------------------------------------------
https://www.heise.de/-9344057.html
βββ Forscher: SicherheitslΓΌcken beim Roaming bleiben auch bei 5G eine groΓe Gefahr βββ
---------------------------------------------
Mobilfunker und Regulierer unternehmen laut einem Bericht des Citizen Lab zu wenig, um SicherheitsschwΓ€chen der Roaming- und Abrechnungsprotokolle auszumerzen.β
---------------------------------------------
https://www.heise.de/-9347577.html
βββ F5 fixes critical BIG-IP vulnerability, PoC is public (CVE-2023-46747) βββ
---------------------------------------------
F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability (CVE-2023-46747) that could lead to unauthenticated remote code execution (RCE). About CVE-2023-46747 Discovered and reported by Thomas Hendrickson and Michael Weber of Praetorian Security, CVE-2023-46747 is a request smuggling bug in the Apache JServ Protocol (AJP) used by the vulnerable devices. [...] Praetorian has updated their blog post to include all the technical details, since Project Discovery has created a Nuclei template with the full CVE-2023-46747 attack chain.
---------------------------------------------
https://www.helpnetsecurity.com/2023/10/30/cve-2023-46747/
βββ Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack βββ
---------------------------------------------
Researchers document the Wiki-Slack attack, a new technique that uses modified Wikipedia pages to target end users on Slack.
---------------------------------------------
https://www.securityweek.com/attackers-can-use-modified-wikipedia-pages-to-β¦
βββ Vorsicht vor Fake-Shops mit gΓΌnstigen Lebensmitteln βββ
---------------------------------------------
Mittlerweile kΓΆnnen Sie auch Lebensmittel online bestellen. Bedenken Sie aber: Auch hier gibt es betrΓΌgerische Angebote. Kriminelle bieten stark vergΓΌnstigte Lebensmittel in Fake-Shops wie leckerwurzede.com an. Wenn Sie dort bestellen, verlieren Sie Ihr Geld!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-fake-shops-mit-guenstigβ¦
βββ CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys βββ
---------------------------------------------
We analyze an attack path starting with GitHub IAM exposure and leading to creation of AWS Elastic Compute instances β which TAs used to perform cryptojacking.
---------------------------------------------
https://unit42.paloaltonetworks.com/malicious-operations-of-exposed-iam-keyβ¦
βββ NetSupport Intrusion Results in Domain Compromise βββ
---------------------------------------------
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report on a NetSupport RAT intrusion, but malicious use of this tool dates back to at least 2016. During this report, we will analyze a case from January 2023 where a NetSupport RAT was utilized to infiltrate a network. The RAT was then used for persistence and command & control, resulting in a full domain compromise.
---------------------------------------------
https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domainβ¦
=====================
= Vulnerabilities =
=====================
βββ Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature βββ
---------------------------------------------
Version 2.4: Updated summary to indicate additional fixed releases and updated fixed release table.
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisoβ¦
βββ Security updates for Monday βββ
---------------------------------------------
Security updates have been issued by Debian (distro-info, distro-info-data, gst-plugins-bad1.0, node-browserify-sign, nss, openjdk-11, and thunderbird), Fedora (chromium, curl, nghttp2, and xorg-x11-server-Xwayland), Gentoo (Dovecot, Rack, rxvt-unicode, and UnZip), Mageia (apache, bind, and vim), Red Hat (varnish:6), SUSE (nodejs12, opera, python-bugzilla, python-Django, and vorbis-tools), and Ubuntu (exim4, firefox, nodejs, and slurm-llnl, slurm-wlm).
---------------------------------------------
https://lwn.net/Articles/949238/
βββ Mattermost security updates 9.1.1 / 9.0.2 / 8.1.4 (ESR) / 7.8.13 (ESR) released βββ
---------------------------------------------
Weβre informing you about a Mattermost security update, which addresses low- to medium-level severity vulnerabilities. We highly recommend that you apply the update. The security update is available for Mattermost dot releases 9.1.1, 9.0.2, 8.1.4 (Extended Support Release), and 7.8.13 (Extended Support Release), for both Team Edition and Enterprise Edition.
---------------------------------------------
https://mattermost.com/blog/mattermost-security-updates-9-1-1-9-0-2-8-1-4-eβ¦
βββ Inkdrop vulnerable to code injection βββ
---------------------------------------------
https://jvn.jp/en/jp/JVN48057522/
βββ 2023-10-30: Cyber Security Advisory - ABB COM600 CODESYS Vulnerabilities βββ
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=2NGA001822&Languageβ¦
βββ Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation. βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7061278
βββ IBM i is vulnerable to a local privilege escalation due to flaws in Management Central (CVE-2023-40685, CVE-2023-40686). βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7060686
βββ Due to use of Java 8.0.7.11 version, InfoSphere Data Replication is vulnerable to crypto attacks. βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7061888
βββ IBM Storage Ceph is vulnerable to a stack overflow attack in Golang (CVE-2022-24675) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7061939
βββ Multiple vulnerabilities exist in the IBM SDK, Java Technology Edition affect IBM Tivoli Network Manager. βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7062331
βββ A vulnerability exists in the IBM SDK, Java Technology Edition affecting IBM Tivoli Network Manager (CVE-2023-22045, CVE-2023-22049). βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7062330
βββ IBM Automation Decision Services October 2023 - Multiple CVEs addressed βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7062348
βββ Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to code injection and privilege escalation due to multiple vulnerabilities in Go βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7062415
βββ Due to the use of OpenSSL IBM Tivoli Netcool System Service Monitors/Application Service Monitors is vulnerable to a denial of service and security bypass restrictions. βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7062426
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 25-10-2023 18:00 β Freitag 27-10-2023 18:00
Handler: Stephan Richter
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
βββ StripedFly malware framework infects 1 million Windows, Linux hosts βββ
---------------------------------------------
A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/stripedfly-malware-frameworkβ¦
βββ How to catch a wild triangle βββ
---------------------------------------------
How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.
---------------------------------------------
https://securelist.com/operation-triangulation-catching-wild-triangle/11091β¦
βββ Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction βββ
---------------------------------------------
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the globe with the goal of financial extortion. With their extensive range of tactics, techniques, and procedures (TTPs), the threat actor, from our perspective, is one of the most dangerous financial criminal groups.
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crossβ¦
βββ iLeakage: Safari unzureichend vor Spectre-Seitenkanalangriff geschΓΌtzt βββ
---------------------------------------------
Sicherheitsforscher sagen, dass Apples Browser nicht ausreichend vor CPU-Seitenkanalangriffen schΓΌtzt. Angreifer kΓΆnnen Daten lesen. Es gibt SchutzmaΓnahmen.
---------------------------------------------
https://www.heise.de/-9344659
βββ CISA, HHS Release Cybersecurity Healthcare Toolkit βββ
---------------------------------------------
CISA and the HHS have released resources for healthcare and public health organizations to improve their security.
---------------------------------------------
https://www.securityweek.com/cisa-hhs-release-cybersecurity-healthcare-toolβ¦
βββ CVE-2023β4632: Local Privilege Escalation in Lenovo System Updater βββ
---------------------------------------------
The Lenovo System Update application is designed to allow non-administrators to check for and apply updates to their workstation. During the process of checking for updates, the privileged Lenovo Update application attempts to utilize C:\SSClientCommon\HelloLevel_9_58_00.xml, which doesnβt exist on the filesystem [...] This vulnerability has been fixed in the latest version of the Lenovo System Updater application.
---------------------------------------------
https://posts.specterops.io/cve-2023-4632-local-privilege-escalation-in-lenβ¦
βββ ESET APT Activity Report Q2βQ3 2023 βββ
---------------------------------------------
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 and Q3 2023
---------------------------------------------
https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2β¦
βββ Most common Active Directory misconfigurations and default settings that put your organization at risk βββ
---------------------------------------------
Introduction In this blog post, we will go over the most recurring (and critical) findings that we discovered when auditing the Active Directory environment of different companies, explain why these configurations can be dangerous, how they can be abused by attackers and how they can be mitigated or remediated.
---------------------------------------------
https://blog.nviso.eu/2023/10/26/most-common-active-directory-misconfiguratβ¦
βββ CVE-2023-4966 Helps Usher In A Bakerβs Dozen Of Citrix Tags To Further Help Organizations Mitigate Harm βββ
---------------------------------------------
Citrixs NetScaler ADC and NetScaler Gateway have, once more, been found to have multiple vulnerabilities, tracked as CVE-2023-4966 and CVE-2023-4967 [...] As of this postβs publish time, GreyNoise has observed just under seventy IP addresses attempting to exploit this vulnerability.
---------------------------------------------
https://www.greynoise.io/blog/cve-2023-4966-helps-usher-in-a-bakers-dozen-oβ¦
βββ CISA Announces Launch of Logging Made Easy βββ
---------------------------------------------
Today, CISA announces the launch of a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/10/27/cisa-announces-launch-loβ¦
βββ Rhysida Ransomware Technical Analysis βββ
---------------------------------------------
Technical analysis of Rhysida Ransomware family that emerged in the Q2 of 2023
---------------------------------------------
https://decoded.avast.io/threatresearch/rhysida-ransomware-technical-analysβ¦
=====================
= Vulnerabilities =
=====================
βββ CISA Releases Nine Industrial Control Systems Advisories βββ
---------------------------------------------
ICSA-23-299-01 Dingtian DT-R002 ICSA-23-299-02 Centralite Pearl Thermostat ICSA-23-299-03 Ashlar-Vellum Cobalt, Graphite, Xenon, Argon, Lithium ICSA-23-299-04 Rockwell Automation Arena ICSA-23-299-05 Rockwell Automation FactoryTalk View Site Edition ICSA-23-299-06 Rockwell Automation FactoryTalk Services Platform ICSA-23-299-07 Sielco PolyEco FM Transmitter ICSA-23-299-08 Sielco Radio Link and Analog FM Transmitters ICSMA-23-194-01 BD Alaris System with Guardrails Suite MX (Update A)
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/10/26/cisa-releases-nine-indusβ¦
βββ Cisco Update: HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023 βββ
---------------------------------------------
Version 1.5: Updated the lists of vulnerable products and products confirmed not vulnerable.
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisoβ¦
βββ Cisco Update: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature βββ
---------------------------------------------
Version 2.3: Updated summary to indicate additional fixed releases. Updated fixed release table and SMU table. Updated recommendations to add link to technical FAQ.
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisoβ¦
βββ Juniper Update: 2023-10 Security Bulletin: Junos OS: jkdsd crash due to multiple telemetry requests (CVE-2023-44188) βββ
---------------------------------------------
2023-10-25: Added note that SRX Series devices are not vulnerable to this issue
---------------------------------------------
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junosβ¦
βββ HPE Aruba Networking Product Security Advisory βββ
---------------------------------------------
HPE Aruba Networking has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
---------------------------------------------
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt
βββ Sicherheitsupdates: Jenkins-Plug-ins als Einfallstor fΓΌr Angreifer βββ
---------------------------------------------
Jenkins kann bei der Softwareentwicklung helfen. Einige Plug-ins weisen SicherheitslΓΌcken auf. Ein paar Updates stehen noch aus.
---------------------------------------------
https://www.heise.de/-9344802
βββ SicherheitslΓΌcken im X.Org X-Server und Xwayland erlauben Rechteausweitung βββ
---------------------------------------------
Aktualisierte Fassung des X.Org X-Servers und von Xwayland schlieΓen SicherheitslΓΌcken. Die erlauben die Rechteausweitung oder einen Denial-of-Service.
---------------------------------------------
https://www.heise.de/-9345096
βββ Rechteausweitung durch LΓΌcke in HP Print and Scan Doctor βββ
---------------------------------------------
Aktualisierte Software korrigiert einen Fehler im Support-Tool HP Print and Scan Doctor, der die Ausweitung der Rechte im System ermΓΆglicht.
---------------------------------------------
https://www.heise.de/-9345192
βββ Konfigurationsprogramm von BIG-IP-Appliances als Sprungbrett fΓΌr Angreifer βββ
---------------------------------------------
F5 hat wichtige Sicherheitsupdates fΓΌr BIG-IP-Produkte verΓΆffentlicht. Angreifer kΓΆnnen GerΓ€te kompromittieren.
---------------------------------------------
https://www.heise.de/-9346460
βββ LΓΌcken in Nessus Network Monitor ermΓΆglichen RechteerhΓΆhung βββ
---------------------------------------------
Eine neue Version vom Nessus Network Monitor schlieΓt SicherheitslΓΌcken, durch die Angreifer etwa ihre Rechte erhΓΆhen kΓΆnnen.
---------------------------------------------
https://www.heise.de/news/-9346392
βββ VMWare Tools: Schwachstellen erlauben Rechteausweitung βββ
---------------------------------------------
Die VMware Tools unter Linux, Windows und macOS erlauben Angreifern unter bestimmten UmstΓ€nden, unbefugt Kommandos abzusetzen. Noch sind nicht alle Updates da.
---------------------------------------------
https://www.heise.de/-9346863
βββ Wordfence Intelligence Weekly WordPress Vulnerability Report (October 16, 2023 to October 22, 2023) βββ
---------------------------------------------
Last week, there were 109 vulnerabilities disclosed in 95 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39 Vulnerability Researchers that contributed to WordPress Security last week.
---------------------------------------------
https://www.wordfence.com/blog/2023/10/wordfence-intelligence-weekly-wordprβ¦
βββ Security updates for Thursday βββ
---------------------------------------------
Security updates have been issued by Debian (firefox-esr and xorg-server), Fedora (firefox, mbedtls, nodejs18, nodejs20, and xen), Gentoo (libinput, unifi, and USBView), Mageia (python-nltk), Oracle (linux-firmware), Red Hat (nginx:1.22), SUSE (chromium, firefox, java-11-openjdk, jetty-minimal, nghttp2, nodejs18, webkit2gtk3, and zlib), and Ubuntu (linux, linux-lowlatency, linux-oracle-5.15, vim, and xorg-server, xwayland).
---------------------------------------------
https://lwn.net/Articles/948930/
βββ Security updates for Friday βββ
---------------------------------------------
Security updates have been issued by Debian (chromium and firefox-esr), Fedora (firefox, redis, samba, and xen), Oracle (python39:3.9, python39-devel:3.9), Slackware (mozilla and xorg), and SUSE (libnbd, open-vm-tools, python, sox, vorbis-tools, and zchunk).
---------------------------------------------
https://lwn.net/Articles/949057/
βββ Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data βββ
---------------------------------------------
Mirth Connect versions prior to 4.4.1 are vulnerable to CVE-2023-43208, a bypass for an RCE vulnerability.
---------------------------------------------
https://www.securityweek.com/critical-mirth-connect-vulnerability-could-expβ¦
βββ Apple Releases Security Advisories for Multiple Products βββ
---------------------------------------------
Apple has released security updates to address vulnerabilities in multiple products.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/10/26/apple-releases-security-β¦
βββ Schwachstelle CVE-2023-5363 in OpenSSL βββ
---------------------------------------------
In der Software OpenSSL wurde eine Schwachstelle CVE-2023-5363 gefunden. Die Initialisierung der VerschlΓΌsselungsschlΓΌssellΓ€nge und des Initialisierungsvektors in OpenSLL ist fehlerhaft. FΓΌr die Linux-Distributionen Debian und Ubuntu ist ein Fix aber bereits verfΓΌgbar.
---------------------------------------------
https://www.borncity.com/blog/2023/10/27/schwachstelle-cve-2023-5363-in-opeβ¦
βββ ServiceNow fixt stillschweigend Bug aus 2015 der Datenlecks ermΓΆglichte βββ
---------------------------------------------
Das US-Unternehmen ServiceNow Inc. bietet eine Cloud-Plattform an, in deren Software wohl seit 2015 ein Bug klaffte, ΓΌber den Dritte ohne Authentifizierung Informationen abziehen konnten. Nachdem ein Sicherheitsforscher auf die Schwachstelle gestoΓen ist, wurde diese stillschweigend in der Cloud-LΓΆsung beseitigt.
---------------------------------------------
https://www.borncity.com/blog/2023/10/27/servicenow-fixt-stillschweigend-buβ¦
βββ 9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution βββ
---------------------------------------------
Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine.
---------------------------------------------
https://blog.talosintelligence.com/vulnerability-roundup-oct-25-2023/
βββ IBM Security Bulletins βββ
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
βββ VMSA-2023-0024 βββ
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2023-0024.html
βββ SonicWall SSO Agent - Directory Services Connector MSI Local Privilege Escalation Vulnerability βββ
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0016
βββ SonicWall NetExtender Windows Client DLL Search Order Hijacking Vulnerability βββ
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0017
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 24-10-2023 18:00 β Mittwoch 25-10-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
βββ Citrix Bleed exploit lets hackers hijack NetScaler accounts βββ
---------------------------------------------
A proof-of-concept (PoC) exploit is released for the Citrix Bleed vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/citrix-bleed-exploit-lets-haβ¦
βββ Phishing-Masche: Klarstellung wegen Viren-Versands gefordert βββ
---------------------------------------------
Die Verbraucherzentralen warnen vor Betrugsmails, die EmpfΓ€nger zu einer Klarstellung auffordern. Es seien Beschwerden wegen Malware-Versands eingegangen.
---------------------------------------------
https://www.heise.de/news/Phishing-Masche-Klarstellung-wegen-Viren-Versandsβ¦
βββ Exploitcode fΓΌr Root-LΓΌcke in VMware Aria Operations for Logs in Umlauf βββ
---------------------------------------------
In Umlauf befindlicher Exploitcode gefΓ€hrdet VMwares Management-Plattform fΓΌr Cloudumgebungen. Admins sollten jetzt Sicherheitsupdates installieren.
---------------------------------------------
https://www.heise.de/news/Exploitcode-fuer-Root-Luecke-in-VMware-Aria-Operaβ¦
βββ Webmailer Roundcube: Attacken auf Zero-Day-LΓΌcke βββ
---------------------------------------------
Im Webmailer Roundcube missbrauchen Cyberkriminelle eine SicherheitslΓΌcke, um verwundbare Einrichtungen anzugreifen. Ein Update schlieΓt das Leck.
---------------------------------------------
https://www.heise.de/news/Webmailer-Roundcube-Attacken-auf-Zero-Day-Luecke-β¦
βββ Teils kritische LΓΌcken in VMware vCenter Server und Cloud Foundation geschlossen βββ
---------------------------------------------
VMware hat aktualisierte Softwarepakete verΓΆffentlicht, die mehrere LΓΌcken in vCenter Server und Cloud Foundation abdichten. Eine gilt als kritisch.
---------------------------------------------
https://www.heise.de/news/Update-stopft-kritische-Luecke-in-VMware-vCenter-β¦
βββ Nusuccess: SeriΓΆse Marketingagentur oder unseriΓΆses Schneeballsystem? βββ
---------------------------------------------
Die Nusuccess FZCO mit Sitz in Dubai β vormals mit Sitz in KΓ€rnten β bezeichnet sich selbst als βweltweit renommierte Werbeagenturβ. Welche Leistungen diese Firma tatsΓ€chlich erbringt, bleibt aber im besten Fall vage. Erfahrungsberichte deuten darauf hin, dass sie ihren Gewinn hauptsΓ€chlich durch den Verkauf von teuren βFranchise-Paketenβ erzielt. Was genau Inhalt dieser Franchise-Pakete sein soll, bleibt unklar.
---------------------------------------------
https://www.watchlist-internet.at/news/nusuccess-serioese-marketingagentur-β¦
βββ Social engineering: Hacking minds over bytes βββ
---------------------------------------------
In this blog, lets focus on the intersection of psychology and technology, where cybercriminals manipulate human psychology through digital means to achieve their objectives.
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/social-engineering-β¦
βββ How to Secure the WordPress Login Page βββ
---------------------------------------------
Given that WordPress powers millions of websites worldwide, itβs no surprise that itβs a prime target for malicious activities ranging from brute force attacks and hacking attempts to unauthorized access β all of which can wreak havoc on your siteβs functionality, damage reputation, or even result in lost revenue and sales. A common entry point often exploited by hackers is the WordPress login page, [...]
---------------------------------------------
https://blog.sucuri.net/2023/10/how-to-secure-the-wordpress-login-page.html
βββ The Rise of S3 Ransomware: How to Identify and Combat It βββ
---------------------------------------------
In todays digital landscape, around 60% of corporate data now resides in the cloud, with Amazon S3 standing as the backbone of data storage for many major corporations. Despite S3 being a secure service from a reputable provider, its pivotal role in handling vast amounts of sensitive data (customer personal information, financial data, intellectual property, etc.), provides a juicy target for threat actors. It remains susceptible to ransomware attacks which are often initiated using leaked access keys that have accidentally been exposed by human error and have access to the organization's buckets.
---------------------------------------------
https://thehackernews.com/2023/10/the-rise-of-s3-ransomware-how-to.html
βββ RT 5.0.5 and 4.4.7 Now Available βββ
---------------------------------------------
RT versions 5.0.5 and 4.4.7 are now available. In addition to some new features and bug fixes, these releases contain important security updates and are recommended for all RT users.
---------------------------------------------
https://bestpractical.com/blog/2023/10/rt-505-and-447-now-available
=====================
= Vulnerabilities =
=====================
βββ LΓΌcke in Cisco IOS XE: Auch Rockwell-Industrieswitches betroffen βββ
---------------------------------------------
Neben Cisco-eigenen GerΓ€ten sind auch Rockwell-Switches der Stratix-Serie fΓΌr den Industrieeinsatz betroffen. Eine Fehlerbehebung steht noch aus.
---------------------------------------------
https://www.heise.de/news/Luecke-in-Cisco-IOS-XE-Auch-Rockwell-Industrieswiβ¦
βββ VMSA-2023-0023 βββ
---------------------------------------------
Synopsis: VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056)
1. Impacted Products
* VMware vCenter Server
* VMware Cloud Foundation
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2023-0023.html
βββ Several Critical Vulnerabilities Patched in AI ChatBot Plugin for WordPress βββ
---------------------------------------------
On September 28, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for multiple vulnerabilities in AI ChatBot, a WordPress plugin with over 4,000 active installations. After making our initial contact attempt on September 28th, 2023, we received a response on September 29, 2023 and sent over our full disclosure details.
---------------------------------------------
https://www.wordfence.com/blog/2023/10/several-critical-vulnerabilities-patβ¦
βββ Security updates for Wednesday βββ
---------------------------------------------
Security updates have been issued by Debian (gst-plugins-bad1.0, openssl, roundcube, and xorg-server), Fedora (dotnet6.0, dotnet7.0, roundcubemail, and wordpress), Mageia (redis), Oracle (dnsmasq, python27:2.7, python3, tomcat, and varnish), Red Hat (python39:3.9, python39-devel:3.9), Slackware (mozilla and vim), SUSE (openssl-3, poppler, ruby2.5, and xen), and Ubuntu (.Net, linux-gcp-5.15, linux-gkeop-5.15, linux-intel-iotg-5.15, linux-starfive-6.2, mysql-5.7, ncurses, and openssl).
---------------------------------------------
https://lwn.net/Articles/948814/
βββ Movable Type vulnerable to cross-site scripting βββ
---------------------------------------------
https://jvn.jp/en/jp/JVN39139884/
βββ TEM Opera Plus FM Family Transmitter 35.45 XSRF βββ
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5800.php
βββ TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution βββ
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5799.php
βββ VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) Remote Denial Of Service βββ
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5798.php
βββ AIX is vulnerable to sensitive information exposure due to Perl (CVE-2023-31484 and CVE-2023-31486) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7047272
βββ IBM QRadar SIEM includes components with known vulnerabilities βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7049133
βββ IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to weaker than expected security (CVE-2023-46158) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7058540
βββ IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to weaker than expected security (CVE-2023-46158) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7058536
βββ A vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Business Developer. βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7059262
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 23-10-2023 18:00 β Dienstag 24-10-2023 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
βββ Log in With... Feature Allows Full Online Account Takeover for Millions βββ
---------------------------------------------
Hundreds of millions of users of Grammarly, Vidio, and the Indonesian e-commerce giant Bukalapak are at risk for financial fraud and credential theft due to OAuth misfires β and other online services likely have the same problems.
---------------------------------------------
https://www.darkreading.com/remote-workforce/oauth-log-in-full-account-takeβ¦
βββ Hostile Takeover: Malicious Ads via Facebook βββ
---------------------------------------------
Criminals hijack business accounts on Facebook and run their own advertising campaigns in someone elses name and at the expense of those affected.
---------------------------------------------
https://www.gdatasoftware.com/blog/2023/10/37814-meta-hijacked-malicious-ads
βββ Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware βββ
---------------------------------------------
In this report, we share our latest crimeware findings: GoPIX targeting PIX payment system; Lumar stealing files and passwords; Rhysida ransomware supporting old Windows.
---------------------------------------------
https://securelist.com/crimeware-report-gopix-lumar-rhysida/110871/
βββ Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar βββ
---------------------------------------------
The open-source remote access trojan known as Quasar RAT has been observed leveraging DLL side-loading to fly under the radar and stealthily siphon data from compromised Windows hosts.
---------------------------------------------
https://thehackernews.com/2023/10/quasar-rat-leverages-dll-side-loading.html
βββ Citrix Bleed: Leaking Session Tokens with CVE-2023-4966 βββ
---------------------------------------------
We were interested in CVE-2023-4966, which was described as "sensitive information disclosure" and had a CVSS score of 9.4. The high score for an information disclosure vulnerability and the mention of "buffer-related vulnerabilities" piqued our interest.
---------------------------------------------
https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-toβ¦
βββ Best Practices for Writing Quality Vulnerability Reports βββ
---------------------------------------------
How to write great vulnerability reports? If youβre a security consultant, penetration tester or a bug bounty hunter, these tips are for you!
---------------------------------------------
https://itnext.io/best-practices-for-writing-quality-vulnerability-reports-β¦
βββ Kriminelle verbreiten falsche Ryanair-Telefonnummern βββ
---------------------------------------------
Vorsicht, wenn Sie im Internet nach einer Telefonnummer von Ryanair suchen. Kriminelle stellen Webseiten mit falschen Nummern ins Netz. Wenn Sie bei der falschen Ryanair-Servicehotline anrufen, stehlen Kriminelle Ihnen sensible Daten und Geld.
---------------------------------------------
https://www.watchlist-internet.at/news/kriminelle-verbreiten-falsche-ryanaiβ¦
βββ LOLBin mit WorkFolders.exe unter Windows βββ
---------------------------------------------
Die legitime Windows-Anwendung WorkFolders.exe lΓ€sst sich verwenden, um andere .exe-Programme im Windows-Ordner System32 oder im aktuellen Ordner zu starten. Dies ermΓΆglicht Malware sogenannte LOLBin-Angriffe, bei der legitime Betriebssystemdateien zur AusfΓΌhrung von Schadprogrammen missbraucht werden.
---------------------------------------------
https://www.borncity.com/blog/2023/10/24/lolbin-mit-workfolders-exe-unter-wβ¦
βββ The Great CVSS Bake Off: Testing How CVSS v4 Performs Versus v3 βββ
---------------------------------------------
The highly anticipated Common Vulnerability Scoring System (CVSS) version 4 is planned to be released on October 31st by the Forum of Incident Response and Security Teams (FIRST).
---------------------------------------------
https://orca.security/resources/blog/cvss-version-4-versus-version-3/
=====================
= Vulnerabilities =
=====================
βββ VMware warns admins of public exploit for vRealize RCE flaw βββ
---------------------------------------------
VMware warned customers on Monday that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs).
---------------------------------------------
https://www.bleepingcomputer.com/news/security/vmware-warns-admins-of-publiβ¦
βββ Viele Systeme lΓ€ngst kompromittiert: Cisco stellt Patches fΓΌr IOS XE bereit βββ
---------------------------------------------
Durch Schwachstellen in der Betriebssoftware IOS XE sind weltweit Zehntausende von Cisco-GerΓ€ten infiltriert worden. Jetzt gibt es erste Patches.
---------------------------------------------
https://www.golem.de/news/viele-systeme-laengst-kompromittiert-cisco-stelltβ¦
βββ CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files βββ
---------------------------------------------
Orthanc is an open source software to manage, exchange and visualize medical imaging data. In versions < 1.12.0, it is affected by an arbitrary file overwrite vulnerability (CVE-2023-33466) that might allow an authenticated attacker to obtain RCE on the system.
---------------------------------------------
https://www.shielder.com/blog/2023/10/cve-2023-33466-exploiting-healthcare-β¦
βββ Proxy: Squid-Entwickler dichten teils kritische Lecks in Version 6.4 ab βββ
---------------------------------------------
Mit Squid 6.4 haben die Entwickler eine um vier SicherheitslΓΌcken bereinigte Version des Proxy-Servers vorgelegt. Es klaffen jedoch weitere LΓΌcken darin.
---------------------------------------------
https://www.heise.de/news/Proxy-Squid-6-4-schliesst-teils-kritische-Sicherhβ¦
βββ LΓΌcke in LiteSpeed-Cache-Plug-in gefΓ€hrdet 4 Millionen WordPress-Websites βββ
---------------------------------------------
Angreifer kΓΆnnen WordPress-Websites mit Schadcode-Skripten verseuchen. Ein Sicherheitsupdate repariert das LiteSpeed-Cache-Plug-in.
---------------------------------------------
https://www.heise.de/news/Luecke-in-LiteSpeed-Cache-Plug-in-gefaehrdet-4-Miβ¦
βββ Sicherheitsupdates: Firefox-Browser anfΓ€llig fΓΌr Clickjacking-Attacken βββ
---------------------------------------------
Mozilla hat in aktuellen Versionen von Firefox und Firefox ESR mehrere Sicherheitsprobleme gelΓΆst.
---------------------------------------------
https://www.heise.de/news/Sicherheitsupdates-Firefox-Browser-anfaellig-fuerβ¦
βββ Security updates for Tuesday βββ
---------------------------------------------
Security updates have been issued by Debian (ceph and dbus), Fedora (cachelib, fb303, fbthrift, fizz, folly, matrix-synapse, mcrouter, mvfst, nats-server, nodejs18, proxygen, wangle, watchman, and wdt), Mageia (libcue), Oracle (18, grafana, kernel, nodejs, nodejs:16, nodejs:18, php, php:8.0, and tomcat), Red Hat (python27:2.7, python3, python39:3.9, python39-devel:3.9, toolbox, varnish, and varnish:6), SUSE (fwupdate, gcc13, icu73_2, netty, netty-tcnative, and xen), and Ubuntu [...]
---------------------------------------------
https://lwn.net/Articles/948688/
βββ IBM Security Bulletins βββ
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
βββ Vulnerability in SICK Flexi Soft Gateway βββ
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-164691.html
βββ Rockwell Automation Stratix 5800 and Stratix 5200 βββ
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-297-01
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 20-10-2023 18:00 β Montag 23-10-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
βββ Sessioncookies: Hacker erbeuten Zugangscodes bei IdentitΓ€tsdienst Okta βββ
---------------------------------------------
Der IdentitΓ€tsdienst Okta ist ein weiteres Mal das Einfallstor fΓΌr Hacker gewesen. Dieses Mal betraf es Daten des Kundensupports.
---------------------------------------------
https://www.golem.de/news/sessioncookies-hacker-erbeuten-zugangscodes-bei-iβ¦
βββ Erst nach 3 Jahren gefixt: Zeiterfassungssystem ermΓΆglichte OAuth-Token-Diebstahl βββ
---------------------------------------------
Harvest ermΓΆglichte es Angreifern, OAuth-Token von Nutzern zu stehlen, die die Zeiterfassungssoftware mit Outlook verbinden wollten.
---------------------------------------------
https://www.golem.de/news/erst-nach-3-jahren-gefixt-zeiterfassungssystem-erβ¦
βββ Die MOVEit-SicherheitslΓΌcke β eine Zwischenbilanz βββ
---------------------------------------------
Selbst wer die Software nicht verwendet, kann ein Opfer sein. SchΓ€tzungen gehen bisher von rund 68 Millionen Personen aus, deren Daten abgeflossen sind.
---------------------------------------------
https://www.heise.de/-9318038.html
βββ Internationalen ErmittlungsbehΓΆrden gelingt Schlag gegen Ragnar Locker βββ
---------------------------------------------
Internationalen Ermittlern ist es gelungen, die Infrastruktur der bekannten Ransomware-Gruppierung Ragnar Locker zu zerschlagen.
---------------------------------------------
https://www.heise.de/-9340480.html
βββ Cisco IOS XE und die verschwundenen HintertΓΌren βββ
---------------------------------------------
Die Anzahl der offensichtlich kompromittierten GerΓ€te ist auch in Deutschland schlagartig gefallen, was wohl kaum an den gerade erschienenen Patches liegt.
---------------------------------------------
https://www.heise.de/-9341205.html
βββ New TetrisPhantom hackers steal data from secure USB drives on govt systems βββ
---------------------------------------------
A new sophisticated threat tracked as TetrisPhantom has been using compromised secure USB drives to target government systems in the Asia-Pacific region.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-tetrisphantom-hackers-stβ¦
βββ The outstanding stealth of Operation Triangulation βββ
---------------------------------------------
In this report Kaspersky shares insights into the validation components used in Operation Triangulation, TriangleDB implant post-compromise activity, as well as details of some additional modules.
---------------------------------------------
https://securelist.com/triangulation-validators-modules/110847/
βββ base64dump.py Handles More Encodings Than Just BASE64, (Sun, Oct 22nd) βββ
---------------------------------------------
My tool base64dump.py takes any input and searches for encoded data. By default, it searches for base64 encoding, but I implemented several encodings (like vaious hexadecimal formats)
---------------------------------------------
https://isc.sans.edu/diary/rss/30332
βββ How an AppleTV may take down your (#IPv6) network, (Mon, Oct 23rd) βββ
---------------------------------------------
I recently ran into an odd issue with IPv6 connectivity in my home network. During a lengthy outage, I decided to redo some of my network configurations. As part of this change, I also reorganized my IPv6 setup, relying more on DHCPv6 and less on router advertisements to configure IPv6 addresses. Overall, this worked well. My Macs had no issues connecting to IPv6. However, the Linux host I use to alert me of network connectivity issues could not "ping" the test host via IPv6.
---------------------------------------------
https://isc.sans.edu/diary/rss/30336
βββ Tampered OpenCart Authentication Aids Credit Card Skimming Attack βββ
---------------------------------------------
Using out of date software is the leading cause of website compromise, so keeping your environment patched and up to date is one of the most important responsibilities of a website administrator. Itβs not uncommon to employ the use of custom code on websites, and spend small fortunes on software developers to tailor their website just the way they want it. However, the usage of customised code can sometimes inadvertently lock a website administrator into using an out of date CMS installation long after its expiry date, particularly if they no longer have access to their old developer (or sufficient funds to hire a new one).
---------------------------------------------
https://blog.sucuri.net/2023/10/tampered-opencart-authentication-aids-crediβ¦
βββ Abusing gdb Features for Data Ingress & Egress βββ
---------------------------------------------
As of November 2019, elfutils supports debuginfod, a client/server protocol that enables debuggers (gdb) to fetch debugging symbols via HTTP/HTTPs from a user-specified remote server. This blog post will demonstrate how this feature of gdb can be abused to create data communication paths for data exfiltration and tool ingress.
---------------------------------------------
https://www.archcloudlabs.com/projects/debuginfod/
βββ Vorsicht vor Jobangeboten auf WhatsApp oder Telegram βββ
---------------------------------------------
Sie suchen gerade einen Job? Praktisch, wenn Sie gar nicht suchen mΓΌssen und Sie direkt auf WhatsApp oder Telegram einen Job angeboten bekommen. Dahinter stecken aber Kriminelle, die Ihnen z. B. einen βDatenoptimierungsjob mit mΓΆglichen Provisionenβ anbieten. Auf Plattformen wie privko.live oder depopnr.com verlieren Sie dann Ihr Geld!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-jobangeboten-auf-whatsaβ¦
βββ Important security update βββ
---------------------------------------------
Autodesk recently determined that an unauthorized third-party obtained access to portions of internal systems. Our findings show that sensitive data about our customers and their projects or products have not been compromised. We immediately took steps to contain the incident. Forensic analysis conducted by an independent, third party indicates that no customer operations or Autodesk products were disrupted due to this incident.
---------------------------------------------
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0020
βββ Kritische SicherheitslΓΌcke in Cisco IOS XE - aktiv ausgenΓΌtzt βββ
---------------------------------------------
Update: 23. Oktober 2023 Cisco hat fΓΌr einige der von der Schwachstelle betroffenen GerΓ€te Aktualisierungen verΓΆffentlicht, und weitere Updates angekΓΌndigt. Das Unternehmen aktualisiert die Liste an verfΓΌgbaren Patches auf einer dedizierten Seite laufend. Wenn das Management-WebInterface eines Cisco XE GerΓ€tes vor dem Einspielen des Updates offen im Netz erreichbar war, ist davon auszugehen, dass ein Angreifer dies ausgenutzt hat und zumindest neue Admin-Accounts angelegt hat. Damit ist die Installation von weiteren HintertΓΌren mΓΆglich, die - aus heutiger Sicht - nur mit einem Factory Reset / Neuinstallation von IOS XE umfassend entfernt werden kΓΆnnen
---------------------------------------------
https://cert.at/de/warnungen/2023/10/kritische-sicherheitslucke-in-cisco-ioβ¦
=====================
= Vulnerabilities =
=====================
βββ Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature βββ
---------------------------------------------
Version 1.4: Updated the summary to indicate the first fixes are available. Added specific fixed release information.
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisoβ¦
βββ Security updates for Monday βββ
---------------------------------------------
Security updates have been issued by Debian (krb5, redis, roundcube, ruby-rack, ruby-rmagick, zabbix, and zookeeper), Fedora (ansible-core, chromium, libvpx, mingw-xerces-c, python-asgiref, python-django, and vim), Mageia (cadence, kernel, kernel-linus, libxml2, nodejs, and shadow-utils), Oracle (nghttp2), Slackware (LibRaw), and SUSE (chromium, java-11-openjdk, nodejs18, python-Django, python-urllib3, and suse-module-tools).
---------------------------------------------
https://lwn.net/Articles/948522/
βββ Vulnerability in QUSBCam2 βββ
---------------------------------------------
An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute arbitrary commands via a network.
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-23-43
βββ IBM Security Bulletins βββ
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 19-10-2023 18:00 β Freitag 20-10-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
βββ Malvertising: Angreifer nutzen Punycode fΓΌr gefΓ€lschte Webseiten βββ
---------------------------------------------
Cyberkriminelle werben ΓΌber Google Ads etwa mit gefΓ€lschten KeePass-URLs mit Punycode-Zeichen. Die beworbene Seite liefert Malware aus.
---------------------------------------------
https://www.heise.de/-9339448.html
βββ SolarWinds behebt Codeschmuggel in Access Rights Manager βββ
---------------------------------------------
Die Software zur Verwaltung von Zugriffsberechtigungen hat unter anderem Fehler, die eine Rechteausweitung ermΓΆglichten. Admins sollten zΓΌgig handeln.
---------------------------------------------
https://www.heise.de/-9339437.html
βββ VMware dichtet hochriskante Lecks in Aria, Fusion und Workstation ab βββ
---------------------------------------------
VMware hat Updates fΓΌr VMNware Aria Operations for Logs, VMware Fusion sowie VMware Workstation verΓΆffentlicht. Sie schlieΓen teils hochriskante LΓΌcken.
---------------------------------------------
https://www.heise.de/-9339932.html
βββ IT-SicherheitsbehΓΆrden geben Tipps fΓΌr sichere Software und Phishing-PrΓ€vention βββ
---------------------------------------------
Die US-SicherheitsbehΓΆrde CISA verΓΆffentlicht mit internationalen Partnern je eine Handreichung zu sicherem Software-Entwurf und zur Phishing-PrΓ€vention.
---------------------------------------------
https://www.heise.de/-9339899.html
βββ Cybersicherheit ermΓΆglichen β BSI verΓΆffentlicht Checklisten fΓΌr Kommunen βββ
---------------------------------------------
Das BSI bietet Kommunen nun einen unkomplizierten und ressourcenschonenden Einstieg in den etablierten IT-Grundschutz des BSI.
---------------------------------------------
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse202β¦
βββ Fake Corsair job offers on LinkedIn push DarkGate malware βββ
---------------------------------------------
A threat actor is using fake LinkedIn posts and direct messages about a Facebook Ads specialist position at hardware maker Corsair to lure people into downloading info-stealing malware like DarkGate and RedLine.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-corsair-job-offers-on-lβ¦
βββ ExelaStealer: A New Low-Cost Cybercrime Weapon Emerges βββ
---------------------------------------------
A new information stealer named ExelaStealer has become the latest entrant to an already crowded landscape filled with various off-the-shelf malware designed to capture sensitive data from compromised Windows systems. "ExelaStealer is a largely open-source infostealer with paid customizations available from the threat actor," Fortinet FortiGuard Labs researcher James Slaughter said [...]
---------------------------------------------
https://thehackernews.com/2023/10/exelastealer-new-low-cost-cybercrime.html
βββ Ghost In The Wire, Sonic In The Wall - Adventures With SonicWall βββ
---------------------------------------------
Here at watchTowr, we just love attacking high-privilege devices [...]. A good example of these is the device class of βnext generationβ firewalls, which usually include VPN termination functionality (meaning theyβre Internet-accessible by network design). These devices patrol the border between the untrusted Internet and an organisationβs softer internal network, and so are a great place for attackers to elevate their status from βoutsidersβ to βtrusted usersβ.
---------------------------------------------
https://labs.watchtowr.com/ghost-in-the-wire-sonic-in-the-wall/
βββ VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs βββ
---------------------------------------------
Earlier this year we reported the technical details for VMSA-2023-0001 affecting VMware Aria Operations for Logs (formerly VMware vRealize Log Insight). [...] During the course of that investigation, we noticed the fix provided by VMware was not sufficient to stop a motivated attacker. We reported this new issue to VMware and it was fixed in VMSA-2023-0021. This post will discuss the technical details of CVE-2023-34051, an authentication bypass that allows remote code execution as root.
---------------------------------------------
https://www.horizon3.ai/vmware-aria-operations-for-logs-cve-2023-34051-techβ¦
βββ Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities βββ
---------------------------------------------
Hackers are using a leaked toolkit used to create do-it-yourself versions of the popular LockBit ransomware, making it easy for even amateur cybercriminals to target common vulnerabilities. The LockBit ransomware gang, which has attacked thousands of organizations across the world, had the toolkit leaked in September 2022 by a disgruntled affiliate.
---------------------------------------------
https://therecord.media/lockbit-knockoffs-proliferate-leaked-toolkit
βββ Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores βββ
---------------------------------------------
In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane.
---------------------------------------------
https://www.trendmicro.com/en_us/research/23/j/asn1-vulnerabilities-in-5g-cβ¦
=====================
= Vulnerabilities =
=====================
βββ Cisco IOS XE Software Web UI Privilege Escalation Vulnerability βββ
---------------------------------------------
Version 1.2: Added access list mitigation.
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisoβ¦
βββ Cisco IOS XE Software Web UI Command Injection Vulnerability βββ
---------------------------------------------
Version 1.1: Added information about active exploitation attempts.
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisoβ¦
βββ RT 5.0.5 Release Notes βββ
---------------------------------------------
RT 5.0.5 is now available for general use. The list of changes included with this release is below. In addition to a batch of updates, new features, and fixes, there are several important security updates provided in this release. See below for details.
---------------------------------------------
https://docs.bestpractical.com/release-notes/rt/5.0.5
βββ RT 4.4.7 Release Notes βββ
---------------------------------------------
RT 4.4.7 is now available for general use. The list of changes included with this release is below. In addition to a batch of updates, new features, and fixes, there are several important security updates provided in this release. See below for details.
---------------------------------------------
https://docs.bestpractical.com/release-notes/rt/4.4.7
βββ VMSA-2023-0022 βββ
---------------------------------------------
VMware Fusion and Workstation updates address privilege escalation and information disclosure vulnerabilities (CVE-2023-34044, CVE-2023-34045, CVE-2023-34046)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2023-0022.html
βββ VMSA-2023-0021 βββ
---------------------------------------------
VMware Aria Operations for Logs updates address multiple vulnerabilities. (CVE-2023-34051, CVE-2023-34052)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2023-0021.html
βββ Security updates for Friday βββ
---------------------------------------------
Security updates have been issued by Debian (linux-5.10 and webkit2gtk), Fedora (matrix-synapse and trafficserver), Mageia (chromium-browser-stable, ghostscript, libxpm, and ruby-RedCloth), Oracle (.NET 7.0, curl, dotnet7.0, galera, mariadb, go-toolset, golang, java-1.8.0-openjdk, and python-reportlab), Red Hat (php, php:8.0, tomcat, and varnish), Slackware (httpd), SUSE (bluetuith, grub2, kernel, rxvt-unicode, and suse-module-tools), and Ubuntu (dotnet6, dotnet7, dotnet8, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15,linux-nvidia, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive, linux, linux-aws, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-bluefield, linux-intel-iotg, linux-oem-6.1, linux-raspi, and mutt).
---------------------------------------------
https://lwn.net/Articles/948368/
βββ Kritische SicherheitslΓΌcke in Citrix NetScaler ADC und NetScaler Gateway - aktiv ausgenutzt - Updates verfΓΌgbar βββ
---------------------------------------------
Eine kritische Schwachstelle in Citrix/Netscaler ADC und Citrix Gateway erlaubt es unauthentifizierten Angreifer:innen, bestehende, authentifizierte Sessions zu ΓΌbernehmen. Diese Schwachstelle wird zumindest seit Ende August 2023 bei Angriffen gegen Ziele in verschiedenen Sektoren aktiv ausgenutzt.
---------------------------------------------
https://cert.at/de/warnungen/2023/10/kritische-sicherheitslucke-in-citrix-nβ¦
βββ Multiple vulnerabilities in ctrlX WR21 HMI βββ
---------------------------------------------
BOSCH-SA-175607: The operating system of the ctrlX WR21 HMI has several vulnerabilities when the Kiosk mode is used in conjunction with Google Chrome. In worst case, an attacker with physical access to the device might gain full root access without prior authentication by combining the exploitation of those vulnerabilities.
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-175607.html
βββ CVE-2023-38041 New client side release to address a privilege escalation on Windows user machines βββ
---------------------------------------------
A vulnerability exists on all versions of the Ivanti Secure Access Client Below 22.6R1 that would allow an unprivileged local user to gain unauthorized elevated privileges on the affected system.
---------------------------------------------
https://forums.ivanti.com/s/article/CVE-2023-38041-New-client-side-release-β¦
βββ Decision Optimization in IBM Cloud Pak for Data is affected by a vulnerability in Node.js semver package (CVE-2022-25883) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7056400
βββ Multiple vulnerabilities in IBM Semeru Runtime affect IBM ILOG CPLEX Optimization Studio (CVE-2023-21968, CVE-2023-21937, CVE-2023-21938) βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7056397
βββ Improper input validation may lead to a Denial of Service attack in web services with IBM CICS TX Standard and IBM CICS TX Advanced βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7056433
βββ IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to electron βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7056425
βββ Improper input validation may lead to a Denial of Service attack in web services with IBM TXSeries for Multiplatforms βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7056429
βββ IBM Integration Bus is vulnerable to a denial of service due to Eclipse Mosquitto βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7056456
βββ IBM App Connect Enterprise Toolkit and IBM Integration Bus Toolkit are vulnerable to a denial of service due to Okio GzipSource (CVE-2023-3635). βββ
---------------------------------------------
https://www.ibm.com/support/pages/node/7056518
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 18-10-2023 18:00 β Donnerstag 19-10-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
=====================
= News =
=====================
βββ Money-making scripts attack organizations βββ
---------------------------------------------
Cybercriminals attack government, law enforcement, non-profit organizations, agricultural and commercial companies by slipping a cryptominer, keylogger, and backdoor into their systems.
---------------------------------------------
https://securelist.com/miner-keylogger-backdoor-attack-b2b/110761/
βββ HasMySecretLeaked findet auf GitHub verΓΆffentlichte Secrets βββ
---------------------------------------------
Wer prΓΌfen mΓΆchte, ob seine Secrets auf GitHub geleakt sind, kann das kostenfreie Toolset von GitGuardian nutzen. Es soll dabei private Daten schΓΌtzen.
---------------------------------------------
https://www.heise.de/news/Security-Toolset-HasMySecretLeaked-sucht-auf-GitHβ¦
βββ Public Report β Caliptra Security Assessment βββ
---------------------------------------------
During August and September of 2023, Microsoft engaged NCC Group to conduct a security assessment of Caliptra v0.9. Caliptra is an open-source silicon IP block for datacenter-focused server-class ASICs.
---------------------------------------------
https://research.nccgroup.com/2023/10/18/public-report-caliptra-security-asβ¦
βββ Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 βββ
---------------------------------------------
The number of Cisco devices hacked via the CVE-2023-20198 zero-day has reached 40,000, including many in the US.
---------------------------------------------
https://www.securityweek.com/number-of-cisco-devices-hacked-via-unpatched-vβ¦
βββ Ein PayPal-Tonband ruft an? DrΓΌcken Sie nicht die 1! βββ
---------------------------------------------
Eine unbekannte Nummer erscheint am Smartphone-Bildschirm. Sie heben ab und eine Roboterstimme meldet sich im Namen PayPals. Angeblich soll Geld von Ihrem PayPal-Konto behoben werden. Um das zu verhindern, sollen Sie die Taste β1β drΓΌcken. Tun Sie dies nicht β Kriminelle versuchen, Ihnen dadurch Geld und Daten zu stehlen.
---------------------------------------------
https://www.watchlist-internet.at/news/ein-paypal-tonband-ruft-an-druecken-β¦
βββ Es cyberwart wieder. Oder so. βββ
---------------------------------------------
Wie schon zu Beginn des Krieges in der Ukraine vor inzwischen eineinhalb Jahren kam es auch kurz nach den Ereignissen, die am 07.10.2023 Israel erschΓΌttert haben, relativ schnell zu Berichten ΓΌber die mΓΆgliche Rolle von Cyberangriffen in diesem Konflikt.
---------------------------------------------
https://cert.at/de/blog/2023/10/es-cyberwart-wieder-oder-so
βββ Hackers Exploit QR Codes with QRLJacking for Malware Distribution βββ
---------------------------------------------
Researchers report a surge in QR code-related cyberattacks exploiting phishing and malware distribution, especially QRLJacking and Quishing attacks.
---------------------------------------------
https://www.hackread.com/hackers-exploit-qr-codes-qrljacking-malware/
βββ CISA, NSA, FBI, MS-ISAC Publish Guide on Preventing Phishing Intrusions βββ
---------------------------------------------
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC) today published βPhishing Guidance, Stopping the Attack Cycle at Phase Oneβ to help organizations reduce likelihood and impact of successful phishing attacks.
---------------------------------------------
https://www.cisa.gov/news-events/news/cisa-nsa-fbi-ms-isac-publish-guide-prβ¦
βββ Exploited SSH Servers Offered in the Dark web as Proxy Pools βββ
---------------------------------------------
Aqua Nautilus researchers have shed brighter light on a long-standing threat to SSH in the context of the cloud. More specifically, the threat actor harnessed our SSH server to be a slave proxy and pass traffic through it.
---------------------------------------------
https://blog.aquasec.com/threat-alert-exploited-ssh-servers-offered-in-the-β¦
=====================
= Vulnerabilities =
=====================
βββ Casio discloses data breach impacting customers in 149 countries βββ
---------------------------------------------
Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/casio-discloses-data-breach-β¦
βββ Sophos Firewall: PDF-Passwortschutz der SPX-Funktion umgehbar βββ
---------------------------------------------
Sophos verteilt aktualisierte Firmware fΓΌr die Firewalls. Im Secure PDF eXchange kΓΆnnen Angreifer den Schutz umgehen und unbefugt PDF-Dateien entschlΓΌsseln.
---------------------------------------------
https://www.heise.de/news/Sophos-Firewall-PDF-Passwortschutz-der-SPX-Funktiβ¦
βββ Security updates for Thursday βββ
---------------------------------------------
Security updates have been issued by Debian (node-babel), Fedora (moodle), Gentoo (mailutils), Oracle (go-toolset:ol8 and java-11-openjdk), Red Hat (ghostscript, grafana, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, nghttp2, nodejs:16, nodejs:18, and rhc-worker-script), SUSE (cni, cni-plugins, container-suseconnect, containerd, cups, exim, grub2, helm, libeconf, nodejs18, python3, runc, slurm, supportutils, and tomcat), and Ubuntu (glib2.0, openssl, and vips).
---------------------------------------------
https://lwn.net/Articles/948246/
βββ ZDI-23-1568: NI Measurement & Automation Explorer Stack-based Buffer Overflow Remote Code Execution Vulnerability βββ
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1568/
βββ ZDI-23-1567: SolarWinds Access Rights Manager OpenClientUpdateFile Directory Traversal Remote Code Execution Vulnerability βββ
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1567/
βββ ZDI-23-1566: SolarWinds Access Rights Manager GetParameterFormTemplateWithSelectionState Deserialization of Untrusted Data Remote Code Execution Vulnerability βββ
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1566/
βββ ZDI-23-1565: SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability βββ
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1565/
βββ ZDI-23-1564: SolarWinds Access Rights Manager createGlobalServerChannelInternal Deserialization of Untrusted Data Remote Code Execution Vulnerability βββ
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1564/
βββ ZDI-23-1563: SolarWinds Access Rights Manager ExecuteAction Deserialization of Untrusted Data Remote Code Execution Vulnerability βββ
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1563/
βββ ZDI-23-1562: SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability βββ
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1562/
βββ ZDI-23-1561: SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability βββ
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1561/
βββ ZDI-23-1560: SolarWinds Access Rights Manager IFormTemplate Deserialization of Untrusted Data Remote Code Execution Vulnerability βββ
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1560/
βββ Cisco Catalyst SD-WAN Manager Local File Inclusion Vulnerability βββ
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisoβ¦
βββ Technical Advisory β Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE-2023-24052) βββ
---------------------------------------------
https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerβ¦
βββ IBM Security Bulletins βββ
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily