[CERT-daily] Tageszusammenfassung - 04.07.2023

Tue Jul 4 18:10:21 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 03-07-2023 18:00 − Dienstag 04-07-2023 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors ∗∗∗
---------------------------------------------
The threat actors behind the DDoSia attack tool have come up with a new version that incorporates a new mechanism to retrieve the list of targets to be bombarded with junk HTTP requests in an attempt to bring them down.The updated variant, written in Golang, "implements an additional security mechanism to conceal the list of targets, which is transmitted from the [command-and-control] to the users," cybersecurity company Sekoia said in a technical write-up.
---------------------------------------------
https://thehackernews.com/2023/07/ddosia-attack-tool-evolves-with.html


∗∗∗ Hunting for Bitwarden master passwords stored in memory ∗∗∗
---------------------------------------------
A blog post on how I was able to identify unknown master passwords stored in the memory of the Bitwarden web extension and desktop client, after a vault has been locked. I also cover the decisions made for developing a proof of concept to automate the process of extracting potential passwords.
---------------------------------------------
https://redmaple.tech/blogs/2023/extract-bitwarden-vault-passwords/


∗∗∗ Achtung Fake-Shop: sharkos.de ∗∗∗
---------------------------------------------
Sharkos – „Ihr Experte für Garten, Pools und Haushalt“. Das sehen wir anders. Der Online-Shop sieht zwar vielversprechend aus, wenn Sie dort bestellen, bekommen Sie aber trotz Zahlung keine Ware. Wir zeigen Ihnen, wie Sie Fake-Shops erkennen.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-fake-shop-sharkosde/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Geräteverwaltung: hochriskante Schwachstelle in Ivanti Endpoint Manager ∗∗∗
---------------------------------------------
Eine Sicherheitslücke in der Geräte- und Softwareverwaltung von Ivanti für ChromeOS, Linux, macOS und Windows ermöglicht Angreifern aus dem Netz Codeschmuggel.
---------------------------------------------
https://heise.de/-9206574


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ghostscript), Fedora (apache-ivy, chromium, golang-github-schollz-croc, golang-github-schollz-mnemonicode, and webkitgtk), SUSE (amazon-ecs-init, dnsdist, libcap, python-tornado, terraform, and xmltooling), and Ubuntu (imagemagick, openldap, php7.4, php8.1, and screen).
---------------------------------------------
https://lwn.net/Articles/937292/


∗∗∗ CISA issues warning for cardiac device system vulnerability ∗∗∗
---------------------------------------------
The Cybersecurity and Infrastructure Security Agency (CISA) warned of a severe vulnerability in a cardiac device from medical device company Medtronic. The issue – tracked as CVE-2023-31222 – carries a “critical” CVSS score of 9.8 out of 10 and affects the company’s Paceart Optima software that runs on a healthcare organization’s Windows server.
---------------------------------------------
https://therecord.media/cisa-warning-for-cardiac-device-system-vulnerability


∗∗∗ Zyxel security advisory for buffer overflow vulnerability in 4G LTE and 5G NR outdoor routers ∗∗∗
---------------------------------------------
 A buffer overflow vulnerability in the CGI program of some Zyxel 4G LTE and 5G NR outdoor routers could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.  (CVE: CVE-2023-27989)
---------------------------------------------
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-4g-lte-and-5g-nr-outdoor-routers


∗∗∗ Security Vulnerabilities fixed in Thunderbird 102.13 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/


∗∗∗ Security Vulnerabilities fixed in Firefox ESR 102.13 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/


∗∗∗ Security Vulnerabilities fixed in Firefox 115 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/


∗∗∗ Vulnerability in the interface module SLC-0-GPNT00300 ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-894143.html


∗∗∗ Security Advisory for the FL MGUARD family of devices ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-833074.html


∗∗∗ IBM Integration Bus is vulnerable to a remote attack due to Apache Jena (CVE-2021-39239, CVE-2022-28890, CVE-2023-22665). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009371


∗∗∗ Vulnerability in Spring Framework affects IBM Process Mining [CVE-2016-1000027] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009383


∗∗∗ IBM Content Navigator is vulnerable to DoS due to Apache Commons FileUpload (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7002807


∗∗∗ Vulnerability in IBM SDK Java Technology affects IBM Cloud Pak System (CVE-2021-35561) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009441


∗∗∗ Vulnerabilities in OpenSSL affect Cloud Pak System (CVE-2021-23840, CVE-2021-23841) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7005857


∗∗∗ Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009457


∗∗∗ Vulnerability of Newtonsoft.Json-12.0.1.22727.dll has afftected to .NET Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009459


∗∗∗ Multiple CVEs may affect IBM\u00ae SDK, Java\u2122 Technology Edition shipped with IBM CICS TX Standard ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009483


∗∗∗ Multiple CVEs may affect IBM\u00ae SDK, Java\u2122 Technology Edition shipped with IBM CICS TX Advanced ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009485


∗∗∗ Multiple CVEs may affect IBM\u00ae SDK, Java\u2122 Technology Edition shipped with IBM TXSeries for Multiplatforms ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009487


∗∗∗ Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager. (CVE-2023-34396, CVE-2023-34149) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009497


∗∗∗ TADDM affected by multiple vulnerabilities due to IBM Java and its runtime ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009499

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily