[CERT-daily] Tageszusammenfassung - 16.03.2023

Daily end-of-shift report team at cert.at
Thu Mar 16 20:12:55 CET 2023


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 15-03-2023 18:00 − Donnerstag 16-03-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ CVE-2023-23397 - der (interessante) Teufel steckt im Detail ∗∗∗
---------------------------------------------
Im Regelfall veröffentlichen wir zu Sicherheitslücken, die durch den Hersteller im Rahmen eines regulären Patchzyklus behoben werden, keine Warnung. Die Motivation dahinter ist, dass wir unsere Warnungen als Werkzeug betrachten, Informationen über kritische Schwachstellen mit entsprechender Urgenz an die jeweiligen Adressat:innen bringen wollen. Dementsprechend entscheiden wir relativ konservativ, wovor oder worüber wir warnen, um die Wirkung selbiger nicht zu verwässern. Aber, wie so oft, bestätigen Ausnahmen die Regel [...]
---------------------------------------------
https://cert.at/de/blog/2023/3/cve-2023-23397-der-teufel-steckt-im-detail


∗∗∗ CISA warns of Adobe ColdFusion bug exploited as a zero-day ∗∗∗
---------------------------------------------
CISA has added a critical vulnerability impacting Adobe ColdFusion versions 2021 and 2018 to its catalog of security bugs exploited in the wild.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cisa-warns-of-adobe-coldfusion-bug-exploited-as-a-zero-day/


∗∗∗ Winter Vivern APT hackers use fake antivirus scans to install malware ∗∗∗
---------------------------------------------
An advanced hacking group named Winter Vivern targets European government organizations and telecommunication service providers to conduct espionage.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/winter-vivern-apt-hackers-use-fake-antivirus-scans-to-install-malware/


∗∗∗ BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion ∗∗∗
---------------------------------------------
The ransomware group has already claimed 116 victim organizations so far on its site, and it continues to mature as a thriving cybercriminal business, researchers said.
---------------------------------------------
https://www.darkreading.com/risk/bianlian-ransomware-pivots-encryption-pure-data-theft-extortion


∗∗∗ Simple Shellcode Dissection, (Thu, Mar 16th) ∗∗∗
---------------------------------------------
Most people will never execute a suspicious program or “executable”. Also, most of them cannot be delivered directly via email. Most antispam and antivirus solutions block them. But, then, how could people be so easily infected? I’ll explain with the help of a file I found in a phishing campaign.
---------------------------------------------
https://isc.sans.edu/diary/rss/29642


∗∗∗ Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency ∗∗∗
---------------------------------------------
Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC).
---------------------------------------------
https://thehackernews.com/2023/03/multiple-hacker-groups-exploit-3-year.html


∗∗∗ SSRF Cross Protocol Redirect Bypass ∗∗∗
---------------------------------------------
Server Side Request Forgery (SSRF) is a fairly known vulnerability with established prevention methods. So imagine my surprise when I bypassed an SSRF mitigation during a routine retest. Even worse, I have bypassed a filter that we have recommended ourselves!
---------------------------------------------
https://blog.doyensec.com/2023/03/16/ssrf-remediation-bypass.html


∗∗∗ Falsche WhatsApp und Telegram Apps auf der Jagd nach Krypto‑Wallets ∗∗∗
---------------------------------------------
ESET-Forscher analysierten Android- und Windows-Clipper, die Sofortnachrichten manipulieren und OCR verwenden können, um Kryptowährungen zu stehlen.
---------------------------------------------
https://www.welivesecurity.com/deutsch/2023/03/16/falsche-whatsapp-und-telegram-apps-auf-der-jagd-nach-krypto-wallets/


∗∗∗ Bee-Ware of Trigona, An Emerging Ransomware Strain ∗∗∗
---------------------------------------------
Trigona ransomware is a relatively new strain that security researchers first discovered in late October 2022. By analyzing Trigona ransomware binaries and ransom notes obtained from VirusTotal, as well as information from Unit 42 incident response, we determined that Trigona was very active during December 2022, with at least 15 potential victims being compromised. Affected organizations are in the manufacturing, finance, construction, agriculture, marketing and high technology industries.
---------------------------------------------
https://unit42.paloaltonetworks.com/trigona-ransomware-update/


∗∗∗ DotRunpeX – demystifying new virtualized .NET injector used in the wild ∗∗∗
---------------------------------------------
ImplMap2x64dbgInvoke-DotRunpeXextractThe post DotRunpeX – demystifying new virtualized .NET injector used in the wild appeared first on Check Point Research.
---------------------------------------------
https://research.checkpoint.com/2023/dotrunpex-demystifying-new-virtualized-net-injector-used-in-the-wild/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Webkonferenzen: Hochriskante Lücken in Zoom ∗∗∗
---------------------------------------------
In der Online-Konferenzsoftware Zoom haben die Entwickler mehrere Schwachstellen geschlossen. Einige gelten als hochriskant und könnten Codeschmuggel erlauben.
---------------------------------------------
https://heise.de/-7547291


∗∗∗ Kritisches Leck in SSL-VPN-Gateway von Array Networks ∗∗∗
---------------------------------------------
Die SSL-VPN-Gateways von Array Networks haben eine kritische Sicherheitslücke. Angreifer könnten aus dem Netz ohne Authentifizierung Code einschleusen.
---------------------------------------------
https://heise.de/-7548009


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr and pcre2), Oracle (nss), Red Hat (kpatch-patch and nss), SUSE (java-11-openjdk, kernel, and python310), and Ubuntu (emacs24, ffmpeg, firefox, imagemagick, libphp-phpmailer, librecad, and openjpeg2).
---------------------------------------------
https://lwn.net/Articles/926289/


∗∗∗ Drupal core - Moderately critical - Access bypass - SA-CORE-2023-004 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-core-2023-004


∗∗∗ Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-003 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-core-2023-003


∗∗∗ Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-002 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-core-2023-002


∗∗∗ Responsive media Image Formatter - Critical - Unsupported - SA-CONTRIB-2023-011 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-011


∗∗∗ Media Responsive Thumbnail - Moderately critical - Information disclosure - SA-CONTRIB-2023-010 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-010


∗∗∗ Multiple vulnerabilities within OpenSSL and Node.js affect IBM App Connect Enterprise and IBM Integration Bus ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963634


∗∗∗ EBICs client of IBM Sterling B2B Integrator vulnerable to multiple issues due to Dojo Toolkit ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963652


∗∗∗ IBM HTTP Server is vulnerable to HTTP request splitting due to the included Apache HTTP Server (CVE-2023-25690) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963650


∗∗∗ IBM Watson Assistant for Cloud pak for Data is affected by vulnerabilities in Pallets Werkzeug . ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963668


∗∗∗ IBM Aspera Faspex can be vulnerable to improperly authorized password changes ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963662


∗∗∗ Security Vulnerabilities in moment, ansi-regex, Node.js, and minimatch may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2022-31129, CVE-2022-24785, CVE-2021-3807, CVE-2022-29244, CVE-2022-3517) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6955067


∗∗∗ Vulnerability in PyPI cryptography and Python may affect IBM Spectrum Protect Plus File Systems Agent (CVE-2023-23931, CVE-2023-0286, CVE-2023-24329) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957718


∗∗∗ Vulnerabilities in Linux Kernel may affect IBM Spectrum Protect Plus ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963936


∗∗∗ Multiple Vulnerabilities in Intel Firmware affect Cloud Pak System ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6611963


∗∗∗ CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Advanced ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963940


∗∗∗ CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Standard ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963942


∗∗∗ Vulnerabilities in Golang Go and Java SE might affect IBM Spectrum Copy Data Management (CVE-2022-41717, CVE-2023-21830, CVE-2023-21835, CVE-2023-21843) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6960739


∗∗∗ Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management (CVE-2022-2964, CVE-2022-2601, CVE-2020-36557) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6960747


∗∗∗ IBM Sterling B2B Integrator vulnerable to sensitive information exposure due to IBM MQ (CVE-2022-42436) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963954


∗∗∗ IBM Sterling Global Mailbox is vulnerable to denial of service due to WebSphere Liberty Server ( CVE-2022-3509, CVE-2022-3171) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963956


∗∗∗ IBM Sterling Global Mailbox is vulnerable to arbitrary command execution due to com.ibm.ws.org.apache.commons.collections (CVE-2015-7501) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963962


∗∗∗ IBM Sterling Global Mailbox is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963958


∗∗∗ IBM Sterling Global Mailbox is vulnerable to sensitive data exposure due to Apache CXF (CVE-2022-46363) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963960

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list