[CERT-daily] Tageszusammenfassung - 02.06.2023

Fri Jun 2 18:11:21 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 01-06-2023 18:00 − Freitag 02-06-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Attackers use Python compiled bytecode to evade detection ∗∗∗
---------------------------------------------
Attackers who are targeting open-source package repositories like PyPI (Python Package Index) have devised a new technique for hiding their malicious code from security scanners, manual reviews, and other forms of security analysis. In one incident, researchers have found malware code hidden inside a Python bytecode (PYC) file that can be directly executed as opposed to source code files that get interpreted by the Python runtime.
---------------------------------------------
https://www.csoonline.com/article/3698472/attackers-use-python-compiled-bytecode-to-evade-detection.html


∗∗∗ Cybercriminals use legitimate websites to obfuscate malicious payloads ∗∗∗
---------------------------------------------
According to Egress, the evolving attack methodologies currently used by cybercriminals are designed to get through traditional perimeter security. “The evolution of phishing emails continues to pose a major threat to organizations, emphasizing the need to enhance defenses to prevent attacks,” said Jack Chapman, VP of Threat Intelligence, Egress.
---------------------------------------------
https://www.helpnetsecurity.com/2023/06/02/evolving-attack-methodologies/


∗∗∗ Authority Scam: Angebliche E-Mails der FCA sind Fake! ∗∗∗
---------------------------------------------
Kriminelle geben sich als Mitarbeiter:innen der britischen Finanzaufsichtsbehörde FCA aus und behaupten per E-Mail, dass eine „Online-Investitionsplattform“ geschlossen wurde. Nun gehe es darum die „rechtmäßigen Eigentümer der im Blockchain-Netzwerk eingefrorenen Vermögenswerte zu identifizieren“, so heißt es in der E-Mail.
---------------------------------------------
https://www.watchlist-internet.at/news/authority-scam-angebliche-e-mails-der-fca-sind-fake/


∗∗∗ Zyxel’s guidance for the recent attacks on the ZyWALL devices ∗∗∗
---------------------------------------------
Zyxel recently became aware of a cyberattack targeting our ZyWALL devices. These vulnerabilities already have patches - we took immediate action as soon as we become aware of them, and have released patches, as well as security advisories for CVE-2023-28771, CVE-2023-33009, and CVE-2023-33010.
---------------------------------------------
https://www.zyxel.com/global/en/support/security-advisories/zyxels-guidance-for-the-recent-attacks-on-the-zywall-devices


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
Published: 2023-06-01
Affected Vendor: Delta Electronics
ZDI ID: ZDI-23-781 bis ZDI-23-817
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/


∗∗∗ Sicherheitsupdates: Schwachstellen machen Schutzsoftware von Symantec angreifbar ∗∗∗
---------------------------------------------
Symantecs Entwickler haben in Advanced Secure Gateway und Content Analysis mehrere Sicherheitslücken geschlossen.
---------------------------------------------
https://heise.de/-9162943


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cups and netatalk), SUSE (cups, ImageMagick, installation-images, libvirt, openvswitch, and qemu), and Ubuntu (avahi, cups, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, linux, linux-aws, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-aws-5.4, linux-bluefield, linux-intel-iotg, and linux-intel-iotg-5.15). 
---------------------------------------------
https://lwn.net/Articles/933576/


∗∗∗ High-Severity Vulnerabilities Patched in Splunk Enterprise ∗∗∗
---------------------------------------------
Splunk has resolved multiple high-severity vulnerabilities in Splunk Enterprise, including bugs in third-party packages used by the product.The post High-Severity Vulnerabilities Patched in Splunk Enterprise appeared first on SecurityWeek.
---------------------------------------------
https://www.securityweek.com/high-severity-vulnerabilities-patched-in-splunk-enterprise/


∗∗∗ Kritische Sicherheitslücke in MOVEit Transfer - Updates verfügbar ∗∗∗
---------------------------------------------
In MOVEit Transfer existiert eine kritische Sicherheitslücke, die eine Rechteausweitung und potentiell unautorisierten Zugriff ermöglicht. Bis jetzt wurde die Lücke für Datendiebstahl ausgenutzt. Das volle Potential der Lücke ist jedoch noch nicht bekannt.
---------------------------------------------
https://cert.at/de/warnungen/2023/6/kritische-sicherheitslucke-in-moveit-transfer-patches-verfugbar


∗∗∗ IBM Edge Application Manager has a vulnerability listed in CVE 2023-28154. IBM has addressed this vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7000057


∗∗∗ Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7000903


∗∗∗ A vulnerability exists in the IBM\u00ae SDK, Java\u2122 Technology Edition affect IBM Tivoli Network Configuration Manager (CVE-2022-3676). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7000941


∗∗∗ A security vulnerability has been identified in embedded IBM WebSphere Application Server which is shipped with IBM Tivoli Netcool Configuration Manager (CVE-2023-23477) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7000959


∗∗∗ A vulnerability exists in the IBM\u00ae SDK, Java\u2122 Technology Edition affecting IBM Tivoli Network Configuration Manager (CVE-2023-30441). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7000969


∗∗∗ Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager - Includes Oracle January 2023 CPU (CVE-2023-21830, CVE-2023-21843) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7000991


∗∗∗ Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms - Includes Oracle January 2023 CPU (CVE-2023-21830, CVE-2023-21843) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7000989


∗∗∗ A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-32342) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7000993


∗∗∗ Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/888295


∗∗∗ Multiple vulnerabilities in IBM Java XML affect IBM Tivoli System Automation Application Manager deferred from Oracle Apr 2022 CPU (CVE-2022-21426) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7000997


∗∗∗ Apache commons fileupload vulnerability affect embedded Case Forms in IBM Business Automation Workflow and IBM Case Manager - CVE-2023-24998 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7001009

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily