[CERT-daily] Tageszusammenfassung - 13.07.2023
Daily end-of-shift report
team at cert.at
Thu Jul 13 19:38:17 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 12-07-2023 18:00 − Donnerstag 13-07-2023 18:00
Handler: Stephan Richter
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ Update fürs Update: Apple überholt letzte "Rapid Security Response" ∗∗∗
---------------------------------------------
Eigentlich sollte ein schneller Fix für den Safari-Browser für mehr Sicherheit sorgen. Aufgrund eines Fehlers musste Apple diesen nun neu auflegen.
---------------------------------------------
https://heise.de/-9214819
∗∗∗ Source code for BlackLotus Windows UEFI malware leaked on GitHub ∗∗∗
---------------------------------------------
The source code for the BlackLotus UEFI bootkit has leaked online, allowing greater insight into a malware that has caused great concern among the enterprise, governments, and the cybersecurity community.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/source-code-for-blacklotus-windows-uefi-malware-leaked-on-github/
∗∗∗ Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware ∗∗∗
---------------------------------------------
In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a "crafty" persistence method.
---------------------------------------------
https://thehackernews.com/2023/07/blog-post.html
∗∗∗ An introduction to the benefits and risks of Packet Sniffing ∗∗∗
---------------------------------------------
Packet sniffing is both a very beneficial and, sadly, a malicious technique used to capture and analyze data packets. It serves as a useful tool for network administrators to identify network issues and fix them. Meanwhile, threat actors use it for malicious purposes such as data theft and to distribute malware. Organizations need to be aware of the benefits and uses of packet sniffing while also implementing security controls to prevent malicious sniffing activity.
---------------------------------------------
https://www.tripwire.com/state-of-security/introduction-benefits-and-risks-packet-sniffing
∗∗∗ Popular WordPress Security Plugin Caught Logging Plaintext Passwords ∗∗∗
---------------------------------------------
The All-In-One Security (AIOS) WordPress plugin was found to be writing plaintext passwords to log files.
---------------------------------------------
https://www.securityweek.com/popular-wordpress-security-plugin-caught-logging-plaintext-passwords/
∗∗∗ CISA warns of dangerous Rockwell industrial bug being exploited by gov’t group ∗∗∗
---------------------------------------------
The Cybersecurity and Infrastructure Security Agency (CISA) warned on Wednesday of a vulnerability affecting industrial technology from Rockwell Automation that is being exploited by government hackers.
---------------------------------------------
https://therecord.media/cisa-warns-of-bug-affecting-rockwell
∗∗∗ Detecting BPFDoor Backdoor Variants Abusing BPF Filters ∗∗∗
---------------------------------------------
An analysis of advanced persistent threat (APT) group Red Menshen’s different variants of backdoor BPFDoor as it evolves since it was first documented in 2021.
---------------------------------------------
https://www.trendmicro.com/en_us/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.html
∗∗∗ A Deep Dive into Penetration Testing of macOS Applications (Part 1) ∗∗∗
---------------------------------------------
We created this blog to share our experience and provide a valuable resource for other security researchers and penetration testers facing similar challenges when testing macOS applications. This blog is the first part of an “A Deep Dive into Penetration Testing of macOS Applications” series. Part 1 is intended for penetration testers who may not have prior experience working with macOS.
---------------------------------------------
https://www.cyberark.com/resources/threat-research-blog/a-deep-dive-into-penetration-testing-of-macos-applications-part-1
∗∗∗ TeamTNT Reemerged with New Aggressive Cloud Campaign ∗∗∗
---------------------------------------------
In part one of this two-part blog series, titled "The Anatomy of Silentbobs Cloud Attack," we provided an overview of the preliminary stages of an aggressive botnet campaign that aimed at cloud native environments. This post will dive into the full extent of the campaign and provide a more comprehensive exploration of an extensive botnet infestation campaign.
---------------------------------------------
https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign
=====================
= Vulnerabilities =
=====================
∗∗∗ Ghostscript: Sicherheitslücke plagt Libreoffice, Gimp, Inkscape und Linux ∗∗∗
---------------------------------------------
Durch eine kritische Sicherheitslücke in Ghostscript können Angreifer auf unzähligen Rechnern schadhaften Code ausführen.
---------------------------------------------
https://www.golem.de/news/ghostscript-sicherheitsluecke-plagt-libreoffice-gimp-inkscape-und-linux-2307-175840.html
∗∗∗ Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-unauthapi-sphCLYPA
∗∗∗ Urgent Security Notice: SonicWall GMS/Analytics Impacted by suite of vulnerabilities ∗∗∗
---------------------------------------------
GMS/Analytics is remediating a suite of 15 security vulnerabilities, disclosed in a Coordinated Vulnerability Disclosure (CVD) report in conjunction with NCCGroup. This suite of vulnerabililtes, which was responsibility disclosed, includes four (4) vulnerabilities with a CVSSv3 rating of CRITICAL, that allows an attacker to bypass authentication and could potentially result in exposure of sensitive information to an unauthorized actor. SonicWall PSIRT is not aware of active exploitation [...]
---------------------------------------------
https://www.sonicwall.com/support/knowledge-base/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/
∗∗∗ Webkonferenzen: Zoom schließt mehrere Sicherheitslücken ∗∗∗
---------------------------------------------
Vor allem in Zoom Rooms und im Zoom Desktop-Client für Windows schlummern hochriskante Sicherheitslücken. Updates stehen bereit.
---------------------------------------------
https://heise.de/-9214929
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ruby-doorkeeper), Fedora (mingw-nsis and thunderbird), Red Hat (bind9.16, nodejs, nodejs:16, nodejs:18, python38:3.8 and python38-devel:3.8, and rh-nodejs14-nodejs), Slackware (krb5), SUSE (geoipupdate, installation-images, libqt5-qtbase, python-Django1, and skopeo), and Ubuntu (knot-resolver, lib3mf, linux, linux-aws, linux-kvm, linux-lowlatency, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-gcp, linux-ibm, linux-oracle, linux-azure-fde, linux-xilinx-zynqmp, and scipy).
---------------------------------------------
https://lwn.net/Articles/938108/
∗∗∗ Juniper Networks Patches High-Severity Vulnerabilities in Junos OS ∗∗∗
---------------------------------------------
Juniper Networks has patched multiple high-severity vulnerabilities in Junos OS, Junos OS Evolved, and Junos Space.
---------------------------------------------
https://www.securityweek.com/juniper-networks-patches-high-severity-vulnerabilities-in-junos-os/
∗∗∗ Microsoft Office Updates (11. Juli 2023) ∗∗∗
---------------------------------------------
Am 11. Juli 2023 (zweiter Dienstag im Monat, Microsoft Patchday) hat Microsoft mehrere sicherheitsrelevante Updates für noch unterstützte Microsoft Office Versionen und andere Produkte veröffentlicht. Mit dem April 2023-Patchday endete der Support für Office 2013 – aber es wurden auch im Juli noch Schwachstellen geschlossen. Nachfolgend finden Sie eine Übersicht über die verfügbaren Updates.
---------------------------------------------
https://www.borncity.com/blog/2023/07/13/microsoft-office-updates-11-juli-2023/
*** IBM Security Bulletins ***
---------------------------------------------
IBM SDK, IBM Db2, IBM Match 360, IBM Wattson, IBM Jazz Technology, IBM, Storage Protect, IBM WebSphere, IBM Storage Protect, IBM App Connect Enterprise, IBM Integration Bus, IBM i, IBM Event Streams and IBM Security Directory Integrator.
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
*** ZDI: Dassault Systèmes SolidWorks (CVE-2023-2763) ***
---------------------------------------------
ZDI-23-908 bis ZDI-23911
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/
∗∗∗ Drupal: Two-factor Authentication (TFA) - Critical - Access bypass - SA-CONTRIB-2023-030 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-030
∗∗∗ Rockwell Automation PowerMonitor 1000 ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-05
∗∗∗ Honeywell Experion PKS, LX and PlantCruise ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-06
∗∗∗ Case update: DIVD-2021-00020 - OSNexsus QuantaStor limited disclosure and product warning ∗∗∗
---------------------------------------------
https://csirt.divd.nl/cases/DIVD-2021-00020/
∗∗∗ CVE-2023-38046 PAN-OS: Read System Files and Resources During Configuration Commit (Severity: MEDIUM) ∗∗∗
---------------------------------------------
https://security.paloaltonetworks.com/CVE-2023-38046
∗∗∗ CISA Adds Two Known Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/07/13/cisa-adds-two-known-vulnerabilities-catalog
∗∗∗ BD Alaris System with Guardrails Suite MX ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-194-01
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list