[CERT-daily] Tageszusammenfassung - 05.06.2023
Daily end-of-shift report
team at cert.at
Mon Jun 5 18:42:31 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 02-06-2023 18:00 − Montag 05-06-2023 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ KeePass v2.54 fixes bug that leaked cleartext master password ∗∗∗
---------------------------------------------
KeePass has released version 2.54, fixing the CVE-2023-3278 vulnerability that allows the extraction of the cleartext master password from the applications memory.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/keepass-v254-fixes-bug-that-leaked-cleartext-master-password/
∗∗∗ Satacom delivers browser extension that steals cryptocurrency ∗∗∗
---------------------------------------------
A recent campaign by Satacom downloader is delivering a cryptocurrency-stealing extension for Chromium-based browsers, such as Chrome, Brave and Opera.
---------------------------------------------
https://securelist.com/satacom-delivers-cryptocurrency-stealing-browser-extension/109807/
∗∗∗ Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack ∗∗∗
---------------------------------------------
Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign thats designed to steal personally identifiable information (PII) and credit card data from e-commerce websites. A noteworthy aspect that sets it apart from other Magecart campaigns is that the hijacked sites further serve as "makeshift" command-and-control (C2) servers, using the cover to facilitate the distribution of malicious code without the knowledge of the victim sites.
---------------------------------------------
https://thehackernews.com/2023/06/magento-woocommerce-wordpress-and.html
∗∗∗ Storing Passwords - A Journey of Common Pitfalls ∗∗∗
---------------------------------------------
[..] we recently discovered a vulnerability in the web interface of STARFACE PBX allowing login using the password hash rather than the cleartext password (see advisory). We want to use this as an opportunity to discuss how we analyse such login mechanisms and talk about the misconceptions in security concepts that result in such pitfalls along the way.
---------------------------------------------
https://blog.redteam-pentesting.de/2023/storing-passwords/
∗∗∗ Big-Data-Unternehmen Splunk schließt teils kritische Sicherheitslücken ∗∗∗
---------------------------------------------
Der Big-Data-Spezialist Splunk korrigiert in der gleichnamigen Software zahlreiche Sicherheitslücken, die teils als kritisches Risiko eingestuft werden.
---------------------------------------------
https://heise.de/-9164194
∗∗∗ Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards ∗∗∗
---------------------------------------------
Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.
---------------------------------------------
https://www.securityweek.com/gigabyte-rolls-out-bios-updates-to-remove-backdoor-from-motherboards/
∗∗∗ Kriminelle missbrauchen Spenden-Funktion von PayPal ∗∗∗
---------------------------------------------
Aktuell beobachten wir, dass Fake-Shops PayPal-Zahlungen mit der Funktion „Geld spenden“ abwickeln. Brechen Sie die Zahlung sofort ab, wenn die PayPal-Zahlung nicht wie gewohnt abläuft, sondern als Spende bezeichnet wird! Wenn Sie mit der Funktion „Geld spenden“ bezahlen, entfällt der Käuferschutz und eine Rückerstattung ist nicht möglich. Schauen Sie genau, wie Ihre PayPal-Zahlung erfolgt!
---------------------------------------------
https://www.watchlist-internet.at/news/kriminelle-missbrauchen-spenden-funktion-von-paypal/
∗∗∗ Vice Society mit eigener Ransomware unterwegs ∗∗∗
---------------------------------------------
Ransomware-Gruppe führt immer wieder gezielte Angriffe auf Bildungseinrichtungen und Krankenhäuser durch.
---------------------------------------------
https://www.zdnet.de/88409649/vice-society-mit-eigener-ransomware-unterwegs/
∗∗∗ Trojaner Pikabot treibt sein Unwesen ∗∗∗
---------------------------------------------
Neue Malware-Familie setzt Anti-Analyse-Techniken ein und bietet Backdoor-Funktionen zum Laden von Shellcode und Ausführen zweistufiger Binärdateien.
---------------------------------------------
https://www.zdnet.de/88409646/trojaner-pikabot-treibt-sein-unwesen/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, cpio, mariadb-10.3, nbconvert, sofia-sip, and wireshark), Fedora (ImageMagick, mingw-python-requests, openssl, python3.6, texlive-base, and webkitgtk), Red Hat (apr-util, git, gnutls, kernel, kernel-rt, and kpatch-patch), Slackware (cups and ntp), and Ubuntu (linux-azure-fde, linux-azure-fde-5.15 and perl).
---------------------------------------------
https://lwn.net/Articles/933904/
∗∗∗ IBM Aspera Connect and IBM Aspera Cargo has addressed multiple vulnerabilities (CVE-2023-22862, CVE-2023-27285) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7001053
∗∗∗ Vulnerability in libexpat (CVE-2022-43680) affects Power HMC ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6985561
∗∗∗ Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for May 2023 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998727
∗∗∗ Multiple vulnerabilities may affect IBM® Semeru Runtime ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7001271
∗∗∗ There is a vulnerability in Apache SOAP used by IBM Maximo Asset Management (CVE-2022-40705) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959357
∗∗∗ There are several vulnerabilities in AntiSamy used by IBM Maximo Asset Management (CVE-2022-28367, CVE-2022-29577) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6966080
∗∗∗ There is a vulnerability in Prism used by IBM Maximo Asset Management (CVE-2022-23647) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959695
∗∗∗ IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7000021
∗∗∗ Multiple vulnerabilities in IBM® Java SDK and WebSphere Application Server Liberty profile affect IBM Business Automation Workflow containers ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7001287
∗∗∗ A vulnerability has been identified in IBM HTTP Server shipped with IBM Businses Automation Workflow (CVE-2023-32342) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7001289
∗∗∗ Cross-Site scripting vulnerability affect IBM Business Automation Workflow - CVE-2023-32339 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7001291
∗∗∗ Vulnerability in spring-expressions may affect IBM Business Automation Workflow - CVE-2023-20863 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7001295
∗∗∗ Multiple vulnerabilities in IBM Java XML affect IBM Tivoli System Automation for Multiplatforms deferred from Oracle Apr 2022 CPU (CVE-2022-21426) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7000999
∗∗∗ Multiple vulnerabilities in VMware Tanzu Spring Framework affect IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7001309
∗∗∗ There is a vulnerability in jQuery UI used by IBM Maximo Asset Management (CVE-2022-31160) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6966428
∗∗∗ There are several vulnerabilities with TinyMCE used by IBM Maximo Asset Management ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6966710
∗∗∗ IBM Maximo Asset Management is vulnerable to stored cross-site scripting (CVE-2022-35645) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959353
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list