[CERT-daily] Tageszusammenfassung - 31.07.2023
Daily end-of-shift report
team at cert.at
Mon Jul 31 18:46:01 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 28-07-2023 18:00 − Montag 31-07-2023 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Linux version of Abyss Locker ransomware targets VMware ESXi servers ∗∗∗
---------------------------------------------
The Abyss Locker operation is the latest to develop a Linux encryptor to target VMwares ESXi virtual machines platform in attacks on the enterprise.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/linux-version-of-abyss-locker-ransomware-targets-vmware-esxi-servers/
∗∗∗ Hackers exploit BleedingPipe RCE to target Minecraft servers, players ∗∗∗
---------------------------------------------
Hackers are actively exploiting a BleedingPipe remote code execution vulnerability in Minecraft mods to run malicious commands on servers and clients, allowing them to take control of the devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-exploit-bleedingpipe-rce-to-target-minecraft-servers-players/
∗∗∗ P2PInfect server botnet spreads using Redis replication feature ∗∗∗
---------------------------------------------
Threat actors are actively targeting exposed instances of the Redis open-source data store with a peer-to-peer self-replicating worm with versions for both Windows and Linux that the malware authors named P2Pinfect.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/p2pinfect-server-botnet-spreads-using-redis-replication-feature/
∗∗∗ Automatically Finding Prompt Injection Attacks ∗∗∗
---------------------------------------------
Researchers have just published a paper showing how to automate the discovery of prompt injection attacks.
---------------------------------------------
https://www.schneier.com/blog/archives/2023/07/automatically-finding-prompt-injection-attacks.html
∗∗∗ WordPress Vulnerability & Patch Roundup July 2023 ∗∗∗
---------------------------------------------
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.
---------------------------------------------
https://blog.sucuri.net/2023/07/wordpress-vulnerability-patch-roundup-july-2023.html
∗∗∗ AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service ∗∗∗
---------------------------------------------
More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office (SOHO) routers as part of a multi-year campaign active since at least May 2021.
---------------------------------------------
https://thehackernews.com/2023/07/avrecon-botnet-leveraging-compromised.html
∗∗∗ Apple iOS, Google Android Patch Zero-Days in July Security Updates ∗∗∗
---------------------------------------------
Plus: Mozilla fixes two high-severity bugs in Firefox, Citrix fixes a flaw that was used to attack a US-based critical infrastructure organization, and Oracle patches over 500 vulnerabilities.
---------------------------------------------
https://www.wired.com/story/apple-google-microsoft-zero-day-fix-july-2023/
∗∗∗ Exploiting the StackRot vulnerability ∗∗∗
---------------------------------------------
For those who are interested in the gory details of how the StackRot vulnerability works, Ruihan Li hasposted a detailedwriteup of the bug and how it can be exploited. As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger. However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period.
---------------------------------------------
https://lwn.net/Articles/939542/
∗∗∗ Sie verkaufen Ihr Auto? Vorsicht bei Abwicklung über Kurierdiensten oder Speditionen ∗∗∗
---------------------------------------------
Auf allen gängigen Verkaufsplattformen gibt es sie: betrügerische Anfragen. Die Person will Ihr Auto ohne Besichtigung und Preisverhandlung kaufen, schickt ungefragt eine Ausweiskopie und wirkt unkompliziert. Da die Person aber im Ausland ist und das Auto nicht abholen kann, beauftragt sie einen Kurierdienst. Spätestens jetzt sollten die Alarmglocken schrillen, denn es handelt sich um eine Betrugsmasche!
---------------------------------------------
https://www.watchlist-internet.at/news/sie-verkaufen-ihr-auto-vorsicht-bei-abwicklung-ueber-kurierdiensten-oder-speditionen/
∗∗∗ Windows UAC aushebeln ∗∗∗
---------------------------------------------
Gerade auf Twitter auf ein Projekt mit dem Namen Defeating Windows User Account Control gestoßen, wo jemand über Wege nachdenkt, die Benutzerkontensteuerung von Windows auszuhebeln. Er hat ein kleines Tool entwickelt, mit dem sich die Windows-Benutzerkontensteuerung durch Missbrauch der integrierten [...]
---------------------------------------------
https://www.borncity.com/blog/2023/07/29/windows-uac-aushebeln/
∗∗∗ CISA Releases Malware Analysis Reports on Barracuda Backdoors ∗∗∗
---------------------------------------------
CISA has published three malware analysis reports on malware variants associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. It was exploited as a zero day as early as October 2022 to gain access to ESG appliances.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/07/28/cisa-releases-malware-analysis-reports-barracuda-backdoors
=====================
= Vulnerabilities =
=====================
∗∗∗ CVE-2023-35081 - New Ivanti EPMM Vulnerability ∗∗∗
---------------------------------------------
During our thorough investigation of Ivanti Endpoint Manager Mobile (EPMM) vulnerability CVE-2023-35078 announced 23 July 2023, we have discovered additional vulnerabilities. We are reporting these vulnerabilities as CVE-2023-35081. As was the case with CVE-2023-35078, CVE-2023-35081 impacts all supported versions – Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk.
---------------------------------------------
https://www.ivanti.com/blog/cve-2023-35081-new-ivanti-epmm-vulnerability
∗∗∗ WAGO: Bluetooth LE vulnerability in WLAN-ETHERNET-Gateway ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-014/
∗∗∗ WAGO: Multiple products prone to multiple vulnerabilities in e!Runtime / CODESYS V3 Runtime ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-026/
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list