[CERT-daily] Tageszusammenfassung - 17.07.2023

Daily end-of-shift report team at cert.at
Mon Jul 17 18:08:13 CEST 2023 

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 14-07-2023 18:00 − Montag 17-07-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Meet NoEscape: Avaddon ransomware gangs likely successor ∗∗∗
---------------------------------------------
The new NoEscape ransomware operation is believed to be a rebrand of Avaddon, a ransomware gang that shut down and released its decryption keys in 2021.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/meet-noescape-avaddon-ransomware-gangs-likely-successor/


∗∗∗ Analysis of Storm-0558 techniques for unauthorized email access ∗∗∗
---------------------------------------------
Analysis of the techniques used by the threat actor tracked as Storm-0558 for obtaining unauthorized access to email data, tools, and unique infrastructure characteristics.
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/


∗∗∗ Xen Security Notice 1: winpvdrvbuild.xenproject.org potentially compromised ∗∗∗
---------------------------------------------
Software running on the Xen Project hosted subdomain winpvdrvbuild.xenproject.org is outdated and vulnerable to several CVEs. Some of the reported issues include remote code execution. [..] Since the list of CVEs reported include remote code execution we no longer have confidence that binaries previously available at https://xenbits.xen.org/pvdrivers/win/ are trustworthy. [..] A new set of drivers based on the current master branch and built on a trusted environment have been uploaded
---------------------------------------------
https://seclists.org/oss-sec/2023/q3/37


∗∗∗ Exploitation of ColdFusion Vulnerability Reported as Adobe Patches Another Critical Flaw ∗∗∗
---------------------------------------------
Adobe patches critical code execution vulnerability in ColdFusion for which a proof-of-concept (PoC) blog exists.
---------------------------------------------
https://www.securityweek.com/exploitation-of-coldfusion-vulnerability-reported-as-adobe-patches-another-critical-flaw/


∗∗∗ Last Minute Bikini-Shopping: Nicht in diesen Shops ∗∗∗
---------------------------------------------
Sind Sie auf der Suche nach Bademode? Dann werden Ihnen möglicherweise auch auf Facebook und Instagram Werbeanzeigen angezeigt. Wir sehen aktuell viele Werbeanzeigen von unseriösen Shops, die auf der Webseite zwar schöne Bademode präsentieren, aber minderwertige Ware versenden. Wir zeigen Ihnen, wo Sie lieber nicht bestellen sollen.
---------------------------------------------
https://www.watchlist-internet.at/news/last-minute-bikini-shopping-nicht-in-diesen-shops/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ AIOS WordPress Plugin Faces Backlash for Storing User Passwords in Plaintext ∗∗∗
---------------------------------------------
All-In-One Security (AIOS), a WordPress plugin installed on over one million sites, has issued a security update after a bug introduced in version 5.1.9 of the software caused users passwords being added to the database in plaintext format."A malicious site administrator (i.e. a user already logged into the site as an admin) could then have read them,"
---------------------------------------------
https://thehackernews.com/2023/07/aios-wordpress-plugin-faces-backlash.html


∗∗∗ Wireshark 4.0.7 Released, (Sat, Jul 15th) ∗∗∗
---------------------------------------------
Wireshark version 4.0.7 was released with 2 vulnerabilities and 22 bugs fixed.
---------------------------------------------
https://isc.sans.edu/diary/rss/30030


∗∗∗ PoC-Exploit verfügbar: Adobe legt Patch für Coldfusion nach ∗∗∗
---------------------------------------------
Kurz nach dem Juli-Patchday legt Adobe weitere Updates nach, um eine kritische Schwachstelle in Coldfusion abzudichten. PoC-Exploitcode wurde entdeckt.
---------------------------------------------
https://heise.de/-9217427


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gpac, iperf3, kanboard, kernel, and pypdf2), Fedora (ghostscript), SUSE (bind, bouncycastle, ghostscript, go1.19, go1.20, installation-images, kernel, mariadb, MozillaFirefox, MozillaFirefox-branding-SLE, php74, poppler, and python-Django), and Ubuntu (cups, linux-oem-6.1, and ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.1).
---------------------------------------------
https://lwn.net/Articles/938375/


∗∗∗ IBM InfoSphere Information Server is affected but not vulnerable to multiple vulnerabilities in Undertow ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7007051


∗∗∗ IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in snakeYAML ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6988677


∗∗∗ IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Framework [CVE-2023-2861, CVE-2023-20860] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6988683


∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to RubyGems commonmarker gem denial of service vulnerabilitiy [IBM X-Force ID: 252809] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012231


∗∗∗ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Framework denial of service vulnerabilitiy [CVE-2023-20863] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012235


∗∗∗ IBM InfoSphere Information Server is affected by a denial of service vulnerability in netplex json-smart-v2 (CVE-2023-1370) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6988679


∗∗∗ IBM InfoSphere Information Server is affected by a denial of service vulnerability in Apache Commons FileUpload and Tomcat (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7008447


∗∗∗ Watson CP4D Data Stores is vulnerable to SAP NetWeaver AS Java for Deploy Service information disclosure vulnerability ( CVE-2023-24527) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012297


∗∗∗ IBM i is vulnerable to an attacker executing CL commands due to an exploitation of DDM architecture (CVE-2023-30990) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7008573


∗∗∗ IBM InfoSphere Information Server is affected but not vulnerable to a vulnerability in jose.4j ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7007055


∗∗∗ IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Boot ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7008437


∗∗∗ IBM InfoSphere Information Server is affected by a vulnerability in Apache Cassandra (CVE-2023-30601) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003915


∗∗∗ IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache Tomcat (CVE-2023-28708, CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7007057


∗∗∗ IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2023-33857) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7007059


∗∗∗ IBM InfoSphere Information Server is affected by a vulnerability in Google Guava (CVE-2023-2976) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012025


∗∗∗ IBM InfoSphere Information Server is affected by multiple vulnerabilities in snappy-java ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7011483


∗∗∗ IBM Robotic Process Automation is vulnerable to client side validation bypass (CVE-2023-35901) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012317


∗∗∗ IBM Performance Tools for i is vulnerable to local privilege escalation (CVE-2023-30989) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012353


∗∗∗ IBM Facsimile Support for i is vulnerable to local privilege escalation (CVE-2023-30988) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012355


∗∗∗ IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2023-35898) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7009205


∗∗∗ IBM InfoSphere Information Server is affected by a vulnerability in Eclipse Jetty (CVE-2023-26048) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7008445


∗∗∗ Multiple vulnerabilities of Apache common collections (commons-collections-3.2.jar) have affected APM WebSphere Application Server Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012397


∗∗∗ Multiple Vulnerabilities in IBM Sterling Connect:Direct Browser User Interface due to Java and Eclipse ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012395


∗∗∗ Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012409


∗∗∗ A vulnerability in OpenStack Swift affects IBM Storage Scale environments with the S3 capability of Object protocol enabled (CVE-2022-47950) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012419


∗∗∗ Mulitple vulnerabilities in Dojo dojox repo may affect IBM Storage Scale ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012427


∗∗∗ Vulnerability in bottle-0.12.16 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2020-28473] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012387


∗∗∗ Vulnerability in paramiko-2.4.2-py2.py3 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2022-24302] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012433


∗∗∗ IBM i Modernization Engine for Lifecycle Integration is vulnerable to execution of arbitrary code on the system (CVE-2022-1471) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012437


∗∗∗ IBM Performance Tools for i is vulnerable to local privilege escalation (CVE-2023-30989) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012353


∗∗∗ IBM Facsimile Support for i is vulnerable to local privilege escalation (CVE-2023-30988) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7012355

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list