[CERT-daily] Tageszusammenfassung - 10.07.2023

Mon Jul 10 18:55:58 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 07-07-2023 18:00 − Montag 10-07-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ 1,5 Millionen Installationen: Android-Malware im Google-Play-Store entdeckt ∗∗∗
---------------------------------------------
IT-Sicherheitsforscher haben zwei vermeintliche Dateimanager mit mehr als 1,5 Millionen Downloads im Google Play Store entdeckt. Es handelt sich um Spyware.
---------------------------------------------
https://heise.de/-9211287


∗∗∗ ARM-Grafikeinheit: Warnung vor Angriffen auf Sicherheitslücle in Treibern ∗∗∗
---------------------------------------------
Cyberkriminelle missbrauchen eine Sicherheitslücke in Treibern für ARMs Mali-Grafikeinheiten, um ihre Rechte auszuweiten oder Informationen abzugreifen.
---------------------------------------------
https://heise.de/-9211310


∗∗∗ BSI veröffentlicht Positionspapier zu Secured Applications for Mobile ∗∗∗
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik (BSI) veröffentlicht ein aktuelles Positionspapier zum Thema „Secured Applications for Mobile“ (SAM).
---------------------------------------------
https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/Secured_Applications_Mobile_230706.html


∗∗∗ PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability ∗∗∗
---------------------------------------------
PoC exploit has been published for a recently patched Ubiquiti EdgeRouter vulnerability leading to arbitrary code execution.
---------------------------------------------
https://www.securityweek.com/poc-exploit-published-for-recent-ubiquiti-edgerouter-vulnerability/


∗∗∗ Was tun, wenn Sie bei einem problematischen Online-Shop bestellt haben? ∗∗∗
---------------------------------------------
Ihre Bestellung entspricht nicht Ihren Erwartungen? Die Qualität ist minderwertig, das Produkt etwas vollkommen anderes oder einfach Schrott? Eine Rücksendung ist teuer und nur nach China möglich? Dann haben Sie in einem problematischen bzw. unseriösen Online-Shop bestellt. Wir zeigen Ihnen, was Sie tun können.
---------------------------------------------
https://www.watchlist-internet.at/news/was-tun-wenn-sie-bei-einem-problematischen-online-shop-bestellt-haben/


∗∗∗ Vorsicht: ‘Big Head’ Ransomware zeigt "Windows Update"-Benachrichtigung an ∗∗∗
---------------------------------------------
Ich nehme das Thema mal hier zur Vorsicht im Blog mit auf, vielleicht bewahrt es Einzelne aus der Leserschaft vor einem fatalen Fehler. Eine Big Head genannte Ransomware-Familie nutzt einen neuen Trick, um potentielle Opfer zu übertölpeln.
---------------------------------------------
https://www.borncity.com/blog/2023/07/10/vorsicht-big-head-ransomware-zeigt-windows-update-benachrichtigung-an/


∗∗∗ Advanced Vishing Attack Campaign “LetsCall” Targets Andriod Users ∗∗∗
---------------------------------------------
In a newly detected muli-stage vishing campaign attackers are using an advanced toolset dubbed LetsCall, featuring strong evasion tactics.
---------------------------------------------
https://www.hackread.com/advanced-vishing-attack-letscall-andriod-users/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Ateme TITAN File 3.9 Job Callbacks SSRF File Enumeration ∗∗∗
---------------------------------------------
Authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the Titan File video transcoding software. The application parses user supplied data in the job callback url GET parameter. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP/DNS/File request to an arbitrary destination.
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5781.php


∗∗∗ SSD Advisory – EdgeRouters and AirCube miniupnpd Heap Overflow ∗∗∗
---------------------------------------------
A vulnerability in EdgeRouters’s and AirCube’s miniupnpd allows LAN attackers to cause the service to overflow an internal heap and potentially execute arbitrary code.
---------------------------------------------
https://ssd-disclosure.com/ssd-advisory-edgerouters-and-aircube-miniupnpd-heap-overflow/


∗∗∗ Codeschmuggel möglich: Hochriskante Sicherheitslücken in ArubaOS-Firmware ∗∗∗
---------------------------------------------
Die HPE-Tochter Aruba hat Aktualisierungen für die ArubaOS-Firmware veröffentlicht. Sie schließen hochriskante Sicherheitslücken, die Codeschmuggel erlauben.
---------------------------------------------
https://heise.de/-9211464


∗∗∗ Minecraft: Virtuelle Computer reißen Sicherheitslücken auf ∗∗∗
---------------------------------------------
In zwei Minecraft-Mods, die tatsächlich programmierbare Computer oder Roboter für das Spiel bereitstellen, klaffen kritische Sicherheitslücken.
---------------------------------------------
https://heise.de/-9211864


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, fusiondirectory, ocsinventory-server, php-cas, and thunderbird), Fedora (dav1d, perl-CPAN, and yt-dlp), Red Hat (python39:3.9 and python39-devel:3.9), Slackware (mozilla), SUSE (prometheus-ha_cluster_exporter and prometheus-sap_host_exporter), and Ubuntu (ghostscript, linux-azure, linux-intel-iotg, linux-intel-iotg-5.15, and ruby-doorkeeper).
---------------------------------------------
https://lwn.net/Articles/937803/


∗∗∗ Limited disclosure of 6 vulnerabilities in OSNexus Quantastor ∗∗∗
---------------------------------------------
The story of DIVD case DIVD-2021-00020 is a story that started more then 1.5 years ago, when DIVD researcher Wietse Boondsta discovered six vulnerabilities ( CVE-2021-42079, CVE-2021-42080, CVE-2021-42080, CVE-2021-42080, CVE-2021-42080, and CVE-2021-4066 ) in OSNexus Quantastor. As per our CNA policy we tried to contact the vendor and this was not a smooth ride. We started the process in November 2021 and it took us a lot of effort, and help from NCSC-NL and its US partners [...]
---------------------------------------------
https://csirt.divd.nl/2023/07/10/Limited-disclosure-OSNexus-vulnerabilities/


∗∗∗ Festo: Several vulnerabilities in FactoryViews ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-013/


∗∗∗ IBM Db2 JDBC driver is vulnerable to remote code execution. (CVE-2023-27869, CVE-2023-27867, CVE-2023-27868) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010029


∗∗∗ IBM Db2 has multiple denial of service vulnerablities with a specially crafted query ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010557


∗∗∗ IBM Db2 federated server is vulnerable to a denial of service when using a specially crafted wrapper using certain options. (CVE-2023-30442) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010561


∗∗∗ IBM Db2 db2set is vulnerable to arbitrary code execution. (CVE-2023-30431) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010565


∗∗∗ IBM Db2 is vulnerable to insufficient audit logging. (CVE-2023-23487) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010567


∗∗∗ IBM Db2 on Windows is vulnerable to privilege escalation. (CVE-2023-27558) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010571


∗∗∗ IBM Db2 is vulnerable to information disclosure due to improper privilege management when certain federation features are used. (CVE-2023-29256) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010573


∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2023-35890) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010577


∗∗∗ Multiple Vulnerabilities in IBM Runtime Environment Java Technology Edition affects WebSphere eXtreme Scale ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010585


∗∗∗ The IBM Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to GraphQL - CVE-2023-28867 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010655


∗∗∗ The IBM Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to spoofing - CVE-2022-39161 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010659


∗∗∗ The IBM Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to spoofing - CVE-2022-39161 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010665


∗∗∗ IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service due to [CVE-2023-25399] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010711


∗∗∗ A vulnerability in Apache Commons Code affects IBM Robotic Process Automation and may result in a disclosure of sensitive information. (IBM X-Force ID: 177834) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010725


∗∗∗ IBM Db2 JDBC driver is vulnerable to remote code execution. (CVE-2023-27869, CVE-2023-27867, CVE-2023-27868) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010029

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily