[CERT-daily] Tageszusammenfassung - 08.03.2023
Daily end-of-shift report
team at cert.at
Wed Mar 8 18:44:59 CET 2023
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 07-03-2023 18:00 − Mittwoch 08-03-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ What is a Website Defacement? ∗∗∗
---------------------------------------------
Defacement is easily one the most obvious signs of a hacked website. In these attacks, bad actors gain unauthorized access to an environment and leave their mark through digital vandalism, altering its visual appearance or content in the process.
---------------------------------------------
https://blog.sucuri.net/2023/03/what-is-website-defacement.html
∗∗∗ Persistence – Event Log Online Help ∗∗∗
---------------------------------------------
Event viewer is a component of Microsoft Windows that displays information related to application, security, system and setup events. Even though that Event Viewer is used mainly for troubleshooting windows errors by administrators could be also used as a form a persistence during red team operations.
---------------------------------------------
https://pentestlab.blog/2023/03/07/persistence-event-log-online-help/
∗∗∗ „Lidl Frauentagsgeschenk“: Fake-Gewinnspiel zum Frauentag ∗∗∗
---------------------------------------------
Derzeit verbreiten WhatsApp-, Messenger- oder Viber-Nutzer:innen unwissentlich einen Link mit einem betrügerischen Gewinnspiel unter ihren Kontakten. Angeblich verlost die Supermarktkette „Lidl“ anlässlich des Frauentags am 8.März „viele Geldgeschenke“, wie es in der Nachricht heißt. Klicken Sie nicht auf den Link. Kriminelle versuchen Schadsoftware auf Ihrem Gerät zu installieren!
---------------------------------------------
https://www.watchlist-internet.at/news/lidl-frauentagsgeschenk-fake-gewinnspiel-zum-frauentag/
∗∗∗ GlobeImposter Ransomware Being Distributed with MedusaLocker via RDP ∗∗∗
---------------------------------------------
ASEC (AhnLab Security Emergency response Center) has recently discovered the active distribution of the GlobeImposter ransomware. This attack is being carried out by the threat actors behind MedusaLocker. While the specific route could not be ascertained, it is assumed that the ransomware is being distributed through RDP due to the various pieces of evidence gathered from the infection logs.
---------------------------------------------
https://asec.ahnlab.com/en/48940/
=====================
= Vulnerabilities =
=====================
∗∗∗ Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002) ∗∗∗
---------------------------------------------
Multiple versions of Mura CMS and Masa CMS contain an authentication bypass vulnerability that can allow an unauthenticated attacker to login as any Site Member or System User.
---------------------------------------------
https://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.html
∗∗∗ ABB Substation management unit COM600 IEC-104 protocol stack vulnerability ∗∗∗
---------------------------------------------
Hitachi Energy disclosed a vulnerability (CVE-2022-29492) that affects certain HE products. This vulnerability also affects the IEC 68070-5-104 (IEC-104) protocol stack of ABB Substation Management Unit COM600. Subsequently, a successful exploit could allow attackers to cause a denial-of-service attack against the COM600 product.
---------------------------------------------
https://web.apsis.one/wve/68c20aba-1b85-416f-bf3f-ce8b1779c260
∗∗∗ CorePlague: Severe Vulnerabilities in Jenkins Server Lead to RCE ∗∗∗
---------------------------------------------
Aqua Nautilus researchers have discovered a chain of vulnerabilities, dubbed CorePlague, in the widely used Jenkins Server and Update Center (CVE-2023-27898, CVE-2023-27905). Exploiting these vulnerabilities could allow an unauthenticated attacker to execute arbitrary code on the victims Jenkins server, potentially leading to a complete compromise of the Jenkins server.
---------------------------------------------
https://blog.aquasec.com/jenkins-server-vulnerabilities
∗∗∗ Problematische Sicherheitslücke in Apples GarageBand ∗∗∗
---------------------------------------------
Die kostenlose Musikproduktionssoftware von Apple lässt sich offenbar angreifen. Nutzer unter macOS sollten schnell aktualisieren.
---------------------------------------------
https://heise.de/-7538801
∗∗∗ Patchday: Fortinet dichtet 15 Schwachstellen ab, davon eine kritische ∗∗∗
---------------------------------------------
Der Patchday bei Fortinet bringt IT-Verantwortlichen Updates zum Schließen von 15 Sicherheitslücken. Eine davon ist kritisch und erlaubt Einschleusen von Code.
---------------------------------------------
https://heise.de/-7538910
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apr), Fedora (c-ares), Oracle (curl, kernel, pesign, samba, and zlib), Red Hat (curl, gnutls, kernel, kernel-rt, and pesign), Scientific Linux (kernel, pesign, samba, and zlib), SUSE (libX11, python-rsa, python3, python36, qemu, rubygem-rack, xorg-x11-server, and xwayland), and Ubuntu (libtpms, linux-ibm, linux-raspi, linux-raspi, python3.7, python3.8, and sofia-sip).
---------------------------------------------
https://lwn.net/Articles/925606/
IBM Security Bulletins 2023-03-08
---------------------------------------------
IBM Robotic Process Automation, IBM WebSphere, IBM MQ, Financial Transaction Manager, IBM VM Recovery Manager, IBM Aspera faspio Gateway, IBM Security Verify Bridge, IBM Spectrum Scale, IBM Security Guardium.
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
∗∗∗ Veeam fixt kritische Schwachstelle CVE-2023-27532 in Backup & Replication V11a/V12 ∗∗∗
---------------------------------------------
Kleiner Hinweis für Nutzer der Backup-Software des Herstellers Veeam. Dieser hat zum 7. März 2023 eine kritische Schwachstelle (CVE-2023-27532) in seinem Produkt Backup & Replication in den Versionen V11a/V12 per Update behoben.
---------------------------------------------
https://www.borncity.com/blog/2023/03/08/veeam-fixt-kritische-schwachstelle-cve-2023-27532-in-backup-replication-v11a-v12/
∗∗∗ Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN82424996/
∗∗∗ Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bfd-XmRescbT
∗∗∗ Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq
∗∗∗ [R1] Nessus Version 10.4.3 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2023-11
∗∗∗ [R1] Nessus Version 8.15.9 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2023-10
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list