[CERT-daily] Tageszusammenfassung - 26.04.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 25-04-2023 18:00 − Mittwoch 26-04-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Never Connect to RDP Servers Over Untrusted Networks ∗∗∗
---------------------------------------------
In this article, we will demonstrate why connecting using the Remote Desktop Protocol (RDP) must be avoided on untrusted networks like in hotels, conferences, or public Wi-Fi. Protecting the connection with a VPN or a Remote Desktop Gateway is the only safe alternative.
---------------------------------------------
https://www.gosecure.net/blog/2023/04/26/never-connect-to-rdp-servers-over-untrusted-networks/


∗∗∗ So you think you can block Macros? ∗∗∗
---------------------------------------------
For the purpose of securing Microsoft Office installs we see many of our customers moving to a macro signing strategy. Furthermore, Microsoft is trying to battle macro malware by enforcing Mark-of-the-Web (MotW) control on macro-enabled documents. In this blog we will dive into some of the quirks of Microsoft Office macro security, various commonly used configuration options and their bypasses.
---------------------------------------------
https://outflank.nl/blog/2023/04/25/so-you-think-you-can-block-macros/


∗∗∗ Google Authenticator: Warnung - Backup der geheimen "Saat" im Klartext ∗∗∗
---------------------------------------------
Google spendierte dem Authenticator ein Backup der Geheimnisse, die zur Erstellung der Einmalpasswörter nötig sind. Google bekommt diese Daten aber im Klartext.
---------------------------------------------
https://heise.de/-8979932


∗∗∗ VMware Workstation und Fusion: Hersteller stopft kritische Zero-Day-Lücke ∗∗∗
---------------------------------------------
VMware stopft teils kritische Sicherheitslücken in Workstation und Fusion. Da sie auf der Pwn2Own-Konferenz vorgeführt wurden, handelt es sich um Zero-Days.
---------------------------------------------
https://heise.de/-8979106


∗∗∗ GuLoader returns with a rotten shipment ∗∗∗
---------------------------------------------
We take a look at a GuLoader campaign which comes bundled with an Italian language fake shipment email.
---------------------------------------------
https://www.malwarebytes.com/blog/news/2023/04/guloader-returns-with-a-rotten-shipment


∗∗∗ So bleiben Sie mit der Watchlist Internet am Laufenden! ∗∗∗
---------------------------------------------
Das Angebot der Watchlist Internet wächst stetig: Wir geben Ihnen einen Überblick, wie Sie mit uns in puncto Internetbetrug up to date bleiben, welche Angebote Sie wo finden und auf welchen Kanälen wir vertreten sind.
---------------------------------------------
https://www.watchlist-internet.at/news/so-bleiben-sie-mit-der-watchlist-internet-am-laufenden/


∗∗∗ Hacker greifen kritische Sicherheitslücke in Druckersoftware PaperCut an ∗∗∗
---------------------------------------------
Sie können die Kontrolle über einen PaperCut-Server übernehmen. Zudem steht nun auch Beispielcode für einen Exploit öffentlich zur Verfügung.
---------------------------------------------
https://www.zdnet.de/88408703/hacker-greifen-kritische-sicherheitsluecke-in-druckersoftware-papercut-an/


∗∗∗ Attackers Use Containers for Profit via TrafficStealer ∗∗∗
---------------------------------------------
We found TrafficStealer abusing open container APIs in order to redirect traffic to specific websites and manipulate engagement with ads.
---------------------------------------------
https://www.trendmicro.com/en_us/research/23/d/attackers-use-containers-for-profit-via-trafficstealer.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VMSA-2023-0008 ∗∗∗
---------------------------------------------
VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2023-0008.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (chromium, lilypond, and lilypond-doc), Oracle (java-1.8.0-openjdk), Red Hat (emacs, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, kernel-rt, pesign, and virt:rhel, virt-devel:rhel), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), Slackware (git), SUSE (fwupd, git, helm, and runc), and Ubuntu (firefox, golang-1.18, linux-hwe-5.15, and openssl, openssl1.0).
---------------------------------------------
https://lwn.net/Articles/930258/


∗∗∗ Insecure authentication in B420 legacy communication module ∗∗∗
---------------------------------------------
BOSCH-SA-341298-BT: An authentication vulnerability was found in the B420 Ethernet communication module from Bosch Security Systems. This is a legacy product which is currently obsolete and was announced to reach End on Life (EoL) on 2013. The B420 was last sold in July 2013 and was replaced by the B426. An EoL notice was provided to customers.
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-341298-bt.html


∗∗∗ Scada-LTS Third Party Component ∗∗∗
---------------------------------------------
Successful exploitation of this vulnerability could allow loss of sensitive information and execution of arbitrary code.
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-115-02


∗∗∗ Keysight N8844A Data Analytics Web Service ∗∗∗
---------------------------------------------
Successful exploitation of this vulnerability could lead to remote code execution.
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-115-01


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Security Advisory - Misinterpretation of Input Vulnerability in Huawei Printer ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-moivihp-73cabdde-en


∗∗∗ Security Advisory - Identity Authentication Bypass Vulnerability in Huawei HiLink AI Life Product ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-iabvihhalp-ea34d670-en


∗∗∗ Security Advisory - Misinterpretation of Input Vulnerability in Huawei Printer ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-moivihp-2f201af9-en


∗∗∗ Security Advisory - System Command Injection Vulnerability in a Huawei Printer Product ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-sciviahpp-6bcddec5-en

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily