[CERT-daily] Tageszusammenfassung - 14.07.2023
Daily end-of-shift report
team at cert.at
Fri Jul 14 18:44:00 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 13-07-2023 18:00 − Freitag 14-07-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ AVrecon malware infects 70,000 Linux routers to build botnet ∗∗∗
---------------------------------------------
Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/avrecon-malware-infects-70-000-linux-routers-to-build-botnet/
∗∗∗ WormGPT Cybercrime Tool Heralds an Era of AI Malware vs. AI Defenses ∗∗∗
---------------------------------------------
A black-hat alternative to GPT models specifically designed for malicious activities like BEC, malware, and phishing attacks is here, and will push organizations to level up with generative AI themselves.
---------------------------------------------
https://www.darkreading.com/attacks-breaches/wormgpt-heralds-an-era-of-using-ai-defenses-to-battle-ai-malware
∗∗∗ Security: Schwachstellen-Scanner für Google Go geht an den Start ∗∗∗
---------------------------------------------
Das Tool Govulncheck untersucht Go-Projekte auf bekannte Schwachstellen in den Dependencies. Eine Extension integriert die Überprüfung in Visual Studio Code.
---------------------------------------------
https://heise.de/-9216187
∗∗∗ Hackers Target Reddit Alternative Lemmy via Zero-Day Vulnerability ∗∗∗
---------------------------------------------
Several instances of the Reddit alternative Lemmy were hacked in recent days by attackers who had exploited a zero-day vulnerability.
---------------------------------------------
https://www.securityweek.com/hackers-target-reddit-alternative-lemmy-via-zero-day-vulnerability/
∗∗∗ Meta-Werbekonto gehackt? So handeln Sie richtig! ∗∗∗
---------------------------------------------
Ob Fake-Shop, betrügerische Trading-Plattform oder unseriöse Coaching-Angebote: Kriminelle nutzen Social Media, um unterschiedliche Betrugsmaschen zu bewerben. Häufig werden solche Anzeigen von Unternehmensseiten geschaltet, die mit dem beworbenen Produkt nichts zu tun haben. Manchmal sind es auch private Profile, von denen aus betrügerische Anzeigen verbreitet werden.
---------------------------------------------
https://www.watchlist-internet.at/news/meta-werbekonto-gehackt-so-handeln-sie-richtig/
∗∗∗ The danger within: 5 steps you can take to combat insider threats ∗∗∗
---------------------------------------------
Some threats may be closer than you think. Are security risks that originate from your own trusted employees on your radar?
---------------------------------------------
https://www.welivesecurity.com/2023/07/13/danger-within-5-steps-combat-insider-threats/
∗∗∗ What is session hijacking and how do you prevent it? ∗∗∗
---------------------------------------------
Attackers use session hijacking to take control of your sessions and impersonate you online. Discover how session hijacking works and how to protect yourself.
---------------------------------------------
https://www.emsisoft.com/en/blog/44071/what-is-session-hijacking-and-how-do-you-prevent-it/
∗∗∗ Attack Surface Management (ASM) – What You Need to Know ∗∗∗
---------------------------------------------
This is the third post in our series on technologies to test your organization’s resilience to cyberattacks. In this installment, we dive into attack surface management (ASM).
---------------------------------------------
https://www.safebreach.com/blog/attack-surface-management-asm-what-you-need-to-know/
∗∗∗ Old Blackmoon Trojan, NEW Monetization Approach ∗∗∗
---------------------------------------------
Rapid7 is tracking a new, more sophisticated and staged campaign using the Blackmoon trojan, which appears to have originated in November 2022.
---------------------------------------------
https://www.rapid7.com/blog/post/2023/07/13/old-blackmoon-trojan-new-monetization-approach/
∗∗∗ PenTales: Old Vulns, New Tricks ∗∗∗
---------------------------------------------
At Rapid7 we love a good pentest story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re going to share some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security.
---------------------------------------------
https://www.rapid7.com/blog/post/2023/07/13/pentales-old-vulns-new-tricks/
=====================
= Vulnerabilities =
=====================
∗∗∗ Groupware Zimbra: Zero-Day-Lücke macht manuelles Patchen nötig ∗∗∗
---------------------------------------------
Zimbra hat einen manuell anzuwendenden Patch veröffentlicht, der eine Zero-Day-Sicherheitslücke in der Groupware schließt.
---------------------------------------------
https://heise.de/-9216179
∗∗∗ ZDI-23-970: (0Day) Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-23-970/
∗∗∗ Security Advisory for Multiple Vulnerabilities on the ProSAFE® Network Management System, PSV-2023-0024 & PSV-2023-0025 ∗∗∗
---------------------------------------------
NETGEAR is aware of multiple security vulnerabilities on the NMS300. NETGEAR strongly recommends that you download the latest version as soon as possible.
---------------------------------------------
https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (lemonldap-ng and php-dompdf), Red Hat (.NET 6.0, .NET 7.0, firefox, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (ghostscript, installation-images, kernel, php7, python, and python-Django), and Ubuntu (linux-azure, linux-gcp, linux-ibm, linux-oracle, mozjs102, postgresql-9.5, and tiff).
---------------------------------------------
https://lwn.net/Articles/938233/
∗∗∗ CVE-2023-24936 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability ∗∗∗
---------------------------------------------
In the Security Updates table, added all supported versions of all supported versions of .NET Framework, Visual Studio 2022 version 17.0, Visual Studio 2022 version 17.2, and Visual Studio 2022 version 17.4 because these products are also affected by this vulnerability.
---------------------------------------------
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936
∗∗∗ CVE-2023-36883 Microsoft Edge for iOS Spoofing Vulnerability ∗∗∗
---------------------------------------------
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883
∗∗∗ CVE-2023-36887 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36887
∗∗∗ CVE-2023-36888 Microsoft Edge for Android (Chromium-based) Tampering Vulnerability ∗∗∗
---------------------------------------------
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36888
∗∗∗ There is a vulnerability in Apache Commons Net used by IBM Maximo Asset Management (CVE-2021-37533) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009539
∗∗∗ IBM InfoSphere Information Server is affected by multiple vulnerabilities in Progress DataDirect Connect for ODBC ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010743
∗∗∗ Multiple vulnerabilities in IBM Java SDK (April 2023) affect IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7007675
∗∗∗ Enterprise Content Management System Monitor is affected by a vulnerability in Oracle Java SE ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7011963
∗∗∗ IBM Security SOAR is using a component with multiple known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7011965
∗∗∗ CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7011975
∗∗∗ CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7011979
∗∗∗ Timing Oracle in RSA Decryption vulnerability might affect GSKit supplied with IBM TXSeries for Multiplatforms. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7010369
∗∗∗ CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7011977
∗∗∗ Vulnerability of Apache Thrift (libthrift-0.12.0.jar ) have affected APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003479
∗∗∗ Vulnerability of Google Gson (gson-2.8.2.jar ) have affected APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003477
∗∗∗ TADDM affected by multiple vulnerabilities due to IBM Java and its runtime ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009499
∗∗∗ InfoSphere Identity Insight is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012011
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list