[CERT-daily] Tageszusammenfassung - 21.08.2023

Daily end-of-shift report team at cert.at
Mon Aug 21 18:28:44 CEST 2023


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 18-08-2023 18:00 − Montag 21-08-2023 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ The Week in Ransomware - August 18th 2023 - LockBit on Thin Ice ∗∗∗
---------------------------------------------
While there was quite a bit of ransomware news this week, the highlighted story was the release of Jon DiMaggios third article in the Ransomware Diaries series, with the focus of this article on the LockBit ransomware operation.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-18th-2023-lockbit-on-thin-ice/


∗∗∗ WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams ∗∗∗
---------------------------------------------
Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker thats engineered to conduct tech support scams.The sophisticated traffic redirection scheme was first documented by Malwarebytes in January 2020, leveraging JavaScript embedded in compromised websites to perform anti-bot and web traffic filtering checks [..]
---------------------------------------------
https://thehackernews.com/2023/08/wooflocker-toolkit-hides-malicious.html


∗∗∗ How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes ∗∗∗
---------------------------------------------
>From a user’s perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you’re seeking. Unfortunately, few users understand the implications of the permissions they allow when they create a new OAuth grant, making it easy for malicious actors to manipulate employees into giving  away unintended access to corporate environments.
---------------------------------------------
https://thehackernews.com/2023/08/how-to-investigate-oauth-grant-for.html


∗∗∗ Journey into Windows Kernel Exploitation: The Basics ∗∗∗
---------------------------------------------
This blogpost embarks on the initial stages of kernel exploitation. The content serves as an introduction, leading to an imminent and comprehensive whitepaper centered around this subject matter. Through this, a foundation is laid for understanding how kernel drivers are developed, as well as basic understanding around key concepts that will be instrumental to comprehending the paper itself.
---------------------------------------------
https://blog.neuvik.com/journey-into-windows-kernel-exploitation-the-basics-fff72116ca33


∗∗∗ mTLS: When certificate authentication is done wrong ∗∗∗
---------------------------------------------
In this post, well deep dive into some interesting attacks on mTLS authentication. Well have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation, and information leakages.
---------------------------------------------
https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/


∗∗∗ ScienceLogic Dumpster Fire ∗∗∗
---------------------------------------------
In the last email correspondence with the vendor, nearly 9 months ago, the security director asserted that the vulnerabilities were addressed. However, they remained reluctant to proceed with CVE issuance. Considering the extensive duration that’s transpired, we opted to independently proceed with CVE issuance and disclosure. As a result, the vulnerabilities we identified are logged as CVE-2022-48580 through CVE-2022-48604.
---------------------------------------------
https://www.securifera.com/blog/2023/08/16/sciencelogic-dumpster-fire/


∗∗∗ Volatility Workbench: Empowering memory forensics investigations ∗∗∗
---------------------------------------------
Memory forensics plays a crucial role in digital investigations, allowing forensic analysts to extract valuable information from a computers volatile memory. Two popular tools in this field are Volatility Workbench and Volatility Framework. This article aims to compare and explore these tools, highlighting their features and differences to help investigators choose the right one for their needs.
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/volatility-workbench-empowering-memory-forensics-investigations


∗∗∗ Vorsicht vor Investment-Tipps aus Telegram-Gruppen ∗∗∗
---------------------------------------------
Zahlreiche Telegram-Gruppen wie „Didi Random“, „Glück liebt Geld“ oder „Geld-Leuchtturm“ versprechen schnellen Reichtum. In diesen Gruppen erhalten Sie angebliche Investmenttipps, Erfolgsgeschichten von Anleger:innen und Kontakte zu „Finanz-Gurus“, die Ihnen bei der Geldanlage helfen. Wenn Sie bei den empfohlenen Plattformen investieren, verlieren Sie viel Geld!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-investment-tipps-aus-telegram-gruppen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting (CVE-2023-40068) ∗∗∗
---------------------------------------------
Description: WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability (CWE-79).
Impact: An arbitrary script may be executed on the web browser of the user who is logging in to the product with the editor or higher privilege.
---------------------------------------------
https://jvn.jp/en/jp/JVN98946408/


∗∗∗ Multiple vulnerabilities in LuxCal Web Calendar ∗∗∗
---------------------------------------------
Impact:
- An arbitrary script may be executed on the web browser of the user who is using the product - CVE-2023-39543
- A remote attacker may execute arbitrary queries against the database and obtain or alter the information in it - CVE-2023-39939
---------------------------------------------
https://jvn.jp/en/jp/JVN04876736/


∗∗∗ CD_SVA_2023_3: Wibu Systems - CodeMeter Runtime - security vulnerability addressed ∗∗∗
---------------------------------------------
A report has been received for the following security vulnerability in the zenon software platform: CVE-2023-3935 Further details regarding the vulnerability, mitigation options and product fixes that may be available, can be found in [...]
---------------------------------------------
https://selfservice.copadata.com/portal/en/kb/articles/cd-sva-2023-3-wibu-systems-codemeter-runtime-security-vulnerabilties-addressed-17-8-2023


∗∗∗ CVE-2023-38035 - Vulnerability affecting Ivanti Sentry ∗∗∗
---------------------------------------------
A vulnerability has been discovered in Ivanti Sentry, formerly MobileIron Sentry. We have reported this as CVE-2023-38035. This vulnerability impacts all supported versions – Versions 9.18. 9.17 and 9.16. Older versions/releases are also at risk. This vulnerability does not affect other Ivanti products or solutions [..] While the issue has a high CVSS score, there is low risk of exploitation for customers who do not expose 8443 to the internet.
---------------------------------------------
https://www.ivanti.com/blog/cve-2023-38035-vulnerability-affecting-ivanti-sentry


∗∗∗ Update bereits ausgespielt: Kritische Lücke in WinRAR erlaubte Code-Ausführung ∗∗∗
---------------------------------------------
Das verbreitete Kompressionstool WinRAR besaß in älteren Versionen eine schwere Lücke, die beliebige Codeausführung erlaubte. Die aktuelle Version schließt sie.
---------------------------------------------
https://heise.de/-9268105


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (fastdds, flask, and kernel), Fedora (chromium, dotnet6.0, dotnet7.0, gerbv, java-1.8.0-openjdk, libreswan, procps-ng, and spectre-meltdown-checker), SUSE (chromium, kernel-firmware, krb5, opensuse-welcome, and python-mitmproxy), and Ubuntu (clamav, firefox, and vim).
---------------------------------------------
https://lwn.net/Articles/942311/


∗∗∗ GraphQL Java component is vulnerable to CVE-2023-28867 is used by IBM Maximo Application Suite ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028108


∗∗∗ Google Guava component is vulnerable to CVE-2023-2976 is used by IBM Maximo Application Suite ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028091


∗∗∗ Mutiple Vulnerabilties Affecting IBM Watson Machine Learning Accelerator ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028166


∗∗∗ IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to denial of service, availability, integrity, and confidentiality impacts due to multiple vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028168


∗∗∗ IBM Connect:Direct Web Services vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-2454) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028185


∗∗∗ A security vulnerability in Microsoft.NET affects IBM Robotic Process Automation and may result in a denial of service (CVE-2023-29331). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7026762

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list