===================== = End-of-Day report = =====================
Timeframe: Freitag 29-12-2023 18:00 − Dienstag 02-01-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer
===================== = News = =====================
∗∗∗ CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK ∗∗∗ --------------------------------------------- The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. --------------------------------------------- https://thehackernews.com/2023/12/cert-ua-uncovers-new-malware-wave.html
∗∗∗ Neue Lücke in altem E-Mail-Protokoll: SMTP smuggling ∗∗∗ --------------------------------------------- Sicherheitsforscher haben eine Schwäche im Simple Mail Transfer Protocol (SMTP) entdeckt. Sie hebt das Fälschen des Absenders auf ein neues Niveau. --------------------------------------------- https://www.heise.de/-9584467
∗∗∗ Ransomware: Fehler in Black-Basta-Programmierung ermöglicht Entschlüsselungstool ∗∗∗ --------------------------------------------- Unter bestimmten Bedingungen kann das kostenlose Entschlüsselungstool Black Basta Buster Opfern des Erpressungstrojaners Black Basta helfen. --------------------------------------------- https://www.heise.de/-9584846
∗∗∗ New DLL Search Order Hijacking Technique Targets WinSxS Folder ∗∗∗ --------------------------------------------- Attackers can abuse a new DLL search order hijacking technique to execute code in applications within the WinSxS folder. --------------------------------------------- https://www.securityweek.com/new-dll-search-order-hijacking-technique-target...
∗∗∗ Domain (in)security: the state of DMARC ∗∗∗ --------------------------------------------- This blog discusses the state of DMARC, the role that DMARC plays in email authentication, and why it should be a key component of your email security solution. --------------------------------------------- https://www.bitsight.com/blog/domain-insecurity-state-dmarc
===================== = Vulnerabilities = =====================
∗∗∗ Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise ∗∗∗ --------------------------------------------- In this post I describe the 18 vulnerabilities that I discovered in PandoraFMS Enterprise v7.0NG.767 available at https://pandorafms.com. PandoraFMS is an enterprise scale network monitoring and management application which provides systems administrators with a central ‘hub’ to monitor and manipulate the state of computers (agents) deployed across the network. --------------------------------------------- https://research.nccgroup.com/2024/01/02/technical-advisory-multiple-vulnera...
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ansible, asterisk, cjson, firefox-esr, kernel, libde265, libreoffice, libspreadsheet-parseexcel-perl, php-guzzlehttp-psr7, thunderbird, tinyxml, and xerces-c), Fedora (podman-tui, proftpd, python-asyncssh, squid, and xerces-c), Mageia (libssh and proftpd), and SUSE (deepin-compressor, gnutls, gstreamer, libreoffice, opera, proftpd, and python-pip). --------------------------------------------- https://lwn.net/Articles/956521/
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Gentoo (Joblib), Red Hat (firefox and thunderbird), SUSE (gstreamer-plugins-bad, libssh2_org, and webkit2gtk3), and Ubuntu (firefox and thunderbird). --------------------------------------------- https://lwn.net/Articles/956568/
∗∗∗ Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7103673
∗∗∗ Multiple vulnerabilities affect IBM Storage Scale Hadoop Connector ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7104389
∗∗∗ IBM Maximo Application Suite uses axios-0.25.0.tgz which is vulnerable to CVE-2023-45857 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7104391
∗∗∗ IBM Maximo Application Suite uses WebSphere Liberty which is vulnerable to CVE-2023-46158, CVE-2023-44483 and CVE-2023-44487 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7104390
∗∗∗ Vulnerabilities in Apache Ant affect IBM Operations Analytics - Log Analysis (CVE-2020-11023, CVE-2020-23064, CVE-2020-11022) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7104401
∗∗∗ Multiple vulnerabilities in Golang Go affect Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/7037900