[CERT-daily] Tageszusammenfassung - 05.05.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 04-05-2023 18:00 − Freitag 05-05-2023 18:00
Handler:     Robert Waldner
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ What is XML-RPC? Security Risks & How to Disable ∗∗∗
---------------------------------------------
In this article, we will discuss what xmlrpc.php is, why disabling it can improve your website’s security, and how to determine if it’s currently active on your WordPress site.
---------------------------------------------
https://blog.sucuri.net/2023/05/what-is-xml-rpc-security-risks-how-to-disable.html


∗∗∗ Fleckpe Android Malware Sneaks onto Google Play Store with Over 620,000 Downloads ∗∗∗
---------------------------------------------
The list of the offending apps is as follows: - Beauty Camera Plus - Beauty Photo Camera - Beauty Slimming Photo Editor - Fingertip Graffiti - GIF Camera Editor - HD 4K Wallpaper - Impressionism Pro Camera - Microclip Video Editor - Night Mode Camera Pro - Photo Camera Editor - Photo Effect Editor
---------------------------------------------
https://thehackernews.com/2023/05/fleckpe-android-malware-sneaks-onto.html


∗∗∗ Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Compromised ∗∗∗
---------------------------------------------
PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.json with their own message but did not otherwise make any malicious changes," [..]
---------------------------------------------
https://thehackernews.com/2023/05/packagist-repository-hacked-over-dozen.html


∗∗∗ An overview of the OSI model and its security threats ∗∗∗
---------------------------------------------
The OSI model is a representation of how communications between devices occur. The conceptual model makes it easier to understand how data is transmitted. In its complex process, threat actors have found ways to exploit and compromise systems. It is very important to identify the kind of attacks and vulnerabilities available on each layer and implement proper defense strategies to protect a network.
---------------------------------------------
https://www.tripwire.com/state-of-security/overview-osi-model-and-its-security-threats


∗∗∗ „Login mit neuem Gerät“: Kriminelle versenden personalisierte E-Mail im Namen der BAWAG ∗∗∗
---------------------------------------------
Kriminelle versenden derzeit betrügerische Nachrichten im Namen der BAWAG. Die E-Mails sind personalisiert und daher besonders glaubwürdig. Sie werden zwar nicht mit Ihrem Namen, allerdings mit ihrer E-Mail-Adresse angesprochen. In der Nachricht behaupten die Kriminellen, dass mit einem neuen Gerät auf Ihr Konto zugegriffen wurde.
---------------------------------------------
https://www.watchlist-internet.at/news/login-mit-neuem-geraet-kriminelle-versenden-personalisierte-e-mail-im-namen-der-bawag/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ ZDI-23-547: (0Day) Linux Kernel IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-547/


∗∗∗ Sante DICOM Viewer Vulnerabilites ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-23-523/
https://www.zerodayinitiative.com/advisories/ZDI-23-524/
https://www.zerodayinitiative.com/advisories/ZDI-23-525/
https://www.zerodayinitiative.com/advisories/ZDI-23-526/
https://www.zerodayinitiative.com/advisories/ZDI-23-527/
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/


∗∗∗ Synology-SA-23:04 VPN Plus Server ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to inject SQL commands via a susceptible version of Synology VPN Plus Server. Affected Products: VPN Plus Server for SRM 1.3, VPN Plus Server for SRM 1.2
---------------------------------------------
https://www.synology.com/en-global/security/advisory/Synology_SA_23_04


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM Elastic Storage System, IBM Spectrum Scale, IBM Maximo Application Suite, IBM Cognos Command Center, AIX, IBMid, IBM SAN Volume Controller, IBM CICS TX, IBM PowerVM Novalink, IBM Process Mining, IBM Cognos Analytics, IBM Planning Analytics.
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, evolution, and odoo), Fedora (java-11-openjdk), Oracle (samba), Red Hat (libreswan and samba), Slackware (libssh), SUSE (amazon-ssm-agent, apache2-mod_auth_openidc, cmark, containerd, editorconfig-core-c, ffmpeg, go1.20, harfbuzz, helm, java-11-openjdk, java-1_8_0-ibm, liblouis, podman, and vim), and Ubuntu (linux-aws, linux-aws-hwe, linux-intel-iotg, and linux-oem-6.1).
---------------------------------------------
https://lwn.net/Articles/931050/


∗∗∗ K000134469 : MySQL vulnerability CVE-2023-21963 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000134469


∗∗∗ Spring Cloud Data Flow 2.10.3 Released ∗∗∗
---------------------------------------------
https://spring.io/blog/2023/05/05/spring-cloud-data-flow-2-10-3-released

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily