[CERT-daily] Tageszusammenfassung - 30.03.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 29-03-2023 18:00 − Donnerstag 30-03-2023 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Cyberkriminelle versenden Schadsoftware im Namen von DocuSign ∗∗∗
---------------------------------------------
Elektronische Signaturdienste wie DocuSign sind spätestens seit der Covid19-Pandemie beliebt, um Verträge oder andere Dokumente zeitsparend und unkompliziert zu unterzeichnen. Ein Trend, der auch von Betrüger:innen aufgegriffen wird: So geben sich Cyberkriminelle per E-Mail als DocuSign aus, um Schadsoftware zu verbreiten.
---------------------------------------------
https://www.watchlist-internet.at/news/cyberkriminelle-versenden-schadsoftware-im-namen-von-docusign/


∗∗∗ Internationaler Monat zur Betrugsbekämpfung: Vorsicht vor Dark Patterns ∗∗∗
---------------------------------------------
Im März 2023 jährt sich der internationale Monat zur Betrugsbekämpfung („ICPEN Fraud Prevention Month"). Das diesjährige Schwerpunktthema ist Dark Patterns. Dark Patterns sind irreführende Designelemente und Webseiten-Gestaltungen, die versuchen User:innen zu verleiten Entscheidungen zu treffen, die nicht in Ihrem besten Interesse liegen. Was Dark Patterns sind, wie Sie diese erkennen und sich am besten schützen, erfahren Sie hier!
---------------------------------------------
https://www.watchlist-internet.at/news/fraud-prevention-month-vorsicht-vor-dark-patterns/


∗∗∗ EDR Product Analysis of an Infostealer ∗∗∗
---------------------------------------------
As mentioned in the report, an Infostealer is being distributed through various platforms, and the leaked information is causing both direct and indirect harm to users. Understanding what information has been stolen and where it is being sent is crucial in order to minimize the damage caused by an Infostealer
---------------------------------------------
https://asec.ahnlab.com/en/50685/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ QNAP warns customers to patch Linux Sudo flaw in NAS devices ∗∗∗
---------------------------------------------
Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage (NAS) devices against a high-severity Sudo privilege escalation vulnerability.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/qnap-warns-customers-to-patch-linux-sudo-flaw-in-nas-devices/


∗∗∗ Xray Audit - Moderately critical - Cross site scripting - SA-CONTRIB-2023-012 ∗∗∗
---------------------------------------------
Security risk: Moderately critical
Description: This module is a tool for developers, analysts, and administrators that allows them to generate reports on a given Drupal installation.The module does not sufficiently sanitize some data presented in its reports.
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-012


∗∗∗ CVE-2022-37734: graphql-java Denial-of-Service ∗∗∗
---------------------------------------------
graphql-java is the most popular GraphQL server written in Java. It was found to be vulnerable to DoS attacks through the directive overload. [..] The vulnerability was fixed in two stages. The first fix introduced a security control, whereas the second one targeted the root cause. The first fix is presented in the versions of graphql-java 19.0 and later, 18.3, and 17.4. The second fix has been applied in the version 20.1 [..]
---------------------------------------------
https://checkmarx.com/blog/cve-2022-37734-graphql-java-denial-of-service/


∗∗∗ Vulnerability Spotlight: SNIProxy contains remote code execution vulnerability (CVE-2023-25076) ∗∗∗
---------------------------------------------
Talos discovered a remote code execution vulnerability that exists if the user is utilizing wildcard backend hosts when configuring SNIProxy. An attacker could exploit this vulnerability by sending a specially crafted HTTP, TLS or DTLS packet to the target machine, potentially causing a denial of service or gaining the ability to execute remote code. Cisco Talos worked with the managers of SNIProxy to ensure that these issues are resolved and an update is available [..]
---------------------------------------------
https://blog.talosintelligence.com/vulnerability-spotlight-sniproxy-contains-remote-code-execution-vulnerability/


∗∗∗ X.org vulnerability and releases (CVE-2023-1393) ∗∗∗
---------------------------------------------
The X.Org project has announced a vulnerability in its X server and Xwayland. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. [..] That has led to the release of xorg-server 21.1.8, xwayland 22.1.9, and xwayland 23.1.1.
---------------------------------------------
https://lwn.net/Articles/927887/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (xorg-server and xrdp), Fedora (mingw-python-certifi, mingw-python3, mingw-zstd, moodle, python-cairosvg, python-markdown-it-py, redis, xorg-x11-server, and yarnpkg), Slackware (mozilla and xorg), SUSE (grub2, ldb, samba, libmicrohttpd, python-Werkzeug, rubygem-rack, samba, sudo, testng, tomcat, webkit2gtk3, xorg-x11-server, xstream, and zstd), and Ubuntu (linux, linux-aws, linux-dell300x, linux-kvm, linux-oracle, linux-raspi2, linux-aws-5.4, linux-azure-5.4, linux-gcp- linux-ibm-5.4, linux-oracle-5.4, linux-raspi-5.4, linux-gke, linux-gke-5.15, linux-ibm, linux-kvm, php-nette, and xorg-server, xorg-server-hwe-18.04, xwayland).
---------------------------------------------
https://lwn.net/Articles/927855/


∗∗∗ Synology-SA-23:02 Sudo ∗∗∗
---------------------------------------------
A vulnerability allows local users to conduct privilege escalation attacks via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_23_02


∗∗∗ Popular PABX platform, 3CX Desktop App suffers supply chain attack ∗∗∗
---------------------------------------------
CrowdStrike and SentinelOne cybersecurity researchers identified an unusual spike in malicious activity from a single, legitimate binary, 3CX Voice Over Internet Protocol (VOIP) desktop App (3CX Desktop App).
---------------------------------------------
https://www.hackread.com/3cx-desktop-app-supply-chain-attack/



∗∗∗ Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV


∗∗∗ Hitachi Energy IEC 61850 MMS-Server ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-089-01


∗∗∗ Multiple vulnerabilities in the mongo-tools utility affect IBM WebSphere Automation ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6966998


∗∗∗ IBM Maximo Asset Management is vulnerable to stored cross-site scripting (CVE-2022-35645) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959353


∗∗∗ IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to stored cross-site scripting (CVE-2022-35645) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6959355


∗∗∗ IBM QRadar SIEM is vulnerable to using components with known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6967016


∗∗∗ Multiple Vulnerabilities in CloudPak for Watson AIOPs ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6967012


∗∗∗ CVE-2022-27664, CVE-2022-21698, CVE-2021-43565 and CVE-2022-27191 may affect IBM CICS TX Standard ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6967018


∗∗∗ CVE-2022-41723 may affect IBM CICS TX Advanced ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6967026


∗∗∗ CVE-2022-41723 may affect IBM CICS TX Standard ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6967022


∗∗∗ Multiple vulnerabilities may affect IBM SDK, Java Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6967213


∗∗∗ CVE-2022-21426 may affect IBM SDK, Java Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6967221


∗∗∗ Multiple Vulnerabilities in CloudPak for Watson AIOPs ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6967243


∗∗∗ IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an information exposure in WebSphere Application Server Liberty (CVE-2016-0378 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6967241


∗∗∗ IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6967283


∗∗∗ Vulnerabilities in PostgreSQL may affect IBM Spectrum Protect Plus (CVE-2022-2625, CVE-2022-1552, CVE-2021-3677) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6967285


∗∗∗ A vulnerability in GNU Tar affects IBM MQ Operator and Queue manager container images (CVE-2022-48303) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6966198

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily