===================== = End-of-Day report = =====================
Timeframe: Dienstag 14-11-2023 18:00 − Mittwoch 15-11-2023 18:00 Handler: Thomas Pribitzer Co-Handler: n/a
===================== = News = =====================
∗∗∗ IPStorm botnet with 23,000 proxies for malicious traffic dismantled ∗∗∗ --------------------------------------------- The U.S. Department of Justive announced today that Federal Bureau of Investigation took down the network and infrastructure of a botnet proxy service called IPStorm. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ipstorm-botnet-with-23-000-pr...
∗∗∗ The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses ∗∗∗ --------------------------------------------- At Fox-IT (part of NCC Group) identifying servers that host nefarious activities is a critical aspect of our threat intelligence. One approach involves looking for anomalies in responses of HTTP servers. --------------------------------------------- https://blog.fox-it.com/2023/11/15/the-spelling-police-searching-for-malicio...
∗∗∗ #StopRansomware: Rhysida Ransomware ∗∗∗ --------------------------------------------- This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. --------------------------------------------- https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a
===================== = Vulnerabilities = =====================
∗∗∗ WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks ∗∗∗ --------------------------------------------- The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the sites database. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wp-fastest-cache-plugin-bug-e...
∗∗∗ Reptar: Intel-CPU-Schwachstelle ermöglicht Rechteausweitung und DoS ∗∗∗ --------------------------------------------- Entdeckt wurde die Schwachstelle von Google-Forschern. Sie basiert wohl auf der Art und Weise, wie Intel-CPUs redundante Präfixe verarbeiten. --------------------------------------------- https://www.golem.de/news/reptar-intel-cpu-schwachstelle-ermoeglicht-rechtea...
∗∗∗ Kein Patch verfügbar: VMware warnt vor kritischer Schwachstelle in Cloud Director ∗∗∗ --------------------------------------------- Die Schwachstelle ermöglicht es Angreifern, die Authentifizierung anfälliger VMware-Systeme zu umgehen und Schadcode einzuschleusen. --------------------------------------------- https://www.golem.de/news/kein-patch-verfuegbar-vmware-warnt-vor-kritischer-...
∗∗∗ Cloud-Schutzlösung: IBM Security Guardium vielfältig attackierbar ∗∗∗ --------------------------------------------- Die IBM-Entwickler haben viele Sicherheitslücken in verschiedenen Komponenten von Security Guardium geschlossen. --------------------------------------------- https://www.heise.de/news/Cloud-Schutzloesung-IBM-Security-Guardium-vielfael...
∗∗∗ CacheWarp: Loch in Hardware-Verschlüsselung von AMD-CPUs ∗∗∗ --------------------------------------------- Der jetzt vorgestellte CacheWarp-Angriff überwindet die RAM-Verschlüsselung, mit der AMD-Prozessoren Cloud-Instanzen voneinander abschotten wollen. --------------------------------------------- https://www.heise.de/news/CacheWarp-Loch-in-Hardware-Verschluesselung-von-AM...
∗∗∗ Patchday Adobe: Schadcode-Lücken in Acrobat, Photoshop & Co. geschlossen ∗∗∗ --------------------------------------------- Adobe hat Sicherheitsupdates für 15 Anwendungen veröffentlicht. Im schlimmsten Fall können Angreifer eigenen Code auf Systemen ausführen. --------------------------------------------- https://www.heise.de/news/Patchday-Adobe-Schadcode-Luecken-in-Acrobat-Photos...
∗∗∗ Patchday: SAP schließt eine kritische Sicherheitslücke ∗∗∗ --------------------------------------------- Der November-Patchday weicht vom gewohnten Umfang ab: Lediglich drei neue Sicherheitslücken behandelt SAP. --------------------------------------------- https://www.heise.de/news/Patchday-SAP-schliesst-eine-kritische-Sicherheitsl...
∗∗∗ Sicherheitsupdates: Access Points von Aruba sind verwundbar ∗∗∗ --------------------------------------------- Angreifer können Schadcode auf Acces Points von Aruba ausführen. Sicherheitspatches sind verfügbar. --------------------------------------------- https://www.heise.de/news/Sicherheitsupdates-Acces-Points-von-Aruba-sind-ver...
∗∗∗ Patchday: Intel patcht sich durch sein Produkportfolio ∗∗∗ --------------------------------------------- Angreifer können mehrere Komponenten von Intel attackieren. In vielen Fällen sind DoS-Attacken möglich. --------------------------------------------- https://www.heise.de/news/Patchday-Intel-patcht-sich-durch-sein-Produkportfo...
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libclamunrar and ruby-sanitize), Fedora (frr, roundcubemail, and webkitgtk), Mageia (freerdp and tomcat), Red Hat (avahi, bind, c-ares, cloud-init, container-tools:4.0, container-tools:rhel8, cups, dnsmasq, edk2, emacs, flatpak, fwupd, ghostscript, grafana, java-21-openjdk, kernel, kernel-rt, libfastjson, libmicrohttpd, libpq, librabbitmq, libreoffice, libreswan, libX11, linux-firmware, mod_auth_openidc:2.3, nodejs:20, opensc, perl-HTTP-Tiny, [...] --------------------------------------------- https://lwn.net/Articles/951480/
∗∗∗ November-Patchday: Microsoft schließt 63 Sicherheitslücken ∗∗∗ --------------------------------------------- Fünf Anfälligkeiten sind als kritisch eingestuft. Davon betroffen sind alle unterstützten Versionen von Windows. --------------------------------------------- https://www.zdnet.de/88412929/november-patchday-microsoft-schliesst-63-siche...
∗∗∗ QNX-2023-001 Vulnerability in QNX Networking Stack Impacts BlackBerry QNX Software Development Platform ∗∗∗ --------------------------------------------- https://support.blackberry.com/kb/articleDetail?language=en_US&articleNu...
∗∗∗ ZDI-23-1636: NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-23-1636/
∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/
∗∗∗ Citrix Hypervisor Security Bulletin for CVE-2023-23583 and CVE-2023-46835 ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX583037/citrix-hypervisor-security-bull...
∗∗∗ NVIDIA GPU Display Driver Advisory - October 2023 ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500588-NVIDIA-GPU-DISPLAY-DRIVE...
∗∗∗ NetApp SnapCenter Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500587-NETAPP-SNAPCENTER-PRIVIL...
∗∗∗ AMD Radeon Graphics Kernel Driver Privilege Management Vulnerability ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500586-AMD-RADEON-GRAPHICS-KERN...
∗∗∗ AMD Graphics Driver Vulnerabilities- November, 2023 ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500583-AMD-GRAPHICS-DRIVER-VULN...
∗∗∗ Intel Graphics Driver Advisory ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500584-INTEL-GRAPHICS-DRIVER-AD...
∗∗∗ Intel Rapid Storage Technology Software Advisory ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500585
∗∗∗ Multi-vendor BIOS Security Vulnerabilities (November 2023) ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500589-MULTI-VENDOR-BIOS-SECURI...
∗∗∗ Fortinet Releases Security Updates for FortiClient and FortiGate ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/alerts/2023/11/14/fortinet-releases-securit...
∗∗∗ K000137584 : Linux kernel vulnerability CVE-2023-1829 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000137584
∗∗∗ K000137582 : BIND vulnerability CVE-2023-3341 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000137582