[CERT-daily] Tageszusammenfassung - 01.06.2023
Daily end-of-shift report
team at cert.at
Thu Jun 1 21:09:20 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 31-05-2023 18:00 − Donnerstag 01-06-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Terminator antivirus killer is a vulnerable Windows driver in disguise ∗∗∗
---------------------------------------------
A threat actor known as Spyboy is promoting a Windows defense evasion tool called "Terminator" [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/terminator-antivirus-killer-is-a-vulnerable-windows-driver-in-disguise/
∗∗∗ Exploit released for RCE flaw in popular ReportLab PDF library ∗∗∗
---------------------------------------------
A researcher has published a working exploit for a remote code execution (RCE) flaw impacting ReportLab, a popular Python library used by numerous projects to generate PDF files from HTML input.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/exploit-released-for-rce-flaw-in-popular-reportlab-pdf-library/
∗∗∗ Polizei warnt vor neuer Betrugsmasche mit NFC-Smartphone-Bezahlung ∗∗∗
---------------------------------------------
Kriminellen ist es gelungen, Bankkarten der Opfer auf ihre Handys zu laden. Anschließend wurde kräftig eingekauft und Konten leergeräumt.
---------------------------------------------
https://futurezone.at/digital-life/betrug-phishing-mobile-payment-nfc-smartphone-bezahlung-fake-website/402470321
∗∗∗ Serious Security: That KeePass “master password crack”, and what we can learn from it ∗∗∗
---------------------------------------------
Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Dont panic.)
---------------------------------------------
https://nakedsecurity.sophos.com/2023/05/31/serious-security-that-keepass-master-password-crack-and-what-we-can-learn-from-it/
∗∗∗ XSS vulnerability in the ASP.NET application: examining CVE-2023-24322 in mojoPortal CMS ∗∗∗
---------------------------------------------
In this article, we will thoroughly examine the XSS vulnerability in a CMS written in C#. Lets recall the theory, figure out how the security defect looks from a users perspective and in code, and also practice writing exploits.
---------------------------------------------
https://pvs-studio.com/en/blog/posts/csharp/1054/
∗∗∗ Angriff auf iPhones: Kaspersky macht ausgeklügelte Attacke publik ∗∗∗
---------------------------------------------
Kaspersky hat nach eigenen Angaben in iPhone-Backups Spuren eines komplexen Angriffs entdeckt. Gegenwehr sei nur mit rabiaten Mitteln möglich.
---------------------------------------------
https://heise.de/-9159301
∗∗∗ STARFACE: Authentication with Password Hash Possible ∗∗∗
---------------------------------------------
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an applications database generally has become best practice to protect users passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.
---------------------------------------------
https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-004/
∗∗∗ Malware Spotlight: Camaro Dragon’s TinyNote Backdoor ∗∗∗
---------------------------------------------
In this report, we analyze another previously undisclosed backdoor associated with this cluster of activity which shares with it not only a common infrastructure but also the same high-level intelligence-gathering goal.
---------------------------------------------
https://research.checkpoint.com/2023/malware-spotlight-camaro-dragons-tinynote-backdoor/
=====================
= Vulnerabilities =
=====================
∗∗∗ Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability ∗∗∗
---------------------------------------------
Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.
---------------------------------------------
https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/
∗∗∗ Unified Automation: New UaGateway V1.5.14 Service Release ∗∗∗
---------------------------------------------
This version contains security bug fixes including improvements in KeyUsage check.
---------------------------------------------
https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt
∗∗∗ (0Day) Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write/Pointer Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
Published: 2023-05-31
Affected Vendor: Fatek Automation
ZDI ID: ZDI-23-760 bis ZDI-23-771
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/
∗∗∗ (0Day) VIPRE Antivirus Plus ∗∗∗
---------------------------------------------
Published: 2023-05-31
Affected Vendor:
VIPRE
ZDI ID: ZDI-23-755 bis ZDI-23-759
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM App Connect, IBM Business Automation Manager Open Editions, IBM Business Automation Workflow, IBM Control Desk, IBM Maximo, IBM Edge Application Manager, IBM MQ, IBM Spectrum Protect Plus, IBM Control Desk, IBM Data Risk Manager, Tivoli, Hardware Management Console, IBM Cloud Pak, IBM Power Systems, IBM Security Directory Server, WebSphere Application Server, Rational Developer for i, IBM Security Guardium
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libwebp, openssl, sssd, and texlive-bin), Fedora (bitcoin-core, editorconfig, edk2, mod_auth_openidc, pypy, pypy3.9, python3.10, and python3.8), Red Hat (kernel, openssl, pcs, pki-core:10.6, and qatzip), SUSE (chromium, ImageMagick, openssl-1_1, and tiff), and Ubuntu (cups, libvirt, and linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-hwe-5.19, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi).
---------------------------------------------
https://lwn.net/Articles/933465/
∗∗∗ AddToAny Share Buttons - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-019 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-019
∗∗∗ AddToAny Share Buttons - Moderately critical - Access bypass - SA-CONTRIB-2023-018 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-018
∗∗∗ Consent Popup - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-017 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-017
∗∗∗ Iubenda Integration - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-016 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-016
∗∗∗ Advantech WebAccess/SCADA ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01
∗∗∗ HID Global SAFE ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-02
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list