[CERT-daily] Tageszusammenfassung - 23.06.2023

Fri Jun 23 18:41:50 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 22-06-2023 18:00 − Freitag 23-06-2023 18:00
Handler:     Robert Waldner
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Microsoft: Hackers hijack Linux systems using trojanized OpenSSH version ∗∗∗
---------------------------------------------
Microsoft says Internet-exposed Linux and Internet of Things (IoT) devices are being hijacked in brute-force attacks as part of a recently observed cryptojacking campaign.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-hackers-hijack-linux-systems-using-trojanized-openssh-version/


∗∗∗ NSA shares tips on blocking BlackLotus UEFI malware attacks ∗∗∗
---------------------------------------------
The U.S. National Security Agency (NSA) released today guidance on how to defend against BlackLotus UEFI bootkit malware attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/nsa-shares-tips-on-blocking-blacklotus-uefi-malware-attacks/


∗∗∗ Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware ∗∗∗
---------------------------------------------
A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID. Cybersecurity firm Deep Instinct is tracking the malware as PindOS, which contains the name in its "User-Agent" string. Both Bumblebee and IcedID serve as loaders, acting as a vector for other malware on compromised hosts, including ransomware.
---------------------------------------------
https://thehackernews.com/2023/06/powerful-javascript-dropper-pindos.html


∗∗∗ Security: RepoJacking auf GitHub betrifft auch große Firmen wie Google ∗∗∗
---------------------------------------------
Durch die Übernahme von Repositories hinter umbenannten Organisationen auf GitHub können Angreifer Schadcode verbreiten.
---------------------------------------------
https://heise.de/-9195575


∗∗∗ Fake-Umfrage im Namen der ÖBB im Umlauf! ∗∗∗
---------------------------------------------
Sie gehören zu den „500 glücklichen Kunden“, die von der ÖBB kontaktiert wurden, um an einer Umfrage teilzunehmen? Für das Ausfüllen der Umfrage erhalten Sie 55 Euro? Das klingt zwar verlockend, es handelt sich aber um Betrug. Nachdem Sie die Umfrage ausgefüllt haben, sollen Sie Ihre Kreditkartendaten angeben und eine Zahlung freigeben! Ignorieren Sie diese E-Mail daher.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-fake-umfrage-im-namen-der-oebb-im-umlauf/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Microsoft Teams: Sicherheitslücke lässt Malware von externen Konten durch ∗∗∗
---------------------------------------------
Eine Sicherheitslücke in Microsoft Teams erlaubt es Angreifern, Malware direkt in den internen Posteingang zu senden.
---------------------------------------------
https://www.golem.de/news/microsoft-teams-sicherheitsluecke-laesst-malware-von-externen-konten-durch-2306-175225.html


∗∗∗ Fortinet fixes critical FortiNAC RCE, install updates asap ∗∗∗
---------------------------------------------
Fortinet addressed a critical remote command execution vulnerability, tracked as CVE-2023-33299, affecting FortiNAC solution. FortiNAC is a network access control (NAC) solution designed by Fortinet that is used by organizations to secure and control access to networks by enforcing security policies, monitoring devices, and managing their access privileges.
---------------------------------------------
https://securityaffairs.com/147770/security/fortinet-fortinac-critical-flaw.html


∗∗∗ Role-based Access Control and Privilege Management in OpenEdge Management (OEM) and in OpenEdge Explorer (OEE) ∗∗∗
---------------------------------------------
Using a local or remote admin service, a logged-in OpenEdge Management (OEM) or OpenEdge Explorer (OEE) user could perform a URL injection attack to change identity or role membership. Only users that are already authorized members of OEM or OEE user roles were able to perform this exploit. [..] We have addressed the issue and updated the product for customers to remediate it.
---------------------------------------------
https://community.progress.com/s/article/Role-based-Access-Control-and-Privilege-Management-in-OEM


∗∗∗ Junos OS and Junos OS Evolved: A BGP session will flap upon receipt of a specific, optional transitive attribute (CVE-2023-0026) ∗∗∗
---------------------------------------------
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error.
---------------------------------------------
https://supportportal.juniper.net/s/article/2023-06-Out-of-Cycle-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-BGP-session-will-flap-upon-receipt-of-a-specific-optional-transitive-attribute-CVE-2023-0026?language=en_US


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (asterisk, lua5.3, and trafficserver), Fedora (tang and trafficserver), Oracle (.NET 7.0, c-ares, firefox, openssl, postgresql, python3, texlive, and thunderbird), Red Hat (python27:2.7 and python39:3.9 and python39-devel:3.9), Scientific Linux (c-ares), Slackware (cups), SUSE (cups, dav1d, google-cloud-sap-agent, java-1_8_0-openjdk, libX11, openssl-1_0_0, openssl-1_1, openssl-3, openvswitch, and python-sqlparse), and Ubuntu (cups, dotnet6, dotnet7, and openssl).
---------------------------------------------
https://lwn.net/Articles/936040/


∗∗∗ High-severity vulnerabilities patched in popular domain name software BIND ∗∗∗
---------------------------------------------
With the recently discovered vulnerabilities remote attackers could launch denial-of-service attacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory released Friday. BIND stands for Berkeley Internet Name Domain.
---------------------------------------------
https://therecord.media/bind-9-patches-internet-dns-vulnerabilities


∗∗∗ VMware schließt Schwachstellen in vCenter Server (22. Juni 2023) ∗∗∗
---------------------------------------------
Der Anbieter VMware hat Updates seiner vCenter-Server veröffentlicht, um gravierende (Einstufung als important) Schwachstellen (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895 und CVE-2023-20896) zu schließen.
---------------------------------------------
https://www.borncity.com/blog/2023/06/23/vmware-schliet-schwachstellen-in-vcenter-server-22-juni-2023/


∗∗∗ Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED] ∗∗∗
---------------------------------------------
Rapid7 has uncovered four issues in Fortra Globalscape EFT, the worst of which can lead to remote code execution.
---------------------------------------------
https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/


∗∗∗ FortiNAC - argument injection in XML interface on port tcp/5555 ∗∗∗
---------------------------------------------
https://fortiguard.fortinet.com/psirt/FG-IR-23-096


∗∗∗ FortiNAC - java untrusted object deserialization RCE ∗∗∗
---------------------------------------------
https://fortiguard.fortinet.com/psirt/FG-IR-23-074


∗∗∗ F5: K000135178 : OpenSSL vulnerability CVE-2023-2650 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000135178


∗∗∗ CISA Adds Five Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/06/23/cisa-adds-five-known-exploited-vulnerabilities-catalog


∗∗∗ Enphase Envoy ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-171-01


∗∗∗ Enphase Installer Toolkit Android App ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-171-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily